Discussion
yasernoory
Videosforthismodule.docxVideos for this module
The following video covers the basics of networking.
https://www.youtube.com/watch?v=CdoB-qKt2Fc
OSI Model (Open Systems Interconnection)
The OSI model defines 7 layers that break up how data flows from the user outward in logical breaks. Network components operate in the lower half of the OSI model. For example, switching operates in layer 2, and routers operate at layer 3.
· https://www.youtube.com/watch?v=HEEnLZV2wGI
TCP/IP - Transmission Control Protocol/Internet Protocol
This week, I highly suggest starting your reading here to understand how IP addresses and subnets work:
· https://www.techopedia.com/6/28587/internet/8-steps-to-understanding-ip-subnetting
These two articles (the 2nd one has 8 parts) will break down IP addressing and give you a core understanding of what your IP address means, as well as subnetting.
UDP - User datagram protocol
UDP differs from TCP in that it does not establish a handshake session. TCP connections maintain their state for the entire “conversation”. UDP sends a stream out, and assumes that network equipment will forward it to a target without verification. To place it into a real world example, TCP would be like having a phone conversation with someone, and UDP would be placing a letter in the mail, and trusting that the postal service delivers it. You won’t know it reached the target, but you trust that it does. UDP is commonly used for online video content or live streams.
· https://www.howtogeek.com/190014/htg-explains-what-is-the-difference-between-tcp-and-udp/
Ports
While your computer may only have one IP address, it has 16535 ports over which to communicate (16-bit integer). Consider ports like doorways into and out of your system. Certain applications only communicate over particular ports. For example, HTTP is almost always over port 80. HTTPS is over port 443. Here is a list of standard ports:
· http://www.webopedia.com/quick_ref/portnumbers.asp
It is important to recognize standard ports when doing network log analyzation. Knowing what should communicate over a port, and being able to quickly recognize that traffic can aid in identifying malicious traffic.
NAT (Network Address Translation)
We have already read about IP and TCP as well as subnetting above, but there is also the concept of network address translation. NAT’ing originated due to running out of IP addresses, but it actually is an important network concept, as it allows for a single public IP address to serve many back-end IP addresses.
· https://www.youtube.com/watch?v=QBqPzHEDzvo
Network Architecture
The primary method to ensure network integrity is proper network architecture. A network should be designed with the defense in depth approach, segmenting and securing each node, as well as each segment, up to the entire zone of control. In many cases certain nodes will need further special protections, such as database servers, or nodes that house critical PII. The best method of defense is to start with a deny all, and then only open ports and traffic that is absolutely necessary. For many home networks, they start with an Allow All ruleset, which is the least secure method. The firewall will be the principal device discussed as it is the main security device and the one most exposed to external traffic.
· https://www.youtube.com/watch?v=XEqnE_sDzSk
· https://www.youtube.com/watch?v=4E8IzPynbTw
· https://www.youtube.com/watch?v=MT_WXo7KGHc
· https://www.youtube.com/watch?v=3cRVNq9NfKg
· https://www.youtube.com/watch?v=1g3jZL0CBCI
· https://www.youtube.com/watch?v=2baGjql0ZCY
· https://www.youtube.com/watch?v=mmt4B60xSj0
