4. Network Security
Types of Networks
Local Area Network: Commonly limited geographical area
OSI Model
Divides networking tasks into 7 layers, each responsible for specific tasks
Data converted into binary from electrical signals: Sent across wire
Encapsulation: Adds header/trailer used at L2-4:
Data moves DOWN OSI from app to phy
As data is encapsulated the previous header/payload/footer are treated as the next layer’s payload
Data unit size increases as we move down
TCP/IP
Defines protocols for transport
32-bit address space
Expressed as 4 octets separated by dot [ . ]
Each octet may have value between 0 - 255
0 is network and 255 is for broadcast
Each address subdivided into 2 parts:
Network number: Number assigned by external org like ICANN
Host: Represents the network interface within the network
Subnet: Networks typically divided into subnets Subnet mask: Defines part of address for subnet in dec 255.255.255.0
IPv4 sub-divided into public/private address ranges Public addresses:
10.0.0.0 - 10.255.255.254
172.16.0.0 - 172.31.255.254
192.168.0.0 - 192.168.255.254
Loopback: First octet of 127 reserved for a loopback: 127.0.0.1
Mechanism for self-diagnosis, troubleshooting
Allows admins to treat local machine as remote
Difference between IDS/IPS
IPS is placed in line with traffic: All traffic must pass through it
IPS can choose what traffic to forward and what traffic to block
NIPS: Network-Based IPS
HIPS: Host-Based IPS Cloud: Usually associated with internet-based set of resources and typically sold as a service
Provided by a CSP: Cloud Service Provider
Cloud Service Models
Software as a Service A model where software apps are hosted by a vendor/CSP
Four Cloud Models
Easily accessible. No mechanism other than applying, paying for service
Shared resource: Many people use resource pool
Deployment: Assets avail to consumers to rent, host by external CSP
Service level agreements
Area designed for access by visitors: Isolated from private network
Last updated