CYBV301 Fundamentals of Cybersecurity

Week 4

Network Fundamentals
Agenda
➢ Network Overview
➢ Types of Networks
➢ The OSI Model
➢ The TCP/IP Model
➢ Network Transmission Media
➢ Network Devices
➢ Putting it all together
➢ References
Network Overview
Types of Networks
Physical vs Logical Topologies
Physical Topology
➢ How network devices are arranged and how they communicate
➢The actual physical cabling and network connections
➢How the data actually flows through the physical network

Logical or Signal Topology

➢ The arrangement of devices on the network and how they communicate
with each other
➢How signals act on the network
➢The way the data passes through the network from one device to the
next without regard for the physical interconnections
Wide Area Network (WAN)
➢ Connects MANs, LANs, and computers together
over large geographically dispersed areas
➢ Private or Public
➢ Corporate WAN
➢ Public Internet

➢ Wired, Wireless or Hybrid

➢ Microwave/Wi-Max
➢ Fiber/Cable/Telephone lines/Ethernet
➢ Cellular
➢ WiFi
➢ Satellite

➢ Typically established over leased circuits

➢ ISPs
➢ Global/International Providers
Metropolitan Area Network (MAN)
➢ A Metropolitan Area Network (MAN) is a
large computer network on the large
geographical area that include several
buildings or an entire city.
➢ Private
➢ High-speed private networks used to link
multiple facilities together
➢ Fiber/cable/wired or broadband wireless
➢ Point to Point or mesh configurations
➢ Public
➢ Provide cities or towns high data connection
➢ Single provider

➢ MAN includes many communicating devices

and provides the Internet connectivity for the
LANs in the metropolitan area.
Local Area Network (LAN)
➢ A Local Area Network (LAN) is acomputer
network that interconnects computers in
limited geographical area.
➢ Segmented by a Router
➢ Interconnected by cabling and switches or
wirelessly
➢ Can contain a variety of network devices
➢ Firewalls, IDS/IPS
➢ Laptops, Desktops, Workstations
➢ Printers
➢ Network storage devices
➢ VOIP Phones
➢ Servers
➢ Network topologies
➢ Ring
➢ Bus
➢ Mesh
➢ Star
➢ Tree
➢ Hybrid
Personal Area Network (PAN)
➢ Network organized around an individual’s personal
compute devices such as computer, phone, tablet,
PDA, printer, gaming, and wearable devices
➢ Predominantly Wireless
➢ Cellular
➢ WiFi
➢ Bluetooth
➢ NFC/Infrared
➢ Typically 10-100m range
➢ Personal Usage
➢ Data synchronization
➢ Service sharing
➢ Internet sharing
Other Types of Networks
CAN – Campus Area Network
➢ Network of interconnected LANs within a limited geographic range
BAN – Body Area Network
➢ Wireless network of wearable computing devices and sensors
NAN – Near-me Area Network
➢ Wireless network of devices in close proximity

NFC – Near Field Communications

➢ Point to Point (P2P) network between two devices in close proximity (4cm)
to each other

IAN – Internet Area Network

➢ Conceptual network that connects voice & data endpoints within a cloud
environment over IP
➢ Communications services are virtualized
➢ Completely eliminates geography from the network profile
The Internet

➢ Connects many WANs, MANs, LANs into a global network

➢ Internet Service Providers (ISPs)
➢ Provide connectivity between WANs, MANs, and LANs
➢ Responsible for the integrity of the Internet
➢ ISP to ISP connectivity
➢ Provide connectivity through Points of Presence (POP) aka Network Access Points (NAP)
➢ WANs, MANs, and LANs connect to the POP/NAP to provide global Internet connectivity
➢ 2022 produced ~94 Zettabytes of Data
➢ More than 5.1 Billion users
➢ More than 154.6 million .com domains
➢ 2 billion websites
➢ Internet statistics @ https://techjury.net/blog/internet-statistics/
Open Systems Interconnection Model
(OSI Model)
OSI Model (1 of 10)
➢ The Open Systems Interconnection (OSI) model was originally conceived as a
standard architecture for building network systems
➢ The OSI model defines a networking framework to implement protocols
in layers, with control passed from one layer to the next.
➢ Computer network architectures are divided into 7 layers in a logical progression
➢ The OSI Model is broken up into two distinct levels
➢ Lower layers deal with electrical signals, chunks of binary data, and
routingof these data across networks
➢ Higher levels cover network requests and responses, representation of
data, and network protocols as seen from a user's point of view

- Lifewire: https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017
OSI Model (2 of 10)
OSI Model (3 of 10)
OSI Model (4 of 10)
Layer 7 - Application Layer
➢ The Application layer supplies
network services to end-user
applications

➢ Network services are typically

protocols that work with user's data
➢ In a Web browser application,the
Application layer
protocol HTTP packages the data
needed to send and receive Web page
content
➢ This Layer 7 provides data to (and
obtains data from) the Presentation
layer

- Lifewire: https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017
OSI Model (5 of 10)
Layer 6 - Presentation Layer
➢ The Presentation layer is the
simplest in function of any piece of
the OSI model
➢ It handles syntax processing of
message data such as format
conversions and encryption /
decryption needed to support the
Application layer above it

- Lifewire: https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017
OSI Model (6 of 10)
Layer 5 - Session Layer
➢ The Session Layer manages the
sequence and flow of events that
initiate and tear down network
connections

➢ It is built to support multiple types of

connections that can be created
dynamically and run over individual
networks

- Lifewire: https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017
OSI Model (7 of 10)
Layer 4 – Transport Layer
➢ The Transport Layer delivers data
across network connections
➢ TCP is the most common example of
a Transport Layer 4 network
protocol
➢ UDP is another very common
Transport Layer 4 network protocol

➢ Different transport protocols may

support a range of optional
capabilities including error recovery,
flow control, and support for re-
transmission

- Lifewire: https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017
OSI Model (8 of 10)
Layer 3 – Network Layer
➢ The Network layer adds the concept of routing
above the Data Link layer. When data arrives at
the Network layer, the source and destination
addresses contained inside each frame are
examined to determine if the data has reached
its final destination. If the data has reached the
final destination, this Layer 3 formats the data
into packets delivered up to the Transport
layer. Otherwise, the Network layer updates the
destination address and pushes the frame back
down to the lower layers.

➢ To support routing, the Network layer

maintains logical addresses such as IP
addresses for devices on the network. The
Network layer also manages the mapping
between these logical addresses and physical
addresses. In IP networking, this mapping is
accomplished through the Address Resolution
Protocol (ARP)
- Lifewire: https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017
OSI Model (9 of 10)
Layer 2 – Data Link Layer
➢ When obtaining data from the Physical
layer, the Data Link layer checks for
physical transmission errors and
packages bits into data "frames"

➢ The Data Link layer also manages

physical addressing schemes such
as MAC addresses for Ethernet networks,
controlling access of any various network
devices to the physical medium

➢ Because the Data Link layer is the single

most complex layer in the OSI model, it
is often divided into two parts, the
"Media Access Control" sublayer and the
"Logical Link Control" sublayer

- Lifewire: https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017
OSI Model (10 of 10)
Layer 1 – Physical Layer
➢ The Physical layer of the OSI model
is responsible for ultimate
transmission of digital data bits from
the Physical layer of the sending
(source) device over network
communications media to the
Physical layer of the receiving
(destination) device
➢ At the Physical layer, data are
transmitted using the type of
signaling supported by the physical
medium: electric voltages, radio
frequencies, or pulses of infrared or
ordinary light

- Lifewire: https://www.lifewire.com/layers-of-the-osi-model-illustrated-818017
TCP/IP Model
TCP/IP Model (1 of 5)
➢ The TCP/IP model was initially
developed by DARPA
➢ The TCP/IP model is layered and is
used in the same fashion as the OSI
model but with fewer layers
➢ The layers within the TCP/IP model are
considered less rigid then that of the
OSI model, which basically means that
many protocols implemented can be
considered in grey areas between one
area and another.
➢ The TCP/IP protocol suite contains the
same protocols referenced in the earlier
OSI model sections

- Pearson: http://www.pearsonitcertification.com/articles/article.aspx?p=1804869
TCP/IP Model (2 of 5)
The Application Layer
➢ The Application layer is the highest layer in the TCP/IP
model and is related to the session, presentation and
application layers of the OSI model

➢ The application layer of the TCP/IP model is used to

handle all process-to-process communication functions;
these functions were carried out by multiple different
layers when referencing the OSI model

➢ Functions include:
➢ Session establishment, maintenance and termination
➢ Character code translations
➢ Data conversion, compression and encryption
➢ Remote access
➢ Network management
➢ Electronic messaging

➢ Common protocols include Named Pipes, NetBIOS,

MIME, TLS, SSL, FTP, DNS, HTTP, SMTP and many
others
- Pearson: http://www.pearsonitcertification.com/articles/article.aspx?p=1804869
TCP/IP Model (3 of 5)
The Transport Layer
➢ The Transport layer is the next layer and
is typically related directly with the same
named layer in the OSI model
➢ Functions include:
➢ Message segmentation
➢ Acknowledgement
➢ Traffic control
➢ Session multiplexing
➢ Error detection and correction (resends)
➢ Message reordering

➢ Common protocols include the Transport

Control Protocol (TCP) and User
Datagram Protocol (UDP)

- Pearson: http://www.pearsonitcertification.com/articles/article.aspx?p=1804869
TCP/IP Model (4 of 5)
The Internet Layer
➢ The Internet layer is the next layer up
from the link layer and is associated with
the network layer of the OSI model
➢ Functions include:
➢ Traffic routing
➢ Traffic control
➢ Fragmentation
➢ Logical addressing

➢ Common protocols include IP, ICMP and

IGMP

- Pearson: http://www.pearsonitcertification.com/articles/article.aspx?p=1804869
TCP/IP Model (5 of 5)
The Link Layer
➢ The link layer is the lowest layer of the TCP/IP
model
➢ Also referred to as the Network Interface Layer

➢ The link layer combines the physical and data

link layer functions into a single layer

➢ Frame & physical network functions include:

➢ Modulation
➢ Line coding and bit synchronization
➢ Frame synchronization and error detection
➢ LLC and MAC sublayer functions

➢ Common protocols include the Address

Resolution Protocol (ARP), Neighbor
Discovery Protocol (NDP), IEEE 802.3 and
IEEE 802.11

- Pearson: http://www.pearsonitcertification.com/articles/article.aspx?p=1804869
OSI vs. TCP/IP Model
OSI Model
OSI Model TCP/IP Model

1. OSI is a generic, protocol 1. TCP/IP model is based on standard

independent standard, acting as a protocols around which the Internet has
communication gateway between the developed. It is a communication
network and end user. protocol, which allows connection of
hosts over a network.

2. OSI is a 7 layer reference model 2. The TCP/IP 4 layer reference model

around which the networks are built. is an implementation of the OSI model
Generally it is used as a guidance tool.

3. OSI model has a problem of fitting 3. TCP/IP model does not try fit any TCP/IP Model
the protocols into the model protocol

4. OSI model defines services, 4. In TCP/IP, services, interfaces and

interfaces and protocols very clearly protocols are not clearly separated. It is
and makes clear distinction between also protocol dependent.
them. It is protocolindependent.

-Computer Networks :http://www.studytonight.com/computer-networks/comparison-osi-tcp-model

Network Transmission Media
Network Transmission Media
Wired Networks
➢ Twisted Pair
➢ Coaxial Cable
➢ Optical Fiber

Wireless Networks
➢ Satellite
➢ Microwave
➢ Cellular
➢ WiMAX
➢ WiFi
➢ Bluetooth
➢ Zigbee/Zwave
Wired Networks – Twisted Pair
➢ Copper wire
➢ Reduce crosstalk or electromagnetic induction between wires
➢ Offset external Electromagnetic Interference (EMI)

➢ Shielded Twisted Pair (STP)

➢ Used in older telephone, network/data communications
➢ Reduce EMI

➢ Unshielded Twisted Pair (UTP)

Wired Networks – Coaxial Cable
➢ Conductor, insulator, shield, jacket
➢ Most versatile medium
➢ Data transmission lines
➢ Television, Radio, Camera systems
➢ Cable-based Internet
➢ RF cabling
➢ Long distance transmission
➢ High bandwidth
➢ Several different cable types
➢ RG-59
➢ RG-6
➢ RG-6 Quad-Shielded
➢ RG-6 White
➢ RG-6 with ground
➢ Highly resistant to EMI
➢ Some signal leakage possible
Wired Networks – Optical Fiber
➢ Fiber optic cables contain core, cladding, and buffer
➢ Optical fiber cores made of glass or plastic
➢ Several different types of fiber optic cables
➢ Multi-mode optical fibers - Less expensive, larger core, lower performance
➢ Single-mode optical fiber - More expensive, smaller core, higher performance
➢ Immune to electromagnetic interference
➢ Very high bandwidth long distance communications

➢ Work by transmitting modulated light signals over optical fibers

➢ Most systems work by transmitting in one direction on one fiber and the other
direction on a second fiber.
➢ Transmitters are semiconductor LEDs or Lasers
➢ Receivers are semiconductor photoconductors
Wireless Networks
➢ Personal Wireless Networks
➢ Bluetooth, WiFi, IrDA, ZigBee, UWB
➢ Wireless Local Area Networks
➢ WiFi, Bluetooth, ZigBee
➢ Wireless Metropolitan Area Networks
➢ Microwave, WiMAX, Satellite, limited WiFi
➢ Wireless Wide Area Networks
➢ 3G/4G/LTE Cellular, Microwave, Satellite
➢ Access Points/Base Stations & Clients
➢ Network & P2P
➢ More flexible, lower cost
➢ Lower performance
➢ WLAN Security
➢ WEP, WPA, WPA2, AES, E0, A5 encryption
➢ Confidentiality, Integrity, Availability vulnerabilities
Network Devices
Network Hubs
➢ Network-based device that is used to connect
multiple devices to a network segment
➢ Works at the Physical Layer (Layer 1) of the
network
➢ Replicates all network traffic on all ports – nothing
more than a fancy repeater
➢ Little to no smarts or security
➢ Basically a large collision domain

➢ Should not be used in place of a Network Switch

➢ Can cause serious performance issues as every
packet goes to every machine connected to the hub
➢ Can be used by an attacker to sniff traffic on a given
network segment – Confidentiality Vulnerability
➢ In most cases, a Network Switch will provide better
performance and more security
Bridges
➢ Network-based device that is used to
connect to physical segments of a
network
➢ Operates at the Physical and Link Layers
of the network (Layers 1 & 2)
➢ Can be wired or wireless
➢ Four types of Bridging Technologies
➢ Simple Bridging – connects two network
segments and decides frame by frame whether
or not to forward network traffic.
➢ Multiport Bridging – connects multiple
networks and decides frame by frame whether
and where to forward network traffic.
➢ Transparent Bridging – using a forwarding
database, decides frame by frame whether to
forward or filter network traffic.
➢ Source Route Bridging - used on token ring
networks
Switches
➢ Network-based device that is used to connect
computers, printers, and servers within a
building or campus
➢ Considered one of the building blocks for
network communications
➢ Works at the OSI Link Layer (Layer 2)
➢ Switches inspect messages within a network;
determine the source and destination addresses
for each packet; then forward the packet to the
appropriate port
➢ Three general types of switches
➢ Unmanaged Switches – essentially plug & play
➢ Managed Switches – enterprise level
administered device (QoS, SNMP, etc.)
➢ Layer 3 Switches – hybrid switch and routing
functions (work at Layers 2 & 3)
Routers
➢ Routers are the very foundation of the Internet
➢ Network-based device that is used to connect networks
together
➢ Works at the OSI Network Layer (Layer 3)
➢ Specialized computing device optimized for handling
packets that are being transferred between separate
networks
➢ Routing is like a postal code system - Many different
possible routes
➢ Routers attempt to send traffic to its destination in the
fastest/most efficient way possible
➢ RoutingTables
➢ All possible routes the router is aware of
➢ Connections that lead to a specific set of addresses
➢ Connection priorities
➢ Traffic handling rules (routine and special traffic)
➢ Dynamic – constantly being updated
Modems
➢ Modem (Modulator-demodulator)
➢ Network-based device that modulates carrier
waves to encode digital data for transmission
then demodulates the signals to decode the
transmitted information
➢ Works at the OSI Physical Layer (Layer 1)
➢ Used to transmits data over physical networks
such as telephone, cable, fiber, power lines or
wirelessly
➢ Frequently integrated with other devices such as
wireless access points, routers, firewalls, etc.
➢ General types of modems
➢ DSL
➢ Cable
➢ Wireless (Satellite, WiMAX, WiFi, cellular, etc.)
➢ Powerline
Wireless Access Points
➢ Wireless Access Points (WAP) are network-based
devices that are used to connect wireless capable
devices to wired networks.
➢ Works at the OSI Data Link Layer (Layer 2)
➢ Creates a Wireless LAN (WLAN) segment
➢ The vast majority of WAPs utilize WiFi
➢ WAP and WiFi hotspot have become synonymous
➢ WAPs have special security considerations
➢ Ease of Use vs. Security
➢ Borderless extension to wired networks
➢ Open vs. Closed WAP
➢ Encryption protocols
➢ Authentication methods
➢ WAP types
➢ WiFi
➢ Cellular
➢ Satellite
Firewalls (1 of 6)

➢ Packet Filtering

➢ Stateful Inspection

➢ Circuit-Level Gateway

➢ Proxy or Application Level Gateways

& Reverse-Proxy

➢ Next Generation (Multi-level/factor

inspection)
Firewalls (2 of 6)

Packet Filtering Firewall

➢ Simplest type of firewall
➢ Some instances the most effective
➢ Controls access based on the packet header
information
➢ Source and Destination IP addresses
➢ Transport Protocols
➢ Ports
➢ Grants access or filters packets based on specific
rules
➢ Monitors and controls both inbound and
outbound traffic
➢ Determines access prior to packet entering or
leaving the internal network
➢ Not a perfect solution
➢ Can be mapped and bypassed by attackers
Firewalls (3 of 6)

Stateful Inspection Firewall

➢ Maintains state information from one packet to
another in the input stream
➢ Determine threat and grant access or filter
according to information from multiple packets
➢ Use of State Table & Rulesets
➢ Monitor all open connections through the firewall
➢ Uses state information to build context for each
packet
➢ Aids in detecting and blocking attacks that have
been broken up and sent over multiple packets
➢ Can detect scanning and probing activities
➢ Still not a perfect solution
➢ State tables have limited resources
➢ Can be mapped, spoofed, and bypassed by
attackers
Firewalls (4 of 6)

Circuit Level Gateway

➢ Operates at the Session Layer (Layer 5)
➢ Monitor the TCP handshake between packetsto
determine if the session is legitimate
➢ Extension of Packet Filtering
➢ Performs basic packet filtering operations
➢ Adds verification of proper handshaking to
ensure legitimate sessions information is used to
establish connections
➢ Uses SYN and ACK flags and Sequence numbers
➢ Aids in detecting and blocking attacks that spoof
or abuse legitimate sessions
➢ Still not a perfect solution
➢ Still allows data to pass through if rules are met
➢ Can be mapped, spoofed, and bypassed by
attackers
Firewalls (5 of 6)

Application/Proxy Firewall (Bastion Host)

➢ Operates at the Application Layer (Layer 7)
➢ Considered the most secure
➢ Simulates the behavior of a protected application inside the
network
➢ Acts as a Man-in-the-Middle Proxy
➢ From the inside the gateway appears to be the outside connection
➢ From the outside the gateway appears to be the host inside the
network.
➢ Proxy pseudoapplicaitons conduct interactions
➢ No free flow of data – packets are recrafted
Firewalls (6 of 6)

NextGen Firewall
➢ Most advanced – Most complicated
➢ Integrated network device that provides integrated
functionality
➢ Traditional Packet Filtering/Stateful Inspection Firewall
➢ Network and Port Address Translation (NAT)
➢ Application firewall
➢ Deep Packet Inspection
➢ Intrusion Prevention System (IPS)
➢ Encrypted traffic inspection
➢ Web filtering
➢ Quality of Service (QoS) management
➢ Antivirus inspection
➢ Identity Management Integration
➢ Virtual Private Network (VPN) support
➢ Still not a perfect solution
➢ Limited by its configuration and rules
➢ Can be mapped, spoofed, and bypassed by attackers
Intrusion Detection Systems (IDS)
➢ Server based network application
➢ Single or multi-vector threat identification
➢ Predefined Rule sets
➢ False positives
➢ False negatives
➢ Organizationally configured – only as good as you are!
➢ Will only detect known threats
➢ Some systems only provide alerts – someone has to read, analyze and act!

➢ Not a perfect solution

➢ Can be bypassed by skilled attackers or insiders
➢ Systems using only static indicators have high false negative rate
➢ Systems using variable indicators have high false positive rate
Intrusion Prevention Systems (IPS)
➢ Server based network application
➢ Inspects network traffic for known attack vectors
➢ Alerts
➢ Blocks network traffic
➢ Single or multi-vector threat identification & blocking
➢ Predefined rule sets
➢ False positives
➢ False negatives
➢ Newer NGIPS
➢ Develop network traffic context to make alerting and blocking decisions
➢ Use content awareness to understand and protect file types – useful for malware detection
➢ Can identify applications and users to provide high fidelity access control and logging
➢ Organizationally configured – only as good as you are!
➢ Not a perfect solution
➢ Can be bypassed by skilled attackers or insiders
➢ Systems using only static indicators have high false negative rate
➢ Systems using variable indicators have high false positive rate
➢ Hybrid systems are complex and difficult to configure and maintain
Data Loss Prevention (DLP) Solutions
➢ Server based network application
➢ Prevents access to and transmission of protected files
➢ Predefined Rule sets
➢ Organizationally configured
➢ Only works if you identify the sensitive data
➢ Monitors and controls outgoing electronic communications
➢ Email
➢ Instant Messaging
➢ Web traffic
➢ File transfers

➢ Not perfect solution

➢ Can be bypassed by skilled attackers or insiders
➢ Some systems only scan file names, hashes, etc.
 Questions?

Coming Next Week

Networking Protocols and

Defense
References
➢ Cichonski, p., Grance, T., & Scarfone, K. (2012). NIST SP 800-61. Computer Security
Incident Handling Guide. U.S. Department of Commerce.
➢ Pfleeger, C., & Pfleeger, S. (2011). Analyzing Computer Security: A
Threat/Vulnerability/Countermeasure Approach. Pearson Education.
➢ Pfleeger, C., Pfleeger, S., & Margulies, J. (2015) Security in Computing – Fifth Edition.
Prentice Hall
➢ SANS Institute. (2015). Intrusion Discovery Cheat Sheet v2.0. www.sans.org
➢ Skoudis, E., Strand, J. (2015). Incident Handling. SANS, www.sans.org