pirate.moo's gitbook
  • 🏴‍☠️pirate.moo's gitbook
  • WEB
    • OWASP TOP 10
    • Notes
    • Lab Write-Ups
      • SQLi in WHERE clause
  • PENTESTING
    • CHECKLIST
    • REPORTING
    • SCRIPTS
  • EXPLOITATION
    • reverse shells
    • dns/subdomain
    • ssl
    • Handy cmds
    • VULNERABILITIES
      • Log4Shell
      • Dirty Pipe
      • Pwnkit
  • CTF
    • CTF Tools
  • CERTIFICATIONS
    • PNPT
    • CPTS
      • 1. Process
      • 2. Getting Started
      • 3. NMAP
      • 4. Footprinting
        • FTP
        • SNMP
        • SMB
        • NFS
        • MySQL/MSSQL
        • Oracle TNS
    • CPTS Machines
      • Nibbles
    • OSCP
    • ISC2-cc
      • 1. Security Principles
      • 2. Incident Response
      • 3. Access Control
      • 4. Network Security
      • 5. Security Operations
  • MOBILE
    • History
    • Forensics
  • MOOSINT
Powered by GitBook
On this page
  1. CERTIFICATIONS
  2. ISC2-cc

4. Network Security

Types of Networks

Local Area Network: Commonly limited geographical area

Wide Area Network: Long-distance connections between remote networks

Hub: Used to connect multiple devices in a network

Switch: Know addresses of those connected with route traffic

Router: Controls traffic flow on networks by determining best "route"

Firewall: Filters traffic on a defined set of rules, ACL's or filters

Server: Provides info to other computers on a network

Endpoint: Ends of a network communication link

IEEE 802.3: Standard that defines wired connections

  • Defines way data is formatted over wire so devices can communicate

MAC: Media Access Control: Every device is assigned a MAC address

  • First 3 bytes (24 bits): OUI, or vendor ID of the NIC

OSI Model

Divides networking tasks into 7 layers, each responsible for specific tasks

Data converted into binary from electrical signals: Sent across wire

Hardware: Switches, bridges, WAP frames

Routing/Packets

TCP/UDP

Data: Logical ports, NetBIOS

Data: Images

Apps

Encapsulation: Adds header/trailer used at L2-4:

  • Data moves DOWN OSI from app to phy

  • As data is encapsulated the previous header/payload/footer are treated as the next layer’s payload

  • Data unit size increases as we move down

Decapsulation: Data moves UP OSI from phy to app

  • Moving up means smaller data

  • Header/footer used to properly interpret data payload/discarded

TCP/IP

Defines protocols for transport

Permits data to move among devices

Creates/inserts packets

How data moves through network

32-bit address space

  • Expressed as 4 octets separated by dot [ . ]

  • Each octet may have value between 0 - 255

  • 0 is network and 255 is for broadcast

Each address subdivided into 2 parts:

  1. Network number: Number assigned by external org like ICANN

  2. Host: Represents the network interface within the network

Subnet: Networks typically divided into subnets Subnet mask: Defines part of address for subnet in dec 255.255.255.0

IPv4 sub-divided into public/private address ranges Public addresses:

  • 10.0.0.0 - 10.255.255.254

  • 172.16.0.0 - 172.31.255.254

  • 192.168.0.0 - 192.168.255.254

Loopback: First octet of 127 reserved for a loopback: 127.0.0.1

  1. Mechanism for self-diagnosis, troubleshooting

  2. Allows admins to treat local machine as remote

128-bit address space

  • IPSec: Improved sec:  Helps ensure integrity/confidentiality of packets

  • Improved QoS: Helps services obtain appropriate bandwidth

  • 8 groups of 4 digits in hex (0000-ffff) separated by colons [ : ]

Shortened by removing leading 0's at beginning of field and adding :: Loopback: ::1 used the same as 127.0.0.1

Difference between IDS/IPS

  • IPS is placed in line with traffic: All traffic must pass through it

  • IPS can choose what traffic to forward and what traffic to block

  • NIPS: Network-Based IPS

  • HIPS: Host-Based IPS Cloud: Usually associated with internet-based set of resources and typically sold as a service

  • Provided by a CSP: Cloud Service Provider

Cloud Service Models

Software as a Service A model where software apps are hosted by a vendor/CSP

Platform as a Service A model customers use to build/operate their own software

  • Way to rent hardware, storage and network capacity from a CSP

  • Consumer doesn't manage/control underlying infrastructure, network, servers, or storage

Infrastructure as a Service Network access to traditional resources such as processing power

Four Cloud Models

Easily accessible. No mechanism other than applying, paying for service

  1. Shared resource: Many people use resource pool

  2. Deployment: Assets avail to consumers to rent, host by external CSP

  3. Service level agreements

Developed/deployed for a private org that builds its own cloud

  1. Can create/host private clouds using own resources

  2. Deployment model: Cloud-based assets for single org:

    1. Org responsible for all maintenance

  3. Can rent resources from 3rd party/split requirements

Combining 2 forms of deployment models, typically public/private

  1. Ability to retain control

  2. Reusing previous investments in tech within org

  3. Control over most critical business components, systems

  4. Cost-effective means to fulfilling noncritical business functions

Can be public/private

  1. People of like minds can get together, share capabilities and services

Managed Service Provider: Manages tech assets for another company

  • May use to provide network/security monitoring/patching services

  • Augment in-house staff for projects, expertise for a product or service

  • Payroll services, help desk management, monitor/respond to incidents

  • SLA: Service-Level Agreement:

    • Agreement between CSP/customer on cloud

Area designed for access by visitors: Isolated from private network

Created by switches to logically segment a network without altering physical topology

VPN: Virtual Private Network: Tunnel provides point-to-point transmission of auth/traffic

NAC: Network Access Control: Access through implementation of policy

Previous3. Access ControlNext5. Security Operations

Last updated 1 year ago