Networks and Cybersecurity
In this article I'm revisiting some of the basics like what a network is in the computer world. I'll then explain why it's important to know about networks and a bit about how they function. This is essential knowledge for working in the cybersecurity field.
What Is A Network?
First, let's talk about what a network is. Fundamentally, a network is two or more computers communicating with each other. In your home this is probably done through your wifi. Some of you may be hooked into the router through a cable like Cat5 or Cat6 which most people call an ethernet cable. Through that router (home routers typically have combined features of a router, switch, and a Wireless Access Point), you can have your computer connected to other computers in your home. Once the computers are connected through that home router they can then communicate with each other. Once that is accomplished, you have a network. Smaller networks are often called a LAN which stands for Local Area Network.
Once the computers are connected to the LAN, they can then communicate in a number of ways. Let's imagine we have a very small network of just two computers. For this small network we'll label the computers as Computer A and Computer B. It's important to point out here that the home router is also a type of computer. In fact, it's an important member of the network. For now we'll just call this device Router. When Computer A wants to talk to Computer B, communication is typically sent from Computer A to Router, then onwards to Computer B. In order for this to happen there are a lot of protocols in place. Protocols are basically just methods to get stuff done in a particular fashion. Common protocols on a LAN would be ARP, ping, and DHCP just to name a few.
Some Basic Network Protocols
To briefly explain, ARP is going to allow the Router to keep track of where Computer A and Computer B are based on their MAC addresses. MAC addresses are unique to every single computer device. Ping is a command protocol that an individual user would put into a command line in order to test whether Computer A can see and connect with Computer B. Other information would be needed in order to do that like knowing the destination IP address or the hostname. And lastly, DHCP would create and administer IP addresses to the machines within the network. DHCP stands for Dynamic Host Configuration Protocol. The dynamic part means that the DHCP server can administer IPs by itself on the fly. Additionally, the IP that computer A has today might not be the same it will have tomorrow. Each protocol can go much further into detail, but these are just the basics for now. Also keep in mind, there are a ton of other protocols that computers can use. I'm just scratching the surface to allow a base understanding to see the importance it can play to help in cybersecurity.
Networking and Security
It's important to know as much about networks and networking protocols while working in the cybersecurity field. Why? To put it simply, cyber attackers are going to create attacks using network protocols or flaws in the protocols. Therefore, the more you know about networking basics, the better you'll be able to help protect your network.
Take for instance one of the basic networking protocols I mentioned, ARP. To revisit, ARP is going to allow the Router to find out where each computer is based on the MAC address. Again, the MAC addresses are unique. Technically only one computer or router will have a that specific MAC address and it will be different from all other devices. Think of it like device fingerprints. Fingerprints are unique to each individual. A cyber attacker might decide to target the ARP protocol of a given network. The attacker could copy Computer A's MAC address (its "fingerprint") and pretend to be Computer A. By doing so it could send bad files to Computer B or perhaps read files that were intended to be read by the real Computer A user. The attacker could also make the Router forget Computer B and therefore Computer A wouldn't be able to talk with Computer B. The attacker could also create a lot of fake ARP requests that could slow down or potentially break the entire network.
By using the example above, the best way to prevent attacks like this are to learn more about networking protocols. Once you understand more in-depth of how they function, you can take steps to avoid their flaws. You could take steps to strengthen any areas of weakness. In some situations, you may even disable certain protocols within your network because you don't use them. By turning off protocols you don't use, you can limit the amount of attack surface your network has.
Summary
In conclusion, if you are in the cybersecurity field or are interested in entering the field, it is in your best interest to learn as much as you can about networking. You'll be better prepared to defend against threats to your network when you understand how your network functions. Stay safe and take care.