Network Security
What You Will Learn
- How the OSI and DoD network models work
- What firewalls, IDS, and VPNs do
- How DHCP, DNS, and NAT work
- How to think about network security from an attacker and defender perspective
OSI Model
Also known as the Open Systems Interconnection model. It was developed to help categorize how computers communicate with one another.
| Layer | Name | Protocol Examples |
|---|---|---|
| 7 | Application | HTTP, FTP, SMTP, DNS |
| 6 | Presentation | TLS/SSL, compression |
| 5 | Session | NetBIOS, RPC |
| 4 | Transport | TCP, UDP |
| 3 | Network | IP, ICMP, OSPF |
| 2 | Data Link | Ethernet, MAC, ARP |
| 1 | Physical | Cables, Wi-Fi signals |
DoD Model
The Department of Defense (DoD) model is a simplified version of the OSI model with four layers:
- Process/Application layer — Applications and protocols
- Host-to-Host layer — TCP/UDP, end-to-end delivery
- Internet layer — IP addressing and routing
- Network Access layer — Physical transmission
Security Devices
Firewall
The purpose of a firewall is to manage the types of traffic that can enter and leave a protected network. It is the first line of defense in protecting internal networks from outside threats.
- Stateless Inspection: Examines every packet individually; does not maintain state between packets
- Stateful Inspection: Tracks active connections; only examines the state of a connection and stores information about active network connections
IDS (Intrusion Detection System)
An IDS identifies when a network breach or attack has occurred.
- Signature-Based: Detects known attack patterns
- Anomaly-Based: Detects deviations from normal behavior
- Policy-Based: Detects violations of security policy
Reference: Protocol-Based Intrusion Detection
VPN
A VPN (Virtual Private Network) facilitates an encrypted connection to a private network over the internet. A remote host will be seen as a private host.
Types:
- Site-to-site VPN: Connects two office networks
- Remote-access VPN: Individual user connects to corporate network
- SSL VPN: Uses web browser, operates at Layer 7
VPN Protocols:
| Protocol | Description |
|---|---|
| IPSec | Uses AH (authentication) or ESP (authenticate + encrypt). One-to-one only |
| GRE | Generic Routing Encapsulation. Supports one-to-many |
| PPTP | Point-to-Point Tunneling Protocol. Supports dial-up |
| TLS 1.2/1.3 | Considered safe. Uses asymmetric encryption |
| SSL 3.0 | Older, considered unsafe |
Optimization and Performance Devices
- Load Balancers: Distribute workload across multiple servers (example: nginx)
- Proxy Server: Requests resources on behalf of client machines. Can filter traffic and cache content (example: nginx, Squid)
DHCP
Dynamic Host Configuration Protocol assigns IP addresses to hosts on a network.
How DHCP works:
- A new computer sends a DHCP discovery packet to
255.255.255.255(broadcast) on UDP port 67 - The DHCP server replies to the MAC address of the requesting computer with an offer packet on UDP port 68
- The new computer sends a request packet back to the DHCP server
- The DHCP server replies with an acknowledgment containing IP address, subnet, gateway, and DNS info
- The computer updates its network settings
DNS
Matches human-readable names to IP addresses.
DNS server types:
| Type | Description |
|---|---|
| Root Server | Knows where all TLD servers are |
| TLD Server | Handles .com, .org, .net, etc. |
| Authoritative | Has the actual DNS records for a domain |
| Non-Authoritative | Caches responses (recursive resolver) |
NAT
Network Address Translation maps private IP addresses to public ones:
- Static NAT: One-to-one mapping of public to private IP
- Dynamic NAT: Maps from a pool of public addresses