The basic concepts to learn networking and security are the following
- IP address
- Public and Private IP addresses
- NAT for IP address conservation
- Network Scanning
- Traffic Analysis
- ISD and IPS
An IP address is a unique address give to each device in a network to distinguish it from other devices within the network. It's analogous to a house address in a locality.
Lan is a local area network. It may or may not be connected to the internet.
A host is any device that is connected to a network.
|size||32 bit||128 bit|
|address||dotted decimal notation||Hexadecimal Notation|
IPv4 consists of 4 octets of bits separated by the '.' symbol. It couldn't keep up with the increasing number of devices connected to the internet so Ipv6 was introduced.
|A||1 - 126||N.H.H.H|
|B||128 - 191||N.N.H.H|
127 is reserved for loop back
An IP address is made up of network bits and host bits. The network part of an IP address represents the network whereas the host part represents the host/device on the network. Each network has some reserved IP addresses which are not assigned to any host.
NID stands for network Id. It represents the network in which the device resides. For example, a class C network would have NID 192.168.1.0, the last 0 doesn't represent any particular device but a whole network. This IP address in the network is reserved for this purpose.
BID stands for broadcast Identity. It is used to broadcast a message to every device within the network. For example, a class C network would have BID 192.168.1.255, it is also reserved for this purpose.
Subnetting is the concept of dividing the network into sub-networks. These sub-networks can't communicate with each other. It is done by creating a custom subnet mask. The subnet mask is also a 32-bit address with network bits set to 1 and host bits set to 0. For example, the default subnet mask(DSN) for Class C is 255.255.255.0(when there is no subnetting). It is done to minimize the cost and Ip wastage.
DSN stands for the default subnet mask. Each class has its DSN. The amount of subnetting varies from Class to Class, as Class A can relatively more subnets than Class B which in turn can have more subnets than class C.
Only the part of DSN with 0 can be used to create subnets.
Subnet masks are used to find the host within a network or internetwork. A router applies a bitwise AND operator on the subnet mask and the destination IP address of the packet then uses the result to decide the position of a destined host in the network(connected to that router). For example, suppose a packet destined for Class C IP address 192.168.1.184 reaches the gateway router then,
IP add: 11000000.10101000.00000001.10111000 = 192.168.1.184 DSN: 11111111.11111111.11111111.00000000 = 255.255.255.0 APPLYING BITWISE AND Result: 11000000.10101000.00000001.00000000 = 192.168.1.0
Now the packet will go to the above-calculated Network ID and will be similarly routed within that network with Custom Subnet Mask(CSN), to find the appropriate subnet and then the host.
Subnets are always created in the power of 2. Example 2 subnets, 4 subnets, and so on.
Example: To create 2 subnetworks within 1 network of Class C suppose 192.168.1.0.
To create a subnetwork in Class C,
NID and BID for this network would be 192.168.1.0 and 192.168.1.255 respectively. Since DSN for Class C is 255.255.255.0 there is only one 0 here. The binary representation of this 0 according to 8 bits is 00000000.
With 8 bits we can have a maximum of 256(0-255) hosts.
Step1: Finding the number of network bits represented by 'n'.
2n >= required no of subnetworks
For 2 subnetworks,
21 >= 2,
n is 1 here
Step2: Generating Custom Subnet Mask(CSN).
So we change the Most Significant Bit(MSB) of the above binary representation to 1. We get 10000000 with a decimal equivalent of 128.
This address is represented as 255.255.255.128, which is known as a Custom Subnet Mask(CSM).
Step3: Finding the effective number of hosts in each subnet.
2h - 2
where h is number of host bits 8-n.
27 - 2 = 126
Hence we have 126 hosts for each subnet.
Step4: Ip addressing
By changing the 1st bit(MSB) we divided the network into 2 sets of 128.
using A + B + 1
where A is starting address, B is no of hosts
for Subnet 1
A = 0, B= 126
0+126+1 = 127
for Subnet 2
A = 128, B = 126
128+126+1 = 255
For subnet 2 A = 128 because of CSN.
Subnet 1 [192.168.1.0 - 192.168.1.127 ] and Subnet 2 [192.168.1.128 - 192.168.1.255 ].
Like each network has reserved NID and BID, each subnet also has a NID and BID. According to the above example, for Subnet 1 we have NID and BID 192.168.1.0 and 192.168.1.127 respectively, and for Subnet 2 we have NID and BID 192.168.1.128 and 192.168.1.255 respectively.
The NID for a network is used when routing packets outside the network(among different networks). NID of a subnet is used when routing packets within the network(among different subnets).
|Public IP||Private IP|
|Outside LAN||Inside LAN|
|assigned by ISP||assigned by user/admin|
|Can be read but not modified||Can be read as well as modified|
|Class||Range||Corresponding private Ip range|
|A||0 - 127||10.0.0.0 - 10.255.255.255|
|B||128 - 191||172.16.0.0 - 172.31.255.255|
|C||192 - 223||192.168.0.0 - 192.168.10.255|
NAT stands for Network Address Translation. It is the process of converting public IP address into a private IP address and vice-versa. It is free from user interaction i.e. it's an automatic process. It is done by a router.
It is the process of assigning IP addresses to devices. There are 2 types of addressing, static and dynamic.
Ip addresses are assigned manually and they will remain unchanged.
Ip addresses are dynamically assigned to every device from a pre-defined range. A DHCP server must be present within the network which dynamically provides an IP address and other configuration parameters through the DORA process.
a device is referred to as client here and the router is a DHCP server
DHCP stands for Dynamic Host Configuration Protocol. It should be manually enabled.
It is the range of IP addresses from a given IP address to a particular length of devices that can be connected.
It is the time during which an IP address is provided by the router. It can be preset for all devices, after the lease time ends the client will be automatically disconnected.
DHCP client table
It is a table in which a DHCP server stores data about devices in the network(connected to the server).
It is the process of reserving an IP address in the IP table, as a result, it won't be disconnected even after the lease time ends.
This process occurs during the initialization and end of data communication.
Discover: Using BID Client discovers any server in the network.
Offer: A server if present in the network will receive a 'discover' request from the client and in return will offer its IP address and mac address to the client, through BID.
Request: Now the client will request an IP address from the DHCP server.
Acknowledgment: Now the server will send an acknowledgment of the assigned IP address to the client through BID.
It is a smart device that is employed to find the best route for a packet from the source(itself) to the destination(another router or some other device), this process is known as routing. A router at the root of a network is called a gateway.
- Router ports
- Router rules
- Router modes
- Router basic Configuration
Router ports are classified based on functionality.
Interface Port, To connect it to other devices.
- Ethernet interface: Old and slow port, not used now.
- Fast Ethernet interface: New and fast.
- GigabitEthernet interface: Very Fast
- Serial interface: Used to connect a router to another router.
Line Port: To configure the router.
- Console: Used to configure the router directly connected to a computer.
- Auxiliary: Remote configuration of the router from a distant computer.
- All the interfaces of a router should be in a different network or should have different NID.
- A serial interface connecting two routers should be in the same network or should have the same NID.
Connecting 3 router networks to form an internetwork
- User mode
- Privilege mode
- Global Configuration Mode
Router>enable Router#configure terminal Router(config)#interface gigabitEthernet0/0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown
Router>(user mode) Router#(privilege mode) Router(config)#(global configuration mode)
A router has a memory IP table where it stores Ip addresses of known as well unknown networks.
|Static Routing||Dynamic Routing|
|Manually configuring the router, where the packets should be sent||Using some dynamic routing protocol to decide the flow of traffic.|
|Filling unknown NID in the IP table.||Filling known NID in the IP table.|
|Employed in small networks||Employed in large networks|
A HOP occurs when a packet is passed from 1 network node to the next node.
It's employed with known networks, to identify the best path in different ways(depending on the type).
Distance Vector Protocol(Routing Information Protocol in CPT): It is based on HOP counts, minimum HOPs are optimal.
Link State Protocol(Open Shortest Path First): It is based on maximizing the bandwidth on a path.
The magenta path is best according to RIP, Orange is best according to OSPF.
- Advance Distance Vector Protocol(Enhanced Interior Gateway Protocol): It is based on bandwidth + delay(min)+travel time(min). An Autonomous number between [0, 65535] is a number given to all the routers in a network.
To connect areas with different autonomous numbers Border Gateway Protocol(BGP) is used. All routers(an area) having the same autonomous number can be configured at once however, the process ID of each router is different.
Router>enable Router#configure terminal Router(config)#router EIGRP 100 Router(config)#network 192.168.1.0 Router(config)#network 192.168.2.0 Router(config)#exit
only those networks that are directly connected (adjacent networks aka known networks) are used. After implementing EIGRP 2 routers can communicate with each other.
A switch is a device that is used to interconnect other devices like a PC, router, another switch, etc. It is quite analogous to the extension box. A switch can be used to form a LAN.
- Switch Ports
- Switch Rules
- Switch Modes
- Switch Configuration
- Access Port: Used to connect switch with PC.
- Trunk Port: Used to connect the switch to a router or another switch.
- Switch - router: It's recommended to connect to 1st port(0/1 probably).
- Switch - switch: It's recommended last port of a switch should be connected to 1st port of the next switch.
- User mode
- Privilege mode
- Global Configuration mode ### Switch Configuration
Switch>enable Switch#configure terminal Switch(config)#interface fastethernet0/2 Switch(config-if)#switchport mode access Switch(config-if)#exit
VLAN stands for virtual local area network. VLAN in a way is a better alternative to subnetting.
- Time Consuming
- It's done at the user device, by giving a custom subnet mask.
- Increase in the workload of the network administrator.
Unlike subnetting VLAN configuration is done at the switch to which other devices are connected.
- Easy and Less time consuming
- No need to configure the user device
- Create a VLAN number [0-65535]
- Create VLAN Name
- Choose and configure(ACCESS/TRUNK) an interface of the switch.
- Link VLAN with the interface. ### Implementation
Switch>enable Switch#vlan database Switch#vlan 10 name VLAN1 Switch(config)#interface FastEthernet0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10 Switch(config-if)#exit
ACL stands for access control list. It is employed to control incoming and outgoing traffic(permit/deny) by configuring the router. It uses an entity called a Wild-Card mask.
The wild-card mask works similarly to the subnet mask, by ANDing the IP requested by the host to WCM. It can be used to block a whole network or a particular device on any network. It looks like 0.0.0.255 for a network and 0.0.0.0 for a device. For example, a host tries to access the unauthorized network 192.168.4.0 then after configuring ACL wildcard mask 0.0.0.255 is bitwise ANDed on the requested NID resulting in 0.0.0.0 hence denying access.
|Old, not used now||New, In use|
|For small networks||For large networks|
|Number range: 0-99||number range: 100-199|
|Configured closed to destination||Configured close to the source|
|Permit/Deny based on source IP||permit/Deny based on source IP, Destination IP, Port no, protocol.|
denying connection through TCP, IMCP will still work(ping command)
Router(config)#access-list <ACL Number> permit/deny <protocol> <source IP> <source WCM> <destination IP> <destination WCM> <operator> <port no>
Router(config)#access-list 110 deny TCP 192.168.1.10 0.0.0.0 10.0.0.2 0.0.0.0 eq 80 Router(config)#access-list 110 permit ICMP any any Router(config)#interface fastethernet0/0 IP access-group 110 IN
fastethernet0/0 here is the interface of the source.
NAT stands for network address translation. It is designed to preserve IP addresses. NAT is configured on the gateway router of a local network. It is essential from the security aspect.
NAT allows a single device(such as a router) to act as an agent between the internet and a local network, which means that only a single unique IP address is required to represent an entire group of computers to anything outside the network.
Router(config)#ip nat inside source static 10.0.0.2 184.108.40.206 Router(config)#interface gigabitethernet0/0/1 Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#interface serial0/1/0 Router(config-if)#ip nat outside Router(config-if)#exit
pinged for 10.0.0.2 but 220.127.116.11 replied
It is a network security device that monitors and filters incoming and outgoing network traffic based on the configuration of the firewall. A firewall may be a hardware device or software.
- Stateful: Records every stage from the beginning.
- Stateless: Only the current event is recorded. ### Firewall configuration
Choose 5505 firewall: firewall controls network traffic using two rules namely
It is a device that combines firewall, antivirus, intrusion prevention, VPN & SSL capabilities.
- We can’t assign IP directly to any interface of a firewall.
- We have to assign IP to VLAN & then link VLAN to any interface so IP address is indirectly assigned to an interface.
- The INSIDE network is inside your LAN.
- The OUTSIDE network will be out of LAN.
- VLAN 1 will always be linked with the INSIDE network.
- VLAN 2 will always be linked with the OUTSIDE network.
- SECURITY LEVEL of the INSIDE network will be 100 & OUTSIDE will be 0.
- Ethernet 0/1 of the firewall will be assigned to VLAN1.
- Ethernet 0/0 of the firewall will be assigned to VLAN2.
STEP 1: REMOVE DEFAULT IP ADDRESS AND DHCP SCOPE RANGE
ciscoasa(config)# interface vlan 1 ciscoasa(config-if)# no ip address ciscoasa(config-if)# exit ciscoasa(config)# no dhcpd address 192.168.1.5 - 192.168.1.15 inside
We can find this using the SHOW command
STEP 2: ASSIGN IP, NAME, AND SECURITY LEVEL TO VLAN 1&2
ciscoasa(config)# interface vlan 1 ciscoasa(config-if)# ip address 172.16.1.1 255.255.255.0 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# nameif inside ciscoasa(config-if)# security-level 100 ciscoasa(config-if)# exit ciscoasa(config)# interface vlan 2 ciscoasa(config-if)# ip address 18.104.22.168 255.255.255.0 ciscoasa(config-if)# no shutdown ciscoasa(config-if)# nameif outside ciscoasa(config-if)# security-level 0 ciscoasa(config-if)# exit
STEP 3: LINK CORRESPONDING VLAN 1&2 WITH RESPECTIVE INTERFACE
ciscoasa(config)# interface ethernet0/1 ciscoasa(config-if)# switchport access vlan 1 ciscoasa(config-if)# exit ciscoasa(config)# interface ethernet0/0 ciscoasa(config-if)# switchport access vlan 2 ciscoasa(config-if)# exit
STEP 4: CONFIGURE DHCP & DNS SERVER
We can give DHCP range as much as we want, here we give 6 IP's starting from 1.5 to 1.10
ciscoasa(config)# dchpd address 172.16.1.5 - 172.16.10 inside
Above command allows all computers from inside the network to communicate with the DNS server.
STEP 5: CONFIGURE DEFAULT ROUTE
The command will let the firewall communicate with the outside network. 0.0.0.0 means any source IP can communicate with any destination IP through router IP 22.214.171.124
cisocasa(config)# route outside 0.0.0.0 0.0.0.0 126.96.36.199
STEP 6: OBJECT NETWORK CREATION & ENABLING NAT
This will allow the INSIDE network to communicate with the OUTSIDE network (& vice-versa) with the public IP address.
ciscoasa(config)# object network LAN ciscoasa(config-network-object)# subnet 172.16.1.0 255.255.255.0 ciscoasa(config-network-object)# nat (inside,outside) dynamic interface
STEP 7: CREATE ACL
Here we are using EXTENDED NAMED ACL( i.e 3rd type of ACL apart from the previous two where we use alphabets instead of numbers). This ACL allows both TCP and ICMP traffic to be allowed outside the network.
cisco(config)# access-list inside_to_internet extended permit tcp any any cisco(config)# access-list inside_to_internet extended permit icmp any any cisco(config)#access-group inside_to_internet in interface outside
STEP 8: CONFIGURE ROUTER
ASSIGN IP ADDRESS TO ROUTER, Configure OSPF for ISP Router
router(config)# router ospf 1 router(config)# network 188.8.131.52 0.0.0.255 area 0 router(config)# network 184.108.40.206 0.0.0.255 area 0 router(config)# exit
STEP 9: Go to PCs
Switch to DHCP addressing.
Security means securing something from unauthorized access, minimizing vulnerabilities, etc through layers of defense. Read more about networking security here.
It is the process of creating a virtual instance of a system within an already running system. This virtual instance act as a sandbox environment, any changes made to the sandbox environment stay there and are not leaked to the original system. It's a good means of experimenting without any additional cost.
There are specially designed operating systems for practicing and experimenting with security. For example Kali Linux, Parrot OS, etc. These are Debian-based Linux distros. Kali Linux comes with 300+ inbuilt tools
for auditing and exploitation and capabilities for vulnerability assessment.
Networking Scanning means finding crucial details about the network, which are used to analyze the network and its vulnerabilities.
It is a mobile/desktop application used for network scanning. The device with 'fing' should be connected to the network. It will show
- open ports
- number of devices and their IP addresses
- MAC addresses of all the devices
- Services running on the network
get fing here
Nmap means network mapper. It is a command-line tool for analyzing a network or even a particular host in a network. Usage:
$ NMAP -sT 192.168.0.0/24 $ NMAP -sT 192.168.0.2 $ NMAP -sT google.com
Nmap is pre installed in kali linux, use Nmap -h for a complete list of wild cards to use with Nmap
This is an information-gathering tool. It is used to monitor the incoming and outgoing packets. It allows various facilities like filtering based on protocol, source, destination, etc.
it's pre installed in kali linux
It is a web-based application for indexing, storing, and analyzing data. It can be configured to work with real-time data. It can also act as a firewall or antivirus, can create alerts, etc. There are a lot of resources for data to analyze in Splunk.
IDS stands for Intrusion Detection System and IPS stands for Intrusion Protection System. IDS can only detect an intrusion in the system but can't perform any action in response to that, For example, Wireshark, CCTVs, etc. IPS on the other hand will not only detect the intrusion but can also perform an action to prevent the intrusion.
A honeypot is a system through which creates an illusion of a vulnerable target to acts as bait for attackers. When an attacker tries to attack the fake target, the attacker ends up leaving its own information. Also, the attacker can't perform an attack on the fake target. There are many honeypots available namely, pentbox, honeydrive, etc.
You might not be able to hack into some reputed company with this knowledge, but I'm sure you'll have a better understanding of basic networking.