Cyber Fundamentals Course 3.0
Cyber Fundamentals Course 3.0
Introduction to Networks
Understanding Networks
● Local Area Network (LAN): Covers a small area such as a home or office. For
instance, when your phone connects to your home Wi-Fi, it's part of a LAN.
● Wide Area Network (WAN): Covers larger geographic areas, like cities or
countries. The internet is the largest WAN, allowing devices worldwide to
communicate.
Cybersecurity Basics
● Firewalls: Act as a barrier between your network and the outside world,
monitoring incoming and outgoing traffic based on security rules. Think of it as
the bouncer at the door of your network, deciding who gets in and out.
● Servers: Provide various services to devices on the network, like storing files or
managing emails. They're like specialized workers in an office, each with a
specific job.
Wireless Networks
Network diagrams are essential tools for understanding and managing the structure of
a network. They help cybersecurity professionals visualize how devices are connected
and identify potential vulnerabilities.
Cloud Networks
Transition to Cloud Computing
Historically, companies managed their own network devices in-house. However, the rise
of cloud computing has shifted many businesses toward using third-party providers for
network management. This change offers significant cost savings and access to a
broader range of network resources.
Cloud computing utilizes remote servers hosted on the internet for storing and
managing data, applications, and services, rather than using local physical devices. This
approach allows for more flexibility and scalability, enabling businesses to use online
services and web applications from anywhere.
The Growth of Cloud Networks
As cloud computing becomes more prevalent, understanding the operation and security
of cloud networks is crucial. Unlike traditional networks that rely on physical servers
within a company's location, cloud networks use remote servers, known as "being in the
cloud," allowing for access across different geographic locations.
CSPs offer cloud computing services, housing millions of servers across global data
centers. These services fall into three main categories:
● Software as a Service (SaaS): Remote software suites that companies can use
without hosting them.
● Infrastructure as a Service (IaaS): Virtual computing resources, like storage and
processing power, configured remotely.
● Platform as a Service (PaaS): Tools for developing custom applications tailored
to a company's business needs.
SDNs replace traditional physical network devices with virtual ones, hosted in CSP's
data centers. This approach enables more flexible and efficient network management,
supporting rapid changes and improved security.
Cost Savings: By leveraging CSPs' extensive data centers, companies can avoid the
high upfront costs associated with setting up and maintaining network infrastructure.
Scalability: Cloud computing supports easy scaling, allowing companies to adjust their
resource use based on current needs without the risk of overinvesting in physical
hardware.
Network Communication
Introduction to Network Communication and Security
Communication over a network involves transferring data from one device to another in
the form of data packets. These packets, the fundamental units of network
communication, contain information about their origin, destination, and the content
being transmitted, akin to sending a letter with a destination and return address, along
with a message inside.
The Open Systems Interconnection (OSI) model provides a more detailed framework for
understanding network communication, with seven layers:
1. Physical Layer: Concerns the physical equipment used for data transfer, like
cables and switches.
2. Data Link Layer: Focuses on data packet transfer within the same network.
3. Network Layer: Manages packet routing across different networks.
4. Transport Layer: Responsible for data flow and segmentation between systems.
5. Session Layer: Maintains connections and sessions between devices.
6. Presentation Layer: Handles data translation, encryption, and compression.
7. Application Layer: Interfaces with end-users and applications, managing network
services.
IP Addresses
Understanding IP Addresses
IP addresses, short for Internet Protocol addresses, are unique identifiers for devices on
the internet, similar to how every house on a street has a distinct address.
Types of IP Addresses
● IPv4: The original IP address format, consisting of four groups of 1-3 digit
numbers separated by dots (e.g., 192.168.1.1). Due to the exponential growth of
internet devices, IPv4 addresses began to run out, leading to the development of
IPv6.
● IPv6: A newer format designed to overcome the shortage of IPv4 addresses, IPv6
includes 32 characters in a mix of numbers and letters, allowing for a virtually
unlimited number of devices.
● Public IP Addresses: Assigned by your internet service provider (ISP) and used to
identify your network on the internet. All devices on your home network share this
address when accessing the internet, much like roommates sharing a mailing
address.
● Private IP Addresses: Used within your local network, allowing devices in your
home or office to communicate with each other. These addresses are not visible
on the broader internet.
MAC Addresses
Besides IP addresses, devices also have a MAC (Media Access Control) address, a
unique alphanumeric code assigned to a device's network interface. Switches use MAC
addresses to direct internet traffic within a local network, storing these addresses in a
MAC address table for efficient data packet routing.
The network layer manages the delivery of data packets across networks. Routers use
IP addresses to direct packets towards their destination, with each packet containing a
header with vital routing information, such as the source and destination IP addresses.
IPv4 Packet Format
An IPv4 packet consists of a header and data section. The header includes routing
information, while the data section carries the message itself. IPv4 packets can be up to
65,535 bytes in size, with the header containing several fields that facilitate efficient
data transfer and routing.
IPv6 addresses the limitations of IPv4, offering a vastly larger address space and
simplifying packet headers for more efficient processing. IPv6 enhances routing and
network autoconfiguration capabilities, addressing IPv4 exhaustion and providing a
more secure and efficient internet architecture.
● Address Format: IPv4 uses decimal notation, while IPv6 uses hexadecimal.
● Address Space: IPv6 provides a significantly larger address pool than IPv4.
● Packet Header: IPv6 headers are simplified, improving processing efficiency.
Conclusion
Network Protocols
Introduction to Network Protocols
Network protocols are essential for ensuring smooth communication across a network.
They act like traffic rules, guiding data to its destination safely and efficiently.
How Network Protocols Work
Imagine you want to visit a website, like a recipe site. Your device communicates with
the website's server using several protocols:
These protocols work together to navigate your data through the network, from your
device to the website's server and back, ensuring secure and efficient communication.
Security protocols like HTTPS encrypt your data, protecting it from unauthorized access.
As you delve into the world of cybersecurity, understanding these protocols and how
they contribute to network security becomes crucial.
Conclusion
Firewalls act as gatekeepers for incoming and outgoing network traffic. Based on
predefined security rules, they decide whether to allow or block traffic. Firewalls come in
various forms:
Firewalls can be stateless, following fixed rules without considering past interactions, or
stateful, dynamically adjusting to observed traffic patterns and behaviors.
Next-Generation Firewalls (NGFWs) go further by offering deep packet inspection and
intrusion prevention systems, making them highly effective against modern cyber
threats.
Virtual Private Networks (VPNs) secure your internet connection by encrypting data in
transit. This encryption makes your online actions unreadable to outsiders, masking
your IP address and location for enhanced privacy. VPNs create an "encrypted tunnel"
between your device and the internet, safeguarding your data even on unsecured public
Wi-Fi networks.
Proxy servers act as intermediaries between users and the internet, offering both
security benefits and content filtering. They can:
Security zones enhance network security by dividing a network into segments with
distinct security policies. This segmentation can include:
● Demilitarized Zones (DMZs) for public-facing services like web and email
servers, acting as a buffer between the internet and the internal network.
● Internal Zones with stricter access controls for sensitive data.
● Restricted Zones for highly confidential information, accessible only to specific
users.
By implementing these zones, organizations can limit the spread of attacks and better
protect sensitive information.
Conclusion
Grasping the basics of firewalls, VPNs, proxy servers, and security zones is essential for
anyone entering the field of cybersecurity. These tools and concepts form the backbone
of network security, protecting data from unauthorized access and ensuring safe
internet navigation. As you progress, you'll delve deeper into these topics, building a
robust toolkit for defending against cyber threats.
Networks are essential for daily operations, connecting devices and facilitating
communication. However, they're also vulnerable to attacks by malicious hackers.
These attackers can exploit vulnerabilities through malware, spoofing, packet sniffing,
and disruptive attacks like packet flooding. It's crucial to understand these threats to
protect networks effectively.
To defend a network, it's vital to know the types of attacks it might face. We'll cover two
main categories:
Understanding how to use tcpdump and interpret its output is valuable for identifying
and mitigating network threats.
Network Defense
What is Packet Sniffing?
Packet sniffing involves observing data as it moves across a network. Security analysts
use packet sniffing to monitor network traffic for anomalies or during investigations.
However, threat actors might also use packet sniffing to access unauthorized data,
similar to intercepting someone's mail. They can capture packets to find valuable
information or even alter packet data, such as changing a recipient's bank account
number in a transaction.
● Passive Packet Sniffing: Observing and reading data packets in transit without
altering them. On an unsecured network, this allows attackers to see all data
going in and out of a targeted device.
● Active Packet Sniffing: Involves manipulating data packets as they are in transit,
such as redirecting packets or changing their contents.
Understanding IP Spoofing
● On-path Attacks: The attacker intercepts and possibly alters the communication
between two trusted devices or servers.
● Replay Attacks: Involves intercepting a data packet and replaying or delaying it,
potentially causing connection issues or impersonating an authorized user.
● Smurf Attacks: Combines IP spoofing with a DDoS attack, flooding the victim
with overwhelming traffic.
1. Encryption: Encrypting data in transit, such as using TLS, can protect against
on-path attacks by making intercepted data unreadable.
2. Firewall Configuration: Firewalls can be set up to detect and block traffic that
appears to come from within the network, a common indicator of IP spoofing.
3. Next Generation Firewalls (NGFW): Advanced firewalls that monitor unusual
traffic patterns can help prevent smurf and other DoS attacks.
OS Hardening
What is OS Hardening?
● Patch Updates: Regularly update the OS with patches released by vendors to fix
vulnerabilities. Delaying these updates leaves the system open to attacks.
● Hardware and Software Disposal: Properly dispose of old hardware and delete
unused software to eliminate potential vulnerabilities.
● Strong Password Policies: Implement policies that require complex passwords
and possibly multi-factor authentication (MFA) to enhance security.
Brute force attacks attempt to guess login credentials through trial and error.
Strengthening OS security can help mitigate these attacks.
● Virtual Machines (VMs): Use VMs to isolate and test suspicious code without
risking the main system. They're effective for running malware in a controlled
environment.
● Sandbox Environments: Similar to VMs, sandboxes provide a secure testing
space for software and can simulate attack scenarios.
● Prevention Measures:
○ Salting and Hashing: Increases password security by adding complexity.
○ Multi-factor Authentication (MFA) and Two-factor Authentication (2FA):
Adds layers of security beyond just passwords.
○ CAPTCHA and reCAPTCHA: Protects against automated brute force
attempts.
○ Password Policies: Ensures the creation of strong, hard-to-guess
passwords and regulates login attempts.
Network Hardening
Network hardening is about strengthening your network's security through various
measures like port filtering, access control, and encryption. It involves both regularly
performed tasks and one-time setups to ensure continuous protection.
● Firewall Rules Maintenance: Keep your firewall rules updated to control incoming
and outgoing traffic effectively.
● Network Log Analysis: Use SIEM (Security Information and Event Management)
tools to monitor network activity and spot potential vulnerabilities.
● Patch Updates and Server Backups: Regularly update your systems and back up
server data to recover from attacks swiftly.
Combining multiple security tools and practices adds layers of protection, enhancing
network security. This "defense in depth" strategy involves starting with basic security
from a firewall and adding more layers with IDS, IPS, and SIEM tools for comprehensive
protection.
Cloud Hardening
Cloud network security is essential as organizations increasingly utilize cloud services
for data storage, processing, and analytics. Unlike on-premises networks, cloud
networks store data in remote data centers accessible via the internet. It's crucial to
implement security hardening procedures to protect against intrusions from both
internal and external threats.
● Server Baseline Image: Use a baseline image for all server instances in the cloud
to detect unverified changes, indicating potential intrusions.
● Data and Application Segregation: Separate older and newer applications, as well
as internal and front-end applications, to minimize risk exposure.
● Rapid Changes: Keep up with CSPs' updates and adjust security strategies
accordingly.
● Shared Responsibility Model: Understand the division of security responsibilities
between the CSP and your organization.
Key Takeaways
● Cloud networks require specific security measures due to their unique challenges
and shared responsibility models.
● Organizations must actively participate in securing their cloud environments,
including proper configuration, access management, and data encryption.
● Staying informed and adaptable to the rapid changes and updates by CSPs is
crucial for maintaining cloud security.
Create a secure and efficient home network that allows devices to communicate with
each other and the internet safely.
Materials Needed:
Steps:
1. Understand the Basics: Review the concepts of LANs, WANs, modems, routers,
switches, and basic cybersecurity measures.
2. Plan Your Network: Decide which devices will connect wirelessly and which
might benefit from a wired connection. Consider the placement of your router for
optimal wireless coverage.
3. Set Up Your Modem: Connect your modem to your broadband connection. This is
your gateway to the internet.
4. Install Your Router: Connect your router to the modem using an Ethernet cable.
This device will serve as the heart of your home network, directing traffic and
providing wireless access.
5. Configure Your Wireless Network:
○ Access your router's configuration page through a web browser (the
address and login info will be in your router's manual).
○ Set up Wi-Fi encryption (WPA2 or WPA3) to protect your wireless network.
Choose a strong password.
○ Change the default network name (SSID) to something unique but not
personally identifiable.
○ Enable your router's firewall and familiarize yourself with its settings.
6. Connect Devices: Connect your devices to the network. Use Ethernet cables for
devices that need a stable connection and Wi-Fi for others.
7. Implement Basic Security Measures:
○ Ensure all devices are updated with the latest software and security
patches.
○ Install antivirus software on computers.
○ Use strong, unique passwords for all devices and change them regularly.
○ Educate yourself on phishing scams and secure browsing practices.
8. Monitor Your Network:
○ Learn how to check which devices are connected to your network through
your router's administration page.
○ Familiarize yourself with signs of unusual network activity that could
indicate a security breach.