TryHackMe PreSecurity
TryHackMe PreSecurity
In short, Offensive security is the process of breaking into computer systems, exploiting
software bugs, and finding loopholes in applications to gain unauthorized access to them.
: Learning Gobuster :
Intro : Gobuster is a powerful tool for brute-forcing hidden directories, files, DNS
subdomains, and virtual hosts on web servers. It's commonly used in penetration testing
and security assessments to discover resources that are not directly linked from the
website.
▪ To install gobuster on Debian based system we can use following command :
sudo apt-get install gobuster
▪ General syntax :
gobuster <options> <mode>
Threat Intelligence
Threat intelligence in cybersecurity refers to the collection, analysis, and sharing of
information about potential or existing cyber threats to help organizations defend against
attacks. A threat intelligence team is a group responsible for gathering, analyzing, and
acting on this information.
▪ Incident Response :
✓ Purpose : Minimize damage from incidents and recover quickly.
✓ 4 Phases : ↓
▪ Preparation :Ready the team and tools for handling incidents.
▪ Detection & Analysis : Identify and assess the severity of incidents.
▪ Containment, Eradication, & Recovery : Stop the threat, eliminate it, and
restore systems.
▪ Post-Incident Activity : Report and learn from incidents to prevent
recurrence.
Malware Analysis
▪ Goal : Understand malicious software to defend against it.
▪ Types of Malwares :
✓ Virus : Attaches to programs, spreads, and damages files.
✓ Trojan Horse : Masquerades as useful software but contains malware.
✓ Ransomware : Encrypts files and demands payment for decryption.
Methods of Analysis :
• Static Analysis : Inspect malware code without executing it.
• Dynamic Analysis : Run malware in a controlled environment to observe its behavior.
Room 03 : Carrers in Cyber
Security Analyst
Security analysts help design security measures to protect organizations from cyber
attacks. They analyze networks and provide recommendations for engineers to implement
security solutions.
Responsibilities :
▪ Collaboration : Work with different teams to assess overall company cybersecurity.
▪ Reporting : Create ongoing reports on network security, including documenting
issues and actions taken.
▪ Security Planning : Develop security strategies based on research of new attack
methods and trends, ensuring data protection across teams.
Security Engineer
Security engineers design and implement security solutions to protect against attacks using
threat and vulnerability data. They address various attack types, including web and network
threats, to prevent data loss.
Responsibilities :
▪ Test Security Measures : Continuously test and evaluate security protocols in
software.
▪ Monitor and Update Systems : Track network activity and reports, updating systems
to fix vulnerabilities.
▪ Implement Security Systems : Identify and install necessary security tools to maintain
strong defenses.
Incident responders
Incident responders handle security breaches in real time, creating plans and protocols for
quick, effective responses. Their role is critical to protect a company’s data, reputation, and
finances during cyber attacks.
Responsibilities :
▪ Develop Incident Response Plans : Create detailed, actionable plans to follow during
incidents.
▪ Maintain Security Practices : Uphold strong security measures and support incident
response efforts.
▪ Post-Incident Reporting : Analyze and report after incidents, using lessons learned to
prepare for future attacks.
Malware Analyst
Malware analysts study suspicious programs to uncover their behavior, using reverse-
engineering techniques to convert code into readable form. They aim to detect and
understand malware activity.
Responsibilities :
▪ Static Analysis : Reverse-engineer malware without running it to study its code.
▪ Dynamic Analysis : Observe malware behavior in a controlled environment.
▪ Report Findings : Document and report all analysis results.
Penetration tester
Penetration testers (or ethical hackers) assess the security of systems and software by
attempting to exploit vulnerabilities. Their goal is to help companies identify and fix
weaknesses before real attacks occur.
Responsibilities :
▪ Test Systems : Conduct tests on computer systems, networks, and web applications.
▪ Security Assessments : Perform security audits and analyze policies.
▪ Report Findings : Evaluate vulnerabilities and provide recommendations for
preventing attacks.
Red teamer
Red teamers simulate real-world cyber attacks to test a company's detection and response
capabilities. Their role is more targeted than penetration testers, focusing on emulating
adversaries to help organizations strengthen their defenses.
Responsibilities :
▪ Simulate Threat Actors : Imitate cybercriminals to exploit vulnerabilities, maintain
access, and avoid detection.
▪ Test Security Systems : Assess the effectiveness of security controls, threat
intelligence, and incident response.
▪ Report Findings : Provide actionable insights to help prevent real-world attacks.
Red Teamer
▪ Focus : Emulating real-world adversaries to test the company’s detection and
response capabilities.
▪ Goal : Simulate advanced attacks to see how well the organization can detect,
respond to, and recover from an ongoing attack.
▪ Approach : Long-term, stealthy engagements (up to a month), trying to maintain
persistence and avoid detection.
▪ Scope : Targeted, focusing on specific objectives like gaining access to sensitive data.
▪ Output : Insights into how well security defenses work in practice, with actionable
data for improvement.
▪ Frequency : Typically conducted by external teams for organizations with mature
security programs.
Section 02 : Network Fundamentals
The WWW is a system of interlinked web pages accessible via the Internet using browsers.
It was created in 1989 by Tim Berners-Lee at CERN to share information globally through
hypertext (HTML). The WWW uses URLs to locate documents and links users to multimedia
content.
ARPANET (Advanced Research Projects Agency Network) was the first operational packet-
switching network, developed by the U.S. Department of Defense in 1969. It laid the
foundation for modern networking protocols and eventually evolved into the Internet.
: IP Address :
What is Subnetting ?
Why IP Collisions Do Not Happen : IP collisions are prevented because the address
allocation is managed hierarchically and globally coordinated. The RIRs, ISPs, and IANA
ensure that IP addresses are unique across the internet, avoiding overlaps or collisions.
: Mac Address :
A MAC address (Media Access Control address) is a unique identifier assigned to the
network interface card (NIC) or hardware of a device on a network. It operates at the Data
Link Layer (Layer 2) of the OSI model and is used to identify devices on a local network,
allowing them to communicate within that network. The MAC address is hardcoded into
the NIC and is typically assigned by the manufacturer.
In practice, if two devices have the same MAC address (a MAC address collision), it can
cause network problems, such as:
• Data Loss: Ethernet switches rely on MAC addresses to forward frames. If two
devices share the same MAC address, the switch may not know which device to
forward the data to, leading to communication errors.
• Network Confusion: Both devices may "fight" to use the same MAC address, resulting
in network instability.
• IP addresses can change from device to device but cannot be active simultaneously
more than once within the same network.
• A public address is used to identify the device on the Internet, whereas a private
address is used to identify a device amongst other devices.
• Public IP addresses are given by your Internet Service Provider (or ISP) at a monthly
fee (your bill !)
• Internet Protocol addressing scheme known as IPv4, which uses a numbering system
of 232 IP addresses (4.29 billion)
• IPv6 is a new iteration of the Internet Protocol addressing scheme to help tackle
shortage of IP. Supports up to 2128 of IP addresses (340 trillion-plus), resolving the
issues faced with IPv4.
• Ping is one of the most fundamental network tools available to us. Ping uses ICMP
(Internet Control Message Protocol) packets to determine the performance of a
connection between devices, for example, if the connection exists or is reliable.
Room 02 : Intro to LAN
Topology : This refers to how devices and components are physically or logically connected
in the network. Some common topologies include :
Bus Topology
All devices are connected to a single central cable (the bus) through which data
travels.
Pros :
• Simple and inexpensive to implement.
• Requires less cable than star topology.
Cons :
• Difficult to troubleshoot.
• Performance degrades as more devices are added.
• Single point of failure if the bus cable fails.
Ring Topology
Devices are connected in a circular fashion, where each device has two neighbors,
and data circulates in one direction.
Pros :
• Simple to install and configure.
• Data transmission is predictable and consistent.
Cons :
• A failure in any single device or connection breaks the whole network.
• Troubleshooting can be difficult.
Mesh Topology
Every device is directly connected to every other device, ensuring multiple paths for
data.
Pros :
• Highly reliable with multiple paths for data.
• Provides redundancy and fault tolerance.
Cons :
• Expensive and complex to implement.
• Requires more cables and hardware.
Star Topology
All devices are connected to a central device (hub or switch), which manages the
communication.
Pros :
• Easy to install and manage.
• Centralized control makes troubleshooting easier.
• Failure of one device doesn’t affect the rest of the network.
Cons :
• The central device represents a single point of failure.
• Requires more cable than bus topology.
Hybrid Topology
A combination of two or more topologies within a single network, designed to meet
specific needs.
Pros:
• Flexible and adaptable to different requirements.
• Can provide the benefits of multiple topologies.
Cons:
• More complex and expensive to design and maintain.
• Troubleshooting can be challenging due to the mix of topologies.
Tree Topology
A hierarchical topology that combines bus and star topologies with a central root
node and branching connections.
Pros :
• Scalable and suitable for large networks.
• Centralized control for easy management.
Cons :
• High cable requirements.
• A failure in the root node can affect the entire network.
▪ Router : A device that connects different networks (e.g., LAN to WAN) and forwards
data based on IP addresses.
▪ Switch : A network device that connects devices within a LAN and forwards data
based on MAC addresses.
▪ Hub : A basic networking device that connects multiple devices in a LAN,
broadcasting data to all connected devices.
▪ Access Point (AP) : A device that allows wireless devices to connect to a wired
network by transmitting and receiving radio waves.
▪ Modem : A device that converts digital data from a computer into analog signals for
transmission over telephone lines and vice versa.
▪ Firewall : A network security device that monitors and controls incoming and
outgoing traffic based on security rules.
▪ Bridge : A device that connects two or more network segments, filtering and
forwarding data based on MAC addresses.
▪ Gateway : A device that connects and translates data between different protocols or
network architectures (e.g., connecting LAN to the internet).
▪ Load Balancer : A device or software that distributes network traffic across multiple
servers to optimize resource usage and ensure reliability.
▪ Proxy Server : A server that acts as an intermediary between a client and the internet,
filtering requests and enhancing security or performance.
▪ DNS Server : A server that translates domain names (like www.example.com) into IP
addresses to enable the routing of network traffic.
▪ Edge Router : A router that sits at the edge of a network, managing the traffic
between the internal network and external networks (like the internet).
▪ Media Converter : A device that converts one type of network medium to another,
such as from fiber optic to copper cable.
▪ Wireless Controller : A device that manages and controls multiple wireless access
points, ensuring consistent configuration and security.
▪ IDS (Intrusion Detection System) : A security device that monitors network traffic for
suspicious activity and potential threats.
▪ IPS (Intrusion Prevention System) : A security device that actively monitors and
blocks network traffic based on known threat signatures or behaviors.
▪ SIEM (Security Information and Event Management) : A system that collects and
analyzes security logs and events from various network devices to identify potential
security incidents.
▪ Content Filter : A device or software that monitors and restricts access to certain
content based on predefined policies.
▪ DDoS Protection Device : A security device that detects and mitigates Distributed
Denial of Service (DDoS) attacks by filtering malicious traffic.
▪ SNMP Monitor : A network management tool that uses the Simple Network
Management Protocol to monitor and manage network devices.
▪ VLAN Switch : A switch configured to create Virtual Local Area Networks (VLANs),
segmenting network traffic for improved security and efficiency.
▪ DNS Proxy : A device that forwards DNS queries from clients to DNS servers and can
cache responses to improve query speed.
▪ Web Application Firewall (WAF) : A security device that monitors and filters
HTTP/HTTPS traffic to and from a web application to protect against common attacks
like SQL injection and cross-site scripting.
▪ SSL/TLS Offloader : A device that offloads the encryption and decryption tasks
associated with SSL/TLS to improve server performance.
▪ Time Server : A server that provides accurate time synchronization to other devices in
the network, ensuring that logs and timestamps are consistent.
ARP (Address Resolution Protocol) helps devices map IP addresses to MAC addresses,
linking the logical network layer (IP) to the physical hardware layer (MAC).
Working of ARP :
1. ARP Request: A device sends a broadcast asking, "Who has this IP address, and what
is your MAC address?"
2. ARP Reply: The device with the matching IP replies with its MAC address.
3. Storing the Mapping: The requesting device saves the IP-to-MAC mapping in its ARP
cache for future communication.
OSI Model
The OSI model was developed by the International Organization for Standardization (ISO)
in the late 1970s and published in 1984. The goal was to standardize communication
protocols and create an open, universal network standard.
TCP/IP Model
Packets and frames are small pieces of data that, when forming together, make a larger
piece of information or message. However, they are different things in the OSI model.
▪ At layer 2 of OSI, the unit of data is called Frame
▪ At layer 3 of OSI we call it Packet
▪ At layer 4 of OSI we call it Segment for TCP or Datagram for UDP
The TCP header is part of the Transmission Control Protocol and facilitates reliable,
connection-oriented communication. It ensures data is delivered accurately and in order,
providing mechanisms for flow control, error checking, and connection management.
TCP Header ↑
The TCP header provides the necessary information to facilitate the TCP protocol for
reliable communication.
It includes several subfields:
1. Source Port: 16 bits (the port number of the sending application).
2. Destination Port: 16 bits (the port number of the receiving application).
3. Sequence Number: 32 bits (used to number the data bytes in the stream).
4. Acknowledgment Number: 32 bits (used to acknowledge receipt of data).
5. Data Offset: 4 bits (indicates where the data begins in the packet, essentially the
length of the TCP header).
6. Reserved: 3 bits (reserved for future use).
7. Flags: 9 bits (control flags, including SYN, ACK, FIN, etc.).
8. Window Size: 16 bits (specifies the size of the sender's receive window for flow
control).
9. Checksum: 16 bits (used to check for errors in the TCP header and data).
10. Urgent Pointer: 16 bits (indicates if the data is urgent and should be prioritized).
11. Options: Variable length (optional, for additional parameters like maximum segment
size).
12. Padding: Variable (used to align the header size to 32-bit boundaries).
The UDP header, used in the User Datagram Protocol, enables faster, connectionless
communication. It offers a simple structure with minimal overhead, providing basic
information like source/destination ports and error detection, but without the reliability
features of TCP.
The IPv4 header is part of the Internet Protocol version 4 and is responsible for routing
packets across networks. It contains essential information such as source and destination
IP addresses, packet length, and routing details. It also supports packet fragmentation to
ensure data can be transmitted across networks with different maximum transmission unit
(MTU) sizes.
The IPv4 header is focused on packet routing and addressing. It includes several subfields :
The IPv6 header, used in Internet Protocol version 6, is designed to overcome the
limitations of IPv4, offering a larger address space and more efficient routing. It simplifies
the header structure, removing the need for certain fields in IPv4, and includes features like
a flow label for prioritizing traffic and a larger address field to accommodate the growing
number of devices on the internet.
The IPv6 header is designed to improve upon IPv4 and is used for routing packets across
networks.
4. Payload Length : 16 bits (Specifies the length of the data (or payload) in the packet,
excluding the IPv6 header).
5. Next Header : 8 bits (Specifies the type of the next header (e.g., TCP, UDP, ICMPv6).
This field is similar to the Protocol field in IPv4).
6. Hop Limit : 8 bits (Similar to the Time to Live (TTL) in IPv4, it prevents packets from
circulating indefinitely in the network by limiting the number of hops).
7. Source Address : 128 bits (The IPv6 address of the sending device).
8. Destination Address : 128 bits (The IPv6 address of the receiving device).
9. Extension Headers : (Optional, variable length) (In IPv6, additional headers can follow
the main header, such as Routing headers or Fragmentation headers).
3-Way Handshake
The 3-way handshake is a process used to establish a connection between a client and a
server in TCP (Transmission Control Protocol) networks. It is used to ensure that both sides
are ready for data transmission and can communicate with each other.
Where it works ?
How it works ?
3. ACK (Acknowledge):
o The client responds with an ACK packet to acknowledge the server's response.
Once this packet is received, the connection is established, and data transfer
can begin.
o Example: Client → Server : ACK
Significance:
• Ensures reliable connection setup.
• Both sides confirm the other's availability and readiness.
• Establishes synchronization of sequence numbers, which are used to track packets
and ensure reliable data transfer.
Significance :
• Not suitable for reliable data transmission because there's no acknowledgment for
connection readiness.
• Often seen in protocols that don’t require the overhead of a full 3-way handshake.
• Faster to establish but less reliable.
The 2-way handshake is primarily seen in simpler or less reliable communication methods,
such as basic UDP or certain minimalistic protocols.
3-Way Handshake (TCP) is used in secure and reliable applications like banking, file
transfers, and web browsing where data integrity is paramount.
2-Way Handshake (UDP) is used in real-time applications like video conferencing, live
streaming, and online gaming, where speed and low latency are prioritized over reliability.
TCP Flags
TCP flags are control bits used in the TCP header to manage the state and behavior of a
connection.
Pros Cons
Reliable : Ensures data delivery with Slower : Due to connection setup, error
acknowledgment and retransmission. checking, and retransmissions.
Connection-oriented : Establishes a connection Higher overhead : Requires more
before data transfer, ensuring both ends are resources for managing the connection
ready. and reliability features.
More complex : Requires handling of
Data Integrity : Guarantees data arrives in the
retransmissions, sequencing, and
correct order without errors.
acknowledgment.
Less efficient for real-time data : Due to
Flow Control : Manages data flow to prevent
the need for error correction and data
congestion and buffer overflow.
sequencing.
Requires more processing : The
Congestion Control : Adjusts transmission rates
connection management adds
to avoid network congestion.
computational overhead.
Widely used for reliable applications : Ideal for Not ideal for time-sensitive applications:
applications where accuracy is essential (e.g., Because of the added delays in ensuring
web browsing, file transfers, emails). reliability.
Pros Cons
Faster : Minimal overhead and no connection Unreliable : No guarantees that packets will
setup or error checking. be delivered or arrive in order.
Connectionless : No need to establish a
No error recovery : Lost or corrupted data is
connection before sending data, reducing
not retransmitted.
delays.
Lower Overhead : No extra processing for No Flow Control : Doesn't adjust data flow,
acknowledgment or retransmissions. which can lead to network congestion.
Pros Cons
Efficient for real-time applications : Ideal for Potential for packet loss : Data may be
live streaming, VoIP, and gaming. dropped or arrive out of order.
Simple to use : Easy for applications that Not suitable for reliability-critical tasks :
don’t need the reliability of TCP. Can’t ensure delivery or sequence integrity.
Better for low-latency applications : Great for Lacks congestion control : Can lead to
scenarios that need speed more than network congestion or packet loss in
accuracy. crowded networks.
Ports
A port in networking is a 16-bit number (ranging from 0 to 65535) used by the transport
layer protocols (like TCP and UDP) to identify specific processes or services on a device. It
acts as a logical endpoint that directs network traffic to the correct application or service
running on a device.
Imagine that your computer or server is like a communication center where multiple
activities or services are happening simultaneously (e.g., browsing the web, checking
emails, transferring files). Each of these activities needs its own distinct line of
communication to avoid confusion. Ports provide this organization.
Analogy : Think of your house where multiple people (applications) live. If a letter (data)
arrives, the letter carrier (network traffic) needs to know who should receive the letter.
Each person (service/application) in the house has a unique number (port) assigned to
them. When the carrier arrives, they look at the number on the letter and know exactly
which person (application) should receive it.
Without ports, there would be no way to differentiate between web traffic, email traffic, or
file transfer traffic - all of which might arrive at the same time but need to be handled
differently. Ports allow these different types of communication to coexist on a single
device, ensuring everything goes where it should.
Port numbers range from 0 to 65535, with these ranges divided into three categories:
• Well-Known Ports (0–1023) : These are reserved for common, widely used services
like HTTP (80), FTP (21), and SSH (22). They are often predefined by the system and
can be used by any application that needs to communicate over the network.
• Registered Ports (1024–49151) : These ports are assigned by the Internet Assigned
Numbers Authority (IANA) to specific services or applications. They are not as
common as well-known ports but are used for many user-level applications.
• Dynamic/Private Ports (49152–65535) : These ports are used for temporary, private
communication and are typically used for client-side connections or for ephemeral
ports, meaning they are dynamically assigned when needed.
The concept of ports originated with the development of the TCP/IP (Transmission Control
Protocol/Internet Protocol) networking model in the 1970s. The idea was to enable the
simultaneous communication of different applications on a single network connection.
Scenario:
You’re using your computer to browse the web securely (HTTPS) and send emails (through
SMTP and IMAP). You open a browser to visit a website securely and also check your email
using an email client (like Outlook or Gmail).
Well-Known Port (HTTPS - Port 443)
• Your web browser uses HTTPS to securely access a website. The browser sends a
request to the server’s port 443, which is reserved for HTTPS traffic (a Well-Known
Port).
• Since port 443 is a Well-Known Port, it’s automatically recognized by both the client
(your browser) and the server as the standard port for secure HTTP communication.
• The communication is encrypted using SSL/TLS, ensuring that sensitive data, like
passwords or credit card information, is securely transmitted.
Dynamic Port
• While browsing securely or sending emails, your computer (as the client) establishes
connections with the web server on port 443 (HTTPS) and the mail server on port 25
(SMTP).
• For both of these connections, your computer randomly selects a dynamic port from
the range 49152–65535.
• These dynamic ports are temporary and are used for the specific session or
connection between your computer and the server.
• Once you disconnect from the server (for example, you close your browser or email
client), the dynamic port is released and can be used again by other applications or
services.
Note :
All well known ports are sub-set of Registered ports that means all well - known ports are
also Registered ports but reverse is not true.
Dynamic Ports (49152–65535) are temporary ports used for specific connections, often
chosen randomly by the operating system for client-side applications. They are not
registered or reserved for any specific service.
So, basically we can say we have either reserved port (Well-known + registered ports) or
dynamic ports.
1. Port 20/21 (FTP - File Transfer Protocol) : Used for transferring files between systems.
2. Port 22 (SSH - Secure Shell) : Used for secure remote access to a machine or server,
typically for administrative purposes.
3. Port 23 (Telnet) : Unencrypted remote login service (though it's largely obsolete due
to security risks).
4. Port 25 (SMTP - Simple Mail Transfer Protocol) : Used for sending emails between
servers.
5. Port 53 (DNS - Domain Name System) : Resolves domain names to IP addresses (e.g.,
turning "google.com" into an IP address).
6. Port 80 (HTTP - Hypertext Transfer Protocol) : Used for web traffic, typically for
unencrypted communication over the web.
7. Port 110 (POP3 - Post Office Protocol v3) : Used for retrieving emails from a server
(without encryption).
8. Port 143 (IMAP - Internet Message Access Protocol) : Used for retrieving emails from
a server, supporting more advanced functionality than POP3.
9. Port 443 (HTTPS - HTTP Secure) : Used for secure web traffic, encrypting data
between the client and server (e.g., banking websites).
10. Port 3389 (RDP - Remote Desktop Protocol) : Used for accessing a computer
remotely via GUI, commonly used in Windows environments.
11. Port 3306 (MySQL) : Used by the MySQL database server for database
communication.
12. Port 8080 (HTTP Alternative) : Often used as an alternative port for web traffic,
particularly for development or testing purposes.
13. Port 69 (TFTP - Trivial File Transfer Protocol) : A simplified version of FTP, used for
small file transfers, often in embedded systems.
Room 05 : Extending your Network
Port Forwarding
Port forwarding is the process of directing network traffic from one port on a public-facing
device (such as a router or firewall) to a specific port on a private device within the
network, typically for allowing access to services like web servers, gaming, or remote
desktop on a local network.
Port forwarding is needed when services hosted within a private network must be accessed
externally, such as hosting a web server behind a router or enabling online gaming.
This allows devices or applications, such as web servers or game servers, that are not
directly exposed to the internet to be accessed externally by forwarding specific ports from
the router's public IP to the internal device hosting the service
When we set up a device (like a web server, game server, or camera) on a private network,
that device typically has a private IP address, which isn’t directly accessible from the
outside world (the internet). The router or firewall sitting between the private network and
the internet only exposes public IP addresses.
Here's how the process works:
1. Device Behind the Router : The service you're trying to access (e.g., a web server or a
game server) is hosted on a private device, which has a local IP address. This device is
not directly accessible from the internet because the router is protecting it.
2. Request from External Source : When someone on the internet wants to access the
service (for example, visiting your web server or playing a game), their request is sent
to the public IP address of the router.
3. Router’s Role : The router receives this request, but it doesn’t know where to send it
yet, because the request is for a private device (with a local IP). This is where port
forwarding comes into play.
4. Port Forwarding Configuration : You configure the router to forward requests on a
specific port (e.g., HTTP on port 80, or a game on a specific port) to the private IP
address of the device hosting the service.
o Example: You forward external requests on port 80 (HTTP) to the private IP of
the web server in your network.
5. Router Redirects the Traffic : After port forwarding is set up, the router knows that
when a request comes in on that specific port (e.g., port 80), it should send that
request to the correct private device.
6. Access is Granted : Now, when someone tries to access your service, the router
knows where to send the request and forwards it to the right device. The device then
responds to the external request.
So, basically the router does not know where to forward traffic until you've set up port
forwarding. Once you configure port forwarding, the router "learns" where to send
incoming traffic for specific ports, thus enabling external access to the private service.
It's like setting up a specific "path" or "route" in the router's rules so that incoming
requests know where to go inside your private network.
Pros Cons
Allows external access to internal services Exposes internal network to security risks
Necessary for services like gaming, web Can make a network more vulnerable to
hosting etc. attacks
Can improve performance for specific Misconfigurations may lead to service
services downtime
Enables access to non-HTTP services Requires ongoing management and
(e.g., FTP) updates
– The Post Office (Router/Firewall): This is the central location where all mail (network
traffic) is first received.
– Mailbox (Port): The mailbox represents a specific channel or address (port) where
the mail is directed. There are many mailboxes (ports), each serving different
purposes (e.g., one for bills, one for packages, etc.).
– Recipient (Internal Device): This is the person or device inside your house (local
network) who should receive the mail (data packets) that is directed to a specific
mailbox (port).
– Port Forwarding: When someone sends a letter (data request) to a specific mailbox
at the post office (router), the post office forwards it to the right recipient (specific
device on the local network), ensuring that the mail gets to the correct address
(device).
– Without port forwarding, the post office (router) doesn't know which recipient inside
the building (network) should get the mail, so the letter stays at the front desk
(blocked or discarded).
Some Real-World Examples of Port Forwarding :
• Online Gaming :
You want to play a game like "Minecraft" or "Fortnite" with friends over the internet.
Port forwarding allows external players to connect to your gaming server (hosted on
your computer or gaming console) by forwarding the right port to your device,
ensuring they can join your game.
• Web Hosting :
You host a website on your local computer or a private server. Port forwarding is
necessary to ensure visitors to your website can reach your server through a specific
port (usually port 80 for HTTP or port 443 for HTTPS), allowing them to view your
site.
QUE : Then port forwarding will be needed everywhere whenever we are dealing
something that is out of LAN setup ? right.
Yes, you're correct! Port forwarding is needed whenever you want to allow external
devices (outside of your local network) to access a specific service or device inside
your Local Area Network (LAN).
This is particularly important when the device or service you are trying to access is
behind a router or firewall, which typically blocks incoming traffic from the outside
world to protect your internal network.
QUE : When we are dealing with LAN level only then we don't need port forwarding ? right ?
Exactly! When you're dealing with just your Local Area Network (LAN) and all the
devices are inside the same network, port forwarding is not needed.
Here’s why:
– Devices within a LAN can communicate directly with each other using their local IP
addresses (e.g., 192.168.x.x).
– No external traffic is involved, so there’s no need for port forwarding because all
communication stays within the private network.
Example:
If you have a file server or a printer connected to your home router and you want to access
these devices from another device in the same house (same LAN), port forwarding is not
required. The devices can communicate directly without any special configuration.
Port forwarding is typically a one-way process, and it primarily handles traffic from public
(external) networks to private (internal) networks.
Here’s why :
Example : If you're hosting a game server or a web server inside your home network,
port forwarding makes sure that external players can access the server by forwarding
the appropriate ports to your server's internal IP address.
Example : When you browse the web, your computer sends requests to external
websites, and the router uses NAT to keep track of which device requested which
resource. The router sends the response back to the correct internal device without
needing any port forwarding.
Firewalls
A firewall is a security system that monitors and controls incoming and outgoing network
traffic based on predetermined security rules. It serves as a barrier between a trusted internal
network and untrusted external networks, such as the internet, to prevent unauthorized
access and ensure the safety of systems and data.
A Virtual Private Network (VPN) is a technology that creates a secure, encrypted connection
over a less secure network, typically the internet. It allows users to send and receive data
across shared or public networks as if their devices were directly connected to a private
network.
At the core, a VPN works by creating an encrypted tunnel between the user's device and
the destination server. This ensures that any data transferred between the device and the
server is kept private and secure, even if it’s passing through public networks.
Here's a breakdown:
• Encryption : When you connect to a VPN, your internet traffic is encrypted using
cryptographic protocols. This prevents unauthorized parties from reading or intercepting
the data.
• Tunneling : The data travels through a "tunnel," which is essentially an encrypted
channel. This tunnel protects data from being intercepted by third parties, such as hackers
or your Internet Service Provider (ISP).
• IP Masking : The VPN assigns you a new IP address (usually from the VPN server), which
hides your real IP address. This makes your online activity harder to trace back to you.
• Authentication : The VPN uses authentication mechanisms to ensure that only authorized
devices and users can connect to the network. This is done through user credentials,
certificates, or other methods.
• Routing : After your traffic is encrypted and authenticated, it is routed through the VPN
server to the destination (e.g., a website). The VPN server forwards the data to the final
destination and returns the response to your device through the same secure tunnel.
Imagine you're sending a letter in a normal envelope, but instead of just putting it in the
mail, you decide to seal the envelope in a strong, unbreakable box that only the recipient
can open. You don't want anyone to see or steal the contents of the letter during its
journey, so the box keeps everything inside private.
In the context of a VPN, the term "tunnel" doesn't refer to a physical tunnel that we see
like in civil engineering but rather a virtual or digital tunnel that secures your data as it
travels across the internet.
It is an encrypted path that your data follows between your device and the VPN server (or
destination server). The "tunnel" is created by software protocols that ensure your data is
protected as it travels over the internet. This is done through encryption and encapsulation.
Let’s focus on how OpenVPN creates the virtual tunnel and encrypts the data.
1. VPN Client and Server Setup
• You have an OpenVPN client on your device and an OpenVPN server at the other
end (e.g., a VPN provider’s server).
• When you start the OpenVPN client, it establishes a connection (session) with the
server. Both the client and server must have matching security keys (private and
public keys) to ensure secure communication.
Note:
When we say "establishing connection with VPN," it means that we are setting up a session
with the server that is facilitating the VPN service. Also, note that VPN is not a server in
itself; it is a service. When we say "VPN server," we are referring to the server that is
facilitating the VPN.
Other VPN protocols (like IPSec, L2TP, or WireGuard) work similarly to OpenVPN, but there
may be slight differences in their specific implementations and how they handle encryption,
key exchange or data transmission.
Pros and Limitations of VPNs :
Pros Limitations
Security: Encrypts data to protect from Speed Reduction: VPNs can cause slower
hackers and surveillance. internet speeds due to encryption overhead.
Privacy: Hides your IP address and online Compatibility Issues: Some websites or services
activities. block VPN connections.
Bypass Geo-restrictions: Allows access to Connection Instability: VPN connections may
restricted or region-locked content. drop, causing intermittent access issues.
Remote Access: Facilitates secure access
to company networks from remote Cost: Paid VPN services can be expensive.
locations.
Anonymity: Helps maintain anonymity Device Compatibility: Not all devices or
while browsing. platforms support VPNs.
Reliability: Free VPN services often have
Data Integrity: Protects against data
limitations like bandwidth caps and unreliable
tampering.
connections.
Example
Category Name Description Pros Limitations
Usage
Accessing
Allows users to Flexible access, Dependent on
corporate
Based on Remote connect securely to secure internet connection,
resources from
Purpose Access VPN a remote network connections, user- may require
home or while
from anywhere. friendly. setup/configuration.
traveling.
Connecting
Connects entire Ensures secure
Site-to-Site More complex setup, multiple office
networks (e.g., inter-office
VPN requires VPN devices. locations to a
branch offices) communication.
central office.
Example
Category Name Description Pros Limitations
Usage
securely over the
internet.
Allows secure Business
Enhances
communication collaboration
Extranet collaboration, Security risks if not
between two or between
VPN secure B2B configured properly.
more external partners or
communication.
organizations. vendors.
Effective for
Used to connect Connecting
private network Complex to set up,
Intranet multiple sites of the branch offices
connections requires dedicated
VPN same organization within the
within an resources.
securely. same company.
organization.
Remote
Uses Secure
workers
Sockets Layer (SSL) No special client Limited support for
Based on accessing
SSL VPN protocol to required, easy to non-SSL enabled apps,
Protocol internal web
establish encrypted deploy. lower speed.
apps or
tunnels.
resources.
Secures IP packets Strong Complex
Connecting
and provides encryption, widely configuration, relies
IPsec VPN remote offices
encryption and used in site-to-site on specific
securely.
integrity. VPNs. hardware/software.
Layer 2 Tunneling
Protocol is an Used for
extension of PPTP Enhanced security secure VPN
Slower speeds due to
L2TP VPN that provides compared to connections in
double encapsulation.
stronger encryption PPTP. public
when paired with networks.
IPsec.
Point-to-Point
Legacy systems
Tunneling Protocol Fast connection Low security,
or quick setup
PPTP VPN is a legacy VPN setup, low outdated protocol,
for non-
protocol that offers overhead. vulnerable to attacks.
sensitive data.
basic encryption.
Highly
Open-source VPN Secure remote
customizable, Requires more
protocol that uses access for
OpenVPN strong security, technical expertise to
SSL/TLS for secure enterprises or
supports various configure.
encryption. personal use.
OS.
Example
Category Name Description Pros Limitations
Usage
↓
Internet Key Ideal for
Exchange version 2 mobile users or
Fast, stable, Limited device
combined with people
IKEv2/IPsec secure, mobile- support, complex
IPsec for fast, frequently
friendly. configuration.
secure VPN switching
connections. networks.
Multi-Protocol
Label Switching High-quality, Connecting
Expensive, requires
Other creates a private, secure service for data centers
MPLS VPN extensive network
Technologies secure network large-scale across multiple
management.
across public networks. locations.
infrastructure.
High-
Modern,
performance
lightweight VPN Fast, simple to
New, less tested, VPN for
WireGuard protocol that configure, open-
fewer support tools. privacy-
emphasizes speed source.
focused or
and simplicity.
high-speed use.
Alternatives to VPN :
DNS, or Domain Name System, is a decentralized naming system used to translate human-
readable domain names (e.g., www.google.com) into machine-readable IP addresses (e.g.,
142.250.72.14) and vice versa. DNS serves as the "phonebook of the internet," allowing
users to access websites and online resources without needing to memorize numerical IP
addresses.
Origin of DNS
The concept of DNS originated in the early 1980s when the ARPANET was expanding and
managing a centralized hosts.txt file became inefficient. Paul Mockapetris proposed DNS in
1983, and the first implementation was detailed in RFC 882 and RFC 883 (later superseded
by RFC 1034 and RFC 1035).
Before DNS was developed, the hosts.txt file was a centralized text file used to map
hostnames to IP addresses. This file was maintained manually by a single organization (e.g.,
Stanford Research Institute for ARPANET). Users would download updated copies of the
file periodically. However, as the ARPANET grew, this approach became inefficient due to
the increasing number of hosts, frequent changes, and the lack of scalability.
RFC 882 and RFC 883
RFC (Request for Comments) documents are a series of technical and organizational notes
for internet protocols and systems. Specifically:
• RFC 882 : Defined the concepts of the Domain Name System and its architecture.
RFC 883 : Detailed the technical implementation of DNS, including query mechanisms
and data formats.
These RFCs were later replaced by RFC 1034 and RFC 1035, which refined and expanded the
DNS framework for modern usage.
Any organization, individual, or entity with a registered domain name can have DNS. DNS
can be hosted and managed by:
• Domain registrars (e.g., GoDaddy, Namecheap).
• Hosting providers.
• Public DNS providers (e.g., Google Public DNS, Cloudflare DNS).
• Private DNS servers for internal corporate use.
• Internet Service Providers (ISPs).
DNS can be classified based on several factors, providing a holistic understanding of its
functionality :
1. Based on Functionality
o Recursive DNS Servers: Resolve queries by acting as intermediaries between
the client and authoritative servers.
o Authoritative DNS Servers: Store and provide definitive DNS records for
domains.
o Forwarding DNS Servers: Redirect unresolved queries to other DNS servers.
o Cache DNS Servers: Temporarily store query results for quicker resolution.
2. Based on Ownership
o Public DNS Servers: Accessible to everyone (e.g., Google Public DNS, Cloudflare
DNS).
o Private DNS Servers: Used within organizations for internal purposes.
Analogy : Public DNS servers are like public libraries, open to all, while private DNS servers
are like corporate archives restricted to employees.
ANS :
Yes, all domains will ultimately fall under the root domain ("."), which is the apex of the
DNS hierarchy. Here's an explanation using an example domain:
The root domain acts as the starting point for the entire DNS hierarchy. Every domain
name, no matter how complex, ultimately connects back to the root domain.
Example: "mail.google.com"
1. Root Domain (".")
o Invisible but implied in every domain.
o Connects to TLD servers like ".com."
o Managed by IANA (Internet Assigned Numbers Authority).
2. Top-Level Domain (TLD)
o In this case, ".com."
o Represents the category or geographical domain.
o Managed by organizations like ICANN or relevant authorities (e.g., Verisign for
".com").
3. Second-Level Domain (SLD)
o "google" is the SLD here.
o Represents the main entity or organization.
o Owned and controlled by Google LLC in this case.
4. Subdomain
o "mail" is a subdomain under "google.com."
o Used to create specific services or sections (e.g., Mail, Drive).
o Managed internally by the SLD owner, Google.
Key Insights
1. All Domains Under Root: Every query in DNS starts at the root level, irrespective of
the domain type.
o Root domains act as a guide, directing to the appropriate TLD servers.
2. Is Anything Outside the Root?
o No. All publicly accessible domain names fall under this structure.
o Private networks (e.g., internal DNS in organizations) might not interact with
the root domain but are independent from the public DNS hierarchy.
Analogy :
Imagine the root domain as the main directory in a library system. The TLDs are sections
(fiction, non-fiction), the SLDs are specific shelves (e.g., science, history), and subdomains
are individual books. No book (domain) exists without being part of the system starting
from the directory (root).
You said:
QUE : Are Domain Hierarchy Levels Parts of a Domain ?
Yes, the domain hierarchy levels (root, TLD, SLD, subdomains) are essentially parts of a
domain name, each contributing to its structure and meaning.
Example: "mail.google.com"
1. Root Level (".")
o The foundation, although not visible, is implied at the end of every domain.
o Connects to the appropriate TLD.
2. Top-Level Domain (TLD - ".com")
o Specifies the category or type of the domain (e.g., commercial, organization).
3. Second-Level Domain (SLD - "google")
o The unique name identifying the organization or entity.
4. Subdomain ("mail")
o Creates specific services or sections under the SLD.
Each part builds upon the previous one, working collectively to form a complete domain
name.
Analogy
Think of a postal address:
• Root Level: The country code, determining the region (e.g., "." as the global base).
• TLD: The state (e.g., ".com" as a category).
• SLD: The city or neighborhood (e.g., "google").
• Subdomain: A specific house or apartment (e.g., "mail").
Together, these ensure precise identification and navigation within the DNS hierarchy.
QUE : SO "mail.google.com." is a valid domain , but the last '.' will not be visible or present
in actual true domain ?
QUE : Why system does so ? why we need this ‘.’ at the end ? why can't we drop this idea ?
The inclusion of the trailing dot in fully qualified domain names (FQDNs) has some historical
and technical significance in the world of DNS. Let's break it down :
Why Does the System Use the Trailing Dot ?
1. Clarity and Precision: The trailing dot specifies that the domain is absolute, meaning it
is complete and doesn't require any further resolution. This ensures that there is no
ambiguity in domain name resolution.
2. DNS Hierarchy: The DNS system is hierarchical. The trailing dot at the end of an FQDN
points to the root of this hierarchy, making it clear where the domain name ends.
Why We Need This Dot :
1. DNS Resolution Efficiency: By marking the end of a domain name with a dot, the
system can resolve domain names more efficiently and accurately, avoiding
unnecessary searches in local or subdomain contexts.
2. Standards and Protocols: The trailing dot adheres to the DNS standards and
protocols defined by organizations like ICANN (Internet Corporation for Assigned
Names and Numbers) and IANA (Internet Assigned Numbers Authority).
Why Can't We Drop This Idea ?
1. Backward Compatibility: Many existing DNS infrastructures rely on the trailing dot for
proper resolution. Dropping it could cause issues with legacy systems and
applications.
2. System Consistency: The trailing dot helps maintain a consistent and unambiguous
method of interpreting domain names, which is crucial for the stability and reliability
of the DNS.
Analogy :
Imagine writing a complete address on an envelope. The trailing dot is like the final zip code
in an address, ensuring that the letter reaches the exact intended destination without any
confusion.
While the trailing dot might seem unnecessary in everyday use, it plays a vital role behind
the scenes in ensuring that our internet infrastructure works seamlessly. So, even though
you don't see it while typing "youtube.com", it's working quietly in the background,
keeping things running smoothly.
DNS Records
DNS records are entries in a DNS database that provide information about a domain's
services and resources.
Maintenance
DNS records are maintained by the domain's authoritative DNS server, usually managed by
domain registrars, hosting providers, or IT teams.
• Once the IP address is resolved, the browser initiates a TCP handshake with the
server.
• HTTP or HTTPS protocols manage the request-response communication.
• Data packets are exchanged, routed based on IP addresses resolved by DNS.
• DNS ensures the correct endpoint is reached, enabling seamless communication.
What is HTTP ?
What is HTTPS ?
• HTTPS (HyperText Transfer Protocol Secure): The secure version of HTTP that
encrypts data, ensuring:
o Confidentiality: Prevents data from being intercepted.
o Authentication: Confirms communication with the correct server.
Parts of a URL :
What is a Cookie ?
A cookie is a small piece of data stored on the user's computer by a web browser while
browsing a website. It allows the server to remember information about the user, such as
login status, preferences, or activity, across multiple sessions. Cookies are primarily used to
enhance the user experience and facilitate web application functionality.
Types of Cookies
1. Based on Purpose
• Session Cookies:
o Temporary cookies stored in the browser's memory and deleted when the
browser is closed.
o Used for session management (e.g., tracking a user as they navigate a site).
• Persistent Cookies:
o Remain on the user's device for a specified duration, even after the browser is
closed.
o Used for remembering user preferences, login credentials, or tracking over
time.
• Authentication Cookies:
o Ensure that a user is logged into a website and has the appropriate permissions
to access specific resources.
• Tracking Cookies:
o Used by websites (often third-party) to track user behavior across different
websites for analytics or advertising.
• Secure Cookies:
o Sent only over secure HTTPS connections, ensuring their data cannot be easily
intercepted.
2. Based on Lifetime
• First-Party Cookies:
o Created and used by the website the user is currently visiting.
o Example: Remembering your cart items on an e-commerce site.
• Third-Party Cookies:
o Created by domains other than the one the user is visiting, typically used for
advertising and cross-site tracking.
o Example: Facebook cookies used on other websites to track user behavior.
3. Based on Security
• Secure Cookies:
o Only transmitted over secure HTTPS connections to enhance data security.
• HttpOnly Cookies:
o Accessible only by the server, preventing client-side scripts (like JavaScript)
from accessing them and reducing the risk of attacks.
• SameSite Cookies:
o Restrict cross-site requests to prevent Cross-Site Request Forgery (CSRF)
attacks.
1. Session Management :
o To maintain login sessions or shopping cart data across multiple pages of a
website.
2. Personalization :
o Save user preferences (e.g., language, theme) for a customized experience.
3. Tracking & Analytics :
o Track user behavior for website analytics or targeted advertising.
4. Authentication :
o Identify and authenticate users securely for restricted sections of a website.
5. Enhance User Experience :
o Provide faster interactions by remembering user preferences.
Pros Cons
Improved User Experience : Enhances website Privacy Concerns : Tracking cookies may
functionality by remembering user preferences collect excessive personal data, leading to
and login sessions. privacy violations.
Personalization : Offers a tailored user Security Risks : Vulnerable to attacks like
experience (e.g., saved preferences, Cross-Site Scripting (XSS) and Cross-Site
recommendations). Request Forgery (CSRF).
Reduced Server Load : Stores some data Data Size Limits : Each cookie is limited to
locally, reducing the server's need to resend it 4KB in size and can store limited
repeatedly. information.
Efficient Session Management : Ensures Third-Party Abuse : Advertisers and third
smoother navigation between pages during parties can misuse cookies for intrusive
the same session. tracking and behavioral profiling.
Persistent Data Storage : Helps maintain user Performance Impact : Excessive cookies
settings across sessions, making websites may slow down website load times and
more user-friendly. impact device storage.
Room 03 : How websites work ?
Browser
A browser is a software application (e.g., Chrome, Firefox, Safari) that allows users to
access and interact with websites. It sends requests to web servers, receives data (HTML,
CSS, JavaScript), and renders it into a visible and interactive webpage. It also handles DNS
resolution, HTTP requests, and rendering processes.
1. Purpose of a Browser:
o A web browser (e.g., Chrome, Firefox, Safari) is a software application used to
access websites.
o It renders web pages by interpreting HTML, CSS, and JavaScript.
2. Key Functions:
o URL Interpretation: When you type a URL (e.g., https://example.com), the
browser interprets it to locate the website's server.
o DNS Resolution: The browser queries a Domain Name System (DNS) to get the
IP address of the server hosting the website.
o HTTP Request: The browser sends an HTTP(S) request to the server for the
webpage.
o Rendering: Once the response (HTML, CSS, JS, etc.) is received, the browser
parses and renders it into a user-friendly page.
3. Rendering Process:
o Parses HTML to build the DOM (Document Object Model).
o Parses CSS to style the page.
o Executes JavaScript to add interactivity.
o Displays the final rendered page.
Web Server
A web server is a computer or software (e.g., Apache, NGINX) that stores, processes, and
delivers web pages to browsers upon request. It listens for HTTP requests, processes them
(including fetching data or running backend logic), and sends the appropriate response
(e.g., HTML or other files) to the browser.
<form>
<input type="text" id="name" placeholder="Enter your name">
<button onclick="sayHi()">Submit</button>
</form>
<p id="greeting"></p>
<script>
function sayHi() {
var name = document.getElementById("name").value;
document.getElementById("greeting").innerHTML = "Hello " + name;
}
</script>
5. Prevention:
o Sanitize Inputs: Remove or escape HTML tags from user inputs.
Example in JavaScript :
function sanitizeInput(input) {
return input.replace(/</g, "<").replace(/>/g, ">");
}
Load Balancer
A load balancer is a device or software that distributes network or application traffic across
multiple servers to ensure no single server becomes overwhelmed. It improves availability,
reliability, and scalability of an application.
1. Deployment Type :
o Hardware Load Balancers (e.g., F5, Citrix ADC)
o Software Load Balancers (e.g., HAProxy, NGINX, Apache Traffic Server)
o Cloud Load Balancers (e.g., AWS ELB, Azure Load Balancer)
2. Layer of Operation :
o Layer 4 (Transport Layer): Operates at the network layer, handling TCP/UDP
traffic.
o Layer 7 (Application Layer): Operates at the application layer, handling
HTTP/HTTPS traffic with more advanced features.
Layer 4 Layer 7
• Ensures High Availability: Redirects traffic to healthy servers in case one fails.
• Scalability: Distributes the load across servers to handle growing traffic.
• Optimized Performance: Prevents overloading of any single server and improves
response time.
Load balancers are typically placed between the client and the server farm. They sit in front
of the application servers and behind the firewall.
Pros and Limitations of Load Balancers
Pros Limitations
Ensures high availability Can be expensive (hardware)
Improves scalability Adds latency to traffic flow
Enhances performance Requires proper configuration
Provides failover mechanisms May become a single point of failure if not redundant
How Load Balancers Work and Common Algorithms Load balancers use algorithms
to determine how to distribute incoming requests :
Health checks are periodic tests performed by the load balancer to ensure servers are
available and functioning. Common scenarios:
• Healthy server : Traffic is routed normally.
• Unhealthy server : Traffic is redirected to other healthy servers until the failed server
recovers.
Content Delivery Network (CDN)
A Content Delivery Network (CDN) is a distributed network of servers that caches and
delivers web content to users based on their geographic location, reducing latency and
improving performance.
1. Types by Functionality :
o Static Content CDN : Serves cached static resources like images, CSS, and
JavaScript.
o Dynamic Content CDN : Accelerates dynamic, personalized content.
2. Types by Ownership :
o Public CDN (e.g., Cloudflare, Akamai)
o Private CDN (custom, self-hosted CDNs)
CDNs are positioned between the client (browser) and the origin server. DNS resolution
directs the client to the nearest CDN edge server.
Pros Limitations
Reduces latency May not cache dynamic content
Improves site performance Additional cost
Protects origin server from DDoS May require complex integration
Scales easily with traffic Dependent on CDN provider’s network
How CDNs Work ?
CDNs cache content on edge servers close to users. When a user requests content :
1. The CDN checks if the requested content is cached.
2. If cached, the edge server delivers it directly.
3. If not, the CDN retrieves it from the origin server and caches it for future use.
CDNs act like caching servers distributed across multiple locations to improve latency and
response times.
Not exactly. While a CDN stores and serves cached content like a copy of the origin server,
it does not hold everything the server has.
Unlike static content, dynamic content (like API responses, personalized dashboards, and
live data) is constantly changing and cannot be cached easily. However, CDNs still help
accelerate dynamic content using real-time optimization techniques instead of traditional
caching.
Differences :
Purpose
• Static: Fast delivery of fixed resources.
• Dynamic: Personalized user experiences.
Pros Limitations
Static : Fast and reliable Static : No personalization
Dynamic : Customizable Dynamic : Higher resource usage
Linux is a widely used operating system that powers a diverse range of devices, including
smart cars, Android smartphones, supercomputers, home appliances, enterprise servers,
and more.
Linux Commands :
General Commands
File System
Commands
mv oldname.txt
mv Moves or renames files or directories
newname.txt
find Searches for files and directories find /home -name "*.txt"
awk Text processing and pattern scanning awk '{print $1}' file.txt
Process
Management
Networking
Commands
curl -O
curl Transfers data from a URL
http://example.com/file.txt
Command Description Example
wget
wget Downloads files from the internet
http://example.com/file.zip
User Management
Archiving &
Compression
Shutdown &
Reboot
&> Redirects both output and error to a file command &> output.log
{ command;
Groups commands together { echo "Hello"; echo "World"; }
}
Operator Description Example
What is a Flag and What is a Switch in linux commands ? Are They the Same or
Different ?
Flags and switches are options used in Linux commands to modify their
behavior. They are usually prefixed with a - (single dash) for short options or --
(double dash) for long options.
• Flags : Typically modify how a command works and may require an
argument.
o Example : grep -i "hello" file.txt
Here, -i is a flag that makes grep case-insensitive.
In Linux, the terms flags and switches are often used interchangeably, and in
official documentation, they are usually called options. Some people
differentiate them by saying that switches are flags that do not take arguments.
SSH ( Secure Shell )
SSH (Secure Shell) is a cryptographic network protocol used for secure communication
between computers over an unsecured network. It allows users to remotely access and
control systems securely, replacing older, less secure protocols like Telnet and FTP. SSH
encrypts all data, ensuring confidentiality and integrity.
SSH itself is a protocol, but it has different implementations and authentication methods:
1. SSH Implementations:
o OpenSSH – The most widely used open-source SSH implementation.
o PuTTY – A popular SSH client for Windows.
o Bitvise SSH Client – Another Windows SSH client with a GUI.
o Commercial SSH – Enterprise solutions with additional security features.
Algorithms used :
SSH supports multiple cryptographic algorithms. The client and server negotiate which
algorithms to use. These include:
• Key Exchange Algorithms (KEX):
o Diffie-Hellman (DH) Group Exchange
o Elliptic Curve Diffie-Hellman (ECDH)
o Ed25519 Curve25519 (most secure & efficient)
o RSA-based key exchange (less common now)
• Encryption Algorithms (Symmetric Ciphers):
o AES-256-GCM (Most secure)
o ChaCha20-Poly1305 (Fast on low-power devices)
o AES-192, AES-128 (Lower security)
• Message Integrity Algorithms (MACs):
o HMAC-SHA2-512
o HMAC-SHA2-256
At this point, both parties agree on which algorithms to use for the session.
Algorithms used:
• RSA (rsa-sha2-512, rsa-sha2-256)
• ECDSA (ecdsa-sha2-nistp256, ecdsa-sha2-nistp384)
• Ed25519 (ssh-ed25519) (Fast & Secure)
The server sends its public key to the client for verification.
Algorithms used:
• Diffie-Hellman (DH)
• Elliptic Curve Diffie-Hellman (ECDH)
• Ed25519 for faster and secure key exchange
How it works:
1. The client and server generate private keys.
2. They exchange public keys.
3. Using these, they compute a shared secret without ever transmitting the private key.
4. This shared secret is used to derive a session key, which encrypts further
communication.
At this point, all communication is encrypted using the agreed encryption algorithm
(e.g., AES-256).
3. Authentication Phase (Client Verifies Identity)
Now that a secure connection exists, the client needs to authenticate.
Step 3.1: Authentication Methods
Possible methods:
1. Password Authentication (Less secure)
ssh user@remote_host
# Enter password
2. Public Key Authentication (More secure)
o Client generates a key pair:
ssh-keygen -t rsa -b 4096
o Client copies the public key to the server:
ssh-copy-id user@remote_host
o Now, SSH login is passwordless!
3. Certificate-Based Authentication (For enterprises)
4. Kerberos Authentication (For centralized authentication)
5. Connection Termination
• When the session ends (e.g., you type exit or logout), SSH:
1. Sends a termination signal to the server.
2. Securely deletes the session key to prevent reuse.
3. Closes the TCP connection.
This is a highly secure process that ensures confidentiality, integrity, and authentication.
Pros and Limitations of SSH :
Pros Cons
Using SSH :
The image represents a hierarchical structure of a Linux/Unix file system directory. Below is
an explanation of the directories present in the image, along with some additional
important directories that are not shown.
Root Directory (/)
• The top-most directory in the Linux file system, from which all other directories
branch out.
Primary Directories Under /
• bin/ → Contains essential binary executables for all users (e.g., ls, cat, cp).
• boot/ → Stores files needed for booting the system (e.g., bootloader files like GRUB).
• dev/ → Stores device files (e.g., /dev/sda for hard disks, /dev/null).
• etc/ → System-wide configuration files (e.g., passwd, fstab, hosts).
• home/ → Home directories for individual users.
o alice/ → Home directory for user alice.
o bob/ → Home directory for user bob.
o eve/ → Home directory for user eve.
• root/ → Home directory for the root user (administrator).
• run/ → Stores temporary runtime data (e.g., process ID files).
• sbin/ → Contains system binaries for administrative tasks (e.g., fdisk, fsck).
• tmp/ → Temporary files storage (cleared on reboot).
• usr/ → Secondary hierarchy for user-related programs and libraries.
o bin/ → Contains non-essential binary executables (e.g., firefox, gcc).
o local/ → Stores locally installed software.
o sbin/ → non-essential system binaries (administrative commands).
o tmp/ → Temporary files specific to usr.
• var/ → Stores variable data like logs and caches.
o tmp/ → Temporary files related to var.
Text editors are essential tools in the Linux ecosystem, used for writing code, editing
configuration files, and managing text-based documents. This guide introduces three
widely used editors : Nano, Vi, and Vim.
Nano - The Beginner-Friendly Editor : Nano is the simplest command-line text editor,
designed for ease of use. It is ideal for new users who need a basic text editor without
complex commands.
Opening Nano
To open Nano, use command : `nano filename`
If the file doesn’t exist, Nano will create it.
Basic Navigation
• Use arrow keys to move the cursor.
• CTRL + G: Show help menu.
• CTRL + X: Exit Nano.
• CTRL + O: Save the file.
• CTRL + K: Cut the current line.
• CTRL + U: Paste the cut line.
• CTRL + W: Search for a word in the file.
Opening Vi
vi filename
Switching Between Modes
• Press i to enter Insert mode.
• Press ESC to return to Command mode.
Basic Commands in Command Mode
• :w → Save file
• :q → Quit Vi
• :wq → Save and quit
• :q! → Quit without saving
• dd → Delete a line
• yy → Copy a line
• p → Paste copied line
• u → Undo last change
Searching in Vi
• /word → Search forward for 'word'.
• ?word → Search backward for 'word'.
Vim - The Improved Vi : Vim (Vi IMproved) is an enhanced version of Vi with additional
features like syntax highlighting, undo history, and plugin support.
Opening Vim
vim filename
Basic Navigation
• h → Move left
• l → Move right
• j → Move down
• k → Move up
Editing Commands
• i → Insert mode (before cursor)
• a → Append mode (after cursor)
• o → Open a new line below
• x → Delete character under cursor
• dd → Delete a line
• yy → Copy a line
• p → Paste
Advanced Commands
• :set number → Show line numbers
• gg → Go to the beginning of the file
• G → Go to the end of the file
• /text → Search for 'text'
• n → Jump to the next match
• N → Jump to the previous match
Saving and Exiting
• :wq → Save and exit
• :q! → Exit without saving
Section 05 : Windows Fundamentals 1,2 and 3
Max Volume
2TB 256TB 128PB 1 YB
Size
Compression No Yes No No
Enterprise
USB Drives, External Drives,
Best For Internal HDDs/SSDs Servers, Data
Older OS Flash Storage
Storage
Windows (full),
Windows, Windows,
OS Support Limited on macOS & Windows Server
Linux, macOS macOS, Linux
Linux
Pros and Limitations of Different File Systems
File
Pros Limitations
System
On NTFS volumes, you can set permissions that grant or deny access to files and folders.
The permissions are:
• Full control
• Modify
• Read & Execute
• List folder contents
• Read
• Write
The below image lists the meaning of each permission on how it applies to a file and a
folder.
▪ The Windows folder (C:\Windows) is traditionally known as the folder which contains
the Windows operating system.
▪ User accounts can be one of two types on a typical local Windows system that
are Administrator & Standard User.
The user account type will determine what actions the user can perform on that
specific Windows system.
o An Administrator can make changes to the system: add users, delete users,
modify groups, modify settings on the system, etc.
o A Standard User can only make changes to folders/files attributed to the user &
can't perform system-level changes, such as install programs.
System Configuration (msconfig)
The System Configuration Tool helps manage system startup settings, services, and boot
options.
• General Tab:
o Normal Startup – Loads all drivers and services normally.
o Diagnostic Startup – Loads only basic drivers and services (similar to Safe
Mode).
o Selective Startup – Allows choosing specific services and startup items.
• Boot Tab:
o Safe Boot – Boot into Safe Mode.
o No GUI Boot – Hides Windows loading screen.
o Timeout – Set the time for boot selection (default is 30 seconds).
• Services Tab:
o Lists all background services.
o Can be used to disable non-essential services to improve performance.
o Select "Hide all Microsoft services" to avoid disabling critical Windows services.
• Startup Tab:
o Used to manage startup applications (now handled in Task Manager in newer
Windows versions).
• Tools Tab:
o Provides quick access to system utilities like Event Viewer, Command Prompt,
and Registry Editor.
User Account Control (UAC)
User Account Control helps prevent unauthorized changes by prompting for admin
approval.
Resource Details
Command Description
THE END..