Introduction to Networking
Welcome to the topic of Networking Basics. Whether you’re a cybersecurity enthusiast or trying to get in the field, understanding the fundamentals of networking is important. The internet, at its core, is a vast network of networks. By grasping how these networks operate and interact, you’re taking a significant first step in developing your cybersecurity base of knowledge.
What is a Network?
In simple terms, a network is a collection of computers, servers, mainframes, network devices, peripherals, or other devices connected to one another to allow the sharing of data. An example of a network is the Internet, which connects millions of people all over the world, but a network can also be as small as just two connected devices. Networks are typically divided into 2 categories, LAN and WAN, that we will discuss in the next sections.
Local Area Network (LAN)
LANs are usually restricted to a small area, such as a single building, office, or home. The area covered is typically limited to a few kilometers at most.
- Ownership: LANs are usually owned, controlled, and managed by a single person or organization.
- Purpose: They are designed to connect personal computers and devices within a limited area to share resources (like printers or file servers) and provide access to the internet.
Wide Area Network (WAN):
WANs cover a broad area, potentially spanning across cities, countries, or even continents. It’s designed to connect devices over long distances.
- Ownership: WANs may be owned and operated by multiple stakeholders, including private companies, internet service providers (ISPs), and/or governments. The internet itself is the largest example of a WAN.
- Purpose: WANs are used to connect LANs and other types of networks together, allowing users and organizations to communicate and share data across vast distances.
Key Concepts in Networking
IP Terminology
- Bit: a bit is one binary digit, either 1 or 0, and is the smallest unit of data.
- Byte: a byte is 7 or 8 bits, depending on if parity is used, but 8 bits is the most common. You can usually assume
- Octet: made up of 8 bits. IP addresses in the IPv4 system are typically composed of 4 octets.
IP Addresses
An IP (Internet Protocol) address is a unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication. Think of it as a address for a device on the internet or local network. It’s a unique string of numbers separated by periods (IPv4) or colons (IPv6) that identifies each computer, smartphone, or other device connected to the Internet or a network. Cybersecurity professionals use IP addresses to identify devices on a network, monitor network traffic, and detect and respond to suspicious activities. There are two versions of IP addresses currently in use:
- IPv4: Uses a 32-bit address scheme allowing for a total of over 4 billion unique addresses, represented in decimal format as four octets separated by periods (e.g., 192.168.1.1).
- IPv6: Uses a 128-bit address scheme, significantly increasing the number of available addresses (approximately 3.4 x 10^38), represented in hexadecimal format as eight groups of four hexadecimal digits separated by colons (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334).
IP Address Classes
A concept specific to IPv4, designed to categorize IP addresses into classes A, B, C, D, and E, based on the first octet of the address. Each class was designed for networks of different sizes, from very large networks (Class A) to small networks (Class C). Classes D and E were reserved for special purposes, and we won’t cover those in this tutorial.
Public IP Addresses
Unique across the entire internet. They are assigned by the Internet Assigned Numbers Authority (IANA) and managed by regional internet registries. Public IP addresses ensure that each device connected to the internet has a unique identifier. No two devices on the internet can have the same public IP address. These addresses are used for devices that need to be directly accessible over the internet, like web servers.
Coming back to the topic of IP address classes, here are the ranges for each public class:
- IPv4
- Class A: Ranges from 1.0.0.0 to 126.255.255.255. Class A addresses allowed for 16 million hosts on each of 128 networks.
- Class B: Ranges from 128.0.0.0 to 191.255.255.255. Class B addresses allowed for 65,536 hosts on each of 16,384 networks.
- Class C: Ranges from 192.0.0.0 to 223.255.255.255. Class C addresses allowed for 256 hosts on each of 2,097,152 networks.
Private IP Addresses
Reserved for use within private networks and are not routable on the public internet. This means they can be used by anyone within private networks without coordination with an internet registry. Devices with private IP addresses can communicate with each other on the same network, or through the internet with the help of Network Address Translation (NAT) performed by a router.
The IP ranges reserved for private use are:
- IPv4
- Class A: 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
- Class B: 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
- Class C: 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
- IPv6
- Unique Local Addresses (ULAs) that typically start with
fc00::/7
- Unique Local Addresses (ULAs) that typically start with
Subnetting Basics
Subnetting is the process of dividing a network into two or more smaller networks. It’s like creating distinct neighborhoods within a city to manage traffic and provide organization. Subnets help reduce network traffic, improve performance, and provide a way to secure network segments. It’s good to know how to do subnetting manually, but in most cases, you can just use a subnet calculator.
Why Subnetting?
- Improved Network Performance: By dividing a large network into smaller subnets, broadcast traffic is reduced, which can significantly improve network performance.
- Enhanced Security: Subnetting can provide an additional layer of security. By segregating a network into subnets, you can control access to different network segments.
- Efficient IP Address Allocation: It allows for efficient use of IP addresses, conserving address space by allocating addresses based on the actual need of each subnet.
Understanding Subnet Masks
A subnet mask is a number that resembles an IP address and is used to divide IP address components into network and host addresses. It determines the network portion and the host portion of an IP address. For example, in the subnet mask 255.255.255.0, the first three sets of numbers (255.255.255) identify the network part, while the last set (0) identifies the host part.
CIDR Notation:
Classless Inter-Domain Routing (CIDR) is another way of representing IP addresses and subnet masks. Instead of using the traditional subnet mask, CIDR notation follows the IP address with a slash and a number – for example, 192.168.1.0/24. The number after the slash represents the number of consecutive 1’s in the subnet mask. Here’s an example of a few common CIDR notations:
- /32 (255.255.255.255) – Single IPv4 Address Example: 192.168.1.1/32 This notation represents a single IPv4 address.
- /24 (255.255.255.0) – Class C Network Example: 192.168.1.0/24 This notation represents a network with 256 IPv4 addresses, ranging from 192.168.1.0 to 192.168.1.255.
- /16 (255.255.0.0) – Class B Network Example: 172.16.0.0/16 This notation represents a network with 65,536 IPv4 addresses, ranging from 172.16.0.0 to 172.16.255.255.
- /8 255.0.0.0) – Class A Network Example: 10.0.0.0/8 This notation represents a network with 16,777,216 IPv4 addresses, ranging from 10.0.0.0 to 10.255.255.255.
- /0 – Default Route Example: 0.0.0.0/0 This notation represents the default route, which matches all IPv4 addresses. It is commonly used as the default gateway for routing traffic to the internet.
Understanding IP addresses and subnetting is fundamental in cybersecurity for several reasons
- Network Segmentation: Subnetting helps in creating segmented networks, which can isolate sensitive data and systems from the broader network. This limits the spread of cyber threats and reduces the attack surface.
- Access Control: By understanding IP addressing, cybersecurity professionals can implement more effective access control measures, ensuring that only authorized devices can communicate with sensitive parts of the network.
- Incident Analysis: Cybersecurity experts often analyze IP addresses in security logs to identify suspicious activities. Understanding where an IP address falls within the network can help in quickly pinpointing potential security breaches.
- IP Spoofing Prevention: Knowing how IP addresses are structured and allocated allows cybersecurity professionals to better detect and prevent IP spoofing attacks, where an attacker disguises their identity by using a forged IP address.
OSI Model
The OSI (Open Systems Interconnection) model is a conceptual framework used to understand network interactions in seven layers. Each layer serves a specific function and communicates with the layers directly above and below it.
- Physical Layer (Layer 1): Deals with the physical connection between devices and the transmission and reception of raw binary data over a physical medium (e.g., cables, fiber optics, or wireless). Components include hardware like hubs, repeaters, network adapters, cables, and connectors.
- Data Link Layer (Layer 2): Responsible for node-to-node data transfer between two directly connected nodes. It also handles error correction from the physical layer. Components include network switches, bridges, and protocols like Ethernet and PPP. It’s divided into two sublayers: the Media Access Control (MAC) layer, which controls how devices on a network gain access to data and permission to transmit it, and the Logical Link Control (LLC) layer, which manages frame synchronization, flow control, and error checking. The purpose of this layer is to organize data into frames.
- Network Layer (Layer 3): Manages device addressing, tracks the location of devices on the network, and determines the best way to move data. This layer handles packet routing through logical addressing (IP addresses in TCP/IP networks). Components include Routers and protocols like IP (Internet Protocol), ICMP (Internet Control Message Protocol), and IGMP (Internet Group Management Protocol).
- Transport Layer (Layer 4): Provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. Includes protocols like Protocols like TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). Purpose is to provide reliable, transparent transfer of data between end points.
- Session Layer (Layer 5): Manages sessions between applications. This layer establishes, manages, and terminates connections between applications. Includes APIs and sockets that manage sessions. Purpose is to establish, manage, and terminate connections between applications.
- Presentation Layer (Layer 6): Translates data between the application layer and the network format. It ensures that data sent from the application layer of one system is readable by the application layer of another. The layer can translate different data formats or perform encryption/decryption as necessary. Includes encryption, compression, conversion, and other transformation services. Purpose is to translate, encrypt, and compress data.
- Application Layer (Layer 7): The closest layer to the end user. It interacts with software applications that implement a communicating component. This layer provides network services to the applications of the user, such as email, file transfer, and web browsing. Includes protocols and services like HTTP, SMTP, FTP, and DNS. To provide network services to the applications of the user.
- Human Layer (Layer 8): This informal layer extends beyond the OSI model to represent the human interaction with networked systems. Often referred to humorously as a “Layer 8 issue,” this concept underscores problems stemming not from the technical infrastructure but from the behaviors, errors, or misunderstandings of the people operating or interacting with the system. It highlights the role that human factors play in the functioning and troubleshooting of networked environments.
TCP/IP Model
Also known as the Internet Protocol Suite, is a conceptual framework that outlines protocols used for the internet and similar networks. It is a more streamlined architecture compared to the OSI model, consisting of four layers. Each layer specifies a set of protocols that perform a group of functions necessary for the transmission of data across a network. The TCP/IP model’s layers:
- Link Layer (Network Interface Layer): Responsible for the physical transmission of data over network hardware. It corresponds to the combination of the Physical (layer 1) and Data Link layers (layer 2) of the OSI model. Components include hardware devices and protocols such as Ethernet for wired connections and Wi-Fi for wireless connections. It handles the details of the hardware interface specifications and manages data frames’ delivery between two devices on the same network. Purpose is to provide the means for exchanging data over common network mediums.
- Internet Layer (Network Layer): The core layer of the TCP/IP model, responsible for sending packets across potentially multiple networks. It defines the protocols for packet routing to ensure they reach their destination, regardless of the path they take. It corresponds to the Network layer (layer 3) of the OSI model and includes all of the same components and protocols.
- Transport Layer: Provides end-to-end communication services for applications. It is responsible for establishing, maintaining, and terminating connections between hosts. It ensures data is transferred in a reliable and orderly manner, and it controls the flow of data to prevent network congestion. This layer corresponds to the Transport layer (layer 4) of the OSI model.
- Application Layer: The topmost layer, where communication is initiated and received. It provides network services to end-user applications. This layer defines the protocols that applications use to exchange data. It is where user-level protocols operate and where high-level data formatting, presentation, and display occur. This layer corresponds to the Session layer (layer 5), Presentation layer (layer 6), and the Application layer (layer 7).
Domain Name System (DNS)
DNS is like the internet’s phonebook. It’s a critical network service that translates human-friendly domain names (like “example.com”) into IP addresses (like 192.0.2.1) that computers use to identify each other on the network. Here’s a breakdown of how DNS works and why it’s essential for navigating the internet.
What is DNS?
DNS stands for Domain Name System. It’s a system that translates the domain names you enter in your browser (such as “google.com”) into the numerical IP addresses needed to locate and load the website on your device. This process is known as DNS resolution.
Why Do We Need DNS?
Humans find it easy to remember words and names, but computers and networks rely on numerical IP addresses to route data. Before DNS, people had to remember and enter numerical IP addresses for each website they wanted to visit. DNS simplifies this process by allowing us to use memorable domain names.
How Does DNS Work?
- Query Initiation: When you type a website address into your browser, the browser first checks if the IP address for that site is already known or stored locally (in its cache). If not, it makes a DNS query to find out.
- Recursive Resolver: The query usually first goes to a recursive DNS resolver, typically provided by your internet service provider (ISP). This resolver has the job of finding the IP address for the domain name you’ve requested.
- Root Nameserver: If the resolver doesn’t already have the IP address cached, it queries one of the root nameservers. The internet has 13 root nameservers, which know where to direct the query for top-level domains (.com, .net, .org, etc.).
- TLD Nameserver: The query is then directed to a TLD (Top-Level Domain) nameserver for the domain’s TLD (.com for example). This nameserver knows the IP address of the domain’s authoritative nameserver.
- Authoritative Nameserver: Finally, the query reaches the authoritative nameserver for the domain, which knows the actual IP address for the domain name and responds to the resolver with this information.
- Response to Client: The recursive resolver sends the IP address back to your browser, allowing it to connect to the website’s server and load the website.
- DNS Hierarchy
- Root Level: The top of the DNS hierarchy, represented by a dot (.).
- Top-Level Domains (TLDs): These are categories like .com, .net, .org, or country-specific TLDs like .uk, .us.
- Second-Level Domains (SLDs): These are the names directly to the left of the TLD (e.g., in “example.com,” “example” is the SLD).
- Subdomains: These are further subdivisions of the SLD (e.g., “blog.example.com”).
- Types of DNS Records
- A Record: Maps a domain to its IPv4 address.
- AAAA Record: Maps a domain to its IPv6 address.
- CNAME Record: Redirects one domain to another domain.
- MX Record: Specifies the mail servers for accepting emails on behalf of the domain.
- NS Record: Points to the DNS servers for the domain.
- TXT Record: Provides text information to sources outside your domain. Often used for verification purposes.
- DNS Caching: To speed up web browsing, DNS queries are cached at various points along the DNS lookup process. Browsers, operating systems, recursive resolvers, and even the authoritative nameservers themselves can cache DNS records for a set period, known as the TTL (Time to Live).
Dynamic Host Configuration Protocol (DHCP):
It’s a network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks.
How Does DHCP Work?
The DHCP process involves four basic steps, often referred to as the DORA process (Discover, Offer, Request, Acknowledge).
- Discover: When a device connects to a network (e.g., when you turn on your computer or connect your phone to Wi-Fi), it broadcasts a DHCP discover message to identify any available DHCP servers.
- Offer: A DHCP server receives the discover message and responds with an offer message, which contains an IP address that the server is willing to lease to the device, along with other configuration information like the subnet mask, default gateway, and DNS server addresses.
- Request: The device responds to the DHCP server with a request message, indicating that it accepts the offered IP address and other configuration details.
- Acknowledge: The DHCP server sends an acknowledge message to the device, confirming that the IP address has been leased to the device for a specific period, known as the lease time. If the lease is not renewed, the IP address returns to the pool of addresses the DHCP server manages.
Why Networking Knowledge is Essential in Cybersecurity?
Understanding networking is not just about knowing how data moves from point A to point B. It’s about grasping how potential attackers can exploit network vulnerabilities and how these vulnerabilities can be mitigated. It’s the foundation upon which you can build robust cybersecurity strategies.
Certifications
In our opinion the CompTIA Network+ is a great certification to start your journey into cybersecurity.
If you’ve enjoyed diving into the subject of networking and are eager to deepen your understanding, I have a fantastic resource to share. The book that I’m about to recommend isn’t just another item on a list—it’s a guide that I and my team have personally used to prepare for the Network+ certification.
For those interested, I’ve included an affiliate link to purchase the book. Using this link not only gets you a great resource for your studies but also supports our blog at no additional cost to you:
Next Steps in Your Learning Journey
With these basics under your belt, you’re well on your way to deeper cybersecurity learning. Dive into advanced topics and start applying your knowledge in practical scenarios. Check-out the next series to understand linux-fundamentals.
Remember, the field of cybersecurity is vast and ever-evolving. Stay curious, keep learning, and use SecureBitsBlog as your guide through the fascinating world of digital security.