Introduction to Network Security

Study Notes

Network defense and countermeasures are crucial for protecting networks from various threats.
The growth of the internet has led to more ways networks can be compromised and data stolen.
Legislators are working to combat identity theft and to reduce the effects of viruses and worms, for example MyDoom, MSBlaster.

Identifying common network dangers is a key objective.
Understanding basic networking principles is essential.
Mastering basic security terminology is important.
Determining the best approach to network security for an organization needs evaluation.
Evaluating the legal implications of network administration is necessary.
Utilizing available resources for network security is an essential skill.

Understanding basic network structure is crucial.
Data packets, IP addresses, Uniform Resource Locators (URLs), MAC addresses, protocols, and basic network utilities are all critical components.
The OSI model is essential in understanding network functions.

Data packets carry data and transmission information in binary format.
Packets range in size from 32 to 65,000 bytes.
Packets contain source and destination IP addresses, packet size, type (e.g., Ethernet), and header information.

IPv4 uses four three-digit numbers separated by periods (e.g., 107.22.98.129).
Network classes (A through E) determine IP ranges based on the first byte.
Certain IP ranges are designated as private for internal networks.
IPv6 uses a 128-bit address with hexadecimal numbering (e.g., 3FFE:B000:800:2:C).

URLs are text-based web addresses (e.g., www.chuckeasttom.com) that translate into Internet IP addresses.
Domain Name Service (DNS) servers perform this translation.

MAC addresses are unique hardware addresses for each Network Interface Card (NIC).
MAC addresses are six-byte hexadecimal numbers.
The Address Resolution Protocol (ARP) converts IP addresses to MAC addresses.

Protocols are types or standards of network communication.
Examples include FTP, SSH, Telnet, SMTP, WhoIS, DNS, HTTP, POP3, NNTP, NetBIOS, IRC, HTTPS, SMB, and ICMP.

The OSI model describes the layers of network communication.
The application layer interfaces with applications.
The presentation layer handles data representation differences between systems.
The session layer manages communication dialogues.
The transport layer controls end-to-end communication.
The network layer routes data within the network.
The data link layer describes logical organization of transmitted data.
The physical layer defines physical properties of network media and electrical signals.

Security threats can target the data itself, network connection points, and people.

Intrusion threats include cracking, social engineering, war-dialing, and war-driving.
Malware threats include viruses, worms, Trojan horses, spyware, and cookies.
Blocking threats include denial-of-service (DoS) and distributed denial-of-service (DDoS).

Administrators need to assess the realistic dangers, common attacks, and vulnerabilities, and the likelihood of an attack.

Key factors include the attractiveness of a system/asset, nature of the information on the system, and traffic to the system.

Factors are assigned numerical values from 1–10.
A numerical equation (A + I) – S = V allows calculating the vulnerability score.

Hacking terminology includes White Hat Hackers, Black Hat Hackers, Gray Hat Hackers, Script Kiddies, Crackers, and Phreakers.
Security terminology includes Firewall, Proxy Server, Intrusion-detection System, Access control, Non-repudiation, and Auditing.

Useful security resources for reference include websites such as www.yourwindow.to/information%2Dsecurity/ and www.ietf.org/rfc/rfc2828.txt.

Proactive versus reactive security approaches are key in network security.
Several approaches can be used including; perimeter, layered, and hybrid security.

Laws like Sarbanes-Oxley (SOX), Computer Security Act of 1987, and Health Insurance Portability and Accountability Act (HIPAA) influence network security practices.

Several security resources such as CERT, Microsoft Security TechCenter, F-Secure Corporation, and SANS Institute provide valuable support and information.