CyberSecurity Day 01 to 100: DAY 04| Networking

Greetings, esteemed security enthusiasts! Today marks the beginning of our third day in this amazing series, offering you a great opportunity to upgrade your understanding of security. With careful planning, We have prepared a program that aims to equip you with a comprehensive understanding of the fundamental concepts and practical skills necessary in the field of cybersecurity. My name is Aniket Tyagi, and I am thrilled to be your partner for today’s session. Throughout this series, we will delve into various aspects of cybersecurity, and today’s focus will be on networking. Whether you’re a novice or have existing knowledge in the field, we are here to support you in expanding your expertise

Should you have any inquiries regarding this series, please don’t hesitate to ask. Our team is dedicated to providing you with all the information you require. Now, let’s embark on this exciting journey together and explore the captivating realm of cybersecurity!

let’s quickly recap the networking concepts we covered on Day 02. It’s always good to refresh our memory! Today, we’re going to talk about protocols and tackle some specific ones. So, what’s this networking thing all about? Well, it’s basically how devices talk to each other on the Internet. Just like people need a common language to communicate, devices need rules and protocols to understand each other’s data.

Think of protocols as a set of instructions or guidelines that devices follow to communicate with each other effectively. They establish a common language and structure for data transmission, ensuring smooth and reliable communication.

To explain this further, let’s consider a pretty easy example, Imagine you want to send a letter to your friend. There are specific rules and protocols/guidelines you need to follow to ensure the letter reaches its destination and your friend can understand its contents.

First, you write your message on a piece of paper (that is basically like data). Then, you put it in an envelope (packet) and write your friend’s address on it (that is the destination ip address). The envelope has a specific format that both you and your friend understand, including the sender’s address, recipient’s address, and postage details. Next, you take the envelope to the post office. Here, the postal service follows a set of protocols. They examine the envelope, verify the addresses, and ensure it meets the required standards. They may even add additional information, such as tracking numbers or delivery instructions, for efficient handling.
The letter is then sent through the postal network, which follows various protocols at each step. The protocols determine how the letter is routed, sorted, and delivered to your friend’s mailbox. Finally, your friend receives the letter, opens the envelope, and reads your message.

In this example, the process of sending a letter mirrors the principles of networking protocols. The sender and receiver agree on a common format (protocol) for packaging and transmitting the data (letter) across the network (postal system). Each intermediary in the network (post office) follows the protocols to ensure the letter reaches its intended destination accurately and efficiently. Similarly, in computer networks, there are various protocols like TCP/IP (Transmission Control Protocol/Internet Protocol), HTTP (Hypertext Transfer Protocol), and SMTP (Simple Mail Transfer Protocol). These protocols define how data is formatted, addressed, transmitted, and received across the Internet.

By attaching to these protocols, devices can communicate seamlessly, exchange information, and ensure the reliability and integrity of data transmission. and Hopefully, we don’t spend lots of time configuring these protocols on our system, because all these protocols information configured on your system by vendors

Protocols play a crucial role in networking by establishing a common set of rules and guidelines. They enable devices to understand and interpret each other’s data, ensuring seamless communication. By following these protocols, devices can exchange information effectively and perform specific tasks on the network. To make it easier to identify and communicate with different protocols, each one is assigned a name and a corresponding port number. The port number acts as an address that devices use to route data to the appropriate protocol and application. By using port numbers, devices can effectively communicate with the appropriate protocols and applications on a network, ensuring smooth data transmission and interaction. For Example, HTTP uses port number 80, so when your device wants to access a website, it sends a request to port 80 on the destination server. The server recognizes that the incoming data should be processed by the HTTP protocol, allowing the website’s content to be delivered to your device

So We retain a solid understanding of how protocols work and why devices follow them, let’s explore some of the important protocols used in networking. Recall Each protocol has a unique name and is assigned a port number, which devices use to identify and communicate with each other.

HTTP (Hypertext Transfer Protocol) or HTTPS (Hypertext Transfer Protocol Secure):

• Function: Used for transmitting web pages and data on the World Wide Web, while HTTPS added one thing encryption.
• Security: Not inherently secure, but can be used in conjunction with security protocols like HTTPS because it provides secure and encrypted communication between clients and servers.
• Port Number: Port Number: HTTP typically uses port number 80, while HTTPS uses port number 443.

FTP (File Transfer Protocol):

• Function: FTP facilitates the transfer of files between devices on a network. It is commonly used for uploading and downloading files to and from servers.
• Security: FTP transmits data in plain text, making it vulnerable to interception. However, secure versions like FTPS (FTP Secure) and SFTP (SSH File Transfer Protocol) provide encryption and enhanced security.
• Port Number: FTP typically uses port number 21.

SFTP (SSH File Transfer Protocol):

• Function: SFTP is an extension of SSH that provides secure file transfer and remote file management capabilities.
• Security: SFTP uses encryption and authentication mechanisms to ensure secure data transfer.
• Port Number: SFTP commonly uses port number 22.

SMTP (Simple Mail Transfer Protocol):

• Function: SMTP handles the sending and routing of emails between mail servers.
• Security: SMTP does not inherently include security features, but it can be used with additional measures such as SMTPS (SMTP Secure) or STARTTLS to enable encryption for secure email transmission.
• Port Number: SMTP primarily uses port number 25.

POP3 (Post Office Protocol version 3):

• Function: POP3 allows email clients to retrieve emails from a remote mail server.
• Security: POP3 does not offer inherent security features, but it can be combined with encryption protocols like SSL/TLS to establish a secure connection.
• Port Number: POP3 typically uses port number 110.

IMAP (Internet Message Access Protocol):

• Function: IMAP enables email clients to access and manage emails stored on a mail server. It provides advanced email management features compared to POP3.
• Security: IMAP can use encryption mechanisms such as SSL/TLS to establish a secure connection and protect email data in transit.
• Port Number: IMAP commonly uses port number 143.

DNS (Domain Name System):

• Function: DNS translates domain names (e.g., www.example.com) into IP addresses, enabling devices to locate websites and other network resources.
• Security: DNS itself does not include inherent security features, but DNSSEC (DNS Security Extensions) provides cryptographic security measures to prevent DNS spoofing and data tampering.
• Port Number: DNS primarily uses port number 53.

DHCP (Dynamic Host Configuration Protocol):

• Function: DHCP automates the assignment of IP addresses and network configuration parameters to devices on a network.
• Security: DHCP communication typically occurs within a trusted network. Security measures like DHCP snooping can be implemented to prevent unauthorized DHCP server attacks.
• Port Number: DHCP uses port number 67 for server-side communication and port number 68 for client-side communication.

SNMP (Simple Network Management Protocol):

• Function: SNMP allows network administrators to manage and monitor devices on a network, including routers, switches, and servers.
• Security: SNMPv3 introduced security features like authentication and encryption to protect against unauthorized access and data manipulation.
• Port Number: SNMP primarily uses port number 161.

SSH (Secure Shell):

• Function: SSH provides secure access to remote devices over an unsecured network, enabling secure remote login and command execution.
• Security: SSH encrypts data transmitted between devices, preventing unauthorized access and ensuring confidentiality.
• Port Number: SSH commonly uses port number 22.

VPN (Virtual Private Network):

• Function: VPN establishes a secure and encrypted connection over a public network, enabling users to access private networks remotely.
• Security: VPN protocols like IPsec and OpenVPN provide encryption and secure tunneling, protecting data confidentiality and integrity.
• Port Number: VPN protocols can use different port numbers, such as IPsec using port 500 and OpenVPN using port 1194.

ICMP (Internet Control Message Protocol):

• Function: ICMP facilitates the exchange of control and error messages between network devices, such as routers and hosts.
• Security: ICMP itself does not provide security mechanisms, but it plays a vital role in network diagnostics and troubleshooting.
• Port Number: ICMP messages do not use port numbers; instead, they are encapsulated within IP packets.

SNMP Trap (Simple Network Management Protocol Trap):

• Function: SNMP Trap allows network devices to send notifications (traps) to a central network management system, providing real-time alerts for events such as system failures or network issues.
• Security: SNMP Trap can be secured by implementing SNMPv3 security features, including authentication and encryption.
• Port Number: SNMP Trap typically uses port number 162.

LDAP (Lightweight Directory Access Protocol):

• Function: LDAP is a protocol used for accessing and maintaining directory services, such as user databases or organizational information.
• Security: LDAP can use SSL/TLS encryption for secure communication and can be configured with authentication mechanisms for secure access to directory services.
• Port Number: LDAP commonly uses port number 389 for non-secure communication, and port number 636 for secure communication using LDAPS (LDAP Secure).

These are common protocols used for various purposes. However, apart from these, there are other protocols used in networking as well. Now, let’s explain some important terms, and then we’ll delve into security perspectives like port security, port blocking, and packet filtering in more detail. Understanding their functions, security measures and port numbers will further enhance your knowledge of network protocols.

Port Security:

• Port security involves implementing measures to control access to physical network ports on switches. It helps prevent unauthorized devices from connecting to the network and ensures that only authorized devices can access specific ports.
• Port security mechanisms may include techniques like MAC address filtering, which allows only specific MAC addresses to connect to a port, or limiting the number of MAC addresses allowed on a port.
• This helps protect the network from unauthorized access and potential security threats.

Port Blocking:

• Port blocking refers to the practice of selectively closing or blocking certain network ports to restrict network traffic or prevent access to specific services.
• It is often done as a security measure to prevent unauthorized access or to mitigate potential threats or attacks targeting specific ports.
• Port blocking can be implemented at the network perimeter, such as in firewalls, or within individual devices to control incoming and outgoing traffic.

Packet Filtering:

• Packet filtering is a technique used to examine network traffic at the packet level and make decisions on whether to allow or block packets based on predetermined criteria.
• It involves analyzing the headers and content of individual packets and comparing them against predefined rules or policies.
• Packet filtering is commonly used in firewalls and routers to enforce security policies, such as allowing or blocking specific protocols, source/destination IP addresses, port numbers, or packet characteristics.
• By filtering packets, organizations can control network access, protect against threats, and manage network traffic effectively.

Now, this is the end of the networking section. From now on, any upcoming articles will not be specifically about networking. If you wish to continue learning about networking in-depth, I recommend visiting the CyberSecurity Day 01 To 100 Github Repository. There, you will find PDFs related to networking that can help you continue your journey. We will make every effort to ensure that this series becomes even better and more helpful. We will provide as many free resources with quality content as possible, so you can gain ultimate knowledge in cybersecurity. For now, let’s conclude here. See you in the next article with new and exciting topics!

Don’t forget to join a cyber security group too.

Cyber Crew👨‍💻

GitHub - AlbusSec/CyberSecurity-DAY-01-to-100: Join us on a 100-day journey to learn everything you…

Do you also want me to frequently provide you with resources? If yes, then wait no more and follow the Discord link below, where something new is shared every day, whether it’s related to web2, web3, system security, and more.

Join the InfoSec Alliance Discord Server!