Connect and Protect: Networks and Network Security - Module 1
What do cloud service providers offer?
-Cloud computing to maintain applications (so org doesn't have to) -Provide on-demand storage and processing power that customers can pay for as needed -Business and web analytics orgs can use to monitor web traffic and sales
What is a cloud network?
A collection of servers or computers that stores resources and data in a remote data center that can be accessed via the internet
Cloud service provider (CSP)
A company that offers cloud computing services; typically own large data centers around the world that host millions of servers; can sell services of data centers to other companies for a fee
What is a switch?
A device that makes connections between specific devices on a network by sending and receiving data between them; more intelligent and more secure than a hub by only passing data to the intended destination
What is a network?
A group of connected devices
What is a modem?
A modem is a device that connects your router to the internet, and brings internet access to the LAN For example: If a computer from one network wants to send information to a device on a network in a different geographic location, first computer sends information to the router, then the router transfers info through the modem to the internet, then the intended recipient's modem receives the information and transfers it to the router, then router forwards it to the destination device computer sends data -> router-> modem -> internet-> recipient modem ->router -> destination device
What is a hub?
A network device that broadcasts information to every device on the network For example: A radio tower that broadcasts a signal to every radio tuned into the correct frequency
What is a router?
A network device that connects multiple networks together For example: If a computer in one network wants to send information to a tablet on another network; first information travels from computer to router, then router reads destination address and forwards the data to the intended network's router, then receiving router directs info to the tablet
What is a firewall?
A network security device that monitors traffic to or from your network and restricts specific incoming and outgoing network traffic
What is a server?
A physical or virtual computer whose purpose is to provide services to other devices on the network
What are data packets assigned to when they are sent and received across a network?
A port
Session layer (OSI model)
A session describes when a connection is established between two devices; protocols occur to keep the session open while data is being transferred and terminate the session once the transmission is complete; also responsible for activities such as authentication, reconnection, and setting checkpoints during a data transfer Example: Functions in the session layer respond to requests for service from processes in the presentation layer and send requests for services to the transport layer
What is a port?
A software-based location that organizes the sending and receiving of data between devices on a network; divide network traffic into segments based on the service they will perform between two devices; the sending and receiving computers know how to prioritize and process the segments based on their port number Example: Sending a letter to a friend who lives in an apt building; mailman knows how to find the building and where to go within the building to find the apt number
OSI (Open Systems Interconnection) model
A standardized concept that describes the seven layers computers use to communicate and send data over the network
What makes a switch better than a hub for security purposes?
A switch forwards data packets between devices directly connected to it, but it maintains a MAC address table that matches the MAC addresses of connected devices to port numbers on the switch and only forwards data packets according to the destination MAC address rather than every device connected
How is network performance measured?
Bandwidth
What are the devices that connect to a server called?
Clients
Physical layer (OSI model)
Corresponds to the physical hardware involved in network transmission i.e. hubs, modems, and the cables and wiring that connect them; to travel across an ethernet or coaxial cable, a data packet needs to be translated into a stream of 0s and 1s. The stream of 0s and 1s are sent across the physical wiring and cables, received, and then passed on to higher levels of the OSI model
Why are virtualization tools useful?
In place of physical devices, these tools provide opportunities for cost savings and scalability
Application layer (OSI model)
Includes processes that directly involve the everyday user; includes all of the networking protocols that software applications use to connect a user to the internet; i.e. using a web browser, sending/receiving email, etc.
IP address
Internet Protocol address; the unique identifying number assigned to every device connected to the internet (used for identification globally/over the internet)
IP
Internet Protocol; has a set of standards used for routing and addressing data packets as they travel between devices on a network; includes the IP address that functions as an address for each private network
Presentation layer (OSI model)
Involves data translation and encryption for the network; this layer adds to and replaces data with formats that can be understood by applications on sending and receiving systems (standardized format); i.e. SSL, which encrypts data between web servers and browsers as part of websites with HTTPS
The 4 layers of the TCP/IP model
Network Access layer Internet layer Transport layer Application layer
Software-defined networks (SDNs)
Networks that are made up of virtual network devices and services (virtual switches, routers, firewalls, and more); the tools are hosted on servers located at the CSP's data center
Data link layer (OSI model)
Organizes sending and receiving data packets within a single network; home to switches on the local network and network interface cards on local devices; protocols like network control protocol (NCP), high-level data link control (HDLC), and synchronous data link control protocol (SDLC) are used at the data link layer
Network layer (OSI model)
Oversees receiving the frames from the data link layer and delivers them to the intended destination; destination can be found based on the address that resides in the frame of the data packets; routed from sending network to receiving network
The 7 layers of the OSI model:
Physical layer Data link layer Network layer Transport layer Session layer Presentation layer Application layer
What are virtualization tools?
Pieces of software that perform network operations; they carry out operations that would normally be completed by a hub, switch, router, or modem, and they are offered by Cloud service providers
Commonly used port numbers
Port 25 (email) Port 443 (secure internet communication) Port 20 (large file transfers)
Packet sniffing
The practice of capturing and inspecting data packets across the network
What is cloud computing?
The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices
TCP/IP model
The standard model used for network communication; a framework that is used to visualize how data is organized and transmitted across the network
How are cloud networks different than traditional networks?
They use remote servers, which allow online services and web applications to be used from any geographic location
13 fields within header of an IPv4 packet:
-Version (VER): tells receiving devices what protocol the packet is using -IP Header Length (HLEN or IHL): packets header length; indicates where the packet header ends and the data segment begins -Type of Service (ToS): provides router with information about how to prioritize packets for delivery to maintain quality of service on the network -Total Length: communicates the total length of the entire IP packet, including the header and data; max size is 65,535 bytes -Identification: packets that are larger than 65, 535 bytes, the packets are divided, or fragmented, into smaller IP packets; identification field provides a unique identifier for all the fragments of the original IP packet so that they can be reassembled once they reach their destination -Flags: provides the routing device with more information about whether the original packet has been fragmented and if there are more fragments in transit -Fragmentation Offset: tells routing devices where in the original packet the fragment belongs -Time to Live (TTL): prevents data packets from being forwarded by routers indefinitely; contains a counter that is set by the source; counter is decremented by one as it passes through each router along its path; when the TTL counter reaches zero, the router currently holding the packet will discard the packet and return an ICMP Time Exceeded error message to the sender -Protocol: tells the receiving device which protocol will be used for the data portion of the packet -Header Checksum: contains a checksum that can be used to detect corruption of the IP header in transit; corrupted packets are discarded -Source IP Address: IPv4 address of the sending device -Destination IP Address: IPv4 address of the destination device -Options: allows for security options to be applied to the packet if the HLEN value is greater than five
What is the size range of an IPv4 header?
20-60 bytes; First 20 bytes: fixed set of information i.e. source and destination IP address Last 0-40 bytes: Options field (optional info)
What is the maximum possible size of an IPv4 packet?
65,535 bytes
Data packet
A basic unit of information that travels from one device to another within a network; contains information about where the packet is going, where it's coming from, and the content of the message
Why were IPv6 addresses introduced?
As the internet grew, all the IPv4 addresses got used up, so another form of identification was developed
What are some examples of servers?
DNS servers that perform domain name lookups for websites, file servers that store and retrieve files from a database, corporate mail servers that provide and organize mail for a company
Network Access layer (TCP/IP model)
Deals with creation of data packets and their transmission across a network; corresponds to the physical hardware involved in network transmission i.e. hubs, modems, cables, wiring, etc; also includes the address resolution protocol (ARP) which assists IP with directing data packets on the same network by mapping IP addresses to MAC addresses on that same physical network
True or False: Irregular network speed or bandwidth are not possible indications of an attack.
False
T or F: Hubs and switches direct traffic on a wide area network
False They direct traffic on a local network
T or F: All the devices on a network have different public-facing IP address
False They share the same public-facing IP address
Contents of a data packet:
Header: includes IP and MAC address of destination device and protocol number which tells the receiving device what to do with the information in the packet Body: contains the message that needs to be transmitted to the receiving device Footer: signals that the packet is finished
What is reliability in cloud computing?
How available cloud services and resources are, how secure connections are, and how often the services are effectively running
What makes hubs vulnerable to eavesdropping and makes them not used as often on modern networks?
Hubs repeat all information out to all ports/devices that are connected to it
Private IP addresses
IP address only seen by other devices on the same local network
IPv6 address
IP addresses made up of 32 characters
IPv4 address
IP addresses made up of four, 1, 2, or 3-digit numbers separated by a decimal point i.e. 123.45.67.10 or 12.456.3.67
What is a LAN?
Local Area Network; spans a small area like an office building, a school, or a home For example: iPhone connects to home wifi, they form a LAN and the LAN connects to the internet
MAC address
Media Access Control Address; the unique identifying number assigned to every device connected to the network (used for identification locally/within the network)
Software as a Service (SaaS)
Refers to software suites operated by the CSP that a company can use remotely without hosting the software
Network bandwidth
Refers to the amount of data a device receives every second; calculated by dividing the quantity of data by the time in seconds
Network speed
Refers to the rate at which data packets are received or downloaded
Infrastructure as a Service (IaaS)
Refers to the use of virtual computer components offered by the CSP; includes virtual containers and storage that are configured remotely through the CSP's API or web console; cloud-compute and storage services can be used to operate existing apps and other tech workloads without significant modifications. Existing apps can be modified to take advantage of the availability, performance, and security features that are unique to cloud provider services
Platform as a Service (PaaS)
Refers to tools that application developers can use to design custom applications for their company; these apps are designed and accessed in the cloud and used for a company's specific business needs
What are the main reasons cloud computing is beneficial to organizations?
Reliability Decreased cost Increased scalability
Transport layer (OSI model)
Responsible for delivering data between devices; also handles the speed of data transfer, flow of the transfer, and breaking data down into smaller segments to make them easier to transport; the speed and rate of the transmission also has to match the connection speed of the destination system; TCP and UDP are transport layer protocols
Transport layer (TCP/IP model)
Responsible for delivering data between two systems or networks and includes protocols to control the flow of traffic across a network; TCP and UDP are the two transport protocols that occur at this layer; these protocols permit or deny communication with other devices and include information about the status of the connection; Activities of this layer include error control, which ensures data is flowing smoothly across the network. Transmission Control Protocol (TCP): An internet communication protocol that allows two devices to form a connection and stream data. It ensures that data is reliably transmitted to the destination service. It contains the port number of the intended destination service, which resides in the TCP header of a TCP/IP packet. User Datagram Protocol (UDP): A connectionless protocol that does not establish a connection between devices before transmissions. It is used by applications that are not concerned with the reliability of the transmission. Data sent over UDP is not tracked as extensively as data sent using TCP. It is used mostly for performance sensitive applications that operate in real time, such as video streaming.
Internet layer (TCP/IP model)
Responsible for ensuring the delivery to the destination host; IP addresses are attached to data packets to indicate the location of the sender and receiver; also determines which protocol is responsible for delivering the data packets. Protocols used at this layer: Internet protocol (IP): IP sends data packets to correct destination and relies on TCP/UDP (User Datagram Protocol) to deliver packets to the corresponding service. IP packets allow communication between two networks routed from sending network to receiving network. The TCP/UDP retransmits any data that is lost or corrupt Internet Control Message Protocol (ICMP): Shares error information and status updates of data packets. This is useful for detecting and troubleshooting network errors. Reports information about packets that were dropped or that disappeared in transit, issues with network connectivity, and packets redirected to other routers.
Application layer (TCP/IP model)
Responsible for making network requests or responding to requests; defines which internet services and applications any user can access; protocols determine how the data packets will interact with receiving devices; application layer protocols rely on underlying layers to transfer the data across the network. Example: File transfers and email services Protocols used in this layer: Hypertext transfer protocol (HTTP) Simple mail transfer protocol (SMTP) Secure shell (SSH) File transfer protocol (FTP) Domain name system (DNS)
TCP
Transmission Control Protocol; an internet communication protocol that allows two devices to form a connection and stream data; includes a set of instructions to organize data, so it can be sent across a network and makes sure packets reach their appropriate destinations
T or F: Your internet service provider assigns a public IP address that is connected to your geographic location
True
T or F: The TCP/IP model is a simplified version of the OSI model
True
T or F: Most organizations use a hybrid cloud environment
True Reduces cost while maintaining control over network resources
Is the internet an example of a LAN or WAN?
WAN
What is considered a hybrid cloud environment?
When orgs use a CSPs devices in addition to their own on-premise computers, networks, and storage
What is considered a multi-cloud environment in an org?
When orgs use more than one cloud service provider
What is a WAN?
Wide Area Network; spans a large geographical area like a city, state, or country For example: An employee of a company in San Fransisco can communicate/share data in anothere state/country over the WAN