Networking Concepts
Essential networking knowledge for cybersecurity professionals. Understand protocols, the OSI model, and network security fundamentals.
The OSI (Open Systems Interconnection) model is a conceptual framework that describes how data moves through a network in seven distinct layers.
User interface and application services
Protocols: HTTP, FTP, SMTP, DNS
Data formatting and encryption
Protocols: SSL/TLS, JPEG, ASCII
Session management and control
Protocols: NetBIOS, RPC
End-to-end communication and reliability
Protocols: TCP, UDP
Routing and logical addressing
Protocols: IP, ICMP, ARP
Physical addressing and framing
Protocols: Ethernet, PPP, MAC
Physical transmission of data
Protocols: Cables, Hubs, NICs
Network protocols define rules for communication between devices. Understanding these is crucial for security analysis.
| Protocol | Port | Description | Security |
|---|---|---|---|
| TCP | Various | Connection-oriented, reliable data transfer | Can be secured with TLS |
| UDP | Various | Connectionless, fast but unreliable | Can use DTLS for security |
| HTTP | 80 | Web page transfer protocol | Use HTTPS (443) for security |
| HTTPS | 443 | Secure web communication | TLS encryption enabled |
| SSH | 22 | Secure shell remote access | Encrypted by default |
| FTP | 21 | File transfer protocol | Use SFTP or FTPS instead |
| DNS | 53 | Domain name resolution | Use DNSSEC for integrity |
| SMTP | 25 | Email sending protocol | Use STARTTLS or port 587 |
Firewalls are essential network security devices that monitor and control incoming and outgoing network traffic based on predetermined security rules.
Packet Filtering
Examines packet headers and filters based on rules
Stateful Inspection
Tracks connection state and context
Application Layer
Deep packet inspection at Layer 7
Next-Gen (NGFW)
Combines traditional firewall with IPS, DPI
Virtual Private Networks create secure, encrypted tunnels over public networks to protect data in transit.
IPSec
Industry standard for site-to-site VPNs, operates at network layer
Best for: Enterprise networks, site-to-site connections
OpenVPN
Open-source VPN using SSL/TLS, highly configurable
Best for: Remote access, cross-platform compatibility
WireGuard
Modern, fast, and lean VPN protocol
Best for: High-performance needs, mobile devices
SSL/TLS VPN
Browser-based VPN access using HTTPS
Best for: Clientless remote access, web applications
DNS (Domain Name System) translates domain names to IP addresses. Securing DNS is critical to prevent various attacks.
Common DNS Attacks
- -DNS Spoofing: Corrupting DNS cache to redirect traffic
- -DNS Tunneling: Using DNS to exfiltrate data or bypass firewalls
- -DNS Amplification: DDoS attack using DNS servers as amplifiers
DNS Security Solutions
- +DNSSEC: Cryptographic authentication of DNS responses
- +DoH/DoT: DNS over HTTPS/TLS for encrypted queries
- +DNS Filtering: Block malicious domains at the DNS level