Cybersecurity
Network Security Tools
By
Radhika B S
�Computer Network
2
�Types of Computer Networks
● Personal Area Network (PAN): Network of computer devices centered around an individual’s
workspace/home.
● Local Area Network (LAN): network that connects computers over a small geographical
distance
● Metropolitan Area Network (MAN): network that connects computers over a larger distance
such as within a city
● Wide Area Network (WAN): network that connects computers over a very large geographical
distance
3
�OSI Model and TCP/IP Model
4
�TCP/IP Model
● Application Layer: Responsible for creating and processing user data between applications.
● Transport Layer: Responsible for data transfer between the application program running on
the client and the application program running on the server.
● Network (or Internetwork) Layer: Responsible for transport of data from node to node in a
network.
● Network Interface/Link Layer: Acts as the interface to the actual network hardware.
This layer implements the actual topology of a local network that allows the internet layer to
present an addressable interface.
5
�TCP/IP Model
6
�TCP/IP Model
7
�Protocols
● A protocol is a set of rules and standards that define a language that can be used to
communicate.
● There are a great number of protocols used extensively in networking, and they are
often implemented in different layers.
● Application Layer : HTTP, FTP, DNS, etc.,
● Transport layer: TCP, UDP, etc.,
● Network Layer: IP, ICMP, etc.,
● Network Interface Layer: PPP, Token Ring, etc.,
8
� Addresses and Identifiers
● Network Access Layer : MAC Address
● Internet/Network Layer: IP Address
● Transport layer: Port Number
9
�MAC Address
● Media Access Control (MAC) Address is a 6-byte (48-bits) address that is unique to each
networking device/interface
● Also known as Physical/Hardware address
● Generally written as a hexadecimal number
● It has two parts. The first three bytes indicate the manufacturer of the Network Interface
Card (NIC) and the last three bytes are a unique number assigned to the NIC by the
manufacturer
10
�IP Address
● Also known as Virtual Address
● So each device has a Physical address and a Virtual Address
● There are two versions of IP addresses: IPv4 and IPv6
● IPv4 uses 32 bit address
● Each address has two parts, network part and host part
● Generally, IP addresses are assigned by the ISP or a system administrator
● Public Vs Private IP addresses
● Dynamic Vs Static IP addresses
11
�IP Address
● IP addresses are managed by the Internet Assigned Numbers Authority (IANA) which has
overall responsibility for the IP address pool and by the Regional Internet Registries (RIRs)
to which IANA distributes large blocks of addresses.
● Dynamic Host Configuration Protocol (DHCP) is a protocol that automatically provides an IP
address to a host
● Loopback address is a virtual interface that loops back to the same host
12
�IPv4 Address
● A dotted decimal number made of 32 bits
● It is divided into 4 Octets
● Value of each octet ranges from 0 to 255
● Each IP address has two fields: network field and host field
13
�IPv4 Address Classes
14
�IPv4 Address Classes
15
�IPv4 Network Address
16
�IP Subnetting
● Dividing a network into smaller networks
● Subnet mask is used to differentiate between the network ID and host ID
● Classless Inter-Domain Routing (CIDR): Helps in addressing the drawbacks of classful IP
addressing
● Length of the subnet mask (Number of 1s) is added as a suffix to the IP address
● Example: 172.30.26.12/18 (here the first 18 bits represent the network portion)
17
�Private IP Addresses
● Addresses within this private address space are only unique within a given private network.
● An IP address within these ranges is therefore considered non-routable, as it is not unique.
Any private network that needs to use IP addresses internally can use any address within
these ranges without any coordination with IANA or an Internet registry.
● Private IP Address Ranges
○ Class A: 10.0.0.0 to 10.255.255.255
○ Class B: 172.16.0.0 to 172.31.255.255
○ Class C: 192.168.0.0 to 192.168.255.255
18
�Gateway
● Gateway is a node located at the boundary of a network and manages all data that inflows or
outflows from that network.
● It forms a passage between two different networks operating with different transmission
protocols.
● IP address of the Gateway should be part of the network that it is connecting
19
�Port Numbers
● A port is an address on a network device that can be associated to a specific piece of software.
● It is not a physical interface or a location, but it allows the server to be able to communicate
using more than one application.
● It is a 16 bits number. Ranges from 0 to 65535
● Numbers 0 to 1023 are reserved for common applications. These are known as well-known
ports
20
�IP Addressing
https://www.homenethowto.com/basics/default-gateway-finding-other-ip-networks/ 21
�IP Addressing
22
�IP Addressing
23
� Packet Travelling
https://www.practicalnetworking.net/series/packet-traveling/packet-traveling/ 24
�Packet Travelling
https://commons.wikimedia.org/wiki/File:Packet_Switching.gif 25
�DNS Protocol
26
�DNS Protocol
27
�Establish Connection
28
�Establish Connection using 3-way Handshake
29
�Exchanging Data using HTTP
30
� Firewall
● First line of defence in a network
● Prevents unauthorised outsiders from accessing internal resources
● Prevents insiders from transferring sensitive information outside the
network and accessing unsecured resources
● It can be a software or hardware or both
● Security measure that filters incoming and outgoing traffic based on
predefined rules
● Rules are generally specified in terms of IP addresses, ports, etc
● These rules form the firewall policy
● Firewall policy must be carefully configured and frequently evaluated
and updated
● Can also use multiple network security perimeter
31
�Intrusion Detection and Prevention Systems
● Intrusion Detection Systems (IDS): Security measure that monitors the traffic for any
malicious activities or policy violations and sends an alert if detected.
● Intrusion Prevention Systems (IPS): Measure that inspects the traffic and proactively
stops any malicious traffic
● Can work in inline or out-of-band/end host mode
● Can use anomaly-based detection or signature based detection
● There are two main types:
○ Network Intrusion Detection and Prevention System (NIDPS)
○ Host Intrusion Detection and Prevention System (HIDPS)
32
�Intrusion Detection and Prevention Systems
Inline Systems Out-of-Band Systems
33
�Port Scanning
● Involves scanning one or more IP addresses and recording open ports and known
vulnerabilities present in them
● It is useful for network administrators to monitor the network
● But it can also be used by attackers to analyse victim’s network
● Many port scanning tools are available
34
�Network Segmentation
35
�Access Control
● Access Control provides authorization
● A key Security Measure used in operating systems, databases, and applications
● Main types of Access Control Models include:
○ Discretionary Access Control
○ Mandatory Access Control
Example: Multilevel Security Models
○ Role-Based Access Control
○ Attribute-Based Access Control
36
�Multilevel Security
● Use multiple security levels.
● Each entity is assigned a security level. Actions of an entity are decided based on its
level.
● BLP Model: Used for Confidentiality
● It was originally designed for the U.S. Navy to enable users with
different classification levels to use a single, shared computer
system. The military uses four classification levels: unclassified,
confidential, secret, and top secret.
● Every object is assigned one of those four classification levels. Every subject (user) is
also associated with a clearance at one of those levels.
37
�Access Control
● Access Control provides authorization
● A key Security Measure used in operating systems, databases, and applications
● Main types of Access Control Models include:
○ Discretionary Access Control
○ Mandatory Access Control
○ Role-Based Access Control
○ Attribute-Based Access Control
38
�Principle of Least Privilege
● Every element should have access only to the resources necessary to perform its task
● Example that violate the principle:
○ Default permissions on a file set to read-write for all introduces the risk that
people who have no business touching the file will modify it.
39
�Separation of Duty
● To break the privilege into multiple parts.
● In case of an application, this can be achieved by breaking the application into
multiple parts. Each part runs with only the privileges it needs to perform its task. If
one part becomes compromised, potential damage is limited to only that component
40
�Network Access Control
● With increase in use of BYOD, need for regulating
their access to network emerged
● NAC is a security technology that regulates and
enforces access to network resources based on
policies defined by the organization
● Depending on the posture assessment either the
access is allowed, denied or the device is put in
quarantine
41
