Cybersecurity Foundations PDF

Summary

This document presents a cybersecurity foundation course, covering topics including cybersecurity awareness, network discovery, systems hardening, security architecture, and the different types of threats and risks. It also touches on security controls, risk management, and cybersecurity jobs.

Full Transcript

Vulnerability Analyst & Penetration Tester Track Cybersecurity Foundations Presented by Marina Hany Assaad Mod 1: Cybersecurity Mod 2: Network Mod 3: Systems Mod 4: Security...

Vulnerability Analyst & Penetration Tester Track Cybersecurity Foundations Presented by Marina Hany Assaad Mod 1: Cybersecurity Mod 2: Network Mod 3: Systems Mod 4: Security Mod 5: Data Security Awareness Discovery Hardening Architecture Mod 16: Trends in Mod 6: Public Key Cybersecurity Infrastructure Mod 15: Legal Introduction Mod 7: Identity Considerations To Cyber Security Management Mod 14: Incident Mod 8: Network Response Hardening Mod 13: Physical Mod 12: Environment Mod 11: Software Mod 10: Social Mod 9: Malware Security Monitoring Security Engineering Presented by Marina Hany Assaad Agenda : Mod 1: Cyber security Awareness Mod 2: Network Discovery 1. What is security? 1. Computer Network 2. What is cyber security ? 2. OSI Model 3. Security goals 3. TCP/IP 4. Security baselining 4. Encapsulation /De Encapsulation 5. Risk Assessment 5. Application Layer 6. Threats 6. Application Layer Protocol 7. Security concerns: humans 7. Transport Layer 8. Security controls 8. Transport Layer Protocol 9. What is hacking? 9. Network Layer 10. Risk management 10. Network Layer Protocol 11. Security Goals In Different Environments 11. Data Link Layer 12. Network Security Organizations 12. Physical Layer 13. Working fields Presented by Marina Hany Assaad Module 1 Presented by Marina Hany Assaad 1.1 What is security? Countermeasures Business continuity Disaster recovery Confidentiality Least privilege Compliance Physical security Need to know Authorization Encryption Integrity Hash Non-repudiation Risk management Security baseline Demilitarized zone Availability Firewall Accounting Authentication Discovery Footprinting Biometrics System hardening Presented by Marina Hany Assaad What is Security? “The state of being secure, to be free from danger” Security is Layers Physical Security: Protect the Physical items, object or areas from unauthorized access. Such as : Servers – Routers Personal Security: Protection to personal who authorized to access organization and its operation. Such as : System Admins , Security engineers Network Security: protection of networking components, connection and content Communications Security: Protection of communication media, networking components and content. Such as : Data Transmission Information Security: Protection of information and its Critical elements. Presented by Marina Hany Assaad Information Security? Means a protection of information and its critical elements, including systems and hardware that use, store, and transmit that information. What is the differences between : ❑ Data ❑ Information ❑ Knowledge Presented by Marina Hany Assaad 1.2 WHAT IS CYBER SECURITY? are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks. refers to the technologies and processes designed to protect computers, networks and data from unauthorized access, vulnerabilities and attacks delivered via the Internet by cyber criminals. Cyber Security is important for network, data and application security. Presented by Marina Hany Assaad CYBER SECURITY Cyber Operating System Network Application Data Security Protect against attacks or danger. Presented by Marina Hany Assaad 1.3 SECURITY GOALS (OBJECTIVES) The Security, Functionality, and Usability The level of security in any system can be defined by the strength of three components: Functionality: The set of features provided by the system. Usability: The GUI components used to design the system for ease of use. Security: Restrictions imposed on accessing the components of the system. Presented by Marina Hany Assaad SECURITY GOALS (OBJECTIVES) Elements of Information Security CIA TRIAD Information security Availability Presented by Marina Hany Assaad CIA VS DAD TRIADS CIA Triad  Confidentiality: This principle ensures that only authorized users can access information. Encryption, access controls, and user authentication are some methods to achieve confidentiality.  Integrity: This principle ensures that data and systems remain unaltered and trustworthy. Hashing, digital signatures, and logging activities help maintain data integrity.  Availability: This principle ensures that authorized users can access information and systems whenever needed. Redundancy, backups, and disaster recovery plans are crucial for ensuring availability. DAD Triad  Disclosure: This represents the unauthorized access to confidential information. Data breaches, phishing attacks, and social engineering can all lead to disclosure.  Alteration: This refers to the unauthorized modification of data or systems. Malware, hacking attempts, and human error can cause data alteration.  Destruction: This represents the complete loss or inaccessibility of data or systems. Denial-of-service attacks, hardware failures, and natural disasters can lead to destruction. In essence, the CIA Triad outlines the desired state of information security, while the DAD Triad represents the threats that can compromise that security. Presented by Marina Hany Assaad LAB Use the hashing tools to validate your hash No. https://www.cmd5.com/default.aspx https://www.tools4noobs.com/online_tools/hash/ Presented by Marina Hany Assaad Closed Versus Open Networks Network administration seek to find balance between access and security Presented by Marina Hany Assaad 1.4 Security baselining A "Security Baseline" defines a set of basic security objectives which must be met by any given service or system. Understand your current environment. Fundamental question: Does IT security align with and support business objectives? Are the security controls correct and updated? Preventive controls: Implemented at the right exposure points Stop bad things as far away or as early as possible Detective controls: Alert human responders when a violation has occurred Corrective controls: Implemented and tested to work when you need them to Presented by Marina Hany Assaad 1.5 Risk Assessment assets vulnerability Threats Impact Risk = Vulnerability X Threats X Impact Presented by Marina Hany Assaad Risk Assessment Assets : Everything that has value for an organization to protect and preserve from any attack or any negative impact on its business continuity. This includes personals, hardware, software, physical devices, and documents. Vulnerability: is the degree of weakness that is inherent in every network or device that a hacker can exploit to affect existing assets. Threats : negative action that exploits the existence of a specific vulnerability, and this represents a threat to attempt to harm the assets it protects. Impact: Damage resulting from the convergence of threats and vulnerabilities , such that the threat exploited the existence of a vulnerability with bad intent and resulted in an impact. Presented by Marina Hany Assaad Focus Of Security Is Risk is a measure of the cost of realized vulnerability It's impossible to totally eliminate risk Risk is the probability of a threat crossing or touching a vulnerability Risk = Threat x Vulnerabilities The risk is high when The value of a vulnerable asset is high The probability of successful attack (Threat ) is high When determining this risk, it will help determine the priority for insurance and protection. When it is a high risk, I give priority in terms of saving time and resources in order to provide a means of protection for it in order to reduce the risk. Presented by Marina Hany Assaad 1.6 THREATS A person, thing, event or idea which poses danger to an asset in terms of that asset’s confidentiality, integrity, availability or legitimate use. Accidental (How to avoid ?) Natural disasters Revolutions Force majeure Intentional (How to avoid ?) Passive (No change ) Active (Change ) Presented by Marina Hany Assaad Types of threats Natural threats: storms, Chemical/biological/radiological: Cold/heat, earthquake, etc. Hospital, factory, spill Malicious human: Non-malicious human: Deleting, typo, Hacker/cracker, espionage, disgruntled former employee unplugging, lack of training, made a mistake Presented by Marina Hany Assaad Examples Of Risks Information Theft Breaking into a computer to obtain confidential information. Information can be used or sold for various purposes. Exams Data Loss and Manipulation Breaking onto a computer to destroy or alter data records.(Results) Identity Theft Personal Information is stolen for the purpose of taking over someone’s identity. Using this information anyone can obtain legal documents, apply for credits and make unauthorized online activities. Facebook Pages Disruption of Service Preventing legitimate users from accessing services to which they should be entitled (Home internet access). Presented by Marina Hany Assaad 1.7 Security concerns Discussion What is a bigger threat to your organization–internal personnel or external humans? How do you control each group differently? Presented by Marina Hany Assaad Internal Security Threats ❑ Internal threats also have the potential to cause greater damage than external threats, because internal users have direct access to the building and its infrastructure devices. Employees also have knowledge of the corporate network, its resources, and its confidential data, as well as different levels of user or administrative privileges. ❑ An internal user, such as an employee (ex employee ) or contract partner (trusted partners ),can accidently or intentionally: Mishandle confidential data Threaten the operations of internal servers or network infrastructure devices Facilitate outside attacks by connecting infected USB media into the corporate computer system Accidentally invite malware onto the network through malicious email or websites Presented by Marina Hany Assaad Security concerns: Internal humans Just because you can doesn’t mean that you should. Administrative controls protect your environment against internal personnel. They define penalties for violations. To internet Network Presented by Marina Hany Assaad External Security Threats External threats from amateurs or skilled attackers can exploit vulnerabilities in network or computing devices, or use social engineering to gain access. An external user, such as Amateurs Hackers Organized attackers ▪ Script Kiddies ▪ Black hats ▪ Cyber criminals ▪ Gray hats ▪ Hacktivists ▪ White hats ▪ State-sponsored Presented by Marina Hany Assaad Security concerns: External humans Network AAA VPN From internet Presented by Marina Hany Assaad Internal administrative controls Separation of duties Logging Split knowledge Audits Need to know Least privilege Access review Job rotation Termination process HR processes Background checks Presented by Marina Hany Assaad 1.8 Security controls Admin CIA Corrective Presented by Marina Hany Assaad Compensating security controls At your main data Primary data center Alternate data center center, you have a card reader system. When you have to go to an alternate site it, won’t have that same system. What do you do to still control who can enter the data Card reader center? ? Presented by Marina Hany Assaad 1.9 What is hacking? Hacking and cracking Penetration testing Attack vectors and targets can be: Physical Technical Social B a d GOOD Unauthorized access Tests for vulnerabilities Presented by Marina Hany Assaad What Is “Hacking“ ? Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to a system’s resources. any attempt to : ❑ destroy, expose, alter, disable, steal or breaking into the information ,leading to business loss. ❑ breaking the systems. ❑ gain unauthorized access to or make unauthorized use of an asset. Could be intentional or unintentional. Presented by Marina Hany Assaad CATEGORIES OF ATTACKS ❑ Passive Attack Difficult to detect, because the attacker isn’t actively sending traffic (malicious or otherwise) Example: An attacker capturing packets from the network and attempting to decrypt them ❑ Active Attack Easier to detect, because the attacker is actively sending traffic that can be detected. An attacker might launch an active attack in an attempt to access information or to modify data on a system Presented by Marina Hany Assaad Threats & Risks People use networks to exchange sensitive information with each other. People purchase products and do Internet. their banking over the internet. We rely on networks to be secure and to protect our identities and our private information. Network Security is a shared responsibility that each person must accept when they connect to the network. Risk = Vulnerability X Threats Presented by Marina Hany Assaad 1.10 Risk management How long of an outage can you tolerate? Business leader driven process How much time, data, Risk or transactions can you afford to lose? management Looking at risk to What infrastructure elements business, not IT are required to run the business? specifically Team effort Technical controls Physical controls Policy Presented by Marina Hany Assaad Quantitative vs. qualitative risk analysis Quantitative risk Qualitative risk analysis analysis Easier to communicate Faster/cheaper to do Strategy: start with a results qualitative risk analysis. Tangible: Intangible: Then for the items that Hardware Employee morale rank the highest, Facilities Organization reputation perform a quantitative Cabling Bid on a new contract People Your password risk analysis. Employee performance People Presented by Marina Hany Assaad Who Is Not Allowed To Be Vulnerable? ❑ Financial institutions and banks ❑ Electronic trading ❑ Internet service providers ❑ Pharmaceutical companies ❑ Government and defense agencies ❑ Multinational corporations ANYONE ON THE NETWORK Presented by Marina Hany Assaad 1.11 Security Goals In Different Environments Banking Electronic trading Pharmaceuticals All networks Presented by Marina Hany Assaad Security Goals In Different Environments Banking Protect against accidental modification of transactions Protect account numbers from disclosure Ensure customers privacy Electronic trading Assure source and integrity of transactions Protect corporate privacy Provide legally binding electronic signatures on transactions Presented by Marina Hany Assaad Security Goals In Different Environments Pharmaceuticals Protect corporate / individual privacy Confidentiality is most critical All Networks Prevent outside penetrations Presented by Marina Hany Assaad Challenges Of Securing Information There is NO simple solution to securing information Security 99.9 % Not found Why ? This can be seen through the different types of attacks that users face today. New technologies / applications New Vulnerabilities the difficulties in defending against these attacks Presented by Marina Hany Assaad 1.12 Network Security Organizations www.sans.org www.cert.org www.infosyssec.co owasp.org m www.isc2.org www.first.org Presented by Marina Hany Assaad Professional Organizations Cybersecurity specialists must collaborate with professional colleagues frequently. International technology organizations often sponsor workshops and conferences. These organizations often keep cybersecurity professionals inspired and motivated. Presented by Marina Hany Assaad 1.13 Working Fields In Egypt & Cyber Security Jobs Presented by Marina Hany Assaad Working Fields : ( Companies Types ) 1.Vendors Security Software : ▪ Antivirus ▪ SIEM - Security Information Event Management Security Hardware : ▪ Firewall ▪ IPS– Intrusion Prevention System ▪ WAF- Web Application Firewall Training IBM , Cisco ,palo alto ,Fortinet Presented by Marina Hany Assaad Cyber Security Jobs (Vendors) 1) Technical Implementer install the hardware and setups the software. 2) Technical Support a technical support for the customer after purchasing their product 3) Security Seller markets the product and offers the security solutions and benefits with which this product the customer. 4) Security Architect/Consultant responsible for finding solutions for the customer’s problem 5) Product manger who set the plan for producing the software and hardware ,how to market them and arranging product and customer requirements according to priority Presented by Marina Hany Assaad Working fields ( Companies Types ) Security solutions that are not available in one product from one vendor so you will need to integrate more than one software or hardware. 2.System Integrators It is the intermediary between the customer and the vendor. it receives the requests from the customer. Then selects the appropriate products from the vendor. Integrate them in one solution. Raya ,Zinad, Security meter ,Secure Misr, Fixed solutions , ITS ,Salic. Presented by Marina Hany Assaad Cyber Security Jobs (Integrators) 1) Security Architect/Tech sales Who sets the integration plan from more than vendor, Meets the need of the customer in one solution and ensures that they are fully functional. 2) Technical Implementer install the hardware and setups the software for the customer. 3) Technical Support : customer support Who is responsible for the solution after installation in case there is any problem in use or need for update 4) Security Seller who introduce the products and services that the integrator will provide 1) Technical Product manger who may not be a technical however his role is very important. He should understand the cybersecurity unless the service provided may not be provide appropriately therefore it will loss its value. Presented by Marina Hany Assaad Working Fields ( Companies Types ) Customer need some service from the service provider. 3.Security service provider : (IBM ,cisco ,SecurMisr , cyshiled) Service that provide : 1) Testing the company’s protection level →( security assurance team : penetration testing or secure code reviewing ) 2) Group of service aimed at making sure that there is a real system and evaluating it → GRC). 3) Monitoring the system to stop any attack or at least in case of any abnormal activity the source will be analyzed in order to reduce the loss → SOC team Presented by Marina Hany Assaad 1.Cyber Security Jobs ( Penetration Testing ) Pentesting, known as “penetration testing” ,: offensive security assessment, simulated attacks on an application (web, mobile, …etc) or network to check its security posture. His role is to file reports about the vulnerabilities to the customer. Team Responsibilities A highly skilled team. Testing the company’s protection level and discovering the vulnerabilities and the weaknesses. Looking for unauthorized gaining access to the system's features and data. Simulated cyberattack but have authorization to do that. Presented by Marina Hany Assaad 2.Cyber Security Jobs ( Grc ) GRC known as (Governance ,Risk management and Compliance ). Group of service aimed at making sure that there is a real system and evaluating it Governance : Is a set of policies rules or frameworks that a company uses to achieve its business goals (people process security control)) Risk management: is the process of identifying assessing and controlling financial legal strategic and security risks to and organization Compliance :is the act of following standers laws and regulations Security Auditor Reviews the corporation or the security system based on standards and the regulation from government or institutions like PCI Council. Information security consultant Responsible for more than one task to help the corporation to develop complete security strategy Security Risk Analyst Analyzes security systems and identifies any threat that threatens team and how to fix it Presented by Marina Hany Assaad 3. Cyber Security Jobs ( Soc ) ▪ Security Operations Center (SOC) : defince Centralized unit that deals with security issues on an organizational and technical level. Monitoring the system to stop any attack or at least in case of any abnormal activity the source will be analyzed in order to reduce the loss Soc analyst monitors all the systems in order to ensure that the security system is secure. Incident handler responsible for analyzing the follow up of the incident and making sure that every one plays his role during the incident. Threat hunter & intelligence Gathers the information about attacks that may be on the way Soc Manager Presented by Marina Hany Assaad Working Fields ( Companies Types ) Governance Regulatory Entities: (NTRA,EGCERT) Set the rules, policies, procedures and standard for the country’s cyber security system. identify and evaluating any risk associate with organizational activities and how the systems are protected from them Making sure that organization activity meets the laws and regulation. Security Administrator The person who mange all security devices in the institution Security planning Set the suitable plan for the protection and security system. Customers : Banks {Qnb ,Alex ,CIB..etc} , Telecom {Etisalat , We, orange..etc} Gov {Cert , Central Bank,..} Presented by Marina Hany Assaad Job Types Red Team (Pentest) Blue Team (SOC) Vulnerability Assessment. Secure Network Design. OS Hardening. Network Pentesting. Network Hardening. Web Pentesting. Monitoring. Intrusion Detection. Mobile Pentesting. Incident Response. Wireless Pentesting. Digital Forensics. Malware Analysis. Advanced Exploitation Threat Intelligence. Threat Hunting Presented by Marina Hany Assaad HOW TO GET STARTED Presented by Marina Hany Assaad SKILLS Operating System concepts. Networking concepts (routing and switching , …. ) Security technologies fundamentals :OS Tools (FW,IPS,AV….etc). System and Network Administrations.(MCSA & Linux) Explore firewall technology from different vendors → IBM, FORTINET ,Palo alto ,cisco Coding and SQL Basics. Development: automation ( python, bash scripting ). International and Egyptian Standards for cyber security. English : qualifies you to research on your own (read ,listen and learn ). Social presence : LinkedIn (market yourself ). Research & practicing : conferences and subscribe to professional YouTube channels Save your time and effort. Presented by Marina Hany Assaad How to Become a Cybersecurity Expert The following recommendations will help aspiring cybersecurity specialists to achieve their goals: Study: Learn the basics by completing courses in IT. Be a life-long learner. Cybersecurity is an ever-changing field, and cybersecurity specialists must keep up. Test your skills in CTF time – hack the box. Pursue Certifications: Industry and company sponsored certifications from organizations such as Microsoft and Cisco prove that one possesses the knowledge needed to seek employment as a cybersecurity specialist. Pursue Internships: Seeking out a security internship as a student can lead to opportunities down the road. Join Professional Organizations: Join computer security organizations, attend meetings and conferences, and join forums and blogs to gain knowledge from the experts. Presented by Marina Hany Assaad To be good Ethical Hacker , be good Security Engineer Presented by Marina Hany Assaad Module 2 Presented by Marina Hany Assaad 2.1 Computer Network : a collection of computers, and other devices, or peripherals connected together through connecting media to provide a certain service to the user such as: Share Resource : Hardware resources: Devices Sharing (printer – scanner). Storage media. Processors Software resources: Data sharing. File Sharing. Services : Shared Internet Access (Browsing and Email). Modern technology (VOIP, Video conference, clouding, IOT, BYOD). Presented by Marina Hany Assaad Network components Hardware End Devices: Computers – tablet –smart Phone - Embedded system in machines (IOT) Computer peripherals: printer scanner – storage media (hard disk) Network devices (inter media) (connecting device): Routers – Switches -hub – firewall - Access point. Transmission media: Wired -Wireless –Satellites. Software Protocols: Rules Governs how messages flow across network such as http –https-FTP-RDP Connection between server and client. Exchange emails / files / performance → large variety of networking protocols on the Internet, each one with its own purpose. Presented by Marina Hany Assaad 2.2 OSI model : open system interconnection Why we need Protocols ? 1 2 OSI model is about facilitation of 7 Application 7 Application communication between different entities. 6 Presentation 6 Presentation Control the messages and the 5 Session 5 Session messages quantity in the network. 4 Transport 4 Transport Give developers universal concepts so they can develop protocols 3 Network 3 Network The OSI reference model breaks 2 Data Link 2 Data Link this approach into layers. 1 Physical 1 Physical Presented by Marina Hany Assaad 2.3 TCP/IP TCP/IP model is about making network connectivity more available. Merging of some layers to be 4 instead of 7 Tcp / ip is now the default protocol for any operating system (Microsoft / Linux / other ) 1. Supports WAN / LAN 2. Open for development and not vendor oriented Application layer Application layer 3. Most widely used over internet 4. Provide reliability as well as bet effort delivery Transport layer Transport layer when needed Internet layers Network layer 5. Standard protocol over internet 6. Version 4 and 6 are running Data Link layer 7. Offers web browsing / file transfer /email Network access exchange layers Physical layer Presented by Marina Hany Assaad TCP/IP VS. OSI Model OSI Model TCP/IP original TCP/IP updated 7 Application 6 Presentation Application layer Application layer 5 Session 4 Transport Transport layer Transport layer 3 Network Internet layers Network layer 2 Data Link Data Link layer Network access layers 1 Physical Physical layer Presented by Marina Hany Assaad 2.4 Encapsulation / De-Encapsulation process Data D E E n - c Scr / des E Header DATA HTTP Application n a Layer c p a s Session addressing p Tcp Header DATA Segment Tcp Transport layer u s Scr port / Des port u l l a Logical addressing a Ip Tcp Header DATA Packet Ip Network layer t Scr ip / Des ip t i i Physical addressing o o Ethernet Ip Tcp Header DATA Frame Frame mac Data link layer Scr mac / Des mac n n frame tailer 0111011110111110111011 Data bits 0/1 physical layer Presented by Marina Hany Assaad 2.5 Application layer The application layer provides the interface 7 Application between the applications used to communicate, and the underlying network over 6 Presentation Application layer which messages are transmitted. 5 Session It also define process for user authentication End to end Presented by Marina Hany Assaad Presentation layer This layer’s main purpose is to define and 7 Application negotiate data formats 1. Data format 6 Presentation Application layer 2.encryption 5 Session 3.compression (gzib /zip / bzip2) Presented by Marina Hany Assaad Session layer This layer define how to start , control and end conversation 7 Application 1. Establishing 6 Presentation Application layer 2. Managing 3. Controlling 5 Session 4. Terminating Manage Terminate establish active Reconnecting control Presented by Marina Hany Assaad 2.6 Application layer protocol 1. Web & Email (http/smtp/pop3/Imap) 7 Application 2. IP addressing DNS/ DHCP 6 Presentation Application layer 3. File Sharing Services 5 Session (FTP/ TFTP) Presented by Marina Hany Assaad Application layer protocol :Web & Email PROTOCOL PORT NAME OF PROTOCOL HTTP 80 Hyper text transfer protocol : is a request/response protocol that specifies the message types used for that communication. Get / post / put HTTPS 443 Hyper text transfer protocol secure SMTP 25 Simple mail transfer protocol : used to send mail. POP3 110 Post office protocol version 3 : is used by an application to retrieve mail from a mail server. When mail is downloaded from the server to the client then the messages are deleted on the server. IMAP 143 Internet message access protocol : describes a method to retrieve email messages. and copies of the messages are downloaded to the client application. The original messages are kept on the server until manually deleted. Presented by Marina Hany Assaad Application layer protocol :IP addressing 1.DNS : domain name system : 53 The process of DNS resolution involves converting a hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1). Presented by Marina Hany Assaad Application layer protocol :IP addressing DNS uses a hierarchical system to create a database to provide name resolution. Examples of top-level domains:.com - a business or industry.org - a non-profit organization.au - Australia DNS Structure : members. google. com Host. Domain. Top Level Domain (TLD) www. sub. domain. Com Host. Sub Domain. Top Level Domain (TLD) domain www.google.com www.mail.google.com Presented by Marina Hany Assaad The nslookup Command Nslookup : name serverlookup Presented by Marina Hany Assaad Application layer protocol :IP addressing 2.DHCP : Dynamic Host Configuration Protocol : 546 (DHCP) for IPv4 service automates the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4 networking parameters. DHCP is considered dynamic addressing compared to static addressing. Static addressing is manually entering IP address information Many networks use both DHCP and static addressing. DHCP is used for general purpose hosts, such as end user devices. Static addressing is used for network devices, such as gateway routers, switches, servers, and printers. Presented by Marina Hany Assaad Application layer protocol : File Sharing Services FTP :File Transfer protocol:21 FTP was developed to allow for data transfers between a client and a server. An FTP client is an application which runs on a computer that is being used to push and pull data from an FTP server Presented by Marina Hany Assaad Application layer protocol : Web & Email IP addressing HTTP DNS : 80 : Hyper text transfer protocol 53 : Domain name system HTTPS DHCP 443 : Hyper text transfer protocol secure 546: Dynamic Host Configuration Protocol SMTP 25 : Simple mail transfer protocol File Sharing Services POP3 110 : Post office protocol version 3 FTP IMAP 21 :File Transfer protocol 143 : Internet message access protocol Presented by Marina Hany Assaad 2.7 Transport layer 1. Segmenting data and reassembling segments 2. Adds header information((scr port / des port )) 3. Tracking and manage multiple conversations Uses segmentation and multiplexing to enable different communication conversations to be interleaved on the same network Presented by Marina Hany Assaad 2.8 Transport layer Protocol TCP / UDP TCP : Transmission Control Protocol connection oriented UDP : User Datagram protocol connectionless oriented : a best-effort delivery protocol Presented by Marina Hany Assaad TCP protocol Provides access to the network layer for app Error checking Data Recovery features Connection oriented : Reliable Communication : flow control Three way hand check Presented by Marina Hany Assaad TCP protocol Three way hand check Four way hand check for establish the session For terminate the session Presented by Marina Hany Assaad UDP protocol Provides access to the network layer for app Data is reconstructed in the order that it is received ( No data recovery features ) Data loss due to duplication Connectionless oriented : best effort communication Limited error checking Presented by Marina Hany Assaad TCP/UDP Protocol TCP UDP Presented by Marina Hany Assaad Port number Source port (16 bit) Destination port (16 bit) TCP and UDP transport layer protocols use port numbers to manage multiple, simultaneous conversations. HTTP HTTPS FTP SMTP POP3 DHCP DNS TFTP SNMP 80 443 21 25 110 546 53 69 161 TCP UDP Port Group Number Range Well-known Ports 0 to 1,023 Registered Ports 1,024 to 49,151 Private and/or Dynamic Ports 49,152 to 65,535 Presented by Marina Hany Assaad The netstat Command Unexplained TCP connections can pose a major security threat. Netstat is an important tool to verify connections. C:\> netstat Active Connections Proto Local Address Foreign Address State TCP 192.168.1.124:3126 192.168.0.2:netbios-ssn ESTABLISHED TCP 192.168.1.124:3158 207.138.126.152:http ESTABLISHED TCP 192.168.1.124:3159 207.138.126.169:http ESTABLISHED TCP 192.168.1.124:3160 207.138.126.169:http ESTABLISHED TCP 192.168.1.124:3161 sc.msn.com:http ESTABLISHED TCP 192.168.1.124:3166 www.cisco.com:http ESTABLISHED Presented by Marina Hany Assaad 2.9 Network layer 1.Routing protocol Static Dynamic Ex : Rip , IGRP , OSPE , EIGRP , EGP 2.Routed protocol EX : IPX Appletalk Presented by Marina Hany Assaad 2.10 Network layer protocol : IP An IPv4 address is a 32-bit = 4 byte A subnet mask is used to determine the network and host portions. Network address : 192.168.10.0 Ip with subnet mask 192.168.10.25 255.255.255.0 Ip with prefix : 192.168.10.25/24 Class A (0.0.0.0/8 to 127.0.0.0/8) Class B (128.0.0.0 /16 – 191.255.0.0 /16) Class C (192.0.0.0 /24 – 223.255.255.0 /24) Class D (224.0.0.0 to 239.0.0.0) *Class E (240.0.0.0 – 255.0.0.0) Public IP Private IP Subnet mak Class A 1.0.0.0 126.255.255.255 10.0.0.0 10.255.255.255 255.255.255.0 Class B 128.0.0.0 191.255.255.255.255 172.16.0.0 172.31.255.255 255.255.0.0 Class c 192.0.0.0 223.255.255.255 192.168.0.0 192.168.255.255 255.0.0.0 Presented by Marina Hany Assaad Network layer protocol :ICMD Internet Control Message Protocol (ICMP) provides feedback about issues related to the processing of IP packets under certain conditions. The ICMP messages common to both ICMPv4 and ICMPv6 include: 1. Host reachability 2. Destination or Service Unreachable 3. Time exceeded TTL Presented by Marina Hany Assaad ICMP example: ping and traceroute From these simple commands, we get some interesting information. Ping : test network connectivity. tracert : to test the path between two hosts Traceroute provides round- trip time Presented by Marina Hany Assaad 2.11 Data link layer 1. The Data Link layer is responsible for communications between end-device network interface cards or end to end delivery. 2. It allows upper layer protocols to access the physical layer media and encapsulates Layer 3 packets (IPv4 and IPv6) into Layer 2 Frames. 3. The Data Link Layer consists of two sublayers. Logical Link Control (LLC) and Media Access Control (MAC). Ethernet frame packet DATA Frame Frame mac Data link layer tailer Media access control ( MAC ) Logical Link Control (LLC) Adding physical address to the frame Convert → frames Sender / reviser Reliaility → check frames for error by fcs Unique physical address Can not be changed Vendor oriented Presented by Marina Hany Assaad 2.12 Physical layer Before any network communications can occur, a physical connection to a local network must be established. This connection could be wired or wireless, depending on the setup of the network. Transports bits across the network media This is the last step in the encapsulation process. 0111011110111110111011 Data bits 0/1 physical layer Presented by Marina Hany Assaad THANK YOU Presented by Marina Hany Assaad

Use Quizgecko on...
Browser
Browser