Posts Topics About

Contents

Google CS Network Protocols

Chay published in CyberSecurity Google CS Certificate
   1625 words   8 minutes 
Website Visitors:

Network Protocols

  • A set of rules for devices to communicate over a network, describing data delivery and structure.
  • Serve as instructions for receiving devices to process data.

Categories of Network Protocols

  • Communication Protocols: govern data exchange and transmission between devices.
  • Management Protocols: monitor and manage network activity.
  • Security Protocols: ensure secure data transmission using encryption.

Communication Protocols

  • TCP (Transmission Control Protocol): establishes connections and streams data between devices.
  • UDP (User Datagram Protocol): connectionless protocol for fast data transmission.
  • HTTP (Hypertext Transfer Protocol): insecure protocol for client-server communication.
  • DNS (Domain Name System): translates domain names to IP addresses.

Management Protocols

  • SNMP (Simple Network Management Protocol): monitors and manages network devices.
  • ICMP (Internet Control Message Protocol): reports data transmission errors.

Security Protocols

  • HTTPS (Hypertext Transfer Protocol Secure): secure version of HTTP using SSL/TLS encryption.
  • SFTP (Secure File Transfer Protocol): secure file transfer using SSH and AES encryption.

Network Address Translation (NAT)

  • Translates private IP addresses to a single public IP address for outgoing messages.
  • Requires a router or firewall to be configured.
  • Part of layer 2 (internet layer) and layer 3 (transport layer) of the TCP/IP model.

Private IP Addresses

  • Unique only within a private network.
  • No cost to use.
  • Address ranges: 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255.

Public IP Addresses

  • Unique address in the global internet.
  • Costs to lease.
  • Assignable address ranges: 1.0.0.0-9.255.255.255, 11.0.0.0-126.255.255.255, etc.

Dynamic Host Configuration Protocol (DHCP)

  • Assigns unique IP addresses to devices on a network.
  • Provides DNS server and default gateway addresses.
  • Operates on UDP port 67 (servers) and UDP port 68 (clients).

Address Resolution Protocol (ARP)

  • Translates IP addresses to MAC addresses.
  • Used to communicate with devices within the same network.
  • No specific port number.

Telnet

  • Connects to a remote system using clear text.
  • Uses command line prompts.
  • Operates on TCP port 23.

Secure Shell (SSH)

  • Creates a secure connection with a remote system.
  • Provides secure authentication and encrypted communication.
  • Operates on TCP port 22.

Post Office Protocol (POP)

  • Manages and retrieves email from a mail server.
  • Uses TCP/UDP port 110 (unencrypted) and TCP/UDP port 995 (encrypted, SSL/TLS).

Internet Message Access Protocol (IMAP)

  • Downloads email headers and content.
  • Keeps email on the server, allowing access from multiple devices.
  • Operates on TCP port 143 (unencrypted) and TCP port 993 (encrypted, SSL/TLS).

Simple Mail Transfer Protocol (SMTP)

  • Transmits and routes email from sender to recipient.

  • Uses TCP/UDP port 25 (unencrypted) and TCP/UDP port 587 (encrypted, TLS).

  • Wi-Fi: A set of standards for wireless LANs, based on the 802.11 family of internet communication standards.

  • WEP (Wired Equivalent Privacy): A wireless security protocol developed in 1999, considered high-risk due to vulnerabilities in its encryption.

  • WPA (Wi-Fi Protected Access): A wireless security protocol developed in 2003 to improve upon WEP, using TKIP and larger secret keys.

  • WPA2: An updated version of WPA, released in 2004, using AES and CCMP for improved security.

  • WPA3: A secure Wi-Fi protocol, released in 2018, addressing vulnerabilities in WPA2, using SAE and increased encryption.

Firewalls - Stateless and Stateful

Firewalls are network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules. They act as a barrier between a trusted network and an untrusted network, such as the internet.

Stateless Firewalls

Stateless firewalls examine each packet of data individually, without considering the context of the packet or the connection it belongs to. They make decisions based on the source and destination IP addresses, ports, and protocols. Stateless firewalls are simple and fast, but they can be vulnerable to certain types of attacks, such as spoofing and fragmentation attacks.

A class of firewall that operates based on predefined rules and does not keep track of information from data packets.

Here’s how stateless firewalls work:

  • Each packet is evaluated against a set of predefined rules.
  • If the packet matches a rule, it is allowed to pass through the firewall.
  • If the packet does not match a rule, it is blocked.

Stateful Firewalls

Stateful firewalls, on the other hand, examine the context of each packet and track the state of network connections. They keep track of the source and destination IP addresses, ports, and protocols, as well as the sequence numbers and acknowledgment numbers of packets. This allows stateful firewalls to make more informed decisions about which packets to allow or block.

A class of firewall that keeps track of information passing through it and proactively filters out threats. Unlike stateless firewalls, which require rules to be configured in two directions, a stateful firewall only requires a rule in one direction. This is because it uses a “state table” to track connections, so it can match return traffic to an existing session.

Here’s how stateful firewalls work:

  • The firewall tracks the state of each network connection, including the source and destination IP addresses, ports, and protocols.
  • When a packet arrives, the firewall checks its state table to see if the packet belongs to an existing connection.
  • If the packet belongs to an existing connection, the firewall evaluates it against the rules for that connection.
  • If the packet does not belong to an existing connection, the firewall evaluates it against the general rules for incoming traffic.

Stateful firewalls are more secure than stateless firewalls because they can detect and prevent certain types of attacks, such as:

  • Spoofing attacks: Stateful firewalls can detect when an attacker is trying to impersonate a legitimate user by sending packets with fake source IP addresses.
  • Fragmentation attacks: Stateful firewalls can detect when an attacker is trying to send malicious packets by fragmenting them into smaller pieces.

However, stateful firewalls can be more complex and resource-intensive than stateless firewalls, which can impact network performance.

In summary, stateless firewalls are simple and fast, but may not provide adequate security, while stateful firewalls are more secure, but may be more complex and resource-intensive.

VPN - Virtual Private Network

A VPN, or Virtual Private Network, is a technology that creates a secure and encrypted connection over a less secure network, such as the Internet. VPNs are used to protect private web traffic from snooping, interference, and censorship.

Data Encryption: In a VPN, data encryption refers to the process of converting your data into a coded format that can only be read by authorized parties. This ensures that even if the data is intercepted while traveling over the internet, it remains unreadable to unauthorized users. Common encryption protocols used in VPNs include AES (Advanced Encryption Standard).

Encapsulation: Encapsulation is the technique of wrapping data packets in a secure tunnel. When you use a VPN, your original data packets are encapsulated within a new packet that includes the necessary headers for routing through the VPN. This process helps protect the data from being accessed or tampered with during transmission, ensuring that it reaches its destination securely.

In summary, data encryption secures the content of your data, while encapsulation protects the data’s journey across the internet.

Subnetting

Subnetting is the subdivision of a network into logical groups called subnets. It works like a network inside a network. Subnetting divides up a network address range into smaller subnets within the network. These smaller subnets form based on the IP addresses and network mask of the devices on the network. Subnetting creates a network of devices to function as their own network. This makes the network more efficient and can also be used to create security zones. If devices on the same subnet communicate with each other, the switch changes the transmissions to stay on the same subnet, improving speed and efficiency of the communications.

IP Spoofing

IP spoofing is a technique used to send Internet Protocol (IP) packets from a false (or “spoofed”) source address in order to deceive the recipient about the origin of the message.

A network attack performed when an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network

On-Path Attack

An on-path attack happens when a hacker intercepts the communication between two devices or servers that have a trusted relationship. The transmission between these two trusted network devices could contain valuable information like usernames and passwords that the malicious actor can collect. An on-path attack is sometimes referred to as a meddler-in-the middle attack because the hacker is hiding in the middle of communications between two trusted parties.

Replay Attack

A replay attack is a type of network attack where an attacker captures a valid data transmission and then retransmits (or “replays”) it to trick the recipient into believing it is a legitimate request. This can be used to gain unauthorized access or to perform actions that the original sender intended.

Smurf Attack

A smurf attack is a network attack that is performed when an attacker sniffs an authorized user’s IP address and floods it with packets. Once the spoofed packet reaches the broadcast address, it is sent to all of the devices and servers on the network. 

In a smurf attack, IP spoofing is combined with another denial of service (DoS) technique to flood the network with unwanted traffic. For example, the spoofed packet could include an Internet Control Message Protocol (ICMP) ping. ICMP is used to troubleshoot a network. But if too many ICMP messages are transmitted, the ICMP echo responses overwhelm the servers on the network and they shut down. This creates a denial of service and can bring an organization’s operations to a halt.

Packet sniffing: The practice of capturing and inspecting data packets across a network 

Passive packet sniffing: A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network

Active packet sniffing: A type of attack where data packets are manipulated in transit

Synchronize (SYN) flood attack: A type of DoS attack that simulates a TCP/IP connection and floods a server with SYN packets

Your inbox needs more DevOps articles.

Subscribe to get our latest content by email.

Updated on 2024-09-10