Session 1 Cyber security Awareness & Network (1).pdf

Full Transcript

Vulnerability Analyst & Penetration Tester Track
Cybersecurity Foundations

Presented by
Marina Hany Assaad
Mod 1: Cybersecurity Mod 2: Network Mod 3: Systems Mod 4: Security
Mod 5: Data Security
Awareness Discovery Hardening Architecture

Mod 16: Trends in Mod 6: Public Key
Cybersecurity Infrastructure

Mod 15: Legal Introduction Mod 7: Identity
Considerations To Cyber Security Management

Mod 14: Incident Mod 8: Network
Response Hardening

Mod 13: Physical Mod 12: Environment Mod 11: Software Mod 10: Social
Mod 9: Malware
Security Monitoring Security Engineering

Presented by
Marina Hany Assaad
 Agenda :
Mod 1: Cyber security Awareness Mod 2: Network Discovery
1. What is security? 1. Computer Network
2. What is cyber security ? 2. OSI Model
3. Security goals 3. TCP/IP
4. Security baselining 4. Encapsulation /De Encapsulation
5. Risk Assessment 5. Application Layer
6. Threats 6. Application Layer Protocol
7. Security concerns: humans 7. Transport Layer
8. Security controls 8. Transport Layer Protocol
9. What is hacking? 9. Network Layer
10. Risk management 10. Network Layer Protocol
11. Security Goals In Different Environments 11. Data Link Layer
12. Network Security Organizations 12. Physical Layer
13. Working fields Presented by
Marina Hany Assaad
Module 1

Presented by
Marina Hany Assaad
 1.1 What is security?
Countermeasures
Business continuity Disaster recovery
Confidentiality Least privilege
Compliance Physical security
Need to know
Authorization Encryption Integrity

Hash Non-repudiation Risk management

Security baseline Demilitarized zone
Availability Firewall
Accounting
Authentication Discovery Footprinting
Biometrics System hardening

Presented by
Marina Hany Assaad
 What is Security?
“The state of being secure, to be free from danger”

Security is Layers
Physical Security: Protect the Physical items, object or areas from unauthorized access.
Such as : Servers – Routers
Personal Security: Protection to personal who authorized to access organization and its
operation. Such as : System Admins , Security engineers
Network Security: protection of networking components, connection and content
Communications Security: Protection of communication media, networking
components and content. Such as : Data Transmission
Information Security: Protection of information and its Critical elements.

Presented by
Marina Hany Assaad
 Information Security?
Means a protection of information and its
critical elements, including systems and
hardware that use, store, and transmit that
information.

What is the differences between :

❑ Data

❑ Information

❑ Knowledge
Presented by
Marina Hany Assaad
 1.2 WHAT IS CYBER SECURITY?
are security standards which enable organizations to practice safe security
techniques to minimize the number of successful cyber security attacks.

refers to the technologies and processes
designed to protect computers, networks
and data from unauthorized access,
vulnerabilities and attacks delivered via the
Internet by cyber criminals.

Cyber Security is important for network, data and application security.

Presented by
Marina Hany Assaad
 CYBER SECURITY
Cyber

Operating System
Network
Application
Data
Security

Protect against attacks or danger.

Presented by
Marina Hany Assaad
 1.3 SECURITY GOALS (OBJECTIVES)
The Security, Functionality, and Usability
The level of security in any system can be defined by
the strength of three components:

Functionality: The set of features provided by the
system.

Usability: The GUI components used to design the
system for ease of use.

Security: Restrictions imposed on accessing the
components of the system.

Presented by
Marina Hany Assaad
 SECURITY GOALS (OBJECTIVES)
Elements of Information Security

CIA TRIAD

Information
security

Availability
Presented by
Marina Hany Assaad
 CIA VS DAD TRIADS
CIA Triad
 Confidentiality: This principle ensures that only authorized users can access
information. Encryption, access controls, and user authentication are some
methods to achieve confidentiality.
 Integrity: This principle ensures that data and systems remain unaltered and
trustworthy. Hashing, digital signatures, and logging activities help maintain data
integrity.
 Availability: This principle ensures that authorized users can access information
and systems whenever needed. Redundancy, backups, and disaster recovery plans
are crucial for ensuring availability.
DAD Triad
 Disclosure: This represents the unauthorized access to confidential information.
Data breaches, phishing attacks, and social engineering can all lead to disclosure.
 Alteration: This refers to the unauthorized modification of data or systems.
Malware, hacking attempts, and human error can cause data alteration.
 Destruction: This represents the complete loss or inaccessibility of data or
systems. Denial-of-service attacks, hardware failures, and natural disasters can
lead to destruction.
In essence, the CIA Triad outlines the desired state of information security, while the
DAD Triad represents the threats that can compromise that security.

Presented by
Marina Hany Assaad
 LAB
Use the hashing tools to validate your hash No.

https://www.cmd5.com/default.aspx
https://www.tools4noobs.com/online_tools/hash/

Presented by
Marina Hany Assaad
Closed Versus Open Networks

Network administration seek to find balance between
access and security

Presented by
Marina Hany Assaad
 1.4 Security baselining
A "Security Baseline" defines a set of basic security objectives which must be
met by any given service or system.
Understand your current environment.
Fundamental question:
Does IT security align with and support business objectives?
Are the security controls correct and updated?
Preventive controls:
Implemented at the right exposure points
Stop bad things as far away or as early as possible
Detective controls:
Alert human responders when a violation has occurred
Corrective controls:
Implemented and tested to work when you need them to
Presented by
Marina Hany Assaad
 1.5 Risk Assessment

assets vulnerability Threats Impact

Risk = Vulnerability X Threats X Impact

Presented by
Marina Hany Assaad
 Risk Assessment
Assets : Everything that has value for an organization to protect and preserve
from any attack or any negative impact on its business continuity.
This includes personals, hardware, software, physical devices, and documents.

Vulnerability: is the degree of weakness that is inherent in every network or device that a
hacker can exploit to affect existing assets.

Threats : negative action that exploits the existence of a specific vulnerability,
and this represents a threat to attempt to harm the assets it protects.

Impact: Damage resulting from the convergence of threats and vulnerabilities , such that
the threat exploited the existence of a vulnerability with bad intent and resulted in an
impact.

Presented by
Marina Hany Assaad
 Focus Of Security Is Risk
is a measure of the cost of realized vulnerability
It's impossible to totally eliminate risk
Risk is the probability of a threat crossing or touching a vulnerability
Risk = Threat x Vulnerabilities
The risk is high when
The value of a vulnerable asset is high
The probability of successful attack (Threat ) is high
When determining this risk, it will help determine the priority for insurance and
protection.
When it is a high risk, I give priority in terms of saving time and resources in order to
provide a means of protection for it in order to reduce the risk.

Presented by
Marina Hany Assaad
 1.6 THREATS
A person, thing, event or idea which poses danger to an asset in terms
of that asset’s confidentiality, integrity, availability or legitimate use.

Accidental (How to avoid ?)
Natural disasters
Revolutions
Force majeure
Intentional (How to avoid ?)
Passive (No change )
Active (Change )

Presented by
Marina Hany Assaad
Types of threats

Natural threats: storms, Chemical/biological/radiological:
Cold/heat, earthquake, etc. Hospital, factory, spill

Malicious human:
Non-malicious human: Deleting, typo,
Hacker/cracker, espionage,
disgruntled former employee unplugging, lack of training, made a
mistake

Presented by
Marina Hany Assaad
 Examples Of Risks
Information Theft
Breaking into a computer to obtain confidential information.
Information can be used or sold for various purposes. Exams
Data Loss and Manipulation
Breaking onto a computer to destroy or alter data records.(Results)
Identity Theft
Personal Information is stolen for the purpose of taking over someone’s identity.
Using this information anyone can obtain legal documents, apply for credits and make
unauthorized online activities. Facebook Pages
Disruption of Service
Preventing legitimate users from accessing services to which they should be entitled
(Home internet access).

Presented by
Marina Hany Assaad
 1.7 Security concerns
Discussion
What is a bigger threat to your organization–internal personnel or
external humans?
How do you control each group differently?

Presented by
Marina Hany Assaad
 Internal Security Threats
❑ Internal threats also have the potential to cause greater damage than external
threats, because internal users have direct access to the building and its
infrastructure devices.
Employees also have knowledge of the corporate network, its resources, and its
confidential data, as well as different levels of user or administrative privileges.
❑ An internal user, such as an employee (ex employee ) or contract partner (trusted
partners ),can accidently or intentionally:
Mishandle confidential data
Threaten the operations of internal servers or network infrastructure devices
Facilitate outside attacks by connecting infected USB media into the corporate
computer system
Accidentally invite malware onto the network through malicious email or websites

Presented by
Marina Hany Assaad
 Security concerns: Internal humans
Just because you can doesn’t mean that you should.

Administrative controls protect your environment against internal personnel.

They define penalties for violations. To
internet

Network

Presented by
Marina Hany Assaad
 External Security Threats
External threats from amateurs or skilled attackers can exploit
vulnerabilities in network or computing devices, or use social
engineering to gain access.

An external user, such as
Amateurs Hackers Organized attackers
▪ Script Kiddies ▪ Black hats ▪ Cyber criminals
▪ Gray hats ▪ Hacktivists
▪ White hats ▪ State-sponsored

Presented by
Marina Hany Assaad
Security concerns: External humans

Network AAA
VPN

From internet

Presented by
Marina Hany Assaad
Internal administrative controls
Separation of duties

Logging Split knowledge

Audits Need to know
Least
privilege
Access review Job rotation

Termination process HR processes
Background checks

Presented by
Marina Hany Assaad
1.8 Security controls

Admin

CIA

Corrective
Presented by
Marina Hany Assaad
 Compensating security controls
At your main data Primary data center Alternate data center
center, you have a
card reader system.
When you have to go
to an alternate site it,
won’t have that same
system. What do you
do to still control who
can enter the data Card
reader
center?
?
Presented by
Marina Hany Assaad
 1.9 What is hacking?
Hacking and cracking Penetration testing

Attack vectors and
targets can be:
Physical
Technical
Social B a d GOOD

Unauthorized access Tests for vulnerabilities

Presented by
Marina Hany Assaad
 What Is “Hacking“ ?
Hacking refers to exploiting system vulnerabilities and compromising
security controls to gain unauthorized or inappropriate access to a system’s
resources.

any attempt to :
❑ destroy, expose, alter, disable, steal or breaking into the information
,leading to business loss.
❑ breaking the systems.
❑ gain unauthorized access to or make unauthorized use of an asset.

Could be intentional or unintentional.
Presented by
Marina Hany Assaad
 CATEGORIES OF ATTACKS
❑ Passive Attack
Difficult to detect, because the attacker isn’t actively sending traffic
(malicious or otherwise)
Example: An attacker capturing packets from the network and attempting to
decrypt them

❑ Active Attack
Easier to detect, because the attacker is actively sending traffic that can be
detected.
An attacker might launch an active attack in an attempt to access
information or to modify data on a system
Presented by
Marina Hany Assaad
 Threats & Risks
People use networks to exchange sensitive information with each other.
People purchase products and do Internet. their banking over the internet.
We rely on networks to be secure and to protect our identities and our
private information.
Network Security is a shared responsibility that each person must accept when
they connect to the network.

Risk = Vulnerability X Threats

Presented by
Marina Hany Assaad
 1.10 Risk management
How long of an outage
can you tolerate?
Business leader
driven process How much time, data, Risk
or transactions can you afford to lose?
management
Looking at risk to What infrastructure elements
business, not IT are required to run the business?
specifically

Team effort Technical controls

Physical controls
Policy

Presented by
Marina Hany Assaad
Quantitative vs. qualitative risk analysis

Quantitative risk Qualitative risk
analysis analysis
Easier to communicate Faster/cheaper to do Strategy: start with a
results qualitative risk analysis.
Tangible: Intangible: Then for the items that
Hardware Employee morale rank the highest,
Facilities Organization reputation perform a quantitative
Cabling Bid on a new contract
People Your password
risk analysis.
Employee performance
People

Presented by
Marina Hany Assaad
Who Is Not Allowed To Be Vulnerable?
❑ Financial institutions and banks
❑ Electronic trading
❑ Internet service providers
❑ Pharmaceutical companies
❑ Government and defense agencies
❑ Multinational corporations

ANYONE ON THE NETWORK Presented by
Marina Hany Assaad
 1.11 Security Goals In Different
Environments

Banking Electronic trading

Pharmaceuticals All networks
Presented by
Marina Hany Assaad
 Security Goals In Different
Environments
Banking
Protect against accidental modification of transactions
Protect account numbers from disclosure
Ensure customers privacy

Electronic trading
Assure source and integrity of transactions
Protect corporate privacy
Provide legally binding electronic signatures on transactions

Presented by
Marina Hany Assaad
 Security Goals In Different Environments
Pharmaceuticals
Protect corporate / individual privacy
Confidentiality is most critical
All Networks
Prevent outside penetrations

Presented by
Marina Hany Assaad
 Challenges Of Securing Information
There is NO simple solution to securing information
Security 99.9 % Not found Why ?

This can be seen through the different types
of attacks that users face today.
New technologies / applications
New Vulnerabilities
the difficulties in defending against these
attacks

Presented by
Marina Hany Assaad
 1.12 Network Security Organizations

www.sans.org www.cert.org

www.infosyssec.co
owasp.org m

www.isc2.org
www.first.org

Presented by
Marina Hany Assaad
 Professional Organizations

Cybersecurity specialists must collaborate with
professional colleagues frequently.

International technology organizations often sponsor
workshops and conferences.

These organizations often keep cybersecurity
professionals inspired and motivated.

Presented by
Marina Hany Assaad
1.13 Working Fields In Egypt
& Cyber Security Jobs

Presented by
Marina Hany Assaad
 Working Fields : ( Companies Types )
1.Vendors
Security Software :
▪ Antivirus
▪ SIEM - Security Information Event Management
Security Hardware :
▪ Firewall
▪ IPS– Intrusion Prevention System
▪ WAF- Web Application Firewall
Training
IBM , Cisco ,palo alto ,Fortinet

Presented by
Marina Hany Assaad
 Cyber Security Jobs (Vendors)
1) Technical Implementer
install the hardware and setups the software.
2) Technical Support
a technical support for the customer after purchasing their product
3) Security Seller
markets the product and offers the security solutions and benefits with
which this product the customer.
4) Security Architect/Consultant
responsible for finding solutions for the customer’s problem
5) Product manger
who set the plan for producing the software and hardware ,how to market
them and arranging product and customer requirements according to
priority Presented by
Marina Hany Assaad
 Working fields ( Companies Types )
Security solutions that are not available in one product from one vendor
so you will need to integrate more than one software or hardware.

2.System Integrators
It is the intermediary between the customer and the vendor.
it receives the requests from the customer.
Then selects the appropriate products from the vendor.
Integrate them in one solution.

Raya ,Zinad, Security meter ,Secure Misr, Fixed solutions , ITS
,Salic.

Presented by
Marina Hany Assaad
 Cyber Security Jobs (Integrators)
1) Security Architect/Tech sales
Who sets the integration plan from more than vendor, Meets the need of the
customer in one solution and ensures that they are fully functional.
2) Technical Implementer
install the hardware and setups the software for the customer.
3) Technical Support : customer support
Who is responsible for the solution after installation in case there is any problem in
use or need for update
4) Security Seller
who introduce the products and services that the integrator will provide
1) Technical Product manger
who may not be a technical however his role is very important.
He should understand the cybersecurity unless the service provided may not be
provide appropriately therefore it will loss its value.
Presented by
Marina Hany Assaad
 Working Fields ( Companies Types )
Customer need some service from the service provider.

3.Security service provider :
(IBM ,cisco ,SecurMisr , cyshiled)
Service that provide :
1) Testing the company’s protection level →( security assurance team :
penetration testing or secure code reviewing )
2) Group of service aimed at making sure that there is a real system and
evaluating it → GRC).
3) Monitoring the system to stop any attack or at least in case of any
abnormal activity the source will be analyzed in order to reduce the
loss → SOC team
Presented by
Marina Hany Assaad
 1.Cyber Security Jobs ( Penetration Testing )
Pentesting, known as “penetration testing” ,: offensive
security assessment, simulated attacks on an application (web,
mobile, …etc) or network to check its security posture.
His role is to file reports about the vulnerabilities to the customer.

Team Responsibilities
A highly skilled team.
Testing the company’s protection level and discovering the
vulnerabilities and the weaknesses.
Looking for unauthorized gaining access to the system's features
and data.
Simulated cyberattack but have authorization to do that.
Presented by
Marina Hany Assaad
 2.Cyber Security Jobs ( Grc )
GRC known as (Governance ,Risk management and Compliance ).
Group of service aimed at making sure that there is a real system and evaluating it
Governance : Is a set of policies rules or frameworks that a company uses to achieve its
business goals (people process security control))
Risk management: is the process of identifying assessing and controlling financial legal
strategic and security risks to and organization
Compliance :is the act of following standers laws and regulations
Security Auditor
Reviews the corporation or the security system based on standards and the regulation
from government or institutions like PCI Council.
Information security consultant
Responsible for more than one task to help the corporation to develop complete
security strategy
Security Risk Analyst
Analyzes security systems and identifies any threat that threatens team and how to fix it
Presented by
Marina Hany Assaad
 3. Cyber Security Jobs ( Soc )
▪ Security Operations Center (SOC) : defince
Centralized unit that deals with security issues on an organizational and technical level.
Monitoring the system to stop any attack or at least in case of any abnormal activity
the source will be analyzed in order to reduce the loss
Soc analyst
monitors all the systems in order to ensure that the security system is secure.
Incident handler
responsible for analyzing the follow up of the incident and making sure that
every one plays his role during the incident.
Threat hunter & intelligence
Gathers the information about attacks that may be on the way
Soc Manager

Presented by
Marina Hany Assaad
 Working Fields ( Companies Types )
Governance Regulatory Entities: (NTRA,EGCERT)
Set the rules, policies, procedures and standard for the country’s cyber security system.
identify and evaluating any risk associate with organizational activities and how the
systems are protected from them
Making sure that organization activity meets the laws and regulation.

Security Administrator
The person who mange all security devices in the institution
Security planning
Set the suitable plan for the protection and security system.
Customers :
Banks {Qnb ,Alex ,CIB..etc} ,
Telecom {Etisalat , We, orange..etc}
Gov {Cert , Central Bank,..}
Presented by
Marina Hany Assaad
 Job Types
Red Team (Pentest) Blue Team (SOC)
Vulnerability Assessment. Secure Network Design.
OS Hardening.
Network Pentesting. Network Hardening.
Web Pentesting. Monitoring.
Intrusion Detection.
Mobile Pentesting. Incident Response.
Wireless Pentesting. Digital Forensics.
Malware Analysis.
Advanced Exploitation Threat Intelligence.
Threat Hunting
Presented by
Marina Hany Assaad
HOW TO GET STARTED

Presented by
Marina Hany Assaad
 SKILLS
Operating System concepts.
Networking concepts (routing and switching , …. )
Security technologies fundamentals :OS Tools (FW,IPS,AV….etc).
System and Network Administrations.(MCSA & Linux)
Explore firewall technology from different vendors
→ IBM, FORTINET ,Palo alto ,cisco
Coding and SQL Basics.
Development: automation ( python, bash scripting ).
International and Egyptian Standards for cyber security.
English : qualifies you to research on your own (read ,listen and learn ).
Social presence : LinkedIn (market yourself ).
Research & practicing : conferences and subscribe to professional YouTube
channels
Save your time and effort. Presented by
Marina Hany Assaad
 How to Become a Cybersecurity Expert
The following recommendations will help aspiring cybersecurity specialists to
achieve their goals:
Study: Learn the basics by completing courses in IT. Be a life-long learner.
Cybersecurity is an ever-changing field, and cybersecurity specialists must keep up.
Test your skills in CTF time – hack the box.
Pursue Certifications: Industry and company sponsored certifications from
organizations such as Microsoft and Cisco prove that one possesses the knowledge
needed to seek employment as a cybersecurity specialist.
Pursue Internships: Seeking out a security internship as a student can lead to
opportunities down the road.
Join Professional Organizations: Join computer security organizations, attend
meetings and conferences, and join forums and blogs to gain knowledge from the
experts. Presented by
Marina Hany Assaad
To be good Ethical Hacker , be good
Security Engineer

Presented by
Marina Hany Assaad
Module 2

Presented by
Marina Hany Assaad
 2.1 Computer Network :
a collection of computers, and other devices, or peripherals connected together through
connecting media to provide a certain service to the user such as: Share Resource :
Hardware resources:
Devices Sharing (printer – scanner).
Storage media.
Processors
Software resources:
Data sharing.
File Sharing.
Services :
Shared Internet Access (Browsing and Email).
Modern technology (VOIP, Video conference, clouding, IOT, BYOD). Presented by
Marina Hany Assaad
 Network components
Hardware
End Devices: Computers – tablet –smart Phone - Embedded system in machines (IOT)
Computer peripherals: printer scanner – storage media (hard disk)
Network devices (inter media) (connecting device): Routers – Switches -hub – firewall -
Access point.
Transmission media: Wired -Wireless –Satellites.
Software
Protocols:
Rules Governs how messages flow across network such as http –https-FTP-RDP
Connection between server and client.
Exchange emails / files / performance → large variety of networking protocols on the
Internet, each one with its own purpose. Presented by
Marina Hany Assaad
 2.2 OSI model :
open system interconnection
Why we need Protocols ? 1 2

OSI model is about facilitation of 7 Application 7 Application
communication between different
entities. 6 Presentation 6 Presentation

Control the messages and the 5 Session 5 Session
messages quantity in the network.
4 Transport 4 Transport
Give developers universal concepts
so they can develop protocols 3 Network 3 Network

The OSI reference model breaks 2 Data Link 2 Data Link
this approach into layers.
1 Physical 1 Physical

Presented by
Marina Hany Assaad
 2.3 TCP/IP
TCP/IP model is about making network connectivity more available.
Merging of some layers to be 4 instead of 7
Tcp / ip is now the default protocol for any operating system (Microsoft / Linux / other )

1. Supports WAN / LAN
2. Open for development and not vendor oriented Application layer Application layer
3. Most widely used over internet
4. Provide reliability as well as bet effort delivery Transport layer Transport layer
when needed
Internet layers Network layer
5. Standard protocol over internet
6. Version 4 and 6 are running
Data Link layer
7. Offers web browsing / file transfer /email Network access
exchange layers
Physical layer

Presented by
Marina Hany Assaad
TCP/IP VS. OSI Model
OSI Model TCP/IP original TCP/IP updated

7 Application

6 Presentation Application layer Application layer

5 Session

4 Transport Transport layer Transport layer

3 Network Internet layers Network layer

2 Data Link Data Link layer
Network access
layers
1 Physical Physical layer
Presented by
Marina Hany Assaad
 2.4 Encapsulation / De-Encapsulation process
Data
D E
E n
- c
Scr / des E
Header DATA HTTP Application
n a Layer
c p
a s
Session addressing p Tcp Header DATA Segment Tcp Transport layer
u
s
Scr port / Des port u l
l a
Logical addressing a Ip Tcp Header DATA Packet Ip Network layer
t
Scr ip / Des ip t
i i
Physical addressing o o Ethernet Ip Tcp Header DATA Frame Frame mac Data link layer
Scr mac / Des mac n n frame tailer

0111011110111110111011 Data bits 0/1 physical layer

Presented by
Marina Hany Assaad
 2.5 Application layer
The application layer provides the interface
7 Application
between the applications used to
communicate, and the underlying network over
6 Presentation Application layer
which messages are transmitted.
5 Session
It also define process for user authentication

End to end

Presented by
Marina Hany Assaad
 Presentation layer

This layer’s main purpose is to define and 7 Application
negotiate data formats
1. Data format 6 Presentation Application layer
2.encryption
5 Session
3.compression (gzib /zip / bzip2)

Presented by
Marina Hany Assaad
 Session layer
This layer define how to start , control and
end conversation 7 Application
1. Establishing
6 Presentation Application layer
2. Managing
3. Controlling 5 Session
4. Terminating

Manage Terminate
establish active Reconnecting
control

Presented by
Marina Hany Assaad
 2.6 Application layer protocol

1. Web & Email
(http/smtp/pop3/Imap)
7 Application

2. IP addressing
DNS/ DHCP 6 Presentation Application layer

3. File Sharing Services 5 Session
(FTP/ TFTP)

Presented by
Marina Hany Assaad
 Application layer protocol :Web & Email
PROTOCOL PORT NAME OF PROTOCOL
HTTP 80 Hyper text transfer protocol : is a request/response protocol that
specifies the message types used for that communication.
Get / post / put
HTTPS 443 Hyper text transfer protocol secure
SMTP 25 Simple mail transfer protocol : used to send mail.
POP3 110 Post office protocol version 3 : is used by an application to retrieve
mail from a mail server. When mail is downloaded from the server
to the client then the messages are deleted on the server.
IMAP 143 Internet message access protocol : describes a method to retrieve
email messages. and copies of the messages are downloaded to the
client application. The original messages are kept on the server
until manually deleted. Presented by
Marina Hany Assaad
 Application layer protocol :IP addressing
1.DNS : domain name system : 53
The process of DNS resolution involves converting a hostname (such as
www.example.com) into a computer-friendly IP address (such as
192.168.1.1).

Presented by
Marina Hany Assaad
 Application layer protocol :IP addressing
DNS uses a hierarchical system to create a database to provide name resolution.
Examples of top-level domains:.com - a business or industry.org - a non-profit organization.au - Australia

DNS Structure :
members. google. com

Host. Domain. Top Level Domain (TLD)
www. sub. domain. Com

Host. Sub Domain. Top Level Domain (TLD)
domain
www.google.com www.mail.google.com
Presented by
Marina Hany Assaad
 The nslookup Command
Nslookup : name serverlookup

Presented by
Marina Hany Assaad
 Application layer protocol :IP addressing
2.DHCP : Dynamic Host Configuration Protocol : 546
(DHCP) for IPv4 service automates the assignment of IPv4 addresses,
subnet masks, gateways, and other IPv4 networking parameters.

DHCP is considered dynamic addressing compared to static addressing.
Static addressing is manually entering IP address information

Many networks use both DHCP and static addressing. DHCP is used for
general purpose hosts, such as end user devices. Static addressing is used
for network devices, such as gateway routers, switches, servers, and
printers.

Presented by
Marina Hany Assaad
 Application layer protocol :
File Sharing Services
FTP :File Transfer protocol:21
FTP was developed to allow for data transfers
between a client and a server. An FTP client is an
application which runs on a computer that is being
used to push and pull data from an FTP server

Presented by
Marina Hany Assaad
 Application layer protocol :
Web & Email IP addressing
HTTP DNS :
80 : Hyper text transfer protocol 53 : Domain name system
HTTPS DHCP
443 : Hyper text transfer protocol secure 546: Dynamic Host Configuration Protocol
SMTP
25 : Simple mail transfer protocol File Sharing Services
POP3
110 : Post office protocol version 3 FTP
IMAP 21 :File Transfer protocol
143 : Internet message access protocol

Presented by
Marina Hany Assaad
2.7 Transport layer

1. Segmenting data and reassembling segments
2. Adds header information((scr port / des port ))
3. Tracking and manage multiple conversations
Uses segmentation and multiplexing to enable
different communication conversations to be
interleaved on the same network

Presented by
Marina Hany Assaad
 2.8 Transport layer Protocol

TCP / UDP

TCP : Transmission Control
Protocol
connection oriented

UDP : User Datagram protocol
connectionless oriented : a
best-effort delivery protocol

Presented by
Marina Hany Assaad
 TCP protocol
Provides access to the network layer for app
Error checking
Data Recovery features
Connection oriented :
Reliable Communication : flow control
Three way hand check

Presented by
Marina Hany Assaad
 TCP protocol
Three way hand check Four way hand check
for establish the session For terminate the session

Presented by
Marina Hany Assaad
 UDP protocol
Provides access to the network layer for app
Data is reconstructed in the order that it is
received ( No data recovery features )
Data loss due to duplication
Connectionless oriented : best effort
communication
Limited error checking
Presented by
Marina Hany Assaad
TCP/UDP Protocol
TCP UDP

Presented by
Marina Hany Assaad
 Port number Source port (16 bit) Destination port (16 bit)

TCP and UDP transport layer protocols use port numbers to manage multiple,
simultaneous conversations.
HTTP HTTPS FTP SMTP POP3 DHCP DNS TFTP SNMP
80 443 21 25 110 546 53 69 161

TCP UDP
Port Group Number Range
Well-known Ports 0 to 1,023
Registered Ports 1,024 to 49,151
Private and/or Dynamic Ports 49,152 to 65,535 Presented by
Marina Hany Assaad
 The netstat Command
Unexplained TCP connections can pose a major security threat. Netstat is an
important tool to verify connections.
C:\> netstat
Active Connections
Proto Local Address Foreign Address
State
TCP 192.168.1.124:3126 192.168.0.2:netbios-ssn ESTABLISHED
TCP 192.168.1.124:3158 207.138.126.152:http
ESTABLISHED
TCP 192.168.1.124:3159 207.138.126.169:http
ESTABLISHED
TCP 192.168.1.124:3160 207.138.126.169:http
ESTABLISHED
TCP 192.168.1.124:3161 sc.msn.com:http
ESTABLISHED
TCP 192.168.1.124:3166 www.cisco.com:http ESTABLISHED
Presented by
Marina Hany Assaad
2.9 Network layer
1.Routing protocol
Static
Dynamic
Ex : Rip , IGRP , OSPE , EIGRP , EGP

2.Routed protocol
EX : IPX Appletalk

Presented by
Marina Hany Assaad
 2.10 Network layer protocol : IP
An IPv4 address is a 32-bit = 4 byte
A subnet mask is used to determine the network and host portions.
Network address : 192.168.10.0
Ip with subnet mask 192.168.10.25 255.255.255.0
Ip with prefix : 192.168.10.25/24
Class A (0.0.0.0/8 to 127.0.0.0/8)
Class B (128.0.0.0 /16 – 191.255.0.0 /16)
Class C (192.0.0.0 /24 – 223.255.255.0 /24)
Class D (224.0.0.0 to 239.0.0.0) *Class E (240.0.0.0 – 255.0.0.0)

Public IP Private IP Subnet mak
Class A 1.0.0.0 126.255.255.255 10.0.0.0 10.255.255.255 255.255.255.0
Class B 128.0.0.0 191.255.255.255.255 172.16.0.0 172.31.255.255 255.255.0.0
Class c 192.0.0.0 223.255.255.255 192.168.0.0 192.168.255.255 255.0.0.0
Presented by
Marina Hany Assaad
 Network layer protocol :ICMD

Internet Control Message Protocol (ICMP) provides feedback about issues
related to the processing of IP packets under certain conditions.

The ICMP messages common to both ICMPv4 and ICMPv6 include:
1. Host reachability
2. Destination or Service Unreachable
3. Time exceeded TTL

Presented by
Marina Hany Assaad
 ICMP example: ping and traceroute
From these simple
commands, we get some
interesting information.
Ping : test network
connectivity.
tracert : to test the path
between two hosts
Traceroute provides round-
trip time

Presented by
Marina Hany Assaad
 2.11 Data link layer
1. The Data Link layer is responsible for communications between end-device network
interface cards or end to end delivery.
2. It allows upper layer protocols to access the physical layer media and encapsulates
Layer 3 packets (IPv4 and IPv6) into Layer 2 Frames.
3. The Data Link Layer consists of two sublayers. Logical Link Control (LLC) and Media
Access Control (MAC).
Ethernet frame packet DATA Frame Frame mac Data link layer
tailer

Media access control ( MAC ) Logical Link Control (LLC)
Adding physical address to the frame Convert → frames
Sender / reviser Reliaility → check frames for error by fcs
Unique physical address
Can not be changed
Vendor oriented Presented by
Marina Hany Assaad
 2.12 Physical layer
Before any network communications can occur, a physical
connection to a local network must be established.
This connection could be wired or wireless, depending on the
setup of the network.
Transports bits across the network media
This is the last step in the encapsulation process.

0111011110111110111011 Data bits 0/1 physical layer

Presented by
Marina Hany Assaad
THANK YOU
Presented by
Marina Hany Assaad