google cybersecurity course 3
Three categories of network protocols
-communication -management -security
benefits of next generation firewalls (NGFW)
-deep packet inspection -intrusion protection -threat intelligence
areas in the controlled zone
-demilitarized zone (DMZ) -internal network -restricted zone
security protocols
-https -ssl/tls
common protocols of the internet layer
-internet protocol (IP) -internet control message protocol (ICMP)
attacks can harm an organization by
-leaking valuable or confidential information -damaging an organization's reputation -impacting customer retention -costing money and time
common network intrusion attacks
-malware -spoofing -packet sniffing -packet flooding
cloud service provides offer
-on demand storage -processing power -analytics
common port numbers
-port 25 -email -port 443- secure internet communication -port 20 - large file transfers
Layers of the TCP/IP Model
1- network access layer 2-internet layer 3-transport layer 4- application layer
1. Network Access Layer
Aka the data link layer- organizes sending and receiving data frames within a single network. This layer corresponds to the physical hardware involved in network transmission. Hubs, modems, cables, and wiring are all considered part of this layer.The address resolution protocol (ARP) is part of the network access layer. ARP assists IP with directing data packets on the same physical network by mapping IP addresses to MAC addresses on the same physical network.
Packet Sniffing
Malicious actors can use hardware or software tools to capture and inspect data in transit.intercept network traffic and alter it. These attacks can cause damage to an organization's network by inserting malicious code modifications or altering the message and interrupting network operations. For example, an attacker can intercept a bank transfer and change the account receiving the funds to one that the attacker controls.
2-internet layer
aka the network layer, responsible for ensuring the delivery to the destination host, which potentially resides on a different network. The internet layer determines which protocol is responsible for delivering the data packets.
Dynamic Host Configuration Protocol
an application layer protocol used on a network to configure devices. It assigns a unique IP address and provides the addresses of the appropriate DNS server and default gateway for each device. DHCP servers operate on UDP port 67 while DHCP clients operate on UDP port 68.
Trasmission Control Protocol (TCP)
an internet communication protocol that allows two devices to form a connection and stream data
ICMP (Internet Control Message Protocol)
an internet protocol used by devices to tell each other about data transmission errors across the network
Layer 7 - Application
includes processes that directly involve the everyday user. This layer includes all of the networking protocols that software applications use to connect a user to the internet. This characteristic is the identifying feature of the application layer—user connection to the network via applications and requests.
Layer 4 - Transport
responsible for delivering data between devices. This layer also handles the speed of data transfer, flow of the transfer, and breaking data down into smaller segments to make them easier to transport. Segmentation is the process of dividing up a large data transmission into smaller pieces that can be processed by the receiving system. These segments need to be reassembled at their destination so they can be processed at the session layer (layer 5). The speed and rate of the transmission also has to match the connection speed of the destination system. TCP and UDP are transport layer protocols.
4. Application Layer
responsible for making network requests or responding to requests. This layer defines which internet services and applications any user can access. Some common protocols used on this layer are: Hypertext transfer protocol (HTTP) Simple mail transfer protocol (SMTP) Secure shell (SSH) File transfer protocol (FTP) Domain name system (DNS) Application layer protocols rely on underlying layers to transfer the data across the network.
3. Transport Layer
responsible for reliably delivering data between two systems or networks. TCP and UDP are the two transport protocols that occur at this layer.
Software as a service (SaaS)
software suites operated by the CSP that a company can use remotely without hosting the software.
bandwidth
the amount of data a device receives ever second
cloud computing
the practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices
Subnetting
the subdivision of a network into logical groups called subnets. It works like a network inside a network. Subnetting divides up a network address range into smaller subnets within the network
Platform as a service (PaaS)
tools that application developers can use to design custom applications for their company.
Infrastructure as a service (Iaas)
use of virtual computer components offered by the CSP. These include virtual containers and storage that are configured remotely through the CSP's API or web console.
User Datagram Protocol (UDP)
used by applications that are not concerned with the reliability of the transmission. Data sent over UDP is not tracked as extensively as data sent using TCP. Because UDP does not establish network connections, it is used mostly for performance sensitive applications that operate in real time, such as video streaming.
Internet Message Access Protocol (IMAP)
used for incoming email. It downloads the headers of emails, but not the content. The content remains on the email server, which allows users to access their email from multiple devices. IMAP uses TCP port 143 for unencrypted email and TCP port 993 over the TLS protocol. Using IMAP allows users to partially read email before it is finished downloading and to sync emails. However, IMAP is slower than POP3.
Management Protocols
used for monitoring and managing activity on a network. They include protocols for error reporting and optimizing performance on the network. -(SNMP) -(ICMP)
Secure shell
used to create a secure connection with a remote system. This application layer protocol provides an alternative for secure authentication and encrypted communication. SSH operates over the TCP port 22 and is a replacement for less secure protocols, such as Telnet.
Simple Mail Transfer Protocol
used to transmit and route email from the sender to the recipient's address. SMTP works with Message Transfer Agent (MTA) software, which searches DNS servers to resolve email addresses to IP addresses, to ensure emails reach their intended destination. SMTP uses TCP/UDP port 25 for unencrypted emails and TCP/UDP port 587 using TLS for encrypted emails. The TCP port 25 is often used by high-volume spam. SMTP helps to filter out spam by regulating how many emails a source can send at a time.
backdoor attack
weaknesses intentionally left by programmers or system and network administrators that bypass normal access control mechanisms. Backdoors are intended to help programmers conduct troubleshooting or administrative tasks. However, backdoors can also be installed by attackers after they've compromised an organization to ensure they have persistent access.
wireless access point
wireless access point sends and receives digital signals over radio waves creating a wireless network. Devices with wireless adapters connect to the access point using Wi-Fi. Wi-Fi refers to a set of standards that are used by network devices to communicate wirelessly. Wireless access points and the devices connected to them use Wi-Fi protocols to send data through radio waves where they are sent to routers and switches and directed along the path to their final destination.
Wired equivalent privacy (WEP)
wireless security protocol designed to provide users with the same level of privacy on wireless network connections as they have on wired network connections. WEP was developed in 1999 and is the oldest of the wireless security standards.
Transmission Control Protocol (TCP)
ensures that data is reliably transmitted to the destination service. TCP contains the port number of the intended destination service, which resides in the TCP header of an TCP/IP packet.
firewall
A network security system that controls incoming and outgoing network traffic.
Communication protocols
govern the exchange of information in network transmission. They dictate how the data is transmitted between devices and the timing of the communication. They also include methods to recover data lost in transit. -TCP -UDP -HTTP -DNS
data packet
A basic unit of information that travels from one device to another within a network
stateful
A class of firewall that keeps track of information passing through it and proactively filters out threats
stateless
A class of firewall that operates based on predefined rules and that does not keep track of information from data packets
cloud network
A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet
port filtering
A firewall function that blocks or allows certain port numbers to limit unwanted communication
TCP/IP Model
A framework used to visualize how data is organized and transmitted across a network
Hypertext Transfer Protocol Secure (HTTPS)
A network protocol that provides a secure method of communication between clients and website servers
Address Resolution Protocol (ARP)
A network protocol used to determine a MAC address of the next router or device on the path
Wide Area Network (WAN)
A network that spans a large geographic area such as a state, province, or country
network segmentation
A security technique that divides the network into segments
Layer 5 - Session
A session describes when a connection is established between two devices. An open session allows the devices to communicate with each other. Session layer protocols occur to keep the session open while data is being transferred and terminate the session once the transmission is complete. The session layer is also responsible for activities such as authentication, reconnection, and setting checkpoints during a data transfer. If a session is interrupted, checkpoints ensure that the transmission picks up at the last session checkpoint when the connection resumes. Sessions include a request and response between applications. Functions in the session layer respond to requests for service from processes in the presentation layer (layer 6) and send requests for services to the transport layer (layer 4).
Network Protocols
A set of rules used by two or more devices on a network to describe the order of delivery of data and the structure of data
Internet Protocol (IP)
A set of standards used for routing and addressing data packets as they travel between devices on a network
controlled zone
A subnet that protects the internal network from the uncontrolled zone
Ping of Death
A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB
ICMP flood attack
A type of DoS attack performed by an attacker repeatedly sending ICMP packets to a network server
distributed denial-of-service (DDoS) attack
A type of denial or service attack that uses multiple devices or servers located in different locations to flood the target network with unwanted traffic
WiFi Protected Access (WPA)
A wireless security protocol for devices to connect to the internet
Layer 1: Physical layer
As the name suggests, the physical layer corresponds to the physical hardware involved in network transmission. Hubs, modems, and the cables and wiring that connect them are all considered part of the physical layer. To travel across an ethernet or coaxial cable, a data packet needs to be translated into a stream of 0s and 1s. The stream of 0s and 1s are sent across the physical wiring and cables, received, and then passed on to higher levels of the OSI model.
Uncontrolled zone
Any network outside your organization's control
OSI Model (Open Systems Interconnection)
Application, Presentation, Session, Transport, Network, Data Link, Physical visually organizes network protocols into different layers. Network professionals often use this model to communicate with each other about potential sources of problems or security threats when they occur. seven layers a standardized concept that describes the seven layers computers use to communicate and send data over the network. Network and security professionals often use this model to communicate with each other about potential sources of problems or security threats when they occur.
Layer 6 - Presentation
Functions at the presentation layer involve data translation and encryption for the network. This layer adds to and replaces data with formats that can be understood by applications (layer 7) on both sending and receiving systems. Formats at the user end may be different from those of the receiving system. Processes at the presentation layer require the use of a standardized format.
Internet Protocol (IP)
IP sends the data packets to the correct destination and relies on the Transmission Control Protocol/User Datagram Protocol (TCP/UDP) to deliver them to the corresponding service. IP packets allow communication between two networks. They are routed from the sending network to the receiving network. The TCP/UDP retransmits any data that is lost or corrupt.
network interception attacks
Network interception attacks work by intercepting network traffic and stealing valuable information or interfering with the transmission in some way.
servers
Servers provide a service for other devices on the network. The devices that connect to a server are called clients.
cloud based firewalls
Software firewalls that are hosted by the cloud service provider
Internet Control Message Protocol (ICMP)
The ICMP shares error information and status updates of data packets. This is useful for detecting and troubleshooting network errors. The ICMP reports information about packets that were dropped or that disappeared in transit, issues with network connectivity, and packets redirected to other routers.
Network Address Translation
The devices on your local home or office network each have a private IP address that they use to communicate directly with each other. In order for the devices with private IP addresses to communicate with the public internet, they need to have a public IP address. Otherwise, responses will not be routed correctly. Instead of having a dedicated public IP address for each of the devices on the local network, the router can replace a private source IP address with its public IP address and perform the reverse operation for responses. This process is known as Network Address Translation (NAT) and it generally requires a router or firewall to be specifically configured to perform NAT. NAT is a part of layer 2 (internet layer) and layer 3 (transport layer) of the TCP/IP model.
packet sniffing
The practice of capturing and inspecting data packets across a network
WPA2
The second version of Wi-Fi Protected Access—known as WPA2—was released in 2004. WPA2 improves upon WPA by using the Advanced Encryption Standard (AES). WPA2 also improves upon WPA's use of TKIP. WPA2 uses the Counter Mode Cipher Block Chain Message Authentication Code Protocol (CCMP), which provides encapsulation and ensures message authentication and integrity. Because of the strength of WPA2, it is considered the security standard for all Wi-Fi transmissions today. WPA2, like its predecessor, is vulnerable to KRACK attacks. This led to the development of WPA3 in 2018.
WPA3
WPA3 is a secure Wi-Fi protocol and is growing in usage as more WPA3 compatible devices are released. These are the key differences between WPA2 and WPA3: WPA3 addresses the authentication handshake vulnerability to KRACK attacks, which is present in WPA2. WPA3 uses Simultaneous Authentication of Equals (SAE), a password-authenticated, cipher-key-sharing agreement. This prevents attackers from downloading data from wireless network connections to their systems to attempt to decode it. WPA3 has increased encryption to make passwords more secure by using 128-bit encryption, with WPA3-Enterprise mode offering optional 192-bit encryption.
modem
a device that connects your router to the internet and brings internet access to the LAN
switch
a device that makes connections between specific devices on a network by sending and receiving data between them
network
a group of connected devices
hub
a network device that broadcasts information to every device on the network
router
a network device that connects multiple networks together
Domain Name System (DNS)
a network protocol that translates internet domain names into IP addresses
VPN (Virtual Private Network)
a network security service that changes your public IP address and hides your virtual location so that you can keep your data private when you are using a public network like the internet
Local Area Network (LAN)
a network that spans a small area like an office building, school, or home
encapsulation
a process performed by a VPN service that protects your data by wrapping sensitive data in other data packets
security zone
a segment of a network that protects the internal network from the internet
proxy server
a server that fulfills the request of a client by forwarding them on to other servers
IEEE 802.11 (WiFi)
a set of standards that define communication for wireless LANs
port
a software-based location that organizes the sending and receiving of data between devices on a network
SYN (synchronize) flood attack
a type of DoS attack that simulates a TCP connection and floods a server with SYN packets
MAC address
a unique alphanumeric identifier that is assigned to each physical device on a network
internet protocol address (IP address)
a unique string of characters that identifies the location of a device on the internet. two types of ip addresses -IP version 4 (IPv4) -IP version 6 (IPv6)
Post office protocol
application layer (layer 4 of the TCP/IP model) protocol used to manage and retrieve email from a mail server. Many organizations have a dedicated mail server on the network that handles incoming and outgoing mail for users on the network. User devices will send requests to the remote mail server and download email messages locally. If you have ever refreshed your email application and had new emails populate in your inbox, you are experiencing POP and internet message access protocol (IMAP) in action. Unencrypted, plaintext authentication uses TCP/UDP port 110 and encrypted emails use Secure Sockets Layer/Transport Layer Security (SSL/TLS) over TCP/UDP port 995. When using POP, mail has to finish downloading on a local device before it can be read and it does not allow a user to sync emails.
Telnet
application layer protocol that allows a device to communicate with another device or server. Telnet sends all information in clear text. It uses command line prompts to control another device similar to secure shell (SSH), but Telnet is not as secure as SSH. Telnet can be used to connect to local or remote devices and uses TCP port 23.
denial of service (DoS) attack
attack that targets a network or server and floods it with network traffic.
three C's
command, control, and communication
Wi-Fi Protected Access (WPA)
developed in 2003 to improve upon WEP, address the security issues that it presented, and replace it. WPA was always intended to be a transitional measure so backwards compatibility could be established with older hardware.The flaws with WEP were in the protocol itself and how the encryption was used. WPA addressed this weakness by using a protocol called Temporal Key Integrity Protocol (TKIP). WPA encryption algorithm uses larger secret keys than WEPs, making it more difficult to guess the key by trial and error. WPA also includes a message integrity check that includes a message authentication tag with each transmission. If a malicious actor attempts to alter the transmission in any way or resend at another time, WPA's message integrity check will identify the attack and reject the transmission. Despite the security improvements of WPA, it still has vulnerabilities.
Security Protocols
ensure that data is sent and received securely across a network. Security protocols use encryption algorithms to protect data in transit. '-(HTTPS) -(SFTP)
IP version 4 (IPv4)
made up of 2 sections, the header and the data. The size of the IP header ranges from 20 to 60 bytes. The header includes the IP routing information that devices use to direct the packet. The format of an IP packet header is determined by the IPv4 protocol. The length of the data section of an IPv4 packet can vary greatly in size. However, the maximum possible size of an IP packet is 65,536 bytes. It contains the message being transferred to the transmission, like website information or email text.
Classless Inter-Domain Routing (CIDR)
method of assigning subnet masks to IP addresses to create a subnet. Classless addressing replaces classful addressing. Classful addressing was used in the 1980s as a system of grouping IP addresses into classes (Class A to Class E).CIDR IP addresses are formatted like IPv4 addresses, but they include a slash ("/'") followed by a number at the end of the address, This extra number is called the IP network prefix. For example, a regular IPv4 address uses the 198.51.100.0 format, whereas a CIDR IP address would include the IP network prefix at the end of the address, 198.51.100.0/24. This CIDR address encompasses all IP addresses between 198.51.100.0 and 198.51.100.255.
firewall
network security device that monitors traffic to or from your network. Firewalls can also restrict specific incoming and outgoing network traffic.
port numbers
numbers that are assigned to the source and destination at Layer 4 to uniquely identify the communication
key reinstallation attack (or KRACK attack)
o decrypt transmissions using WPA. Attackers can insert themselves in the WPA authentication handshake process and insert a new encryption key instead of the dynamic one assigned by WPA. If they set the new key to all zeros, it is as if the transmission is not encrypted at all.
Layer 2: Data link layer
organizes sending and receiving data packets within a single network. The data link layer is home to switches on the local network and network interface cards on local devices. Protocols like network control protocol (NCP), high-level data link control (HDLC), and synchronous data link control protocol (SDLC) are used at the data link layer.
Layer 3: Network layer
oversees receiving the frames from the data link layer (layer 2) and delivers them to the intended destination. The intended destination can be found based on the address that resides in the frame of the data packets. Data packets allow communication between two networks. These packets include IP addresses that tell routers where to send them. They are routed from the sending network to the receiving network.
virtualization tools
pieces of software that perform network operations
forward proxy server
regulates and restricts a person's access to the internet
reverse proxy server
regulates and restricts the internet's access to an internal server
