– THM : Pre Security –

Section 01 : Intro to Cybersecurity

Room 01 : Offensive Security Intro

In short, Offensive security is the process of breaking into computer systems, exploiting
software bugs, and finding loopholes in applications to gain unauthorized access to them.

List of all HTTP (also for https) status codes : https://www.capscode.in/blog/list-of-http-

status-code

: Offensive security works :

Penetration Testing : Simulating attacks to find vulnerabilities.

Vulnerability Assessment : Identifying security weaknesses in systems.
Exploit Development : Creating exploits for identified vulnerabilities.
Social Engineering : Conducting phishing and other manipulative tests.
Red Team Exercises : Full-scale attack simulations against defenses.
Adversarial Simulation : Emulating specific threat actors' tactics.
Security Research : Staying updated on new exploits and attack techniques.

: Learning Gobuster :

Intro : Gobuster is a powerful tool for brute-forcing hidden directories, files, DNS
subdomains, and virtual hosts on web servers. It's commonly used in penetration testing
and security assessments to discover resources that are not directly linked from the
website.
 ▪ To install gobuster on Debian based system we can use following command :
sudo apt-get install gobuster
▪ General syntax :
gobuster <options> <mode>

Some common mode and option in gobuster are :

Examples of using Gobuster : ↓
Room 02 : Defensive Security Intro

Defensive security is the process of protecting an organization's network and computer

systems by analyzing and securing any potential digital threats. In a defensive cyber role,
you could be investigating infected computers or devices to understand how it was hacked,
tracking down cybercriminals, or monitoring infrastructure for malicious activity.

Two main tasks of defensive security are :

1. Preventing intrusions from occurring
2. Detecting intrusions when they occur and responding properly

: Defensive security works :

Security Monitoring : Keeping an eye on systems for potential threats.

Incident Response : Managing and responding to security breaches.
Security Configuration Management : Maintaining secure system settings.
Patch Management : Applying security updates promptly.
Threat Hunting : Actively searching for hidden threats.
Log Analysis : Reviewing logs for suspicious activity.
Security Awareness Training : Educating staff on security practices.

Security Operations Center (SOC)

A SOC is a team that monitors networks and systems to detect and respond to threats.
Key areas of interest are :
▪ Vulnerabilities : Identify and fix system weaknesses.
▪ Policy Violations : Monitor for breaches of security policies (e.g., unauthorized data
upload).
▪ Unauthorized Activity : Detect and block misuse of stolen credentials.
 ▪ Network Intrusions : Identify and respond to attacks on systems.

Threat Intelligence
Threat intelligence in cybersecurity refers to the collection, analysis, and sharing of
information about potential or existing cyber threats to help organizations defend against
attacks. A threat intelligence team is a group responsible for gathering, analyzing, and
acting on this information.

▪ Goal : Gather information on potential attackers to strengthen defenses.

▪ Process : Collect, process, and analyze data from internal and external sources.
▪ Outcome : Understand adversaries’ tactics, predict attacks, and respond proactively.

Digital Forensics and Incident Response (DFIR)

DFIR focuses on investigating cyber incidents and responding to attacks.
▪ Digital Forensics :
✓ Purpose : Analyze evidence from attacks to trace activity.
✓ Focus Areas : ↓
▪ File System : Investigate files (installed, deleted, overwritten).
▪ System Memory : Examine active malicious programs.
▪ System Logs : Check logs for attack traces.
▪ Network Logs : Monitor network traffic for attack signs.

▪ Incident Response :
✓ Purpose : Minimize damage from incidents and recover quickly.
✓ 4 Phases : ↓
▪ Preparation :Ready the team and tools for handling incidents.
▪ Detection & Analysis : Identify and assess the severity of incidents.
▪ Containment, Eradication, & Recovery : Stop the threat, eliminate it, and
restore systems.
▪ Post-Incident Activity : Report and learn from incidents to prevent
recurrence.
 Malware Analysis
▪ Goal : Understand malicious software to defend against it.
▪ Types of Malwares :
✓ Virus : Attaches to programs, spreads, and damages files.
✓ Trojan Horse : Masquerades as useful software but contains malware.
✓ Ransomware : Encrypts files and demands payment for decryption.

Methods of Analysis :
• Static Analysis : Inspect malware code without executing it.
• Dynamic Analysis : Run malware in a controlled environment to observe its behavior.
Room 03 : Carrers in Cyber

Security Analyst
Security analysts help design security measures to protect organizations from cyber
attacks. They analyze networks and provide recommendations for engineers to implement
security solutions.

Responsibilities :
▪ Collaboration : Work with different teams to assess overall company cybersecurity.
▪ Reporting : Create ongoing reports on network security, including documenting
issues and actions taken.
▪ Security Planning : Develop security strategies based on research of new attack
methods and trends, ensuring data protection across teams.

Security Engineer
Security engineers design and implement security solutions to protect against attacks using
threat and vulnerability data. They address various attack types, including web and network
threats, to prevent data loss.

Responsibilities :
▪ Test Security Measures : Continuously test and evaluate security protocols in
software.
▪ Monitor and Update Systems : Track network activity and reports, updating systems
to fix vulnerabilities.
▪ Implement Security Systems : Identify and install necessary security tools to maintain
strong defenses.
 Incident responders
Incident responders handle security breaches in real time, creating plans and protocols for
quick, effective responses. Their role is critical to protect a company’s data, reputation, and
finances during cyber attacks.
Responsibilities :
▪ Develop Incident Response Plans : Create detailed, actionable plans to follow during
incidents.
▪ Maintain Security Practices : Uphold strong security measures and support incident
response efforts.
▪ Post-Incident Reporting : Analyze and report after incidents, using lessons learned to
prepare for future attacks.

Digital forensics examiner

Forensic analysts collect and analyze digital evidence to solve crimes or investigate security
incidents, ensuring legal procedures are followed.
Responsibilities :
▪ Collect Digital Evidence : Gather evidence while adhering to legal standards.
▪ Analyze Evidence : Examine digital data to uncover facts related to the case.
▪ Document Findings : Record and report results of the investigation.

Malware Analyst
Malware analysts study suspicious programs to uncover their behavior, using reverse-
engineering techniques to convert code into readable form. They aim to detect and
understand malware activity.
Responsibilities :
▪ Static Analysis : Reverse-engineer malware without running it to study its code.
▪ Dynamic Analysis : Observe malware behavior in a controlled environment.
▪ Report Findings : Document and report all analysis results.
 Penetration tester
Penetration testers (or ethical hackers) assess the security of systems and software by
attempting to exploit vulnerabilities. Their goal is to help companies identify and fix
weaknesses before real attacks occur.
Responsibilities :
▪ Test Systems : Conduct tests on computer systems, networks, and web applications.
▪ Security Assessments : Perform security audits and analyze policies.
▪ Report Findings : Evaluate vulnerabilities and provide recommendations for
preventing attacks.

Red teamer
Red teamers simulate real-world cyber attacks to test a company's detection and response
capabilities. Their role is more targeted than penetration testers, focusing on emulating
adversaries to help organizations strengthen their defenses.
Responsibilities :
▪ Simulate Threat Actors : Imitate cybercriminals to exploit vulnerabilities, maintain
access, and avoid detection.
▪ Test Security Systems : Assess the effectiveness of security controls, threat
intelligence, and incident response.
▪ Report Findings : Provide actionable insights to help prevent real-world attacks.

Red teamer vs Penetration tester

Penetration Tester
▪ Focus : Identifying and exploiting as many vulnerabilities as possible across systems,
networks, and applications.
▪ Goal : Improve the overall security posture by uncovering weaknesses and
suggesting fixes.
▪ Approach : Typically short-term, point-in-time assessments using various tools and
techniques.
▪ Scope : Broad, covering multiple systems, networks, or applications.
 ▪ Output : Reports with vulnerabilities and recommended actions to secure them.
▪ Frequency : Conducted regularly as part of routine security checks.

Red Teamer
▪ Focus : Emulating real-world adversaries to test the company’s detection and
response capabilities.
▪ Goal : Simulate advanced attacks to see how well the organization can detect,
respond to, and recover from an ongoing attack.
▪ Approach : Long-term, stealthy engagements (up to a month), trying to maintain
persistence and avoid detection.
▪ Scope : Targeted, focusing on specific objectives like gaining access to sensitive data.
▪ Output : Insights into how well security defenses work in practice, with actionable
data for improvement.
▪ Frequency : Typically conducted by external teams for organizations with mature
security programs.
 Section 02 : Network Fundamentals

Room 01 : What is Networking ?

A network is a system of interconnected devices (like computers, servers, or mobile

phones) that can communicate and share resources. These devices are linked by wired or
wireless connections, allowing data exchange.
In computing, a network can be formed by anywhere from 2 devices to billions. These
devices include everything from your laptop and phone to security cameras, traffic lights
and even farming!

The Internet is a global network of networks, connecting millions of private, public,

academic, business, and government networks worldwide. It is one giant network that
consists of many, many small networks within itself.
Private Internet: A network restricted to specific users or organizations (e.g., corporate
intranets).
Public Internet: The open and accessible network available to anyone with a connection,
like the World Wide Web.

The WWW is a system of interlinked web pages accessible via the Internet using browsers.
It was created in 1989 by Tim Berners-Lee at CERN to share information globally through
hypertext (HTML). The WWW uses URLs to locate documents and links users to multimedia
content.

History and Development:

1989: Berners-Lee proposed the WWW.
1990: First web page created.
1993: Web browsers like Mosaic popularized the web.
1995+: The web exploded with commercial use, leading to its global adoption.

ARPANET (Advanced Research Projects Agency Network) was the first operational packet-
switching network, developed by the U.S. Department of Defense in 1969. It laid the
foundation for modern networking protocols and eventually evolved into the Internet.

Key milestone: 1971, the first email sent over ARPANET.

Devices on a network can be identified in two ways :

1. IP Address
2. MAC Address

: IP Address :

An IP (Internet Protocol) address is a unique identifier assigned to devices connected to a

network. It allows these devices to communicate with each other across a network, be it a
local network (LAN) or the internet (WAN). The IP address ensures that data packets reach
the correct destination.

Different Parameters to Categorize IP Address :

IP addresses can be categorized based on several parameters:
• IPv4 vs IPv6:
o IPv4 is a 32-bit address (e.g., 192.168.1.1).
o IPv6 is a 128-bit address (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334).
• Public vs Private IP Address:
o Public IP address is assigned to devices that are directly accessible from the
internet.
 o Private IP address is used within a private network and cannot be accessed
directly from the internet.
• Static vs Dynamic IP Address:
o Static IP address is manually assigned and remains constant.
o Dynamic IP address is automatically assigned by a DHCP server and may change
over time.
• Unicast vs Broadcast vs Multicast IP Address:
o Unicast: Refers to communication from one sender to one receiver.
o Broadcast: Refers to communication from one sender to all devices in a
network.
o Multicast: Refers to communication from one sender to multiple receivers.

What is a Class in IPv4 ? Is Class Applicable in IPv6 ?

• In IPv4, IP addresses are classified into five classes (A, B, C, D, E) based on the address
ranges and the number of hosts they support:
o Class A : 1.0.0.0 to 127.255.255.255 (supports 16 million hosts)
o Class B : 128.0.0.0 to 191.255.255.255 (supports 65,000 hosts)
o Class C : 192.0.0.0 to 223.255.255.255 (supports 254 hosts)
o Class D (Multicast) : 224.0.0.0 to 239.255.255.255
o Class E (Reserved) : 240.0.0.0 to 255.255.255.255
In IPv6, the concept of classes is not used. Instead, IPv6 uses a more flexible structure that
does not require predefined classes.

Architecture of IPv4 and IPv6:

IPv4 Architecture:
• IPv4 uses a 32-bit address structure (written as four octets, separated by dots:
192.168.1.1).
• The network and host portion of the address are split using subnetting (often via the
subnet mask).
 • Header: 20 to 60 bytes, containing information like source IP, destination IP, etc.
• Supports approximately 4.3 billion unique addresses.
IPv6 Architecture:
• IPv6 uses a 128-bit address structure (written as eight groups of four hexadecimal
digits, separated by colons : 2001:0db8:85a3::8a2e:0370:7334).
Note : The original address 2001:0db8:85a3::8a2e:0370:7334 contains six visible groups because two
groups of zeroes have been replaced by ‘ : : ’
When expanded, it contains eight groups in total, which satisfies the 128-bit address structure of IPv6.

• IPv6 has a much larger address space compared to IPv4.

• Header: Simplified with fewer fields than IPv4 to optimize routing.
• Supports approximately 340 undecillion (3.4×10^38) unique addresses.

IPv4 and IPv6 Key Points

IPv4: • Subnetting for address allocation.

• 32-bit address. • Requires NAT for address
translation.
• 4.3 billion addresses.
• Uses dotted decimal format.
IPv6: • Supports auto-configuration.
• 128-bit address. • Built-in security (IPSec).
• 340 undecillion addresses.
• Uses hexadecimal format.

What is Subnetting ?

Subnetting is the practice of dividing a network into smaller sub-networks (subnets) to

improve performance and security. It allows better utilization of IP address space by
allocating smaller chunks of addresses to smaller sub-networks.
Analogy for Subnetting : Imagine a large office building with several departments (e.g., HR,
Sales, IT). Each department needs its own set of rooms, but they all share the same building
address. Subnetting divides the office (network) into smaller sections (subnets), where
each department (subnet) has its own set of rooms (IP addresses) within the building.
Pros of Subnetting:
• Efficient use of IP address space.
• Better security and traffic management.
• Reduces network congestion.
Cons of Subnetting:
• Complexity in planning and configuration.
• Can cause wasted IP space if not done carefully.

Who Assigns IP Addresses?

IP address allocation is managed by a hierarchical system :

1. IANA (Internet Assigned Numbers Authority) : The parent organization responsible
for global IP address management.
 2. RIRs (Regional Internet Registries) : IANA delegates the authority to RIRs to manage
IP allocation within specific regions:
o ARIN (North America)
o RIPE NCC (Europe, Middle East, and parts of Central Asia)
o APNIC (Asia-Pacific)
o LACNIC (Latin America and the Caribbean)
o AFRINIC (Africa)
3. ISPs (Internet Service Providers) : RIRs allocate large blocks of IP addresses to ISPs,
who, in turn, assign IP addresses to individual customers.

Why IP Collisions Do Not Happen : IP collisions are prevented because the address
allocation is managed hierarchically and globally coordinated. The RIRs, ISPs, and IANA
ensure that IP addresses are unique across the internet, avoiding overlaps or collisions.

: Mac Address :

A MAC address (Media Access Control address) is a unique identifier assigned to the
network interface card (NIC) or hardware of a device on a network. It operates at the Data
Link Layer (Layer 2) of the OSI model and is used to identify devices on a local network,
allowing them to communicate within that network. The MAC address is hardcoded into
the NIC and is typically assigned by the manufacturer.

Architecture of a MAC Address :

A MAC address is a 48-bit identifier, typically represented as 12 hexadecimal characters (6
bytes). It is usually displayed in the following format:
• XX:XX:XX:XX:XX:XX
Structure of MAC Address :
• OUI (Organizationally Unique Identifier) : The first 3 bytes (24 bits) represent the
manufacturer of the NIC. Each manufacturer has a unique OUI assigned by IEEE
(Institute of Electrical and Electronics Engineers).
 o Example: For Intel NICs, the OUI could be 00:1A:2B.
• NIC-Specific (Unique identifier): The last 3 bytes (24 bits) represent a unique identifier
assigned by the manufacturer to the device. This ensures uniqueness across all
devices from that manufacturer.

Points about MAC Address to Know :

• Uniqueness : MAC addresses are globally unique and are assigned to each NIC by the
manufacturer.
• Length : A MAC address is 48 bits long (6 bytes), typically written as 12 hexadecimal
digits.
• Layer 2 : Operates at the Data Link Layer (Layer 2) of the OSI model.
• Format : Represented in hexadecimal format, separated by colons or hyphens (e.g.,
00:1A:2B:3C:4D:5E).
• Usage : Used in Ethernet, Wi-Fi, Bluetooth, and other network technologies for
device identification on local networks.
• Permanent : The MAC address is typically burned into the hardware (NIC) and is
permanent, although it can be changed in some cases (e.g., software-defined MAC
addresses).
How to Read a MAC Address ?
A MAC address is a 12-character hexadecimal string divided into two parts :
1. First 3 bytes (24 bits) : This identifies the manufacturer of the device (OUI).
2. Last 3 bytes (24 bits) : This uniquely identifies the device manufactured by that
company (NIC-specific part).
Example MAC Address : 00:1A:2B:3C:4D:5E
• 00:1A:2B : OUI, identifying the manufacturer (e.g., Intel).
• 3C:4D:5E : The unique identifier for that specific device.
You can use an OUI lookup tool to identify the manufacturer from the first 3 bytes of the
MAC address.

How MAC Collision is Avoided ?

MAC address collisions are highly unlikely due to the following reasons:
• Unique Assignment: MAC addresses are globally unique and are assigned by
manufacturers. The chance of two manufacturers selecting the same MAC address is
extremely low because of the vast address space (2^48).
• Global Registration: Manufacturers are required to register their OUI with IEEE,
ensuring that no two manufacturers will use the same OUI, which keeps the MAC
addresses unique.
• Vast address space (248) : Here it is 248 because each bit in a MAC address can either
be 0 or 1, meaning there are 2 possible values per bit, and a MAC address consists of
48 bits.

Can MAC address exhaust for a manufacturer ?

Intel and other manufacturers won’t run out of MAC addresses because they are allocated
a large pool of addresses (224 unique addresses = 16,777,216) per OUI block.
If needed ( theoratically let say a manufacturer exhaust with last 3 bytes) then,
manufacturers can request additional OUI blocks from IEEE, and given the vast number of
possible combinations, it’s highly unlikely that a manufacturer will exhaust their address
space.
For example : If Intel's initial OUI block (e.g., 00:1A:2B) is exhausted, they can get more
blocks (e.g., 00:1A:2C, 00:1A:2D, etc.).
Manufacturers like Intel are typically dealing with a large volume of devices, but 16.7 million
addresses per OUI is still a large enough pool that they don’t run out quickly as a single
organization.
The MAC address system is globally coordinated and highly unlikely to cause conflicts or
duplication, ensuring smooth and unique identification of devices.
And it is the manufacturer duty to ensure that two devices do not get assigned same MAC
Address.

In practice, if two devices have the same MAC address (a MAC address collision), it can
cause network problems, such as:
• Data Loss: Ethernet switches rely on MAC addresses to forward frames. If two
devices share the same MAC address, the switch may not know which device to
forward the data to, leading to communication errors.
• Network Confusion: Both devices may "fight" to use the same MAC address, resulting
in network instability.
• IP addresses can change from device to device but cannot be active simultaneously
more than once within the same network.
• A public address is used to identify the device on the Internet, whereas a private
address is used to identify a device amongst other devices.
• Public IP addresses are given by your Internet Service Provider (or ISP) at a monthly
fee (your bill !)
• Internet Protocol addressing scheme known as IPv4, which uses a numbering system
of 232 IP addresses (4.29 billion)
• IPv6 is a new iteration of the Internet Protocol addressing scheme to help tackle
shortage of IP. Supports up to 2128 of IP addresses (340 trillion-plus), resolving the
issues faced with IPv4.

• Ping is one of the most fundamental network tools available to us. Ping uses ICMP
(Internet Control Message Protocol) packets to determine the performance of a
connection between devices, for example, if the connection exists or is reliable.
 Room 02 : Intro to LAN

Topology : This refers to how devices and components are physically or logically connected
in the network. Some common topologies include :

Point-to-Point (P2P) Topology

A direct connection between two devices with a dedicated communication link.
Pros :
• Simple and easy to set up.
• Low cost for small-scale networks.
Cons :
• Only suitable for two devices.
• Limited scalability.

Bus Topology
All devices are connected to a single central cable (the bus) through which data
travels.
Pros :
• Simple and inexpensive to implement.
• Requires less cable than star topology.
Cons :
• Difficult to troubleshoot.
• Performance degrades as more devices are added.
• Single point of failure if the bus cable fails.

Ring Topology
Devices are connected in a circular fashion, where each device has two neighbors,
and data circulates in one direction.
Pros :
• Simple to install and configure.
• Data transmission is predictable and consistent.
Cons :
• A failure in any single device or connection breaks the whole network.
• Troubleshooting can be difficult.
Mesh Topology
Every device is directly connected to every other device, ensuring multiple paths for
data.
Pros :
• Highly reliable with multiple paths for data.
• Provides redundancy and fault tolerance.
Cons :
• Expensive and complex to implement.
• Requires more cables and hardware.

Star Topology
All devices are connected to a central device (hub or switch), which manages the
communication.
Pros :
• Easy to install and manage.
• Centralized control makes troubleshooting easier.
• Failure of one device doesn’t affect the rest of the network.
Cons :
• The central device represents a single point of failure.
• Requires more cable than bus topology.

Hybrid Topology
A combination of two or more topologies within a single network, designed to meet
specific needs.
Pros:
• Flexible and adaptable to different requirements.
• Can provide the benefits of multiple topologies.
Cons:
• More complex and expensive to design and maintain.
• Troubleshooting can be challenging due to the mix of topologies.

Tree Topology
A hierarchical topology that combines bus and star topologies with a central root
node and branching connections.
 Pros :
• Scalable and suitable for large networks.
• Centralized control for easy management.
Cons :
• High cable requirements.
• A failure in the root node can affect the entire network.

Full Mesh Topology

Every device in the network is connected to every other device, ensuring maximum
redundancy.
Pros:
• Highly reliable and fault-tolerant.
• Multiple paths for data transmission.
Cons:
• Expensive to implement and maintain.
• Complexity increases as the network grows.

Partial Mesh Topology

Not all devices are connected to every other device, but some are, providing
redundancy without full interconnectivity.
Pros:
• Less expensive than full mesh.
• Provides redundancy and some fault tolerance.
Cons:
• Not as fault-tolerant as a full mesh.
• Still complex and may require more hardware than simpler topologies.

: Different Network Devices :

▪ Router : A device that connects different networks (e.g., LAN to WAN) and forwards
data based on IP addresses.

▪ Switch : A network device that connects devices within a LAN and forwards data
based on MAC addresses.
▪ Hub : A basic networking device that connects multiple devices in a LAN,
broadcasting data to all connected devices.

▪ Access Point (AP) : A device that allows wireless devices to connect to a wired
network by transmitting and receiving radio waves.

▪ Modem : A device that converts digital data from a computer into analog signals for
transmission over telephone lines and vice versa.

▪ Firewall : A network security device that monitors and controls incoming and
outgoing traffic based on security rules.

▪ Bridge : A device that connects two or more network segments, filtering and
forwarding data based on MAC addresses.

▪ Gateway : A device that connects and translates data between different protocols or
network architectures (e.g., connecting LAN to the internet).

▪ Repeater : A device that amplifies or regenerates signals to extend the range of a

network.

▪ Load Balancer : A device or software that distributes network traffic across multiple
servers to optimize resource usage and ensure reliability.

▪ NIC (Network Interface Card) : A hardware component that allows a device to

connect to a network, either via wired or wireless connections.

▪ Proxy Server : A server that acts as an intermediary between a client and the internet,
filtering requests and enhancing security or performance.

▪ DNS Server : A server that translates domain names (like www.example.com) into IP
addresses to enable the routing of network traffic.

▪ TACACS+ Server : A security device used for authentication, authorization, and

accounting (AAA) in network access control.

▪ RADIUS Server : A centralized server that provides authentication, authorization, and

accounting for users accessing a network.
▪ VPN Concentrator : A device used to manage multiple VPN connections, aggregating
traffic from different remote users to a central point.

▪ Edge Router : A router that sits at the edge of a network, managing the traffic
between the internal network and external networks (like the internet).

▪ Media Converter : A device that converts one type of network medium to another,
such as from fiber optic to copper cable.

▪ Wireless Controller : A device that manages and controls multiple wireless access
points, ensuring consistent configuration and security.

▪ IDS (Intrusion Detection System) : A security device that monitors network traffic for
suspicious activity and potential threats.

▪ IPS (Intrusion Prevention System) : A security device that actively monitors and
blocks network traffic based on known threat signatures or behaviors.

▪ SIEM (Security Information and Event Management) : A system that collects and
analyzes security logs and events from various network devices to identify potential
security incidents.

▪ Content Filter : A device or software that monitors and restricts access to certain
content based on predefined policies.

▪ UTM (Unified Threat Management) : A security device that combines multiple

security features (e.g., firewall, antivirus, anti-spam) into a single platform.

▪ DDoS Protection Device : A security device that detects and mitigates Distributed
Denial of Service (DDoS) attacks by filtering malicious traffic.

▪ SNMP Monitor : A network management tool that uses the Simple Network
Management Protocol to monitor and manage network devices.

▪ NAT (Network Address Translation) Gateway : A device that modifies network

address information in IP packet headers to route traffic between a private network
and the public internet.
 ▪ Bastion Host : A hardened server that is placed in a network's perimeter to act as a
gateway between external and internal networks, typically serving as a secure point
for remote access.

▪ DHCP Server : A server that automatically assigns IP addresses to devices on a

network.

▪ VLAN Switch : A switch configured to create Virtual Local Area Networks (VLANs),
segmenting network traffic for improved security and efficiency.

▪ DNS Proxy : A device that forwards DNS queries from clients to DNS servers and can
cache responses to improve query speed.

▪ Cloud Gateway : A device that allows secure communication between on-premises

networks and cloud-based services or applications.

▪ Web Application Firewall (WAF) : A security device that monitors and filters
HTTP/HTTPS traffic to and from a web application to protect against common attacks
like SQL injection and cross-site scripting.

▪ SSL/TLS Offloader : A device that offloads the encryption and decryption tasks
associated with SSL/TLS to improve server performance.

▪ Application Delivery Controller (ADC) : A device that optimizes the delivery of

applications over the network, often combining load balancing, security, and traffic
management features.

▪ Time Server : A server that provides accurate time synchronization to other devices in
the network, ensuring that logs and timestamps are consistent.

Sub-netting skipped here, to be covered as part of CCNA schedule

: Address Resolution Protocol (ARP) :

ARP (Address Resolution Protocol) helps devices map IP addresses to MAC addresses,
linking the logical network layer (IP) to the physical hardware layer (MAC).
Working of ARP :
1. ARP Request: A device sends a broadcast asking, "Who has this IP address, and what
is your MAC address?"
2. ARP Reply: The device with the matching IP replies with its MAC address.
3. Storing the Mapping: The requesting device saves the IP-to-MAC mapping in its ARP
cache for future communication.

Why ARP is Important ?

ARP enables devices to communicate by associating IP addresses with MAC addresses,
ensuring data reaches the correct physical device on the network.

ARP Process Summary:

• ARP Request: Broadcast asking for MAC address.
• ARP Reply: The device with the IP responds with its MAC address.
• ARP Cache: The device stores the mapping for future use.
IP addresses can be assigned either manually, by entering them physically into a device, or
automatically and most commonly by using a DHCP (Dynamic Host Configuration Protocol)
server. When a device connects to a network, if it has not already been manually assigned
an IP address, it sends out a request (DHCP Discover) to see if any DHCP servers are on the
network. The DHCP server then replies back with an IP address the device could use
(DHCP Offer). The device then sends a reply confirming it wants the offered IP Address
(DHCP Request), and then lastly, the DHCP server sends a reply acknowledging this has
been completed, and the device can start using the IP Address (DHCP ACK).
 Room 03 : OSI Model

OSI Model

The OSI (Open Systems Interconnection) Model is a conceptual framework used to

understand and describe how different networking protocols interact and work together to
allow communication between devices on a network. It divides the networking process
into seven distinct layers, each with specific functions and protocols associated with it.

Significance of the OSI Model

• Standardization: It provides a clear model for designing and understanding network

protocols, ensuring interoperability between different networking devices and
systems.
• Troubleshooting: Network issues can be isolated by examining specific layers,
simplifying diagnosis and resolution.
• Layered Approach: Allows modularity and flexibility, where each layer is independent
and can evolve without affecting others.
• Education and Training: It provides a common language for network engineers and
students, making it easier to learn about networking concepts.

Origin of the OSI Model

The OSI model was developed by the International Organization for Standardization (ISO)
in the late 1970s and published in 1984. The goal was to standardize communication
protocols and create an open, universal network standard.

OSI Model Layers and Their Functions

Layer Function Protocols/Ports Explanation

7. End-user
HTTP, FTP, SMTP, Provides services for
Application communication,
DNS, Telnet applications, such as web
Layer network services
 Layer Function Protocols/Ports Explanation
browsing, email, file transfer,
and domain name resolution.
Converts data between the
6. Data translation,
application and transport layer,
Presentation encryption, SSL/TLS, JPEG, GIF
deals with data formatting,
Layer compression
encryption, and compression.
Manages sessions and
Maintains, establishes,
connections between
5. and terminates RPC, NetBIOS,
applications. Ensures the
Session Layer communication PPTP
sessions are maintained during
sessions
communication.
End-to-end Ensures reliable data transfer,
4.
communication, error TCP (port 80), UDP flow control, and error
Transport
handling, data flow (port 53), SCTP correction. Responsible for
Layer
control segmenting data.
3. Routing, logical Responsible for addressing,
IP (IPv4, IPv6),
Network addressing, packet routing, and forwarding data
ICMP (ping)
Layer forwarding packets across the network.
2. Physical addressing, Defines how data is formatted
Ethernet, PPP,
Data Link data framing, error for transmission and handles
Frame Relay, ARP
Layer detection error detection and correction.
Deals with the physical
1. transmission of raw bits over
Physical transmission Cables, Switches,
Physical the communication medium
of data over hardware Hubs, Optical Fiber
Layer (e.g., electrical signals, light
pulses).

Ports and Protocols at Each Layer

1. Application Layer (Layer 7)

o Protocols: HTTP, FTP, SMTP, DNS, POP3, IMAP
 o Ports:
▪ HTTP (Port 80)
▪ FTP (Port 21)
▪ SMTP (Port 25)
▪ DNS (Port 53)

2. Presentation Layer (Layer 6)

o Protocols: SSL/TLS (for encryption), JPEG, GIF
o Ports: None specific, as it works with data formatting and encryption
protocols.

3. Session Layer (Layer 5)

o Protocols: RPC, NetBIOS, PPTP
o Ports: None specific.

4. Transport Layer (Layer 4)

o Protocols: TCP, UDP, SCTP
o Ports:
▪ TCP (Port 443, 80)
▪ UDP (Port 53)

5. Network Layer (Layer 3)

o Protocols: IP, ICMP
o Ports: Not applicable at this layer (deals with routing and addressing).

6. Data Link Layer (Layer 2)

o Protocols: Ethernet, ARP, PPP
o Ports: Not applicable (works with data frames and hardware addresses).

7. Physical Layer (Layer 1)

o Protocols: None
o Ports: Not applicable (involves physical hardware).
 TCP vs UDP

Feature TCP UDP

Protocol Type Connection-oriented Connectionless
Reliability Reliable (guarantees delivery) Unreliable (no guarantee of delivery)
Slower (due to connection setup
Speed Faster (no connection setup)
and error checking)
Error Yes (checks for errors and
No (no retransmission of lost data)
Checking retransmits lost data)
Used for applications requiring Used for applications where speed is
Use Case reliability (e.g., web browsing, more important than reliability (e.g., live
email) video, DNS)
Requires connection
Connection No connection required
establishment (handshakes)
Example
HTTP, FTP, SMTP, Telnet DNS, VoIP, Streaming, TFTP, SNMP
Protocols

TCP/IP Model

The TCP/IP model (Transmission Control Protocol/Internet Protocol) is a simpler, more

practical model compared to OSI, and it’s the framework on which the internet is built.
It consists of four layers:
1. Application Layer: Combines OSI’s Application, Presentation, and Session layers.
2. Transport Layer: Handles end-to-end communication, error recovery, and flow
control (like OSI's Transport Layer).
3. Internet Layer: Manages logical addressing and routing (comparable to OSI’s
Network Layer).
4. Link Layer: Encompasses OSI’s Data Link and Physical Layers.

TCP/IP Model Layers and Their Functions

 Layer Function Protocols/Ports Explanation
4. Provides network Used by user applications to
HTTP, FTP, SMTP,
Application services directly to communicate over a
DNS, POP3
Layer applications network.
3. Ensures reliable Manages end-to-end
TCP (Port 80, 443),
Transport communication between communication and error
UDP (Port 53)
Layer systems correction.
2. Defines logical
Handles routing of packets
Internet addressing, routing, and IP, ICMP
across different networks.
Layer packet forwarding
Defines physical Handles data transfer
1.
addressing and data link Ethernet, ARP between devices on the
Link Layer
protocols same network segment.

Differences Between OSI and TCP/IP Models

Feature OSI Model TCP/IP Model

7 Layers (Application, Presentation,
Number of 4 Layers (Application, Transport,
Session, Transport, Network, Data
Layers Internet, Link)
Link, Physical)
Fewer layers, combining some OSI
Layer More detailed with separate layers
layers (e.g., Application combines
Structure for Presentation and Session
Presentation, Session)
Conceptual framework by ISO for Practical implementation developed
Development
open standards by ARPANET
Theoretical model for Practical model for the internet and
Focus
understanding network interactions network communication
Focuses on ensuring
Focuses on protocols specifically used
Reliability interoperability across various
for internet communication (IP, TCP)
systems
 Room 04 : Packets and Frames

Packets and frames are small pieces of data that, when forming together, make a larger
piece of information or message. However, they are different things in the OSI model.
▪ At layer 2 of OSI, the unit of data is called Frame
▪ At layer 3 of OSI we call it Packet
▪ At layer 4 of OSI we call it Segment for TCP or Datagram for UDP

TCP and UDP headers with its subfields

The TCP header is part of the Transmission Control Protocol and facilitates reliable,
connection-oriented communication. It ensures data is delivered accurately and in order,
providing mechanisms for flow control, error checking, and connection management.

TCP Header ↑

The TCP header provides the necessary information to facilitate the TCP protocol for
reliable communication.
It includes several subfields:
1. Source Port: 16 bits (the port number of the sending application).
2. Destination Port: 16 bits (the port number of the receiving application).
3. Sequence Number: 32 bits (used to number the data bytes in the stream).
 4. Acknowledgment Number: 32 bits (used to acknowledge receipt of data).
5. Data Offset: 4 bits (indicates where the data begins in the packet, essentially the
length of the TCP header).
6. Reserved: 3 bits (reserved for future use).
7. Flags: 9 bits (control flags, including SYN, ACK, FIN, etc.).
8. Window Size: 16 bits (specifies the size of the sender's receive window for flow
control).
9. Checksum: 16 bits (used to check for errors in the TCP header and data).
10. Urgent Pointer: 16 bits (indicates if the data is urgent and should be prioritized).
11. Options: Variable length (optional, for additional parameters like maximum segment
size).
12. Padding: Variable (used to align the header size to 32-bit boundaries).

The UDP header, used in the User Datagram Protocol, enables faster, connectionless
communication. It offers a simple structure with minimal overhead, providing basic
information like source/destination ports and error detection, but without the reliability
features of TCP.

The sub-fileds in UDP header are :

1. Source Port : 16 bits (The port number of the sending application.)

2. Destination Port : 16 bits (The port number of the receiving application.)
3. Length : 16 bits (The total length of the UDP header and the UDP data (payload)).
4. Checksum : 16 bits (A checksum used for error checking the header and data
(required for IPv6, optional in IPv4)).
 5. Data (Payload) : Variable length (The actual data being transferred by the UDP
protocol).

IPV4 and IPV6 headers with its subfields

The IPv4 header is part of the Internet Protocol version 4 and is responsible for routing
packets across networks. It contains essential information such as source and destination
IP addresses, packet length, and routing details. It also supports packet fragmentation to
ensure data can be transmitted across networks with different maximum transmission unit
(MTU) sizes.

The IPv4 header is focused on packet routing and addressing. It includes several subfields :

1. Version : 4 bits (specifies the IP version, which is 4 for IPv4).

2. IHL (Internet Header Length) : 4 bits (specifies the length of the header).
3. Type of Service (TOS) : 8 bits (defines the priority or quality of service).
4. Total Length : 16 bits (indicates the total length of the entire IP packet, including
header and data).
5. Identification : 16 bits (used for fragmenting and reassembling the packet).
6. Flags : 3 bits (indicate fragmentation status).
7. Fragment Offset : 13 bits (used when the packet is fragmented).
8. Time to Live (TTL) : 8 bits (prevents infinite loops by limiting packet lifespan).
 9. Protocol : 8 bits (specifies the protocol used in the next layer; e.g., TCP = 6, UDP = 17).
10. Header Checksum : 16 bits (used to check for errors in the header).
11. Source IP Address : 32 bits (the sender’s IP address).
12. Destination IP Address : 32 bits (the receiver’s IP address).
13. Options : Variable length (optional, used for additional settings or routing).
14. Padding : Variable (to ensure the header is a multiple of 32 bits).

The IPv6 header, used in Internet Protocol version 6, is designed to overcome the
limitations of IPv4, offering a larger address space and more efficient routing. It simplifies
the header structure, removing the need for certain fields in IPv4, and includes features like
a flow label for prioritizing traffic and a larger address field to accommodate the growing
number of devices on the internet.

The IPv6 header is designed to improve upon IPv4 and is used for routing packets across
networks.

IPv6 Header Format:

1. Version : 4 bits (Specifies the IP version (6 for IPv6)).
2. Traffic Class : 8 bits (Used for differentiated services (QoS, such as priority)).
 3. Flow Label : 20 bits (Used to label sequences of packets that belong to the same
flow (for special handling, like priority)).

4. Payload Length : 16 bits (Specifies the length of the data (or payload) in the packet,
excluding the IPv6 header).
5. Next Header : 8 bits (Specifies the type of the next header (e.g., TCP, UDP, ICMPv6).
This field is similar to the Protocol field in IPv4).
6. Hop Limit : 8 bits (Similar to the Time to Live (TTL) in IPv4, it prevents packets from
circulating indefinitely in the network by limiting the number of hops).
7. Source Address : 128 bits (The IPv6 address of the sending device).
8. Destination Address : 128 bits (The IPv6 address of the receiving device).
9. Extension Headers : (Optional, variable length) (In IPv6, additional headers can follow
the main header, such as Routing headers or Fragmentation headers).

3 - and 2 - ways Handshake

3-Way Handshake

The 3-way handshake is a process used to establish a connection between a client and a
server in TCP (Transmission Control Protocol) networks. It is used to ensure that both sides
are ready for data transmission and can communicate with each other.

Where it works ?

It works in TCP/IP networks, typically in situations where reliable communication is needed,

such as in web browsing, file transfers, and email.

How it works ?

The 3-way handshake occurs in three stages:

1. SYN (Synchronize):
o The client sends a TCP packet with the SYN flag set to the server, indicating it
wants to start a connection.
o Example: Client → Server : SYN
 2. SYN-ACK (Synchronize-Acknowledge):
o The server responds with a TCP packet that has both the SYN and ACK flags
set. The SYN flag acknowledges the client's request, and the ACK flag indicates
that the server is ready to continue the handshake.
o Example: Server → Client : SYN-ACK

3. ACK (Acknowledge):
o The client responds with an ACK packet to acknowledge the server's response.
Once this packet is received, the connection is established, and data transfer
can begin.
o Example: Client → Server : ACK

Significance:
• Ensures reliable connection setup.
• Both sides confirm the other's availability and readiness.
• Establishes synchronization of sequence numbers, which are used to track packets
and ensure reliable data transfer.

Flags in 3-Way Handshake:

Flag Description Example
SYN Initiates a connection and asks for synchronization. Client → Server: SYN
Server → Client :
ACK Acknowledges the receipt of a message.
SYN-ACK
SYN- Combines both the SYN and ACK flags to acknowledge Client → Server :
ACK receipt and readiness. ACK

2-Way Handshake (Less Common but Relevant)

A 2-way handshake is a simplified connection establishment method, where only two

exchanges occur.
It is used in connectionless protocols or simplified communication systems where full
connection establishment isn’t necessary.
How it works ?
1. Request :
o The client sends a request to the server to initiate communication.
o Example: Client → Server: Request
2. Response :
o The server sends back a response to acknowledge the request and proceed
with communication.
o Example: Server → Client: Response

Significance :
• Not suitable for reliable data transmission because there's no acknowledgment for
connection readiness.
• Often seen in protocols that don’t require the overhead of a full 3-way handshake.
• Faster to establish but less reliable.

Flags in 2-Way Handshake :

• Request: Initiates communication.
• Response: Acknowledges the request.

The 2-way handshake is primarily seen in simpler or less reliable communication methods,
such as basic UDP or certain minimalistic protocols.

3-Way Handshake (TCP) is used in secure and reliable applications like banking, file
transfers, and web browsing where data integrity is paramount.
2-Way Handshake (UDP) is used in real-time applications like video conferencing, live
streaming, and online gaming, where speed and low latency are prioritized over reliability.
 TCP Flags

TCP flags are control bits used in the TCP header to manage the state and behavior of a
connection.

Various TCP flags are :

1. SYN (Synchronize) : Initiates a connection and synchronizes sequence numbers
between sender and receiver.
2. ACK (Acknowledgment) : Acknowledges the receipt of data or control messages.
3. FIN (Finish) : Signals the termination of a connection; tells the other side to close the
connection.
4. RST (Reset) : Resets the connection, used when there’s an error or a non-existent
endpoint.
5. PSH (Push) : Instructs the receiver to pass the data to the application immediately
without buffering.
6. URG (Urgent) : Indicates that the data in the packet is urgent and should be
prioritized.
7. ECE (ECN Echo) : Used in ECN (Explicit Congestion Notification) to signal congestion,
often in TCP congestion control mechanisms.
8. CWR (Congestion Window Reduced) : Signals that the sender has reduced its
congestion window after receiving an ECE flag.
9. NS (Nonce Sum) : Used for ECN nonce protection, part of the ECN feature to avoid
false congestion signals.

▪ Are TCP flags same as flags used in 3 - way handshake ?

No, TCP flags and 3-way handshake flags are related but not the same. The 3-way
handshake specifically uses only a subset of the available TCP flags to establish a
connection, while TCP flags refer to the full set of flags that can be used during any TCP
communication, including data transfer, connection setup, and teardown.
TCP (Transmission Control Protocol)
Pros
Reliable : Ensures data delivery with
acknowledgment and retransmission.
Connection-oriented : Establishes a connection
before data transfer, ensuring both ends are
ready.
Data Integrity : Guarantees data arrives in the
correct order without errors.
Flow Control : Manages data flow to prevent
congestion and buffer overflow.
Congestion Control : Adjusts transmission rates
to avoid network congestion.
Widely used for reliable applications : Ideal for
applications where accuracy is essential (e.g.,
web browsing, file transfers, emails).
UDP (User Datagram Protocol)
Pros
Faster : Minimal overhead and no connection Unreliable : No guarantees that packets will
setup or error checking.
Connectionless : No need to establish a
No error recovery : Lost or corrupted data is
connection before sending data, reducing
delays.
Lower Overhead : No extra processing for
acknowledgment or retransmissions.
Cons
Slower : Due to connection setup, error
checking, and retransmissions.
Higher overhead : Requires more
resources for managing the connection
and reliability features.
More complex : Requires handling of
retransmissions, sequencing, and
acknowledgment.
Less efficient for real-time data : Due to
the need for error correction and data
sequencing.
Requires more processing : The
connection management adds
computational overhead.
Not ideal for time-sensitive applications:
Because of the added delays in ensuring
reliability.
Cons
be delivered or arrive in order.
not retransmitted.
No Flow Control : Doesn't adjust data flow,
which can lead to network congestion.
 Pros
Efficient for real-time applications : Ideal for
live streaming, VoIP, and gaming.
Simple to use : Easy for applications that
don’t need the reliability of TCP.
Better for low-latency applications : Great for
scenarios that need speed more than
accuracy.
Cons
Potential for packet loss : Data may be
dropped or arrive out of order.
Not suitable for reliability-critical tasks :
Can’t ensure delivery or sequence integrity.
Lacks congestion control : Can lead to
network congestion or packet loss in
crowded networks.

Ports

A port in networking is a 16-bit number (ranging from 0 to 65535) used by the transport
layer protocols (like TCP and UDP) to identify specific processes or services on a device. It
acts as a logical endpoint that directs network traffic to the correct application or service
running on a device.

At its core, a port in computing is a specific numeric identifier used by a system's

networking protocols to manage and direct traffic to the correct application or service.
The core concept here is organization of communication within the system.

Imagine that your computer or server is like a communication center where multiple
activities or services are happening simultaneously (e.g., browsing the web, checking
emails, transferring files). Each of these activities needs its own distinct line of
communication to avoid confusion. Ports provide this organization.

Core Logic of a Port:

• Port = A unique identifier for a type of communication or service on a device.
• When data is sent over a network, it needs to go to the right program or service. The
port number ensures that the data reaches the correct application.
• Port = Addressing mechanism: Each port number corresponds to a specific service
(e.g., web service, email service). It acts as a way of "directing" incoming network
traffic to the correct service.

Analogy : Think of your house where multiple people (applications) live. If a letter (data)
arrives, the letter carrier (network traffic) needs to know who should receive the letter.
Each person (service/application) in the house has a unique number (port) assigned to
them. When the carrier arrives, they look at the number on the letter and know exactly
which person (application) should receive it.

Why This is Crucial :

Without ports, there would be no way to differentiate between web traffic, email traffic, or
file transfer traffic - all of which might arrive at the same time but need to be handled
differently. Ports allow these different types of communication to coexist on a single
device, ensuring everything goes where it should.

How many ports are there, and how did it originate ?

Port numbers range from 0 to 65535, with these ranges divided into three categories:
• Well-Known Ports (0–1023) : These are reserved for common, widely used services
like HTTP (80), FTP (21), and SSH (22). They are often predefined by the system and
can be used by any application that needs to communicate over the network.
• Registered Ports (1024–49151) : These ports are assigned by the Internet Assigned
Numbers Authority (IANA) to specific services or applications. They are not as
common as well-known ports but are used for many user-level applications.
• Dynamic/Private Ports (49152–65535) : These ports are used for temporary, private
communication and are typically used for client-side connections or for ephemeral
ports, meaning they are dynamically assigned when needed.

The concept of ports originated with the development of the TCP/IP (Transmission Control
Protocol/Internet Protocol) networking model in the 1970s. The idea was to enable the
simultaneous communication of different applications on a single network connection.

Example Scenario of ports from all 3 category :

Scenario:
You’re using your computer to browse the web securely (HTTPS) and send emails (through
SMTP and IMAP). You open a browser to visit a website securely and also check your email
using an email client (like Outlook or Gmail).
Well-Known Port (HTTPS - Port 443)
• Your web browser uses HTTPS to securely access a website. The browser sends a
request to the server’s port 443, which is reserved for HTTPS traffic (a Well-Known
Port).
• Since port 443 is a Well-Known Port, it’s automatically recognized by both the client
(your browser) and the server as the standard port for secure HTTP communication.
• The communication is encrypted using SSL/TLS, ensuring that sensitive data, like
passwords or credit card information, is securely transmitted.

Registered Port (SMTP - Port 25)

• While you’re browsing the web securely, you also use an email application that sends
email using SMTP (Simple Mail Transfer Protocol).
• The email application connects to the mail server on port 25. This port is registered by
IANA for SMTP, but it’s not as commonly recognized by users as port 443 for secure
browsing.
• Port 25 is used by email servers worldwide for sending emails, but it is not considered
a Well-Known Port because it’s not used for web browsing or secure communication
in the same way port 443 is for HTTPS.

Dynamic Port
• While browsing securely or sending emails, your computer (as the client) establishes
connections with the web server on port 443 (HTTPS) and the mail server on port 25
(SMTP).
• For both of these connections, your computer randomly selects a dynamic port from
the range 49152–65535.
• These dynamic ports are temporary and are used for the specific session or
connection between your computer and the server.
• Once you disconnect from the server (for example, you close your browser or email
client), the dynamic port is released and can be used again by other applications or
services.
Note :

All well known ports are sub-set of Registered ports that means all well - known ports are
also Registered ports but reverse is not true.

Dynamic Ports (49152–65535) are temporary ports used for specific connections, often
chosen randomly by the operating system for client-side applications. They are not
registered or reserved for any specific service.

So, basically we can say we have either reserved port (Well-known + registered ports) or
dynamic ports.

Venn Diagram for port categories :

Registered ports (0 – 49,151)

Dynamic ports/
Private ports
Well Known ports
(0 – 1023) (49,152 – 65535)

Analogy to the ports category :

Well-Known Ports (0–1023) :

• These are special ports that are used by important, widely-used services like:
o HTTP (Port 80) – For browsing the web.
o FTP (Port 21) – For transferring files.
o SSH (Port 22) – For secure remote login.
• Why are they called "Well-Known"?
o Because these ports are predefined by the system, and everyone knows them.
When you use a browser, for example, it automatically knows to connect to
port 80 for HTTP.
 • Simple analogy: Imagine these are like the main doors of a building, everyone knows
these doors, and they lead to very important areas (services).

Registered Ports (1024–49151):

• These are custom ports assigned to specific applications by a central authority
(IANA).
• These ports are not as famous as Well-Known Ports, but they are used by many
programs to communicate.
• For example:
o SMTP (Port 25) – For sending emails.
o MySQL (Port 3306) – For connecting to databases.
• Why are they called "Registered"?
o Because they are officially assigned to certain applications or services, but
they’re not as universally known or automatically used as Well-Known Ports.
• Simple analogy: These are like specific rooms in an office building that are assigned to
specific teams (services). People know these rooms exist, but they aren't as
commonly used by everyone.

Dynamic/Private Ports (49152–65535):

• These are temporary ports that are automatically assigned by your computer when
you start a new session, like browsing a website or using an app.
• Why "Dynamic"?
o Because these ports change each time, and they’re used only for the duration
of your session (like when you close the app, the port goes away).
• They are mostly used for client-side connections, like when your browser connects to
a website, or when an app sends data to a server.
• Simple analogy: These are like temporary meeting rooms that your company uses for
a specific event. Once the event (connection) is over, the room (port) is no longer
used and is free for the next event.

Some of common ports are :

1. Port 20/21 (FTP - File Transfer Protocol) : Used for transferring files between systems.
2. Port 22 (SSH - Secure Shell) : Used for secure remote access to a machine or server,
typically for administrative purposes.
3. Port 23 (Telnet) : Unencrypted remote login service (though it's largely obsolete due
to security risks).
4. Port 25 (SMTP - Simple Mail Transfer Protocol) : Used for sending emails between
servers.
5. Port 53 (DNS - Domain Name System) : Resolves domain names to IP addresses (e.g.,
turning "google.com" into an IP address).
6. Port 80 (HTTP - Hypertext Transfer Protocol) : Used for web traffic, typically for
unencrypted communication over the web.
7. Port 110 (POP3 - Post Office Protocol v3) : Used for retrieving emails from a server
(without encryption).
8. Port 143 (IMAP - Internet Message Access Protocol) : Used for retrieving emails from
a server, supporting more advanced functionality than POP3.
9. Port 443 (HTTPS - HTTP Secure) : Used for secure web traffic, encrypting data
between the client and server (e.g., banking websites).
10. Port 3389 (RDP - Remote Desktop Protocol) : Used for accessing a computer
remotely via GUI, commonly used in Windows environments.
11. Port 3306 (MySQL) : Used by the MySQL database server for database
communication.
12. Port 8080 (HTTP Alternative) : Often used as an alternative port for web traffic,
particularly for development or testing purposes.
13. Port 69 (TFTP - Trivial File Transfer Protocol) : A simplified version of FTP, used for
small file transfers, often in embedded systems.
 Room 05 : Extending your Network

Port Forwarding

Port forwarding is the process of directing network traffic from one port on a public-facing
device (such as a router or firewall) to a specific port on a private device within the
network, typically for allowing access to services like web servers, gaming, or remote
desktop on a local network.

Why is Port Forwarding Needed ?

Port forwarding is needed when services hosted within a private network must be accessed
externally, such as hosting a web server behind a router or enabling online gaming.

This allows devices or applications, such as web servers or game servers, that are not
directly exposed to the internet to be accessed externally by forwarding specific ports from
the router's public IP to the internal device hosting the service

Why and Where Do We Do Port Forwarding ?

Port forwarding is configured to allow external devices to access a device on a private

network.
This is typically done in routers, firewalls, or other network devices that control inbound
traffic.

How port forwarding works ?

When we set up a device (like a web server, game server, or camera) on a private network,
that device typically has a private IP address, which isn’t directly accessible from the
outside world (the internet). The router or firewall sitting between the private network and
the internet only exposes public IP addresses.
Here's how the process works:
1. Device Behind the Router : The service you're trying to access (e.g., a web server or a
game server) is hosted on a private device, which has a local IP address. This device is
not directly accessible from the internet because the router is protecting it.
2. Request from External Source : When someone on the internet wants to access the
service (for example, visiting your web server or playing a game), their request is sent
to the public IP address of the router.
3. Router’s Role : The router receives this request, but it doesn’t know where to send it
yet, because the request is for a private device (with a local IP). This is where port
forwarding comes into play.
4. Port Forwarding Configuration : You configure the router to forward requests on a
specific port (e.g., HTTP on port 80, or a game on a specific port) to the private IP
address of the device hosting the service.
o Example: You forward external requests on port 80 (HTTP) to the private IP of
the web server in your network.
5. Router Redirects the Traffic : After port forwarding is set up, the router knows that
when a request comes in on that specific port (e.g., port 80), it should send that
request to the correct private device.
6. Access is Granted : Now, when someone tries to access your service, the router
knows where to send the request and forwards it to the right device. The device then
responds to the external request.

So, basically the router does not know where to forward traffic until you've set up port
forwarding. Once you configure port forwarding, the router "learns" where to send
incoming traffic for specific ports, thus enabling external access to the private service.
It's like setting up a specific "path" or "route" in the router's rules so that incoming
requests know where to go inside your private network.

How Port Forwarding is Done ?

The basic steps for configuring port forwarding are :

o Log into your router’s settings page.
o Locate the Port Forwarding section.
o Enter the port number and IP address of the device you want to forward traffic to.
o Save and apply changes.
Pros and Cons of Port forwarding.

Pros Cons
Allows external access to internal services Exposes internal network to security risks
Necessary for services like gaming, web Can make a network more vulnerable to
hosting etc. attacks
Can improve performance for specific Misconfigurations may lead to service
services downtime
Enables access to non-HTTP services Requires ongoing management and
(e.g., FTP) updates

Analogy to Port Forwarding :

– Think of port forwarding like a mailbox at a post office.

– The Post Office (Router/Firewall): This is the central location where all mail (network
traffic) is first received.

– Mailbox (Port): The mailbox represents a specific channel or address (port) where
the mail is directed. There are many mailboxes (ports), each serving different
purposes (e.g., one for bills, one for packages, etc.).

– Recipient (Internal Device): This is the person or device inside your house (local
network) who should receive the mail (data packets) that is directed to a specific
mailbox (port).

– Port Forwarding: When someone sends a letter (data request) to a specific mailbox
at the post office (router), the post office forwards it to the right recipient (specific
device on the local network), ensuring that the mail gets to the correct address
(device).

– Without port forwarding, the post office (router) doesn't know which recipient inside
the building (network) should get the mail, so the letter stays at the front desk
(blocked or discarded).
Some Real-World Examples of Port Forwarding :

• Online Gaming :
You want to play a game like "Minecraft" or "Fortnite" with friends over the internet.
Port forwarding allows external players to connect to your gaming server (hosted on
your computer or gaming console) by forwarding the right port to your device,
ensuring they can join your game.

• Remote Desktop Access :

You work from home and need to access your office computer remotely. Port
forwarding allows you to connect to your office computer through Remote Desktop
Protocol (RDP) or other remote desktop tools, allowing you to work from anywhere.

• Web Hosting :
You host a website on your local computer or a private server. Port forwarding is
necessary to ensure visitors to your website can reach your server through a specific
port (usually port 80 for HTTP or port 443 for HTTPS), allowing them to view your
site.

• IP Camera (Home Security Systems) :

You install a security camera system at home and want to view the camera feed from
your phone while you're away. Port forwarding ensures that the video stream from
the camera is accessible to your phone by forwarding the correct port.

• Voice over IP (VoIP) Services :

You use a service like Skype or a home phone system connected via VoIP. Port
forwarding ensures that your voice calls can be established properly by forwarding
specific ports to your VoIP device, enabling clear communication.

QUE : Then port forwarding will be needed everywhere whenever we are dealing
something that is out of LAN setup ? right.
 Yes, you're correct! Port forwarding is needed whenever you want to allow external
devices (outside of your local network) to access a specific service or device inside
your Local Area Network (LAN).
This is particularly important when the device or service you are trying to access is
behind a router or firewall, which typically blocks incoming traffic from the outside
world to protect your internal network.

QUE : When we are dealing with LAN level only then we don't need port forwarding ? right ?

Exactly! When you're dealing with just your Local Area Network (LAN) and all the
devices are inside the same network, port forwarding is not needed.

Here’s why:

– Devices within a LAN can communicate directly with each other using their local IP
addresses (e.g., 192.168.x.x).
– No external traffic is involved, so there’s no need for port forwarding because all
communication stays within the private network.

Example:
If you have a file server or a printer connected to your home router and you want to access
these devices from another device in the same house (same LAN), port forwarding is not
required. The devices can communicate directly without any special configuration.

When Port Forwarding is Not Needed:

• Accessing files from a file server inside your home network.
• Printing from a computer to a local printer connected to the same router.
• Playing games on a local network with friends, where all players are in the same
house or office.
• Accessing a web server (like a test server) running on your local machine from
another device in your network.
Port forwarding is called "port forwarding" because it involves forwarding data packets
from one port (on a device like a router) to another port (on a specific device inside the
network).

QUE : Is port forwarding one – way or two – way process ?

Port forwarding is typically a one-way process, and it primarily handles traffic from public
(external) networks to private (internal) networks.

Here’s why :

Port Forwarding - One-Way Process :

Incoming Traffic (Public to Private) : The main function of port forwarding is to allow
external traffic from the internet (public network) to reach a specific device or service
inside a private network (LAN). This is useful when you want to access something like
a web server, game server, or camera that is behind a router or firewall.

Example : If you're hosting a game server or a web server inside your home network,
port forwarding makes sure that external players can access the server by forwarding
the appropriate ports to your server's internal IP address.

What Happens with Outbound Traffic ?

Outbound Traffic (Private to Public) : This part doesn’t require port forwarding. Devices
inside your private network (like a computer or phone) can freely send data out to the
public internet without the need for port forwarding. This is because the router usually
performs Network Address Translation (NAT) {getting a public ip address over private}
which allows devices inside the LAN to communicate with the outside world without
needing specific ports opened.

Example : When you browse the web, your computer sends requests to external
websites, and the router uses NAT to keep track of which device requested which
resource. The router sends the response back to the correct internal device without
needing any port forwarding.
 Firewalls

A firewall is a security system that monitors and controls incoming and outgoing network
traffic based on predetermined security rules. It serves as a barrier between a trusted internal
network and untrusted external networks, such as the internet, to prevent unauthorized
access and ensure the safety of systems and data.

Need for firewall :

– Prevents Unauthorized Access : Blocks unauthorized users from accessing sensitive

data.
– Monitors and Controls Traffic : Controls inbound and outbound network traffic based
on security rules.
– Protection from Malware and Viruses : Prevents malicious software from entering
the network.
– Secures Public-Facing Servers : Protects external-facing servers by isolating them in a
DMZ.
– Prevents DDoS Attacks : Mitigates Distributed Denial-of-Service attacks by filtering
malicious traffic.
– Controls Access to Services : Defines rules on who can access specific network
services.
– Enforces Network Security Policies : Ensures compliance by blocking unapproved
applications or websites.
Types of Firewalls :

Based on Inspection Level

Type Description Pros Limitations Examples

Filters traffic at the Does not inspect
Traditional
Packet network layer (Layer packet content;
Simple, fast, low network
Filtering 3) based on IP vulnerable to IP
resource usage. firewalls,
Firewall address, port, and spoofing and
routers.
protocol. certain attacks.
Tracks the state of
Requires more
active connections More secure than
Stateful system resources;
and filters packets packet filtering; Cisco ASA, Palo
Inspection less granular than
based on their state tracks the state Alto Networks.
Firewall application-layer
in the transport of connections.
filtering.
layer.
Filters traffic at the
Can filter out Can introduce
application layer
specific latency due to Web Application
Application (Layer 7), inspecting
application deep packet Firewalls
Layer the actual data
threats like SQL inspection; (WAFs),
Firewall content of packets
injection, XSS, performance ModSecurity.
for application
etc. overhead.
issues.
Inspects the entire
Provides highly Next-
packet, including the High resource
Deep Packet granular Generation
header and payload, consumption;
Inspection inspection; Firewalls
looking for malicious potential delays in
(DPI) detects a wide (NGFW), DPI
data patterns or traffic flow.
range of threats. devices.
anomalies.
 Based on Deployment Location

Type Description Pros Limitations Examples

Placed at the
Protects the entire Single point of
network perimeter,
network; often failure; requires Fortinet,
Network filtering incoming and
includes additional regular updates SonicWall,
Firewall outgoing traffic
security features like and configuration Cisco ASA.
to/from the internal
VPN, IDS/IPS. management.
network.
Less effective for
Installed on individual
Provides granular network-wide Windows
Host- devices (e.g., PCs,
control per device; protection; Firewall,
based servers) to filter
helps in case of resource Linux
Firewall traffic specific to that
internal breaches. consumption on iptables.
device.
individual devices.
Positioned between
an internal network May not detect Border
Provides robust
and external internal threats or routers,
Perimeter perimeter protection
networks, filtering attacks originating enterprise
Firewall for the internal
traffic at the from within the network
network.
boundary of the network. firewalls.
enterprise.
Scalable, flexible,
A cloud-based easy to deploy, and Relies on internet AWS WAF,
Cloud
firewall that protects managed remotely; connectivity; Azure
Firewall
cloud infrastructure suitable for cloud potential latency Firewall,
(FWaaS)
and services. and hybrid issues. Cloudflare.
environments.
 Based on Traffic Filtering Method

Type Description Pros Limitations Examples

No deep packet
Filters traffic based inspection; Consumer-
Packet Fast and simple to
on packet headers vulnerable to IP grade
Filtering configure; minimal
(IP address, port, spoofing and routers, home
Firewall system impact.
protocol). attacks targeting firewalls.
application layers.
Tracks and
monitors active Can be resource-
More secure than
Stateful connections, intensive for high Cisco ASA,
packet filtering;
Inspection ensuring packets traffic; limited ability Check Point
tracks the full
Firewall belong to an to inspect firewalls.
session.
existing application data.
connection.
Acts as an
Can provide detailed May introduce Squid Proxy,
intermediary,
inspection and latency and Web
Proxy intercepting
anonymity; shields performance issues; Application
Firewall requests between
the internal complex to Firewalls
client and server,
network. configure. (WAF).
filtering traffic.
Provides
Combines stateful Expensive and
Next- comprehensive
inspection with complex to Palo Alto
Generation protection with
DPI, application configure; requires Networks,
Firewall visibility into
awareness, and ongoing FortiGate.
(NGFW) applications and
threat intelligence. management.
threats.
 Based on Scope of Protection

Type Description Pros Limitations Examples

Offers network-
Can become a
Protects the entire wide
Network- bottleneck for large Fortinet, Cisco
network, filtering protection;
Based networks; must be ASA, Juniper
traffic entering or capable of
Firewall placed at the SRX.
leaving the network. handling large
network boundary.
traffic volumes.
Granular control
Less effective at
Protects individual over device-
network-wide Windows
Host-Based devices by filtering specific traffic;
protection; must be Firewall, McAfee
Firewall traffic to/from that useful for
deployed on each Host IPS.
device. endpoint
device.
security.
A decentralized
More flexible Difficult to manage
firewall where each Virtual firewalls
and scalable; in large
Distributed device or network in cloud
reduces single environments;
Firewall segment has its own environments,
points of requires consistent
firewall, controlling VMware NSX.
failure. configuration.
traffic locally.

Based on Ruleset Management

Type Description Pros Limitations Examples

Configured using a Provides full control
Cisco ASA
CLI- command-line over configuration; Requires technical
(via CLI),
Based interface, providing preferred for expertise; difficult for
Linux
Firewall granular control over complex non-technical users.
iptables.
firewall rules. environments.
 Type Description Pros Limitations Examples
Configured via a
Limited flexibility
graphical user Easier to manage and
GUI- compared to CLI; may
interface, offering an configure for non- pfSense,
Based not provide as much
easier configuration technical staff; user- Sophos XG.
Firewall control over complex
process for non- friendly interface.
rules.
technical users.
Easier to manage in
Uses predefined
dynamic Policies may not cover
Policy- security policies to UTM
environments; all edge cases; limited
Based enforce rules and firewalls,
policies help flexibility for custom
Firewall manage traffic FortiGate.
standardize configurations.
filtering.
configurations.

Based on Traffic Type

Type Description Pros Limitations Examples

Protects web Specifically targets
Not effective for
Web applications by web security; ModSecurity,
non-web-based
Application filtering HTTP/HTTPS protects against AWS WAF,
attacks; may
Firewall traffic to prevent common application- Cloudflare
introduce
(WAF) application-level layer attacks like SQL WAF.
latency.
attacks. injection.
Focuses on filtering Helps protect against
Limited to email
email traffic to email-based threats; Barracuda
Email threats; does not
prevent spam, blocks malicious Email Security,
Firewall protect other
phishing, and attachments and Mimecast.
network traffic.
malware. links.
Filters VPN traffic by
Secures remote Can introduce
securing and
access and inter- latency; requires
controlling Cisco ASA with
VPN office configuration to
encrypted VPN, pfSense
Firewall communications; allow secure
communication VPN firewall.
ensures encrypted traffic without
between remote
data transmission. blocking it.
users or offices.
 Based on Security Features

Type Description Pros Limitations Examples

Provides Can be
Combines firewall,
comprehensive resource-
Unified antivirus, intrusion
protection in a intensive; may FortiGate,
Threat detection/prevention,
single appliance; not be as Sophos XG,
Management and other security
reduces the need specialized as WatchGuard.
(UTM) functions into a single
for multiple individual
device.
security tools. solutions.
Actively monitors traffic Protects against
Requires regular Palo Alto
Intrusion and prevents malicious known and
updates; can Networks,
Prevention activity based on unknown threats;
generate false Cisco
Firewall predefined signatures actively blocks
positives. Firepower.
or behavior analysis. malicious traffic.
Ensures safe, Can cause
Filters VPN traffic to encrypted performance
ensure secure and communications degradation if
VPN encrypted for remote not properly Cisco ASA,
Firewall communication for workers; prevents configured; Juniper SRX.
remote workers or unauthorized needs careful
branch offices. access to the traffic
network. management.

Based on Performance Requirements

Type Description Pros Limitations Examples

Designed to handle Can handle Expensive and
High- large traffic volumes, high traffic complex to
Fortinet,
Performance typically in enterprise loads; suitable configure; may
Juniper SRX.
Firewall or service provider for large-scale require substantial
environments. networks. infrastructure.
 Type Description Pros Limitations Examples
Consumer
Suitable for low traffic Not suitable for
Low- Cost-effective; routers,
environments like high-traffic
Performance easier to set up pfSense (for
small offices or home environments; lacks
Firewall and maintain. small
networks. scalability.
networks).

Based on Deployment Model

Type Description Pros Limitations Examples

A standalone Provides dedicated Fortinet
Not flexible for
hardware device protection; often FortiGate,
Physical dynamic
designed to protect includes additional Palo Alto
Firewall environments;
the network from features like VPN, Networks
limited scalability.
external threats. IDS/IPS. devices.
Flexible and Can be less
A software-based scalable; easy to performant
VMware NSX,
Virtual firewall implemented deploy and compared to physical
Cisco ASA
Firewall in a virtualized configure in firewalls; security
Virtual.
environment. virtualized or cloud may be dependent
environments. on host environment.
A cloud-based
firewall offering Easy to manage and Relies on cloud
Firewall- AWS WAF,
scalable, remote scale; no hardware providers; potential
as-a- Azure
management and investment latency and
Service Firewall,
protection for cloud required; remote dependency on
(FWaaS) Cloudflare.
infrastructure and management. internet availability.
services.
 Virtual Private Network (VPN)

A Virtual Private Network (VPN) is a technology that creates a secure, encrypted connection
over a less secure network, typically the internet. It allows users to send and receive data
across shared or public networks as if their devices were directly connected to a private
network.

How VPN Works ?

At the core, a VPN works by creating an encrypted tunnel between the user's device and
the destination server. This ensures that any data transferred between the device and the
server is kept private and secure, even if it’s passing through public networks.

Here's a breakdown:
• Encryption : When you connect to a VPN, your internet traffic is encrypted using
cryptographic protocols. This prevents unauthorized parties from reading or intercepting
the data.
• Tunneling : The data travels through a "tunnel," which is essentially an encrypted
channel. This tunnel protects data from being intercepted by third parties, such as hackers
or your Internet Service Provider (ISP).
• IP Masking : The VPN assigns you a new IP address (usually from the VPN server), which
hides your real IP address. This makes your online activity harder to trace back to you.
• Authentication : The VPN uses authentication mechanisms to ensure that only authorized
devices and users can connect to the network. This is done through user credentials,
certificates, or other methods.
• Routing : After your traffic is encrypted and authenticated, it is routed through the VPN
server to the destination (e.g., a website). The VPN server forwards the data to the final
destination and returns the response to your device through the same secure tunnel.

Real-Life Analogy of Tunnel :

Imagine you're sending a letter in a normal envelope, but instead of just putting it in the
mail, you decide to seal the envelope in a strong, unbreakable box that only the recipient
can open. You don't want anyone to see or steal the contents of the letter during its
journey, so the box keeps everything inside private.

• The letter = Your data (like browsing history, passwords, etc.)

• The envelope = The normal internet connection, which is vulnerable to being intercepted
by hackers or eavesdroppers.
• The strong, unbreakable box = The VPN tunnel. This box keeps your data safe and
encrypted (locked) during the journey, ensuring that no one can read it, even if they
intercept it.
• The recipient = The destination server or website you're connecting to, which is able to
open the box and read the letter (your data) only after it arrives safely.

What Is the "Tunnel" in VPN Technology (in Real Terms) ?

In the context of a VPN, the term "tunnel" doesn't refer to a physical tunnel that we see
like in civil engineering but rather a virtual or digital tunnel that secures your data as it
travels across the internet.

It is an encrypted path that your data follows between your device and the VPN server (or
destination server). The "tunnel" is created by software protocols that ensure your data is
protected as it travels over the internet. This is done through encryption and encapsulation.

Here’s What Happens:

1. Encryption: Your data gets encrypted on your device before traveling over the
internet, making it unreadable to anyone who might intercept it (like hackers).
2. Encapsulation: The data is placed inside a "wrapper" (or packet) which contains both
the original data and necessary routing information, ensuring it reaches the VPN
server securely.
3. Secure Connection: Secure protocols (like OpenVPN, IPsec, WireGuard) create the
"tunnel" by defining how the data should be encrypted, packaged, and sent.
4. Data Transmission: The encrypted data travels through the internet to the VPN
server. Since the tunnel is encrypted, anyone monitoring the network cannot see
your data. Only the VPN server can decrypt it and forward it to its destination.
Understanding the Tunneling Using OpenVPN Protocol :

Let’s focus on how OpenVPN creates the virtual tunnel and encrypts the data.
1. VPN Client and Server Setup
• You have an OpenVPN client on your device and an OpenVPN server at the other
end (e.g., a VPN provider’s server).
• When you start the OpenVPN client, it establishes a connection (session) with the
server. Both the client and server must have matching security keys (private and
public keys) to ensure secure communication.

2. Authentication (Key Exchange)

• OpenVPN uses TLS (Transport Layer Security) for key exchange to ensure both
parties trust each other.
• The client and server exchange public keys securely.
• The client generates a random session key (a secret key) and encrypts it using the
server’s public key. Only the server can decrypt it using its private key.
• Both client and server also use certificates to authenticate each other, ensuring
trust between the two parties.
• Once the server has the session key, they can communicate securely.

3. Session Key Agreement

• The client and server now share a symmetric session key (same key used for both
encryption and decryption).
• This symmetric key is used to encrypt and decrypt the data during the session,
making it faster than asymmetric encryption.

4. Establishing the Tunnel

• OpenVPN uses UDP or TCP to send encrypted data packets.
• The data is encapsulated: Your data is wrapped inside an encrypted packet, which
ensures secure transmission.

5. Data Encryption (Actual Tunnel Creation)

• The data is encrypted using the session key with the AES (Advanced Encryption
Standard) algorithm.
• For example, a request to visit "https://example.com" would first look like plain
text but will then get encrypted into unreadable data.
 • HMAC (Hash-based Message Authentication Code) ensures data integrity by
verifying that it has not been tampered with during transit.

6. Virtual Tunnel in Action

• The encrypted packets travel over the internet to the OpenVPN server. Anyone
intercepting the data will see only scrambled, unreadable information.

7. Decryption at the VPN Server

• The VPN server decrypts the data using the session key, reads the original request,
and forwards it to the destination (e.g., the website you want to visit).

8. Response from the Server

• The web server responds, and the process is reversed:
• The server encrypts the response and sends it back through the same secure
tunnel.
• The OpenVPN client receives the encrypted response, decrypts it, and displays the
website content to you.

Key Technologies in OpenVPN’s Encryption:

• AES (Advanced Encryption Standard): Used for encryption.
• TLS (Transport Layer Security): Used for secure key exchange (authentication).
• HMAC: Ensures data integrity during transmission.
• UDP/TCP: Used to transmit data packets securely.

Note:

When we say "establishing connection with VPN," it means that we are setting up a session
with the server that is facilitating the VPN service. Also, note that VPN is not a server in
itself; it is a service. When we say "VPN server," we are referring to the server that is
facilitating the VPN.

Other VPN protocols (like IPSec, L2TP, or WireGuard) work similarly to OpenVPN, but there
may be slight differences in their specific implementations and how they handle encryption,
key exchange or data transmission.
Pros and Limitations of VPNs :

Pros
Security: Encrypts data to protect from
hackers and surveillance.
Privacy: Hides your IP address and online Compatibility Issues: Some websites or services
activities.
Bypass Geo-restrictions: Allows access to
restricted or region-locked content.
Remote Access: Facilitates secure access
to company networks from remote
locations.
Anonymity: Helps maintain anonymity
while browsing.
Data Integrity: Protects against data
tampering.
Limitations
Speed Reduction: VPNs can cause slower
internet speeds due to encryption overhead.
block VPN connections.
Connection Instability: VPN connections may
drop, causing intermittent access issues.
Cost: Paid VPN services can be expensive.
Device Compatibility: Not all devices or
platforms support VPNs.
Reliability: Free VPN services often have
limitations like bandwidth caps and unreliable
connections.

Different Types of VPN :

Example
Category Name Description Pros Limitations
Usage
Accessing
Allows users to Flexible access, Dependent on
corporate
Based on Remote connect securely to secure internet connection,
resources from
Purpose Access VPN a remote network connections, user- may require
home or while
from anywhere. friendly. setup/configuration.
traveling.
Connecting
Connects entire Ensures secure
Site-to-Site More complex setup, multiple office
networks (e.g., inter-office
VPN requires VPN devices. locations to a
branch offices) communication.
central office.
 Example
Category Name Description Pros Limitations
Usage
securely over the
internet.
Allows secure Business
Enhances
communication collaboration
Extranet collaboration, Security risks if not
between two or between
VPN secure B2B configured properly.
more external partners or
communication.
organizations. vendors.
Effective for
Used to connect Connecting
private network Complex to set up,
Intranet multiple sites of the branch offices
connections requires dedicated
VPN same organization within the
within an resources.
securely. same company.
organization.
Remote
Uses Secure
workers
Sockets Layer (SSL) No special client Limited support for
Based on accessing
SSL VPN protocol to required, easy to non-SSL enabled apps,
Protocol internal web
establish encrypted deploy. lower speed.
apps or
tunnels.
resources.
Secures IP packets Strong Complex
Connecting
and provides encryption, widely configuration, relies
IPsec VPN remote offices
encryption and used in site-to-site on specific
securely.
integrity. VPNs. hardware/software.
Layer 2 Tunneling
Protocol is an Used for
extension of PPTP Enhanced security secure VPN
Slower speeds due to
L2TP VPN that provides compared to connections in
double encapsulation.
stronger encryption PPTP. public
when paired with networks.
IPsec.
Point-to-Point
Legacy systems
Tunneling Protocol Fast connection Low security,
or quick setup
PPTP VPN is a legacy VPN setup, low outdated protocol,
for non-
protocol that offers overhead. vulnerable to attacks.
sensitive data.
basic encryption.
Highly
Open-source VPN Secure remote
customizable, Requires more
protocol that uses access for
OpenVPN strong security, technical expertise to
SSL/TLS for secure enterprises or
supports various configure.
encryption. personal use.
OS.
 Example
Category Name Description Pros Limitations
Usage
↓
Internet Key Ideal for
Exchange version 2 mobile users or
Fast, stable, Limited device
combined with people
IKEv2/IPsec secure, mobile- support, complex
IPsec for fast, frequently
friendly. configuration.
secure VPN switching
connections. networks.
Multi-Protocol
Label Switching High-quality, Connecting
Expensive, requires
Other creates a private, secure service for data centers
MPLS VPN extensive network
Technologies secure network large-scale across multiple
management.
across public networks. locations.
infrastructure.
High-
Modern,
performance
lightweight VPN Fast, simple to
New, less tested, VPN for
WireGuard protocol that configure, open-
fewer support tools. privacy-
emphasizes speed source.
focused or
and simplicity.
high-speed use.

Different VPN technologies :

Name Description Pros Limitations Example

Uses SSL protocol to Easy to deploy, no
establish encrypted special client needed, Limited to web-based Remote access to
SSL VPN
tunnels between the supports web-based traffic, lower speeds. web applications.
client and the server. apps.
Encrypts and Can be complex to
Strong security,
authenticates IP packets, set up, requires Connecting branch
IPsec VPN widely supported,
securing data between compatible offices securely.
good for site-to-site.
two devices. hardware.
Secure VPN
Layer 2 Tunneling Provides stronger
Slower due to double connections over
L2TP/IPsec Protocol with IPsec for encryption than PPTP,
encapsulation. untrusted
stronger encryption. secure.
networks.
 Name Description
Point-to-Point Tunneling
PPTP VPN Protocol, a legacy VPN
protocol.
Open-source, flexible VPN
OpenVPN protocol that uses
SSL/TLS for encryption.
Internet Key Exchange
version 2 with IPsec for
IKEv2/IPsec
fast and secure VPN
connections.
Multi-Protocol Label
Switching creates a
MPLS VPN private, secure network
across public
infrastructure.
Modern, high-
performance VPN
WireGuard
protocol focused on
simplicity and speed.
Pros Limitations Example
Simple setup, low Used for non-
Outdated, vulnerable
overhead, fast sensitive or quick
to modern attacks.
connection. VPN setups.
Highly customizable,
Requires technical Remote access for
strong encryption,
knowledge to businesses or
cross-platform
configure. individual users.
support.
Complex setup, Ideal for mobile
Fast, stable, reliable,
limited device users or those on
mobile-friendly.
support. the move.
High-quality, secure Expensive, requires Connecting data
service for large-scale extensive network centers across
networks. management. multiple locations.
Use in privacy-
Limited support,
Lightweight, easy to focused or high-
relatively new and
configure, high speed. speed VPN
less tested.
applications.

Alternatives to VPN :

Alternative What It Is How It Works Pros Limitations

A server that acts as an
Proxy intermediary between a
Servers client and a destination
server.
An open-source,
decentralized privacy
Tor ( The
network that routes
Onion
internet traffic through a
Router)
series of volunteer-
operated servers.
A security model where
Zero Trust Continuously verifies Strong security,
every request to access a
Networks trust level for each granular control,
system is authenticated
Routes client Faster browsing, No encryption, less
requests through hides original IP, secure than VPNs,
itself, masking the easy to doesn't work for all
client’s IP. configure. apps.
Uses multiple layers
Slow speeds, can be
of encryption to High privacy,
blocked by websites,
anonymize traffic bypasses
not suitable for all
across different censorship.
activities.
nodes.
Complex
implementation,
 Alternative What It Is How It Works Pros Limitations
and authorized, request, regardless of reduces insider requires constant
regardless of its origin. where it comes from. threats. monitoring.
Enforces security
Cloud Access Ensures data
A security solution policies when users Limited to cloud
Security security in cloud
designed to protect data access cloud services, environments,
Brokers services, flexible
across cloud applications. regardless of location complex setup.
(CASBs) control.
or device.

Pros and Cons of using VPN servers for an Individual :

Benefits of Using VPN Cons of Using VPN

Privacy : Masks your IP address, Speed Reduction : Can slow down internet
protecting your online identity. speeds due to encryption overhead.
Security : Encrypts your internet traffic, Compatibility Issues : Some websites or services
safeguarding sensitive data. may block VPN traffic.
Access Restricted Content : Bypasses
Cost : Reliable VPN services often require a paid
geo-blocks to access region-restricted
subscription.
content.
Public Wi-Fi Protection : Secures
Connection Instability : VPN connections can
connections on unsecured networks like
occasionally drop or be unreliable.
public Wi-Fi.
Anonymity : Hides your online activities Limited Device Support : Not all devices or
from third parties and websites. platforms fully support VPNs.
Bypass Censorship : Circumvents
Complex Setup : Some VPNs require technical
internet censorship and restrictions in
knowledge for configuration.
certain regions.
Safe Online Transactions : Protects Reduced Performance : Certain applications or
financial data during online purchases services may experience degraded performance
or banking. when using a VPN.
Avoid Tracking : Prevents advertisers
Possible Data Logging : Some VPN providers may
and websites from tracking your
log user data despite claiming privacy.
browsing behavior.
 Section 03 : How the Web Works

Room 01 : DNS in detail

DNS, or Domain Name System, is a decentralized naming system used to translate human-
readable domain names (e.g., www.google.com) into machine-readable IP addresses (e.g.,
142.250.72.14) and vice versa. DNS serves as the "phonebook of the internet," allowing
users to access websites and online resources without needing to memorize numerical IP
addresses.

Why is DNS Needed ?

• Human Usability : Remembering domain names is easier than memorizing numerical

IP addresses.
• Scalability : DNS allows for a distributed and scalable approach to manage internet
names.
• Flexibility : Enables domain name changes without affecting user access, as DNS
records can be updated.
• Interoperability : Facilitates communication across different networks and devices by
resolving names to IP addresses.

Origin of DNS

The concept of DNS originated in the early 1980s when the ARPANET was expanding and
managing a centralized hosts.txt file became inefficient. Paul Mockapetris proposed DNS in
1983, and the first implementation was detailed in RFC 882 and RFC 883 (later superseded
by RFC 1034 and RFC 1035).

Before DNS was developed, the hosts.txt file was a centralized text file used to map
hostnames to IP addresses. This file was maintained manually by a single organization (e.g.,
Stanford Research Institute for ARPANET). Users would download updated copies of the
file periodically. However, as the ARPANET grew, this approach became inefficient due to
the increasing number of hosts, frequent changes, and the lack of scalability.
RFC 882 and RFC 883
RFC (Request for Comments) documents are a series of technical and organizational notes
for internet protocols and systems. Specifically:
• RFC 882 : Defined the concepts of the Domain Name System and its architecture.
RFC 883 : Detailed the technical implementation of DNS, including query mechanisms
and data formats.
These RFCs were later replaced by RFC 1034 and RFC 1035, which refined and expanded the
DNS framework for modern usage.

Who Can Have Their DNS ?

Any organization, individual, or entity with a registered domain name can have DNS. DNS
can be hosted and managed by:
• Domain registrars (e.g., GoDaddy, Namecheap).
• Hosting providers.
• Public DNS providers (e.g., Google Public DNS, Cloudflare DNS).
• Private DNS servers for internal corporate use.
• Internet Service Providers (ISPs).

Common DNS Services

• Google Public DNS : 8.8.8.8, 8.8.4.4.
• Cloudflare DNS : 1.1.1.1, 1.0.0.1.
• OpenDNS : 208.67.222.222, 208.67.220.220.

Types of DNS Based on Different Aspects

DNS can be classified based on several factors, providing a holistic understanding of its
functionality :
1. Based on Functionality
o Recursive DNS Servers: Resolve queries by acting as intermediaries between
the client and authoritative servers.
o Authoritative DNS Servers: Store and provide definitive DNS records for
domains.
 o Forwarding DNS Servers: Redirect unresolved queries to other DNS servers.
o Cache DNS Servers: Temporarily store query results for quicker resolution.

Analogy: Think of this as a library system:

o Recursive servers are librarians who search multiple shelves (servers) for a
book (IP address).
o Authoritative servers are specific shelves with books (definitive DNS records).
o Forwarding servers are librarians directing you to another library.
o Cache servers are personal notes you keep for quick reference.

2. Based on Ownership
o Public DNS Servers: Accessible to everyone (e.g., Google Public DNS, Cloudflare
DNS).
o Private DNS Servers: Used within organizations for internal purposes.
Analogy : Public DNS servers are like public libraries, open to all, while private DNS servers
are like corporate archives restricted to employees.

3. Based on Query Types

o Iterative Queries: The resolver queries each server step-by-step to find the
answer.
o Recursive Queries: The resolver handles the entire query process and provides
the client with the final answer.
Analogy: Recursive queries are like asking a concierge to get a book for you, while iterative
queries are like visiting each library yourself.

4. Based on Data Transport

o Primary DNS Servers: Contain original read/write data for the domain.
o Secondary DNS Servers: Maintain a read-only copy for redundancy.
Analogy: Primary servers are original manuscripts, while secondary servers are authorized
copies stored in other locations for safety.
Pros and Limitations of DNS
Pros
Simplifies user experience
Scalable and distributed
Reduces latency with caching
Facilitates internet functionality
Limitations
Vulnerable to attacks like DNS spoofing
Dependency on network connectivity
Propagation delays when DNS records are updated
Misconfigurations can lead to outages

Domain Hierarchy Levels :

DNS follows a hierarchical structure divided into levels :

1. Root Level
• Purpose : Top-most level represented by a dot (".").
• Ownership : Managed by IANA (Internet Assigned Numbers Authority).
• Role : Points to Top-Level Domain (TLD) servers.
2. Top-Level Domain (TLD)
• Examples : .com, .org, .net, country-specific (e.g., .us, .uk).
• Ownership : Managed by organizations like ICANN or country-specific authorities.
• Role : Routes queries to Second-Level Domains (SLD).
3. Second-Level Domain (SLD)
• Examples : google.com, microsoft.org.
• Ownership : Owned by individuals or organizations.
• Role : Represents specific organizations or entities.
4. Subdomain Level
• Examples : mail.google.com, docs.microsoft.com.
• Ownership : Controlled by SLD owners.
• Role : Provides further organizational hierarchy.

Differences Between Levels

• Hierarchy : Each level builds upon the previous.
• Ownership : Higher levels are globally managed; lower levels are privately owned.
• Purpose : Root and TLD manage navigation, while SLD and subdomains represent
specific entities and services.
QUE : SO, ALL THE DOMAINS WILL FALL UNDER THE ROOT DOMAIN RIGHT ? OR
ANTYTHING IS THERE OUT OF IT ? EXPLAIN ALL THESE WITH THE HELP OF ONE DOMAIN.

ANS :
Yes, all domains will ultimately fall under the root domain ("."), which is the apex of the
DNS hierarchy. Here's an explanation using an example domain:

Domains and Root Domain Context

The root domain acts as the starting point for the entire DNS hierarchy. Every domain
name, no matter how complex, ultimately connects back to the root domain.

Example: "mail.google.com"
1. Root Domain (".")
o Invisible but implied in every domain.
o Connects to TLD servers like ".com."
o Managed by IANA (Internet Assigned Numbers Authority).
2. Top-Level Domain (TLD)
o In this case, ".com."
o Represents the category or geographical domain.
o Managed by organizations like ICANN or relevant authorities (e.g., Verisign for
".com").
3. Second-Level Domain (SLD)
o "google" is the SLD here.
o Represents the main entity or organization.
o Owned and controlled by Google LLC in this case.
4. Subdomain
o "mail" is a subdomain under "google.com."
o Used to create specific services or sections (e.g., Mail, Drive).
o Managed internally by the SLD owner, Google.

Key Insights
1. All Domains Under Root: Every query in DNS starts at the root level, irrespective of
the domain type.
o Root domains act as a guide, directing to the appropriate TLD servers.
 2. Is Anything Outside the Root?
o No. All publicly accessible domain names fall under this structure.
o Private networks (e.g., internal DNS in organizations) might not interact with
the root domain but are independent from the public DNS hierarchy.

Analogy :
Imagine the root domain as the main directory in a library system. The TLDs are sections
(fiction, non-fiction), the SLDs are specific shelves (e.g., science, history), and subdomains
are individual books. No book (domain) exists without being part of the system starting
from the directory (root).
You said:
QUE : Are Domain Hierarchy Levels Parts of a Domain ?

Yes, the domain hierarchy levels (root, TLD, SLD, subdomains) are essentially parts of a
domain name, each contributing to its structure and meaning.
Example: "mail.google.com"
1. Root Level (".")
o The foundation, although not visible, is implied at the end of every domain.
o Connects to the appropriate TLD.
2. Top-Level Domain (TLD - ".com")
o Specifies the category or type of the domain (e.g., commercial, organization).
3. Second-Level Domain (SLD - "google")
o The unique name identifying the organization or entity.
4. Subdomain ("mail")
o Creates specific services or sections under the SLD.
Each part builds upon the previous one, working collectively to form a complete domain
name.

Analogy
Think of a postal address:
• Root Level: The country code, determining the region (e.g., "." as the global base).
• TLD: The state (e.g., ".com" as a category).
• SLD: The city or neighborhood (e.g., "google").
• Subdomain: A specific house or apartment (e.g., "mail").
Together, these ensure precise identification and navigation within the DNS hierarchy.
QUE : SO "mail.google.com." is a valid domain , but the last '.' will not be visible or present
in actual true domain ?

Is "mail.google.com." a Valid Domain?

Yes, "mail.google.com." is a valid fully qualified domain name (FQDN). The trailing dot at
the end represents the root level of the DNS hierarchy. However, in most user-facing
contexts (e.g., typing a URL into a browser), the trailing dot is typically omitted for
simplicity.

Why the Trailing Dot is Invisible

1. Implied by Defaults:
o When you type "mail.google.com" in a browser, the system automatically
appends the root domain (".") at the end during DNS resolution.
o This means both "mail.google.com" and "mail.google.com." are treated
equivalently.
2. User Convenience:
o Omitting the trailing dot simplifies domain input for users.
o It is only necessary to include the trailing dot in technical or programming
contexts where precision matters (e.g., configuration files).
Analogy
Imagine entering an address like "123 Elm Street, Springfield, USA." The "USA" (root) is
always implied, even if you only say "123 Elm Street, Springfield." Similarly, the DNS resolver
assumes the trailing root dot even if you don't explicitly include it.

QUE : Why system does so ? why we need this ‘.’ at the end ? why can't we drop this idea ?

The inclusion of the trailing dot in fully qualified domain names (FQDNs) has some historical
and technical significance in the world of DNS. Let's break it down :
Why Does the System Use the Trailing Dot ?
1. Clarity and Precision: The trailing dot specifies that the domain is absolute, meaning it
is complete and doesn't require any further resolution. This ensures that there is no
ambiguity in domain name resolution.
 2. DNS Hierarchy: The DNS system is hierarchical. The trailing dot at the end of an FQDN
points to the root of this hierarchy, making it clear where the domain name ends.
Why We Need This Dot :
1. DNS Resolution Efficiency: By marking the end of a domain name with a dot, the
system can resolve domain names more efficiently and accurately, avoiding
unnecessary searches in local or subdomain contexts.
2. Standards and Protocols: The trailing dot adheres to the DNS standards and
protocols defined by organizations like ICANN (Internet Corporation for Assigned
Names and Numbers) and IANA (Internet Assigned Numbers Authority).
Why Can't We Drop This Idea ?
1. Backward Compatibility: Many existing DNS infrastructures rely on the trailing dot for
proper resolution. Dropping it could cause issues with legacy systems and
applications.
2. System Consistency: The trailing dot helps maintain a consistent and unambiguous
method of interpreting domain names, which is crucial for the stability and reliability
of the DNS.

Analogy :
Imagine writing a complete address on an envelope. The trailing dot is like the final zip code
in an address, ensuring that the letter reaches the exact intended destination without any
confusion.
While the trailing dot might seem unnecessary in everyday use, it plays a vital role behind
the scenes in ensuring that our internet infrastructure works seamlessly. So, even though
you don't see it while typing "youtube.com", it's working quietly in the background,
keeping things running smoothly.

DNS Records

DNS records are entries in a DNS database that provide information about a domain's
services and resources.

Common DNS Record Types :

• A Record : Maps a domain to an IPv4 address.
• AAAA Record : Maps a domain to an IPv6 address.
 • CNAME Record : Points a domain to another domain.
• MX Record : Directs email to mail servers.
• TXT Record : Provides text information (e.g., SPF, DKIM settings).
• NS Record : Specifies authoritative DNS servers.
• PTR Record : Maps an IP address to a domain (reverse lookup).
• SRV Record : Specifies services (e.g., VoIP).

Why These Record Types Exist

Each record type serves a specific purpose, enabling diverse functionalities like web
hosting, email routing, and service discovery.

Maintenance
DNS records are maintained by the domain's authoritative DNS server, usually managed by
domain registrars, hosting providers, or IT teams.

Differences Between Record Types

• Purpose: A and AAAA handle IP resolution; MX handles email; CNAME redirects
domains.
• Data Stored: Each record type holds different information (IP, domain name, mail
server).

DNS Request Flow

When a user queries a domain, the DNS request flow is as follows:

1. User Query: A user enters a domain name into their browser.
2. Recursive Resolver: The resolver contacts root servers to locate TLD servers.
3. TLD Server: Points to the authoritative DNS server for the domain.
4. Authoritative Server: Provides the IP address for the domain.
5. Response: The resolver sends the IP address back to the user’s device.
6. Connection: The browser uses the IP to establish a connection to the web server.

DNS in Action: Search and Session Setup

Searching for a Domain
1. User types "www.example.com."
2. Browser checks local DNS cache; if unavailable, it queries the DNS resolver.
3. Resolver follows the DNS request flow to retrieve the IP address.
Session Setup and Data Packet Communication

• Once the IP address is resolved, the browser initiates a TCP handshake with the
server.
• HTTP or HTTPS protocols manage the request-response communication.
• Data packets are exchanged, routed based on IP addresses resolved by DNS.
• DNS ensures the correct endpoint is reached, enabling seamless communication.

Thus, by connecting human-friendly domain names to machine-friendly IP addresses, DNS

serves as a critical foundation for internet communication.
 Room 02 : HTTP in detail

What is HTTP ?

• HTTP (HyperText Transfer Protocol) : Developed by Tim Berners-Lee (1989-1991), is a

protocol used for communication between web servers and clients for transmitting
webpage data (HTML, images, videos, etc.).

What is HTTPS ?

• HTTPS (HyperText Transfer Protocol Secure): The secure version of HTTP that
encrypts data, ensuring:
o Confidentiality: Prevents data from being intercepted.
o Authentication: Confirms communication with the correct server.

URL (Uniform Resource Locator)

• A URL provides instructions on how to access a resource on the internet.

Parts of a URL :

1. Scheme: Protocol (e.g., HTTP, HTTPS, FTP).

2. User : Username and password for authentication (if needed).
3. Host : Domain name or IP address of the server.
4. Port : The server's port (e.g., 80 for HTTP, 443 for HTTPS).
5. Path : File name or location of the resource.
6. Query String : Extra parameters (e.g., /blog?id=1).
7. Fragment : Reference to a specific section of the webpage
HTTP Methods

• GET : Retrieve information.

• POST : Submit data (e.g., create a user).
• PUT : Update existing information.
• DELETE : Remove data.

What is a Cookie ?

A cookie is a small piece of data stored on the user's computer by a web browser while
browsing a website. It allows the server to remember information about the user, such as
login status, preferences, or activity, across multiple sessions. Cookies are primarily used to
enhance the user experience and facilitate web application functionality.

Types of Cookies

Cookies can be categorized based on their purpose, lifetime, and origin :

1. Based on Purpose
• Session Cookies:
o Temporary cookies stored in the browser's memory and deleted when the
browser is closed.
o Used for session management (e.g., tracking a user as they navigate a site).
• Persistent Cookies:
o Remain on the user's device for a specified duration, even after the browser is
closed.
o Used for remembering user preferences, login credentials, or tracking over
time.
• Authentication Cookies:
o Ensure that a user is logged into a website and has the appropriate permissions
to access specific resources.
• Tracking Cookies:
 o Used by websites (often third-party) to track user behavior across different
websites for analytics or advertising.
• Secure Cookies:
o Sent only over secure HTTPS connections, ensuring their data cannot be easily
intercepted.

2. Based on Lifetime
• First-Party Cookies:
o Created and used by the website the user is currently visiting.
o Example: Remembering your cart items on an e-commerce site.
• Third-Party Cookies:
o Created by domains other than the one the user is visiting, typically used for
advertising and cross-site tracking.
o Example: Facebook cookies used on other websites to track user behavior.

3. Based on Security
• Secure Cookies:
o Only transmitted over secure HTTPS connections to enhance data security.
• HttpOnly Cookies:
o Accessible only by the server, preventing client-side scripts (like JavaScript)
from accessing them and reducing the risk of attacks.
• SameSite Cookies:
o Restrict cross-site requests to prevent Cross-Site Request Forgery (CSRF)
attacks.

Why Do We Need Cookies ?

1. Session Management :
o To maintain login sessions or shopping cart data across multiple pages of a
website.
2. Personalization :
o Save user preferences (e.g., language, theme) for a customized experience.
3. Tracking & Analytics :
o Track user behavior for website analytics or targeted advertising.
4. Authentication :
o Identify and authenticate users securely for restricted sections of a website.
5. Enhance User Experience :
 o Provide faster interactions by remembering user preferences.

Pros and Cons of Cookies :

Pros Cons
Improved User Experience : Enhances website Privacy Concerns : Tracking cookies may
functionality by remembering user preferences collect excessive personal data, leading to
and login sessions. privacy violations.
Personalization : Offers a tailored user Security Risks : Vulnerable to attacks like
experience (e.g., saved preferences, Cross-Site Scripting (XSS) and Cross-Site
recommendations). Request Forgery (CSRF).
Reduced Server Load : Stores some data Data Size Limits : Each cookie is limited to
locally, reducing the server's need to resend it 4KB in size and can store limited
repeatedly. information.
Efficient Session Management : Ensures Third-Party Abuse : Advertisers and third
smoother navigation between pages during parties can misuse cookies for intrusive
the same session. tracking and behavioral profiling.
Persistent Data Storage : Helps maintain user Performance Impact : Excessive cookies
settings across sessions, making websites may slow down website load times and
more user-friendly. impact device storage.
 Room 03 : How websites work ?

Browser

A browser is a software application (e.g., Chrome, Firefox, Safari) that allows users to
access and interact with websites. It sends requests to web servers, receives data (HTML,
CSS, JavaScript), and renders it into a visible and interactive webpage. It also handles DNS
resolution, HTTP requests, and rendering processes.

How a Browser Works :

1. Purpose of a Browser:
o A web browser (e.g., Chrome, Firefox, Safari) is a software application used to
access websites.
o It renders web pages by interpreting HTML, CSS, and JavaScript.
2. Key Functions:
o URL Interpretation: When you type a URL (e.g., https://example.com), the
browser interprets it to locate the website's server.
o DNS Resolution: The browser queries a Domain Name System (DNS) to get the
IP address of the server hosting the website.
o HTTP Request: The browser sends an HTTP(S) request to the server for the
webpage.
o Rendering: Once the response (HTML, CSS, JS, etc.) is received, the browser
parses and renders it into a user-friendly page.
3. Rendering Process:
o Parses HTML to build the DOM (Document Object Model).
o Parses CSS to style the page.
o Executes JavaScript to add interactivity.
o Displays the final rendered page.
Web Server

A web server is a computer or software (e.g., Apache, NGINX) that stores, processes, and
delivers web pages to browsers upon request. It listens for HTTP requests, processes them
(including fetching data or running backend logic), and sends the appropriate response
(e.g., HTML or other files) to the browser.

How a Web Server Works :

1. Purpose of a Web Server:

o A web server is a computer or software responsible for storing, processing,
and delivering web pages to users.
o Examples: Apache, NGINX, IIS.
2. Key Functions:
o Listening for Requests: The server listens for incoming HTTP(S) requests from
browsers.
o Processing Requests: Based on the request, it processes the data (e.g.,
accessing databases, executing backend code).
o Sending Response: Returns a response (HTML, CSS, JS, or other data) back to
the browser.
3. Types of Content Served:
o Static Content: Pre-defined files like HTML, CSS, or images.
o Dynamic Content: Generated based on user input or server-side logic (e.g.,
personalized dashboards).

How the Web Works (Step-by-Step) :

– User Enters a URL:

o You type a URL in your browser, like https://example.com.
– DNS Resolution:
o The browser sends the domain (example.com) to a DNS server.
o The DNS server translates the domain into an IP address (e.g., 192.168.1.1).
– Establishing a Connection:
 o The browser connects to the web server at the retrieved IP address using
TCP/IP.
o If the URL uses HTTPS, an SSL/TLS handshake occurs to establish a secure
connection.
– HTTP Request:
o The browser sends an HTTP GET request to the server for the resource (e.g.,
index.html).
o The request includes headers with information (e.g., browser type, cookies,
etc.).
– Web Server Processing:
o The server receives the request, processes it, and prepares a response.
o If dynamic content is required, the server interacts with databases or runs
backend code.
– HTTP Response:
o The server sends an HTTP response containing the requested data (e.g., HTML,
CSS, JavaScript).
o Response headers include metadata like content type or caching instructions.
– Rendering the Web Page:
o The browser processes the received HTML, CSS, and JavaScript:
▪ HTML: Builds the structure.
▪ CSS: Applies styles.
▪ JavaScript: Executes interactive functionality.
o The page is displayed to the user.
– Further Requests:
o If the HTML references other resources (e.g., images, scripts), the browser
sends additional requests for those files.

HTML Injection : Explanation and Example :

1. What is HTML Injection?

o HTML Injection is a vulnerability that allows an attacker to inject malicious
HTML or JavaScript into a webpage.
o It occurs when a website improperly handles or fails to sanitize user inputs.
 2. How It Works:
o A user inputs data (e.g., through a form).
o The website displays this input directly on the page without filtering it.
o If the input contains HTML/JavaScript, the browser executes it, potentially
altering the page or exposing users to attacks.

3. Example of HTML Injection:

o Consider a form asking for a user’s name :

<form>
<input type="text" id="name" placeholder="Enter your name">
<button onclick="sayHi()">Submit</button>
</form>
<p id="greeting"></p>
<script>
function sayHi() {
var name = document.getElementById("name").value;
document.getElementById("greeting").innerHTML = "Hello " + name;
}
</script>

o Normal Input : If the user enters "John", the output is :

Hello John.
o Malicious Input : Suppose if an attacker enters :
<a href="http://hacker.com">Click Me!</a>

Output on the page :

Hello <a href="http://hacker.com">Click Me!</a>

This creates a link that could redirect users to a malicious website.

4. Consequences of HTML Injection:

o Phishing: Attackers can embed fake login forms.
 o Redirects: Users can be sent to malicious websites.
o Session Hijacking: Injected scripts can steal cookies.

5. Prevention:
o Sanitize Inputs: Remove or escape HTML tags from user inputs.

Example in JavaScript :

function sanitizeInput(input) {
return input.replace(/</g, "&lt;").replace(/>/g, "&gt;");
}

o Use Proper Frameworks: Many modern frameworks (e.g., React, Angular)

automatically escape input.
o Validate Input: Ensure inputs conform to expected formats.
 Room 04 : Putting it all together

Load Balancer

A load balancer is a device or software that distributes network or application traffic across
multiple servers to ensure no single server becomes overwhelmed. It improves availability,
reliability, and scalability of an application.

Different Types of Load Balancers Load balancers can be categorized based on

various aspects :

1. Deployment Type :
o Hardware Load Balancers (e.g., F5, Citrix ADC)
o Software Load Balancers (e.g., HAProxy, NGINX, Apache Traffic Server)
o Cloud Load Balancers (e.g., AWS ELB, Azure Load Balancer)
2. Layer of Operation :
o Layer 4 (Transport Layer): Operates at the network layer, handling TCP/UDP
traffic.
o Layer 7 (Application Layer): Operates at the application layer, handling
HTTP/HTTPS traffic with more advanced features.

Key Differences in Operation :

Layer 4 Layer 7

o Routes traffic based on • Routes traffic based on the content

transport protocols
(TCP/UDP).
o Works faster since it only
checks basic connection
details.
o Example: Distributing raw TCP
connections among servers.
of the application layer.
• Supports advanced features like
URL-based routing, SSL offloading,
and caching.
• Example: Sending API requests to
one server and static content
requests to another.
QUE : Why we say Load balancer works on layer 4 and 7 ?

• Layer 4 (Transport Layer) :

o At this layer, the load balancer only uses transport-level information (like
TCP/UDP, IP addresses, and port numbers) to make routing decisions.
o It operates lower in the OSI model, meaning it works faster because it doesn't
analyze the content of the request.
o Use Case : Ideal for balancing traffic that doesn’t require understanding of
application data, such as simple web requests or streaming services.

• Layer 7 (Application Layer) :

o Here, the load balancer operates at the highest layer of the OSI model, which
means it has access to application-level data (like HTTP headers, cookies, or
URL paths).
o It enables content-aware routing, meaning requests are routed based on
specific criteria (e.g., /login goes to Server A, /images goes to Server B).
o Use Case: Perfect for advanced web applications needing routing based on
application logic.

Why Do We Need a Load Balancer ?

• Ensures High Availability: Redirects traffic to healthy servers in case one fails.
• Scalability: Distributes the load across servers to handle growing traffic.
• Optimized Performance: Prevents overloading of any single server and improves
response time.

Load balancers are typically placed between the client and the server farm. They sit in front
of the application servers and behind the firewall.
Pros and Limitations of Load Balancers

Pros
Ensures high availability
Improves scalability
Enhances performance
Provides failover mechanisms
Limitations
Can be expensive (hardware)
Adds latency to traffic flow
Requires proper configuration
May become a single point of failure if not redundant

How Load Balancers Work and Common Algorithms Load balancers use algorithms
to determine how to distribute incoming requests :

• Round Robin: Distributes requests sequentially.

• Least Connections: Sends traffic to the server with the fewest active connections.
• IP Hash: Directs traffic based on a hash of the client’s IP address.
• Weighted Round Robin: Allocates traffic based on server weights.
• Random: Assigns traffic randomly.

What is Health Check by Load Balancers ?

Health checks are periodic tests performed by the load balancer to ensure servers are
available and functioning. Common scenarios:
• Healthy server : Traffic is routed normally.
• Unhealthy server : Traffic is redirected to other healthy servers until the failed server
recovers.
Content Delivery Network (CDN)

A Content Delivery Network (CDN) is a distributed network of servers that caches and
delivers web content to users based on their geographic location, reducing latency and
improving performance.

Different Types of CDNs :

1. Types by Functionality :
o Static Content CDN : Serves cached static resources like images, CSS, and
JavaScript.
o Dynamic Content CDN : Accelerates dynamic, personalized content.
2. Types by Ownership :
o Public CDN (e.g., Cloudflare, Akamai)
o Private CDN (custom, self-hosted CDNs)

Why Do We Need a CDN ?

• Faster Content Delivery : Reduces latency by serving content from the nearest server.
• Improved User Experience : Accelerates website and application loading times.
• Scalability : Handles traffic spikes without affecting performance.

CDNs are positioned between the client (browser) and the origin server. DNS resolution
directs the client to the nearest CDN edge server.

Pros and Limitations of CDN

Pros
Reduces latency
Improves site performance
Protects origin server from DDoS
Scales easily with traffic
Limitations
May not cache dynamic content
Additional cost
May require complex integration
Dependent on CDN provider’s network
How CDNs Work ?

CDNs cache content on edge servers close to users. When a user requests content :
1. The CDN checks if the requested content is cached.
2. If cached, the edge server delivers it directly.
3. If not, the CDN retrieves it from the origin server and caches it for future use.

CDNs act like caching servers distributed across multiple locations to improve latency and
response times.

QUE : Is a CDN Just a Redundant Copy of a Server ?

Not exactly. While a CDN stores and serves cached content like a copy of the origin server,
it does not hold everything the server has.

Key Differences Between a CDN and an Origin Server:

1. CDNs Store Cached Content, Not Full Applications
o CDNs mainly cache static content (e.g., images, CSS, JavaScript, videos, HTML)
and sometimes dynamic content if allowed.
o The origin server still processes requests for uncached, personalized, or real-
time data.
2. CDNs Do Not Replace the Origin Server
o If the CDN doesn’t have a requested file, it fetches it from the origin server.
o The origin server is always the "source of truth" for updated and non-
cacheable content.
3. CDNs Optimize Delivery, Not Compute Processing
o CDNs reduce latency and bandwidth consumption but do not perform
database queries or run application logic.
o The origin server handles backend operations like user authentication, order
processing, and database interactions.
o
Example Workflow:
1. User requests example.com/logo.png.
2. CDN checks if it has logo.png cached.
o If cached, CDN delivers it instantly.
o If not cached, CDN fetches it from the origin server, stores it, and serves it.
3. Future users get logo.png directly from the CDN without bothering the origin server.
How Does a CDN Accelerate Dynamic Content ?

Unlike static content, dynamic content (like API responses, personalized dashboards, and
live data) is constantly changing and cannot be cached easily. However, CDNs still help
accelerate dynamic content using real-time optimization techniques instead of traditional
caching.

1. TCP Optimization and Connection Reuse

• CDNs keep persistent TCP connections open with the origin server.
• This reduces the time required to establish a new connection for each user request.
• Example: Instead of opening a new connection for every request, the CDN maintains
a pool of existing connections, reducing latency.

2. Route Optimization (Anycast & Smart Routing)

• CDNs use advanced routing techniques to find the fastest path to the origin server.
• Example: If one network path is congested, the CDN automatically reroutes traffic
through a less congested path.

3. Dynamic Content Acceleration (DCA)

• Instead of caching full responses, CDNs cache repeated parts of dynamic content.
• Example: A product page with both static (images, layout) and dynamic (pricing, user
reviews) content—CDN caches static parts and fetches only the changing parts.

4. Edge Computing & Compute at the Edge

• Some CDNs (like Cloudflare Workers, AWS Lambda@Edge) allow code execution at
edge locations to process dynamic content closer to the user.
• Example: A CDN can modify an API request at the edge (e.g., adding authentication
headers) before sending it to the origin.

5. API Caching & Adaptive TTLs

• While full responses aren’t cached, CDNs can cache API responses temporarily with
adaptive TTLs (Time-to-Live).
• Example: A weather API response may be cached for 5 minutes to reduce load while
still providing fresh data.
Static vs Dynamic Content

• Static Content: Predefined, fixed content (e.g., images, HTML).

• Dynamic Content: Generated on-the-fly based on user interaction or backend logic
(e.g., personalized dashboards).

Differences :

Aspect Static Content Dynamic Content

Generation Pre-generated Generated at runtime
Personalization Same for all users Personalized per user
Performance Faster Slower due to processing
Storage File-based Database and logic-based

Purpose
• Static: Fast delivery of fixed resources.
• Dynamic: Personalized user experiences.

Pros and Limitations

Pros Limitations
Static : Fast and reliable Static : No personalization
Dynamic : Customizable Dynamic : Higher resource usage

How They Work

• Static content is served directly from storage.
• Dynamic content involves processing server-side logic and database queries before
delivering it to the user.
 Section 04 : Linux Fundamentals

Room 01 : Linux Fundamentals Part – 01 , 02 and 03

Linux is a widely used operating system that powers a diverse range of devices, including
smart cars, Android smartphones, supercomputers, home appliances, enterprise servers,
and more.

Understanding term Unix and Linux

UNIX, developed at AT&T’s Bell Labs in the late 1960s, is a multiuser, multitasking operating
system that became the foundation for many OS variants. It evolved into both proprietary
systems like AIX (IBM), HP-UX (Hewlett-Packard), and Solaris (Oracle), as well as open-
source derivatives like BSD (Berkeley Software Distribution), which later influenced macOS.
Linux, created by Linus Torvalds in 1991, is an open-source, UNIX-like operating system built
independently but following UNIX principles. It further branched into various distributions,
mainly categorized into Debian-based (Ubuntu, Kali Linux, Pop!_OS), Red Hat-based (RHEL,
Fedora, CentOS, Rocky Linux), Arch-based (Manjaro, EndeavourOS), and SUSE-based
(openSUSE, SUSE Linux Enterprise), each tailored for different use cases like personal
computing, servers, and enterprise environments.

Linux Commands :

Command Description Example

General Commands

echo Displays a message or variable value echo "Hello, Linux!"

whoami Shows the current logged-in user whoami

 Command Description Example

Displays user ID (UID) and group ID

id id
(GID)

uname Displays system information uname -a

Shows how long the system has been

uptime uptime
running

hostname Shows or sets the system’s hostname hostname

Displays or sets the system date and

date date "+%Y-%m-%d %H:%M:%S"
time

cal Displays a calendar cal 2024

clear Clears the terminal screen Clear

Displays the manual page for a

man command, providing detailed man ls
documentation

Shows brief help information about

help help cd
built-in shell commands

File System
Commands

pwd Prints the current working directory pwd

ls Lists files and directories ls -l

cd Changes the directory cd /home/user

mkdir Creates a new directory mkdir new_folder

rmdir Removes an empty directory rmdir old_folder

rm Deletes files or directories rm file.txt

cp Copies files or directories cp file1.txt file2.txt

 Command Description Example

mv oldname.txt
mv Moves or renames files or directories
newname.txt

Creates an empty file or updates

touch touch newfile.txt
timestamp

file Determine the type of a file File <filename>

Displays detailed information about a

stat stat file.txt
file

df Shows disk space usage df -h

du Shows directory size du -sh /home/user

File Permissions &

Ownership

chmod Changes file permissions chmod 755 script.sh

chown Changes file ownership chown user:group file.txt

chgrp Changes file group ownership chgrp developers file.txt

umask Sets default permissions for new files umask 022

Searching Files &

Directories

find Searches for files and directories find /home -name "*.txt"

locate Finds files by name quickly locate myfile.txt

Updates the locate command’s

updatedb updatedb
database

which Shows the full path of a command which python

Locates the binary, source, and man

whereis whereis ls
pages of a command

grep Searches for a pattern in files grep "hello" file.txt

 Command Description Example

awk Text processing and pattern scanning awk '{print $1}' file.txt

sed Edits text in a stream or file sed 's/old/new/g' file.txt

Process
Management

ps Displays currently running processes ps aux

top Shows system resource usage top

htop Interactive process viewer (if installed) htop

kill Kills a process by PID kill 1234

pkill Kills processes by name pkill firefox

nice Starts a process with a specific priority nice -n 10 myscript.sh

Changes the priority of a running

renice renice 5 -p 1234
process

bg Resumes a background job bg %1

Brings a background job to the

fg fg %1
foreground

jobs Lists background jobs jobs

nohup Runs a command immune to hangups nohup myscript.sh &

watch Runs a command periodically watch -n 5 ls -l

Networking
Commands

ping Checks network connectivity ping google.com

curl -O
curl Transfers data from a URL
http://example.com/file.txt
 Command Description Example

wget
wget Downloads files from the internet
http://example.com/file.zip

netstat Displays network connections netstat -tulnp

Alternative to netstat for network

ss ss -tulnp
statistics

traceroute Shows the path packets take to a host traceroute google.com

nslookup Queries DNS records nslookup example.com

dig Performs DNS lookups dig example.com

ip Displays network configuration ip a

Shows or configures network

ifconfig ifconfig eth0
interfaces (deprecated)

iptables Configures firewall rules iptables -L

User Management

who Shows logged-in users who

Displays active users and their

w w
processes

whoami Shows the current user whoami

su Switches to another user su - username

Runs a command as another user

sudo sudo apt update
(root)

adduser Adds a new user sudo adduser john

deluser Deletes a user sudo deluser john

passwd Changes a user’s password passwd

 Command Description Example

Archiving &
Compression

tar Archives files tar -cvf archive.tar folder/

zip Compresses files into a .zip archive zip file.zip file.txt

unzip Extracts a .zip archive unzip file.zip

gzip Compresses files using gzip gzip file.txt

gunzip Decompresses .gz files gunzip file.txt.gz

Disk & Storage

Commands

mount Mounts a file system mount /dev/sdb1 /mnt/usb

umount Unmounts a file system umount /mnt/usb

fsck Checks and repairs a file system fsck /dev/sda1

mkfs Creates a new file system mkfs.ext4 /dev/sdb1

lsblk Displays block devices lsblk

blkid Shows UUIDs of storage devices blkid

Shutdown &
Reboot

shutdown Shuts down the system shutdown -h now

reboot Restarts the system reboot

halt Stops the system halt

Shell Operators in Linux :
Operator Description Example

; Runs multiple commands sequentially echo "Hello"; ls -l; pwd

Runs the second command only if the first

&& mkdir newdir && cd newdir
succeeds

& Runs a command in the background sleep 60 &

Pipes the output of one command to

| ls -l | grep ".txt"
another

> Redirects output to a file (overwrites) echo "Hello" > file.txt

>> Redirects output to a file (appends) echo "World" >> file.txt

< Redirects input from a file sort < file.txt

2> Redirects standard error to a file ls nonexistent_dir 2> error.log

&> Redirects both output and error to a file command &> output.log

Redirects output to both a file and the

tee `ls
terminal

Command substitution (executes

$(command) echo "Today is $(date)"
command and uses output)

Another way of command substitution

`command` echo "Hostname: `hostname`"
(backticks)

$(()) Arithmetic expansion echo $((5 + 3))

name="Linux"; echo "Welcome,

${} Variable expansion
${name}"

[[ ... ]] Tests conditions in scripts [[ 5 -gt 3 ]] && echo "True"

(command) Runs command in a subshell (cd /tmp && ls)

{ command;
Groups commands together { echo "Hello"; echo "World"; }
}
 Operator Description Example

Replaces the current shell with a new

exec exec ls -l
command

trap "echo Ctrl+C detected"

trap Captures signals in scripts
SIGINT

What is a Flag and What is a Switch in linux commands ? Are They the Same or
Different ?
Flags and switches are options used in Linux commands to modify their
behavior. They are usually prefixed with a - (single dash) for short options or --
(double dash) for long options.
• Flags : Typically modify how a command works and may require an
argument.
o Example : grep -i "hello" file.txt
Here, -i is a flag that makes grep case-insensitive.

• Switches : A type of flag that toggles a feature on or off (boolean

behavior).
o Example : ls -l
Here, -l is a switch that enables the long listing format.

In Linux, the terms flags and switches are often used interchangeably, and in
official documentation, they are usually called options. Some people
differentiate them by saying that switches are flags that do not take arguments.
SSH ( Secure Shell )

SSH (Secure Shell) is a cryptographic network protocol used for secure communication
between computers over an unsecured network. It allows users to remotely access and
control systems securely, replacing older, less secure protocols like Telnet and FTP. SSH
encrypts all data, ensuring confidentiality and integrity.

SSH itself is a protocol, but it has different implementations and authentication methods:
1. SSH Implementations:
o OpenSSH – The most widely used open-source SSH implementation.
o PuTTY – A popular SSH client for Windows.
o Bitvise SSH Client – Another Windows SSH client with a GUI.
o Commercial SSH – Enterprise solutions with additional security features.

2. SSH Authentication Methods :

o Password Authentication – Requires a username and password.
o Public Key Authentication – Uses SSH key pairs (private and public keys) for
authentication.
o Two-Factor Authentication (2FA) – Enhances security by requiring a secondary
authentication factor.
and more ….
How SSH Works ?

1. Establishing a Connection (Client Sends Request)

• When you type : `ssh user@remote_host`
Here ‘ remote_host ’ is either domain name (example.com) or a hostname
(server1.local) or an ip address.
The SSH client initiates a connection to the server on port 22 (by default).
• The client and server negotiate SSH protocol version:
o SSH-1 (deprecated due to security vulnerabilities)
o SSH-2 (default, secure)

2. Key Exchange & Secure Channel Establishment

Once the connection request is received, SSH establishes a secure communication channel
in multiple steps.
Step 2.1 : Algorithm Negotiation

Algorithms used :
SSH supports multiple cryptographic algorithms. The client and server negotiate which
algorithms to use. These include:
• Key Exchange Algorithms (KEX):
o Diffie-Hellman (DH) Group Exchange
o Elliptic Curve Diffie-Hellman (ECDH)
o Ed25519 Curve25519 (most secure & efficient)
o RSA-based key exchange (less common now)
• Encryption Algorithms (Symmetric Ciphers):
o AES-256-GCM (Most secure)
o ChaCha20-Poly1305 (Fast on low-power devices)
o AES-192, AES-128 (Lower security)
• Message Integrity Algorithms (MACs):
 o HMAC-SHA2-512
o HMAC-SHA2-256

At this point, both parties agree on which algorithms to use for the session.

Step 2.2 : Server Sends Public Key

Algorithms used:
• RSA (rsa-sha2-512, rsa-sha2-256)
• ECDSA (ecdsa-sha2-nistp256, ecdsa-sha2-nistp384)
• Ed25519 (ssh-ed25519) (Fast & Secure)
The server sends its public key to the client for verification.

Step 2.3 : Diffie-Hellman Key Exchange (Session Key Creation)

Algorithms used:
• Diffie-Hellman (DH)
• Elliptic Curve Diffie-Hellman (ECDH)
• Ed25519 for faster and secure key exchange

How it works:
1. The client and server generate private keys.
2. They exchange public keys.
3. Using these, they compute a shared secret without ever transmitting the private key.
4. This shared secret is used to derive a session key, which encrypts further
communication.

At this point, all communication is encrypted using the agreed encryption algorithm
(e.g., AES-256).
3. Authentication Phase (Client Verifies Identity)
Now that a secure connection exists, the client needs to authenticate.
Step 3.1: Authentication Methods

Possible methods:
1. Password Authentication (Less secure)
ssh user@remote_host
# Enter password
2. Public Key Authentication (More secure)
o Client generates a key pair:
ssh-keygen -t rsa -b 4096
o Client copies the public key to the server:
ssh-copy-id user@remote_host
o Now, SSH login is passwordless!
3. Certificate-Based Authentication (For enterprises)
4. Kerberos Authentication (For centralized authentication)

After successful authentication, the session is fully established.

4. Secure Communication & Data Transmission

Now that authentication is complete, the user can:
• Execute commands remotely
ssh user@remote_host "ls -la"
• Transfer files securely using SCP/SFTP
scp file.txt user@remote_host:/path/
• Forward ports securely (SSH Tunneling)
 ssh -L 8080:localhost:80 user@remote_host

How encryption works in this phase:

• Data is encrypted using the symmetric cipher (e.g., AES-256).
• A Message Authentication Code (MAC) (e.g., HMAC-SHA256) ensures integrity.

5. Connection Termination
• When the session ends (e.g., you type exit or logout), SSH:
1. Sends a termination signal to the server.
2. Securely deletes the session key to prevent reuse.
3. Closes the TCP connection.

Summary of Cryptographic Algorithms Used in SSH

Stage Algorithm Used

Key Exchange (KEX) ECDH, Ed25519, DH Group14

Authentication RSA, Ed25519, ECDSA

Encryption (Symmetric) AES-256-GCM, ChaCha20

MAC (Integrity Check) HMAC-SHA256, HMAC-SHA512

This is a highly secure process that ensures confidentiality, integrity, and authentication.
Pros and Limitations of SSH :

Pros Cons

Complex Key Management – Managing SSH

Secure Encryption – All data is encrypted,
keys across multiple systems can be
preventing eavesdropping.
challenging.

Brute Force Attacks – If not configured

Remote Access – Enables remote
properly, SSH servers can be targeted by
administration of servers.
brute-force attacks.

User Privilege Escalation – Improperly

File Transfers – Supports secure file
configured SSH access may allow privilege
transfers via SCP and SFTP.
escalation.

Performance Overhead – Encryption and

Port Forwarding – Can tunnel other
decryption introduce some computational
protocols securely.
overhead.

Public Key Authentication – More secure

than password-based authentication.

Using SSH :

Action Command / Description

Connect to a Remote Server ssh username@remote_host

Example ssh [email protected]

Connect using a custom port (e.g., 2222) ssh -p 2222 [email protected]

Generate SSH Key Pair ssh-keygen -t rsa -b 4096

Copy SSH Key to Server ssh-copy-id [email protected]

Login using SSH Key ssh [email protected]

 Action Command / Description

Copy file to remote server (SCP) scp file.txt [email protected]:/remote/path/

Copy file from remote server (SCP) scp [email protected]:/remote/path/file.txt .

Start an SFTP Session sftp [email protected]

Download a file (SFTP) get file.txt

Upload a file (SFTP) put file.txt

SSH Port Forwarding (Tunneling) ssh -L 8080:localhost:80 [email protected]

Linux File System Directories :

The image represents a hierarchical structure of a Linux/Unix file system directory. Below is
an explanation of the directories present in the image, along with some additional
important directories that are not shown.
Root Directory (/)
• The top-most directory in the Linux file system, from which all other directories
branch out.
Primary Directories Under /
• bin/ → Contains essential binary executables for all users (e.g., ls, cat, cp).
• boot/ → Stores files needed for booting the system (e.g., bootloader files like GRUB).
• dev/ → Stores device files (e.g., /dev/sda for hard disks, /dev/null).
 • etc/ → System-wide configuration files (e.g., passwd, fstab, hosts).
• home/ → Home directories for individual users.
o alice/ → Home directory for user alice.
o bob/ → Home directory for user bob.
o eve/ → Home directory for user eve.
• root/ → Home directory for the root user (administrator).
• run/ → Stores temporary runtime data (e.g., process ID files).
• sbin/ → Contains system binaries for administrative tasks (e.g., fdisk, fsck).
• tmp/ → Temporary files storage (cleared on reboot).
• usr/ → Secondary hierarchy for user-related programs and libraries.
o bin/ → Contains non-essential binary executables (e.g., firefox, gcc).
o local/ → Stores locally installed software.
o sbin/ → non-essential system binaries (administrative commands).
o tmp/ → Temporary files specific to usr.
• var/ → Stores variable data like logs and caches.
o tmp/ → Temporary files related to var.

Directories NOT in the Image but Important in Linux

• lib/ → Shared system libraries required for programs in /bin/ and /sbin/.
• lib64/ → 64-bit libraries for the system.
• media/ → Mount point for removable media like USB drives and DVDs.
• mnt/ → Temporary mount point for manually mounted filesystems.
• opt/ → Third-party software applications.
• proc/ → Virtual filesystem containing process information.
• srv/ → Data for services like FTP, HTTP servers.
• sys/ → Virtual filesystem for kernel and system information.
Introduction to Linux Text-Editors :

Text editors are essential tools in the Linux ecosystem, used for writing code, editing
configuration files, and managing text-based documents. This guide introduces three
widely used editors : Nano, Vi, and Vim.

Nano - The Beginner-Friendly Editor : Nano is the simplest command-line text editor,
designed for ease of use. It is ideal for new users who need a basic text editor without
complex commands.
Opening Nano
To open Nano, use command : `nano filename`
If the file doesn’t exist, Nano will create it.

Basic Navigation
• Use arrow keys to move the cursor.
• CTRL + G: Show help menu.
• CTRL + X: Exit Nano.
• CTRL + O: Save the file.
• CTRL + K: Cut the current line.
• CTRL + U: Paste the cut line.
• CTRL + W: Search for a word in the file.

Saving and Exiting

• Press CTRL + O, then Enter to save.
• Press CTRL + X to exit.
Vi - The Powerful Classic editor : Vi is a more advanced text editor that offers powerful text
manipulation capabilities. It operates in different modes:
• Command Mode: Default mode for navigating and executing commands.
• Insert Mode: For entering text.
• Last Line Mode: For executing commands (e.g., saving, quitting).

Opening Vi
vi filename
Switching Between Modes
• Press i to enter Insert mode.
• Press ESC to return to Command mode.
Basic Commands in Command Mode
• :w → Save file
• :q → Quit Vi
• :wq → Save and quit
• :q! → Quit without saving
• dd → Delete a line
• yy → Copy a line
• p → Paste copied line
• u → Undo last change
Searching in Vi
• /word → Search forward for 'word'.
• ?word → Search backward for 'word'.

Vim - The Improved Vi : Vim (Vi IMproved) is an enhanced version of Vi with additional
features like syntax highlighting, undo history, and plugin support.
Opening Vim
vim filename
Basic Navigation
• h → Move left
• l → Move right
• j → Move down
• k → Move up
Editing Commands
• i → Insert mode (before cursor)
• a → Append mode (after cursor)
• o → Open a new line below
• x → Delete character under cursor
• dd → Delete a line
• yy → Copy a line
• p → Paste
Advanced Commands
• :set number → Show line numbers
• gg → Go to the beginning of the file
• G → Go to the end of the file
• /text → Search for 'text'
• n → Jump to the next match
• N → Jump to the previous match
Saving and Exiting
• :wq → Save and exit
• :q! → Exit without saving
 Section 05 : Windows Fundamentals 1,2 and 3

File Systems in Windows

A file system in Windows is a method used by the operating system to store, organize, and
retrieve data on storage devices such as hard drives, SSDs, and USB drives. It manages files
and directories, handling operations like reading, writing, and deleting data.

Evolution of Windows File Systems

Windows has evolved through different file systems, with each new one overcoming the
limitations of its predecessor:
1. FAT16 (File Allocation Table 16-bit) - MS-DOS, Windows 3.x
o Simple and compatible with older systems.
o Limitation : Maximum file size of 2GB and maximum partition size of 2GB.
2. FAT32 (Windows 95, Windows 98)
o Increased partition size up to 2TB and file size limit of 4GB.
o Limitation : Still has a 4GB file size limit, making it unsuitable for large files.
3. NTFS (New Technology File System) - Windows NT, 2000, XP, and later
o Supports large file sizes, security features, compression, and encryption.
o Limitation : More complex structure and slightly higher overhead.
4. exFAT (Extended File Allocation Table) - Windows Vista and later
o Designed for flash drives and external storage.
o Supports large file sizes like NTFS but without journaling.
o Limitation : Lacks advanced security features of NTFS.
5. ReFS (Resilient File System) - Windows Server 2012 and later
o Designed for data integrity, automatic corruption repair, and high scalability.
o Limitation : Not as widely supported as NTFS.
Common File Systems in Windows
The most common file systems in Windows are :
• FAT32 (For USB drives and older systems)
• NTFS (For internal hard drives and modern Windows installations)
• exFAT (For external drives and flash storage)
• ReFS (For high-reliability data storage in enterprise environments)

Comparison of Different File Systems in Windows

Feature FAT32 NTFS exFAT ReFS

Max File Size 4GB 16TB (practically) 16EB 35PB

Max Volume
2TB 256TB 128PB 1 YB
Size

Security Permissions & Advanced Data

None None
Features Encryption Integrity

Journaling No Yes No Yes

Compression No Yes No No

Enterprise
USB Drives, External Drives,
Best For Internal HDDs/SSDs Servers, Data
Older OS Flash Storage
Storage

Windows (full),
Windows, Windows,
OS Support Limited on macOS & Windows Server
Linux, macOS macOS, Linux
Linux
Pros and Limitations of Different File Systems

File
Pros Limitations
System

- High compatibility (works on almost

- 4GB file size limit.
FAT32 all OS and devices).
- No security or journaling features.
- Low disk overhead.
- Large file size and volume support.
- Slightly higher overhead.
- File encryption, compression, and
NTFS - Limited support on macOS (read-only) and Linux
permissions.
(requires additional setup).
- Journaling for data recovery.
- No 4GB file size limit.
- No built
- Optimized for flash storage.
exFAT - in security or journaling.
- Compatible with both Windows and
- Not ideal for system drives.
macOS.
- High resilience and data integrity. - Not fully supported on consumer Windows
ReFS - Automatic corruption repair. versions.
- Scalable for large data storage. - Higher resource usage.

On NTFS volumes, you can set permissions that grant or deny access to files and folders.
The permissions are:
• Full control
• Modify
• Read & Execute
• List folder contents
• Read
• Write

The below image lists the meaning of each permission on how it applies to a file and a
folder.
▪ The Windows folder (C:\Windows) is traditionally known as the folder which contains
the Windows operating system.
▪ User accounts can be one of two types on a typical local Windows system that
are Administrator & Standard User.
The user account type will determine what actions the user can perform on that
specific Windows system.
o An Administrator can make changes to the system: add users, delete users,
modify groups, modify settings on the system, etc.
o A Standard User can only make changes to folders/files attributed to the user &
can't perform system-level changes, such as install programs.
System Configuration (msconfig)

The System Configuration Tool helps manage system startup settings, services, and boot
options.
• General Tab:
o Normal Startup – Loads all drivers and services normally.
o Diagnostic Startup – Loads only basic drivers and services (similar to Safe
Mode).
o Selective Startup – Allows choosing specific services and startup items.
• Boot Tab:
o Safe Boot – Boot into Safe Mode.
o No GUI Boot – Hides Windows loading screen.
o Timeout – Set the time for boot selection (default is 30 seconds).
• Services Tab:
o Lists all background services.
o Can be used to disable non-essential services to improve performance.
o Select "Hide all Microsoft services" to avoid disabling critical Windows services.
• Startup Tab:
o Used to manage startup applications (now handled in Task Manager in newer
Windows versions).
• Tools Tab:
o Provides quick access to system utilities like Event Viewer, Command Prompt,
and Registry Editor.
User Account Control (UAC)
User Account Control helps prevent unauthorized changes by prompting for admin
approval.

• How to Modify UAC Settings:

1. Open Run (Win + R), type `UserAccountControlSettings.exe`, and press Enter.
2. Adjust the slider:
▪ Highest level: Always notify for any changes.
▪ Default level: Notify only when apps try to make changes.
▪ Lowest level: No notifications (not recommended).

Computer Management (compmgmt.msc)

This tool provides an overview of the system and allows advanced management.
• Task Scheduler:
o Automates tasks (e.g., running a script or application at a scheduled time).
o Example: Set up a daily backup script.
• Shared Folders:
o View active network shares (\\ComputerName\ShareName).
o Hidden Shares: End with a $ symbol (e.g., C$, ADMIN$).
• Local Users and Groups:
o Users: List of user accounts.
o Groups: Used for permission management (Administrators, Users, etc.).
System Information (msinfo32.exe)
• Provides details about hardware, software, and drivers.
• Categories:
o System Summary – Basic system specs.
o Hardware Resources – CPU, RAM, IRQs.
o Components – Display, network, storage.
o Software Environment – Running tasks, drivers, services.

Resource Monitor (resmon.exe)

Gives a real-time view of system performance.

Resource Details

CPU Shows running processes and CPU load.

Memory Displays memory usage per process.

Disk Identifies which programs are accessing the disk.

Network Monitors network activity per process.

Command Line (cmd.exe)

Essential Windows commands:

Command Description

ipconfig /all Shows detailed network information.

tasklist Lists all running processes.

netstat -ano Shows active network connections.

systeminfo Displays OS and hardware info.

Windows Registry (regedit.exe)
• A hierarchical database storing OS and software settings.
• Keys to Know:
o HKEY_LOCAL_MACHINE (HKLM): System-wide settings.
o HKEY_CURRENT_USER (HKCU): User-specific settings.
• Example Usage:
o Modify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to manage
startup applications.

Types of Windows Updates :

▪ Feature Updates – Major Windows version updates (e.g., Windows 10 to 11).
▪ Quality Updates – Security fixes, bug fixes, and performance improvements.
▪ Driver Updates – Updates for system drivers.

Windows Defender Firewall

A built-in firewall that controls incoming and outgoing connections.
• How to Configure:
o Control Panel > Windows Defender Firewall > Allow an app through Firewall.
o Set rules for specific applications.
• Commands for Firewall Management:
o Block an app : netsh advfirewall firewall add rule name="BlockApp" dir=out
program="C:\App.exe" action=block
o Allow an app : netsh advfirewall firewall add rule name="AllowApp" dir=in
program="C:\App.exe" action=allow
BitLocker Drive Encryption
• Encrypts entire drives to protect against unauthorized access.
• Requires TPM (Trusted Platform Module) or USB startup key for systems without
TPM.
Feature Details

Encryption Method AES-128 or AES-256

Requirements Windows Pro or Enterprise

Unlock Methods PIN, Password, USB Key, TPM

How to Enable BitLocker :

1. Open Control Panel > BitLocker Drive Encryption.
2. Select the drive and click Turn on BitLocker.
3. Choose an unlock method (password, USB, or TPM).
4. Save the recovery key securely.
5. Click Start Encrypting.

Volume Shadow Copy Service (VSS)

• Used for creating automatic backups (restore points).
• Works with System Restore and backup utilities.
• Check Restore Points : `rstrui.exe`

Windows Defender Offline Scan

• Runs an advanced malware scan before Windows boots.
• To start:
o Settings > Windows Security > Virus & Threat Protection > Advanced Scan >
Windows Defender Offline Scan.

THE END..