Skip to content

1. Introduction to Network Security

Introduction 1

  • Network security tools:
    • Access control: restrict access to the network to specific devices, IP addresses, etc.
    • Anti-virus and anti-malware software: real-time scanning of traffic and log files, report suspicious activity.
    • Application security: programs must be secure and kept up to date. Includes hardware, software, and best practices.
    • Mail security: spam filters, anti-phishing, and anti-spoofing.
    • Network segmentation: divide the network into smaller segments to reduce the impact of a breach.
  • WireShark is a network protocol analyzer that captures and displays the data traveling back and forth on a network 5.

OSI Model 6 7

  • The table below summaries some information about each layer of the OSI model:
Layer OSI Model Layer Unit Description
7 Application Provides network services to the application processes running on a computer.
6 Presentation Translates data between the application layer and the network format.
5 Session Establishes, manages, and terminates connections between applications.
4 Transport Provides end-to-end communication between two devices, ensures packets are segmented when sending and correctly reassembled on the receiving end.
3 Network Routes data packets from one network to another.
2 Data Link Transmits data between devices, puts datagrams together into frames and gives each frame the start and stop flags.
1 Physical Transmits raw data bits over a physical medium.
  • The table below summaries the OSI model and the protocols that operate at each layer:
Layer OSI Model Layer Protocols Data Formats, Deprecated Protocols, Other Non-protocols
7 Application HTTP, FTP, SMTP, POP3, IMAP, Telnet, SSH, DNS, DHCP, SNMP, SFTP, SCP, HTTPS SSL, TLS, Gopher
6 Presentation SSL, TLS JPEG, GIF, PNG, MPEG, ASCII, EBCDIC, TIFF, MIDI, PICT, QuickTime, HTML, XML, JSON
5 Session NetBIOS, RPC, NFS, AppleTalk, SMB, SLP, SIP, NetBEUI, RTSP PPTP, L2TP
4 Transport TCP, UDP, SCTP, DCCP, IL, RUDP SPX, ATP, RSVP
3 Network IP, ICMP, IGMP, ARP, RARP, OSPF, BGP, RIP, EIGRP, IS-IS, IPsec, CLNP, PPTP, L2TP IPX, X.25, AppleTalk
2 Data Link Ethernet, Wi-Fi, Token Ring, FDDI, PPP, HDLC Firmware NIC
1 Physical Hardware NIC cards, wiring cables, topography, voltage levels
  • The table below summarizes some protocols mentioned in the above table:
Protocol OSI Layer Description Use Cases
HTTP 7 - Application Hypertext Transfer Protocol Web browsing, API calls
FTP 7 - Application File Transfer Protocol Transfer files
SMTP 7 - Application Simple Mail Transfer Protocol Send emails
POP3 7 - Application Post Office Protocol 3 Retrieve emails
IMAP 7 - Application Internet Message Access Protocol Retrieve emails
Telnet 7 - Application Telnet Access remote computers
SSH 7 - Application Secure Shell Secure remote access
DNS 7 - Application Domain Name System Convert domain names to IP addresses and vice versa
DHCP 7 - Application Dynamic Host Configuration Protocol Assign IP addresses to devices
SNMP 7 - Application Simple Network Management Protocol Manage and monitor network devices
SFTP 7 - Application Secure File Transfer Secure file transfer
SCP 7 - Application Secure Copy Protocol
HTTPS 7 - Application Hypertext Transfer Protocol Secure Secure web browsing
SSL 6 - Presentation Secure Sockets Layer Secure and encrypt data between client and server
TLS 6 - Presentation Transport Layer Security Secure and encrypt data between client and server
NetBIOS 5 - Session Network Basic Input/Output System Manage network resources
RPC 5 - Session Remote Procedure Call Execute procedures on remote systems
NFS 5 - Session Network File System Share files across a network
AppleTalk 5 - Session AppleTalk
SMB 5 - Session Server Message Block Share files across a network
SLP 5 - Session Service Location Protocol
SIP 5 - Session Session Initiation Protocol Establish, modify, and terminate multimedia sessions
NetBEUI 5 - Session NetBIOS Extended User Interface
RTSP 5 - Session Real Time Streaming Protocol Stream audio and video over the internet
TCP 4 - Transport Transmission Control Protocol Emails, FTP, streaming media
UDP 4 - Transport User Datagram Protocol DNS, VoIP, online gaming
SCTP 4 - Transport Stream Control Transmission Protocol
DCCP 4 - Transport Datagram Congestion Control Protocol
IL 4 - Transport IL Protocol
RUDP 4 - Transport Reliable User Datagram Protocol
IP 3 - Network Internet Protocol Deliver packets based on IP addresses
ICMP 3 - Network Internet Control Message Protocol Report congestions, network errors, diagnostics
IGMP 3 - Network Internet Group Management Protocol
ARP 3 - Network Address Resolution Protocol Map IP address to MAC address
RARP 3 - Network Reverse Address Resolution Protocol
OSPF 3 - Network Open Shortest Path First
BGP 3 - Network Border Gateway Protocol Exchange routing information
RIP 3 - Network Routing Information Protocol
EIGRP 3 - Network Enhanced Interior Gateway Routing Protocol
IS-IS 3 - Network Intermediate System to Intermediate System
IPsec 3 - Network Internet Protocol Security Secure data during transmission
CLNP 3 - Network Connectionless Network Protocol
PPTP 3 - Network Point-to-Point Tunneling Protocol
L2TP 3 - Network Layer 2 Tunneling Protocol
Ethernet 2 - Data Link Ethernet Transmit data between devices on the same network
Wi-Fi 2 - Data Link Wi-Fi
Token Ring 2 - Data Link Token Ring
FDDI 2 - Data Link Fiber Distributed Data Interface
PPP 2 - Data Link Point-to-Point Protocol
HDLC 2 - Data Link High-Level Data Link Control
Hardware 1 - Physical Hardware Transmit raw data bits over a physical medium
  • The table below summaries information about Data Formats, Deprecated Protocols, and Other Non-protocols listed in the above table:
Abbreviation OSI Layer Description Use Cases
Gopher 7 - Application Gopher Search for documents on the Internet
SSL 6 - Presentation Secure Sockets Layer Secure and encrypt data between client and server
TLS 6 - Presentation Transport Layer Security Secure and encrypt data between client and server
JPEG 6 - Presentation Joint Photographic Experts Group Image compression and decompression
GIF 6 - Presentation Graphics Interchange Format
PNG 6 - Presentation Portable Network Graphics
MPEG 6 - Presentation Moving Picture Experts Group Video compression and decompression
ASCII 6 - Presentation American Standard Code for Info Text encoding
EBCDIC 6 - Presentation Extended Binary Coded Decimal Text encoding
TIFF 6 - Presentation Tagged Image File Format Image compression and decompression
MIDI 6 - Presentation Musical Instrument Digital Inter
PICT 6 - Presentation PICT
QuickTime 6 - Presentation QuickTime
HTML 6 - Presentation HyperText Markup Language Web page creation
XML 6 - Presentation eXtensible Markup Language
JSON 6 - Presentation JavaScript Object Notation Data interchange
SPX 4 - Transport Sequenced Packet Exchange
ATP 4 - Transport AppleTalk Transaction Protocol
RSVP 4 - Transport Resource Reservation Protocol
IPX 3 - Network Internetwork Packet Exchange
X.25 3 - Network X.25
AppleTalk 3 - Network AppleTalk

Network Protocols 3

  • A Network Protocol is a set of rules that governs the communication between devices on a network. It defines the format and order of messages exchanged between devices, as well as the actions that are taken on the transmission and receipt of messages.
  • Communication across a network uses the OSI (Open Systems Interconnection) model (7 layers).
  • The main tasks of a network protocol (protocols are classified based on these tasks):
    • Network security.
    • Network management.
    • Network communication.

What is Network Protocol? 4

  • Network protocols take large-scale processes and break them down into small, specific tasks or functions.
  • This occurs at every level of the network, and each function must cooperate at each level to complete the larger task at hand.
  • The term protocol suite refers to a set of smaller network protocols working in conjunction with each other.
  • Types of protocols and their uses:
    • Communication protocols: Automation, instant messaging, routing, Bluetooth, file transfer, Internet, etc.
    • Network management protocols: Connection, link aggregation (combining multiple network connections), network monitoring, etc.
    • Security protocols: Encryption, authentication, transportation, etc.

Network communication protocols

  • These protocols handle syntax. semantics, error detection, synchronization, and authentication.
  • Examples: HTTP, TCP, UDP, BGP, ARP, IP, DHCP.
  • HTTP:
    • Hypertext Transfer Protocol.
    • Layer 7.
    • Works on a client-server model.
    • Use Cases: web browsing, API calls, etc.
  • TCP:
    • Transmission Control Protocol.
    • Layer 4.
    • Ensures reliable stream delivery by using sequenced acknowledgments.
    • It is a connection-oriented protocol.
    • It establishes a connection between applications (the sender and receiver) before data is sent.
    • Use Cases: Emails, FTP, streaming media, etc.
  • UDP:
    • User Datagram Protocol.
    • Layer 4.
    • It is a connectionless protocol, that implements basic but not reliable data transfer (message delivery is not guaranteed).
    • It has no flow control, reliability, or error recovery functions.
    • It is used for faster transmission of data like multi-casting or broadcasting connections.
    • Use Cases: DNS, VoIP, online gaming, etc.
  • BGP:
    • Border Gateway Protocol.
    • Layer 3.
    • It is used to exchange routing information between different networks.
    • It is a routing protocol that controls how packets pass through the router within one or more networks.
    • It connects the endpoints of a LAN to another LAN(s) or the internet.
  • ARP:
    • Address Resolution Protocol.
    • Layer 2.
    • It is used to map an IP address (logical address) to a MAC address (physical address).
    • It is used to find the hardware address of a host from a known IP address.
    • ARP cache tables are used to store the mappings.
  • IP:
    • Internet Protocol.
    • Layer 3.
    • It is used to deliver packets from the source host to the destination host based on the IP addresses in the packet headers.
  • DHCP:
    • Dynamic Host Configuration Protocol.
    • Layer 7.
    • It is used to assign IP addresses to devices on a network.
    • It is used to configure network devices with IP addresses, subnet masks, and default gateways.
    • It automatically assigns IP addresses to devices on a network and other network configuration information and transfers them to all devices on the network to ensure that they are configured correctly.
  • The table below summaries the info above:
Protocol OSI Layer Description Use Cases
HTTP 7 - Application Hypertext Transfer Protocol Web browsing, API calls
TCP 4 - Transport Transmission Control Protocol Emails, FTP, streaming media
UDP 4 - Transport User Datagram Protocol DNS, VoIP, online gaming
BGP 3 - Network Border Gateway Protocol Exchange routing information
ARP 2 - Data Link Address Resolution Protocol Map IP address to MAC address
IP 3 - Network Internet Protocol Deliver packets based on IP addresses
DHCP 7 - Application Dynamic Host Configuration Protocol Assign IP addresses to devices

Network management protocols

  • These protocols handle network management, monitoring, and control.
  • These protocols also help in communicating these requirements across the network to ensure stable communication and troubleshooting connectivity issues.
  • Examples: ICMP, SNMP, Gopher, FTP, POP3, Telnet.
  • ICMP:
    • Internet Control Message Protocol.
    • Layer 3.
    • It is used by network devices to foreword operational information and error messages.
    • It is used to report congestions, network errors, diagnostics, and timeouts.
  • SNMP:
    • Simple Network Management Protocol.
    • Layer 7.
    • It is used to manage and monitor nodes (devices) on an IP network.
    • It is used to manage network devices like routers, switches, servers, workstations, printers, etc.
    • Three main components: SNMP manager, SNMP agent, and managed devices.
    • Agents collect data from the managed devices and send it to the manager.
  • Gopher:
    • Layer 7.
    • It is a protocol used to search, retrieve, and display documents from remote sites.
    • It is used to search for documents on the Internet.
    • Gopher is an old protocol and is not used much today.
    • It resembles a distributed file system.
  • FTP:
    • File Transfer Protocol.
    • Layer 7.
    • It is used to transfer files between a client and a server on a computer network.
    • It is used to transfer files from one host to another over a TCP-based network.
  • POP3:
    • Post Office Protocol 3.
    • Layer 7.
    • It is used to retrieve emails from a remote server to a local client over a TCP/IP connection.
    • The ISP hosts a POP3 mail server that stores the incoming emails until the user downloads them to their client software.
  • Telnet:
    • Layer 7.
    • It is used to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.
    • It is used to access remote computers over a network. aka. remote session.
  • The table below summaries the info above:
Protocol OSI Layer Description Use Cases
ICMP 3 - Network Internet Control Message Protocol Report congestions, network errors, diagnostics
SNMP 7 - Application Simple Network Management Protocol Manage and monitor network devices
Gopher 7 - Application Gopher Search for documents on the Internet
FTP 7 - Application File Transfer Protocol Transfer files from one host to another
POP3 7 - Application Post Office Protocol 3 Retrieve emails from a remote server
Telnet 7 - Application Telnet Access remote computers over a network

Network security protocols

  • These protocols handle security and encryption during communications over a network.
  • Examples: SSL, TLS, IPsec, SSH, SFTP, SCP, HTTPS.
  • SSL:
    • Secure Sockets Layer.
    • Layer 7.
    • It is used to secure and encrypt data between a client and a server or between two servers.
    • The data is encrypted and decrypted using a pair of keys (public and private keys).
  • TLS:
    • Transport Layer Security.
    • Layer 7.
    • It is used to secure and encrypt data between a client and a server or between two servers.
    • It is an updated version of SSL.
    • It is used to secure data during transmission, check data integrity, and authenticate the server and client.
Protocol OSI Layer Description Use Cases
SSL 7 - Application Secure Sockets Layer Secure and encrypt data between client and server
TLS 7 - Application Transport Layer Security Secure and encrypt data between client and server
IPsec 3 - Network Internet Protocol Secure data during transmission
SSH 7 - Application Secure Shell Secure remote access to a computer
SFTP 7 - Application Secure File Transfer Secure file transfer between a client and server
SCP 7 - Application Secure Copy Protocol Secure file transfer between a client and server
HTTPS 7 - Application Hypertext Transfer Protocol Secure Secure web browsing

Fundamentals of Network Security 2

  • The main objective of network security is CIA:
    • Confidentiality: Ensuring that data is only accessible to those who are authorized to access it.
    • Integrity: Ensuring that data is not altered or tampered with during transmission.
    • Availability: Ensuring that data is available to those who need it when they need it.
  • Terminology:
    • Resource: Anything that needs to be protected, and has value to the organization. Examples: data, hardware, software, etc.
    • Vulnerability: A weakness in a system that can be exploited by a threat.
    • Threat: Anything that can exploit a vulnerability. Examples: hackers, viruses, etc. Aka. a potential danger to a resource or a functioning network.
    • Attack: an action that is carried out by a threat to exploit a vulnerability and harm a resource.
    • Risk: The likelihood that a threat will exploit a vulnerability and the impact of the attack. Risk = Resource + Threat + Vulnerability. No harmful action is taken, but the potential for harm exists.
  • Types of hackers:
    • Hackers: inexperienced, just causing some trouble, no illegal activities.
    • White-hat hackers: ethical hackers.
    • Black-hat hackers: malicious experienced hackers carrying out illegal activities.
    • Grey-hat hackers: a mix of white and black hat hackers.
    • Blue-hat hackers: Testers for bugs and vulnerabilities.
    • Script kiddies: inexperienced hackers who use scripts (created by others) to exploit vulnerabilities.
    • Hacktivists: hackers who hack for a cause (usually political or social).
    • Phreakers: hackers who exploit the telephone system.
    • Carders: hackers who steal credit card information.

Malicious Code

  • Virus: a program that attaches itself to a carrier (program or file) and spreads to other files.
  • Worm: an independent self-replicating program that spreads over a network to slow down or crash the network.
  • Spyware: a program that collects information about a user without their knowledge.
  • Adware: a program that displays advertisements on a computer.
  • ScaryWare: a program that tricks users into thinking their computer is infected with malware.
  • Trojan Horse: a program that appears to be useful but is malicious.
  • Ransomware: a program that encrypts files and demands a ransom to decrypt them.

Types of network security

  • Physical security: securing the physical devices and infrastructure.
    • The physical security of server rooms, network devices, and data centers (locks, alarms, etc.).
    • Prevention of accidents, fire, theft, etc.
    • Ensuring constant power supply, cooling, etc.
    • Installing video surveillance, access control, etc.
  • Logical security: securing the data and the network.
    • Access control: restricting access to the network to specific devices, IP addresses, etc.
    • Anti-virus and anti-malware software: real-time scanning of traffic and log files, report suspicious activity.
    • Application security: programs must be secure and kept up to date. Includes hardware, software, and best practices.
    • Mail security: spam filters, anti-phishing, and anti-spoofing.
    • Network segmentation: divide the network into smaller segments to reduce the impact of a breach.
    • Use VPNs (Virtual Private Networks), IPS (Intrusion Prevention Systems), IDS (Intrusion Detection Systems), etc.
    • Ensuring correct configurations, patch management, etc.
  • Administrative security: securing the network through policies and procedures.
    • Security policies: rules and guidelines for securing the network.
    • Security awareness training: educating employees about security threats and best practices.
    • Incident response: a plan for responding to security incidents.
    • Disaster recovery: a plan for recovering from a security incident.

Types of network attacks

  • Reconnaissance attacks: it is a passive attack to gather information about the target and its vulnerabilities.
    • Ping sweep: the attacker sends ping packets to a range of IP addresses to determine which ones are active.
    • Port scan: the attacker performs port analysis (TCP and UDP) to determine which ports are open and what services are running.
    • Packet sniffing: the attacker captures and analyzes packets to gather information about the network. Tools: WireShark, tcpDump, etc.
  • Password attacks: it is an active attack to discover usernames and passwords to gain unauthorized access to a system.
    • Brute force attack: the attacker tries all possible combinations of usernames and passwords to gain access.
    • Dictionary attack: the attacker tries a list of common passwords to gain access.
    • Rainbow table attack: the attacker uses precomputed tables to crack passwords.
  • Access attacks: it is an active attack to gain sensitive information about the network, sessions, or user data.
    • Phishing: the victim gets a link to a fake page that is similar to a real page to trick users into entering their credentials. The link is sent via email, SMS, etc.
    • Pharming: the attacker redirects traffic from a legitimate website to a fake website.
    • Man-in-the-middle attack: the attacker intercepts and alters the communication between two parties.
    • Spoofing: the attacker impersonates a legitimate user, device, or server to gain unauthorized access to the network.
    • Hijacking: the attacker takes control of a session between two parties, and impersonates one of the parties. It relies on spoofing.
    • Mixed attacks: a combination of different attacks to gain unauthorized access to the network.
  • Availability attacks: it is an active attack to disrupt the availability of the network, services, or data.
    • Denial of Service (DoS): the attacker floods the network with traffic to slow down or crash the network.
    • Distributed Denial of Service (DDoS): the attacker uses multiple devices to flood the network with traffic to slow down or crash the network.
    • Botnet: a network of infected devices that are used to perform DDoS attacks.
    • Amplification attack: the attacker sends a small request to a server, and the server sends a large response to the victim.
    • Smurf attack (ICMP flood): the attacker sends a large number of ICMP echo requests to the broadcast address of a network.
    • Ping of Death: the attacker sends a large ping packet to crash the victim’s system.
    • Teardrop attack: the attacker sends fragmented packets to crash the victim’s system.
    • SYN flood: the attacker sends a large number of SYN packets to the victim to slow down or crash the network.
  • Close attacks: the attacker is physically close to the victim or the target system; E.g. restarting servers, installing software through a USB, etc.

Network security measures

  • Separation of resources: resources must exist in separate security zones.
  • Deep protection: multiple layers of security to protect resources.
  • Least privilege: users should have the minimum level of access required to perform their job.
  • Adequate protection: the level of security should be adequate to protect the resources.
  • Restriction of information: Only information that is required for a task should be accessible.
  • Separation of tasks and job rotation: no single person should have complete control over a task.

Vulnerability audit measures

  • Preventive measures: precautions to prevent the exploitation of vulnerabilities. E.g. firewalls, antivirus, etc.
  • Detective measures: detect risks by analyzing logs, IPS (Intrusion Prevention Systems), IDS (Intrusion Detection Systems), etc.
  • Corrective measures: correct the vulnerabilities by patching, updating, etc.
  • Recovery measures: recover from an attack by restoring backups, etc.
  • Deterrence measures: discourage attackers from attacking by implementing security measures.

References

  1. Cybersecurity Guy. (2022, January 29). What is network security | Network Security [Video]. YouTube. https://www.youtube.com/watch?v=rG02r5y2Fdo 

  2. Sadiqui, Ali. Computer Network Security, John Wiley & Sons, Incorporated, 2020. ProQuest Ebook Central, https://ebookcentral.proquest.com/lib/univ-people-ebooks/detail.action?docID=6123268 Read pages 1-15 in Chapter 1: Fundamentals of Network Security. 

  3. kmbh. (2021, November 24). Types of network protocols and their uses. GeeksforGeeks. Retrieved December 15, 2022. https://www.geeksforgeeks.org/types-of-network-protocols-and-their-uses/ 

  4. What is a network protocol, and how does it work? (n.d.). Comptia. https://www.comptia.org/content/guides/what-is-a-network-protocol 

  5. NetworkTutor. (2022, October 1). Wireshark - Beginners guide - 101 | How to install and capture packets | How to filter ICMP | TCP [Video]. YouTube. https://www.youtube.com/watch?v=Ud0QK0TPu4U 

  6. What is OSI Model | 7 Layers Explained | Imperva. (2023, December 21). Learning Center. https://www.imperva.com/learn/application-security/osi-model 

  7. Kinza Yasar, Chai, W., & Irei, A. (2023). network protocol. Networking; TechTarget. https://www.techtarget.com/searchnetworking/definition/protocol