These notes are directly copied from my Notion. Please excuse any formatting issues.
-
OSI Model
- Application Layer
- HTTP, HTTPS, FTP, TFTP, SMTP, SNMP, etc.
- Certificates
- Non-Repudiation
- Presentation Layer
- Formatting, Compression, File level encryption
- The only layer that does NOT have any protocols
- Session Layer
- Setup, Maintenance, Teardown of a connection
- establish a connection between two applications
- Full Duplex ⇒ Both-way communication
- Half Duplex ⇒ One-way at a time
- Remote Procedure Calls (RPC)
- Transport Layer
- end-to-end data transport services
- Protocols
- TCP
- connection-oriented
- reliable
- 3-way handshake (SYN, SYN-ACK, ACK)
- UDP
- connectionless
- unreliable
- faster; real-time transfer
- Media streaming, gaming, etc.
- TCP
- Network Layer
- Router ⇒ Uses IP addressing; broadcast domain isolation; subnetting; IP addressing
- Layer 3 Switch ⇒ can route traffic; allows inter-VLAN communication
- VLAN ⇒ Virtual LAN, isolates broadcast traffic on a switch (cheaper, easier to configure)
- VLAN Hopping ⇒ when unauthorized traffic is able to move from VLAN to VLAN
- Protocols
- IP
- ICMP (ping)
-
Ping of death ⇒ packet exceeding the max. amount of size
-
Ping Flood ⇒ Large amount of ICMP echo request packets
-
Loki attack ⇒ hides data inside ICMP packets (covert channels)
-
Smurf attack ⇒ DDOS attack; attacker floods a target with ICMP packets by making requests with a spoofed IP.
-
- IPSEC
- Datalink Layer
- 2 sub-layers
- LLC Logical Link Control → Error Detection
- MAC Media Access Control → Physical address
- CSMA/CD → Carrier Sense Multiple Access with Collision Detection
- IEEE Standard 802.3 Ethernet
- CSMA/CA → Carrier Sense Multiple Access with Collision Avoidance
- IEEE Standard 802.11 Wireless
- Token Passing (obsolete now) → only 1 token. without the token, you can’t communicate. So, there are no collisions.
- CSMA/CD → Carrier Sense Multiple Access with Collision Detection
- Ethernet
- CSMA/CD
- MAC address (48-bit)
- Layer 2 Switch (default) ⇒ Uses MAC addressing to address traffic out the appropriate port; collision domain isolation.
- 2 sub-layers
- Physical Layer
- Hub ⇒ Sends all data on all ports all the time
- Threats
- Theft
- Vandalism
- Unauthorized Access
- Sniffing
- Interference
- Data Emanation
- Application Layer
-
Firewalls
- Security Zones
- Group different security levels into different areas or zones
- DMZ ⇒ Zone between the Internet and Internal network
- Bastion Hosts ⇒ Internet-accessible servers placed in a DMZ between the Internet and Internal network
- Firewalls
- Designed to provide filtering between trust zones
- Software or Hardware based
- Provide isolation and separation
- Create zones based on trust
- Use rule-based access control
- Types of Firewalls
- Layer 3 (Stateless Firewall)
- Router with access-control list
- First line of defense
- Inspect Layer 3 and Layer 4 headers (port numbers)
- Layer 5 (Stateful Firewall)
- Awareness of the initiation of the session and the state
- Layer 7 (Application Firewall/Proxies/WAF)
- Deep packet inspection
- Forward Proxy ⇒ inspects traffic from inside going out
- Reverse Proxy ⇒ inspects traffic from outside coming in
- Can inspect on content, time, application-awareness, certificates, etc.
- Layer 3 (Stateless Firewall)
- Security Zones
-
Firewall Best Practices
- Block unnecessary ICMP packets types
- Keep ACLs simple
- Use implicit deny (Deny all by default)
- Block directed IP broadcasts
- Perform ingress and egress filtering
- Block traffic leaving the network as well as entering the network
- Enable logging
- Drop fragments or re-assemble fragments
- Firewalls process ACLs in order
- The first rule that is valid to the access attempt will be applied immediately (no other rules will be applied)
-
NAT and PAT
- RFC 1918 Internal IP Address Ranges
- 10. x.x.x
- 172.16.x.x - 172.31.x.x
- 192.168.x.x
- RFC 1918 Internal IP Address Ranges
-
WAN (Wide Area Network)
- Circuit Switching
- PSTN, ISDN, DSL, T-Carriers
- data travel through switches in order
- Packet Switching
- X.25, Frame Relay, ATM, IP Networks, VoIP
- Chunks data into packets and each packet finds its own best route to the destination and then reassembles at the receiving end
- Protocols
- Multi-Protocol Label Switching (MPLS)
- VoIP
- Security Issues
- Eavesdropping (Greatest Threat) - Enable S/RTP
- Toll Fraud
- Vishing
- SPIT
- Performance Issues
- Latency
- Jittering
- Security Issues
- Circuit Switching
-
Authentication Protocols
- P2P (Point-to-Point Protocols)
- PAP (Password Authentication Protocol) ⇒ simple prompt for a user ID and password when establishing a connection
- CHAP (Challenge Handshake Authentication Protocol) ⇒ client responds to a challenge from the server. The only way the client can answer correctly is if the correct password has been entered
- EAP (Extensible Authentication Protocol) ⇒ Extends the capabilities beyond passwords - to smart cards, biometrics, token devices, etc.
- Tunneling Protocols
- Tunnel encapsulated one protocol within another creating a virtual network
- Can encrypt original IP headers
- Can encrypt data
- Allows for routing non-routable protocols and IP addresses
- Can provide remote/internal IP addresses
- Protocols
- PPTP (Point-to-Point Tunneling Protocol) ⇒ Based on P2P protocol
- Uses MPPE (Microsoft) for encryption and PAP, CHAP, or EAP for authentication
- L2TP (Layer 2 Tunneling Protocol)
- Cisco
- No Security. It must use IPSec to secure
- Only encapsulation is provided
- GRE (Generic Routing Encapsulation)
- Packet transfer from IPv4 to IPv6 network
- PPTP (Point-to-Point Tunneling Protocol) ⇒ Based on P2P protocol
- P2P (Point-to-Point Protocols)
-
Wireless Networking
