DEV Community

loading...

Beginners Guide to Networking & Security

utkarshdhiman48 profile image Utkarsh Dhiman ・16 min read

The basic concepts to learn networking and security are the following

Index

Ip address

An IP address is a unique address give to each device in a network to distinguish it from other devices within the network. It's analogous to a house address in a locality.

What is LAN?

Lan is a local area network. It may or may not be connected to the internet.

Host in a network

A host is any device that is connected to a network.

Versions of IP address

Version IPv4 IPv6
size 32 bit 128 bit
address dotted decimal notation Hexadecimal Notation
format 192.168.252.76 3FFE:F200:0234:AB00:0123:4567:8901:ABCD

IPv4

IPv4 consists of 4 octets of bits separated by the '.' symbol. It couldn't keep up with the increasing number of devices connected to the internet so Ipv6 was introduced.

IPv4 classes

class range network/hosts
A 1 - 126 N.H.H.H
B 128 - 191 N.N.H.H
C 192-223 N.N.N.H
D 224-239 Reserved
E 240-254 Reserved

127 is reserved for loop back

An IP address is made up of network bits and host bits. The network part of an IP address represents the network whereas the host part represents the host/device on the network. Each network has some reserved IP addresses which are not assigned to any host.

NID

NID stands for network Id. It represents the network in which the device resides. For example, a class C network would have NID 192.168.1.0, the last 0 doesn't represent any particular device but a whole network. This IP address in the network is reserved for this purpose.

BID

BID stands for broadcast Identity. It is used to broadcast a message to every device within the network. For example, a class C network would have BID 192.168.1.255, it is also reserved for this purpose.

Subnetting

Subnetting is the concept of dividing the network into sub-networks. These sub-networks can't communicate with each other. It is done by creating a custom subnet mask. The subnet mask is also a 32-bit address with network bits set to 1 and host bits set to 0. For example, the default subnet mask(DSN) for Class C is 255.255.255.0(when there is no subnetting). It is done to minimize the cost and Ip wastage.

DSN

DSN stands for the default subnet mask. Each class has its DSN. The amount of subnetting varies from Class to Class, as Class A can relatively more subnets than Class B which in turn can have more subnets than class C.

Only the part of DSN with 0 can be used to create subnets.

Class DSN
A 255.0.0.0
B 255.255.0.0
C 255.255.255.0

How does Subnet Mask work?

Subnet masks are used to find the host within a network or internetwork. A router applies a bitwise AND operator on the subnet mask and the destination IP address of the packet then uses the result to decide the position of a destined host in the network(connected to that router). For example, suppose a packet destined for Class C IP address 192.168.1.184 reaches the gateway router then,


IP add: 11000000.10101000.00000001.10111000 = 192.168.1.184

DSN:    11111111.11111111.11111111.00000000 = 255.255.255.0

APPLYING BITWISE AND

Result: 11000000.10101000.00000001.00000000 = 192.168.1.0

Enter fullscreen mode Exit fullscreen mode

Now the packet will go to the above-calculated Network ID and will be similarly routed within that network with Custom Subnet Mask(CSN), to find the appropriate subnet and then the host.

Creating Subnets

Subnets are always created in the power of 2. Example 2 subnets, 4 subnets, and so on.

Example: To create 2 subnetworks within 1 network of Class C suppose 192.168.1.0.

To create a subnetwork in Class C,

NID and BID for this network would be 192.168.1.0 and 192.168.1.255 respectively. Since DSN for Class C is 255.255.255.0 there is only one 0 here. The binary representation of this 0 according to 8 bits is 00000000.

With 8 bits we can have a maximum of 256(0-255) hosts.

Step1: Finding the number of network bits represented by 'n'.

2n >= required no of subnetworks

For 2 subnetworks,

21 >= 2,

n is 1 here

Step2: Generating Custom Subnet Mask(CSN).

So we change the Most Significant Bit(MSB) of the above binary representation to 1. We get 10000000 with a decimal equivalent of 128.

This address is represented as 255.255.255.128, which is known as a Custom Subnet Mask(CSM).

Step3: Finding the effective number of hosts in each subnet.

2h - 2

where h is number of host bits 8-n.

27 - 2 = 126

Hence we have 126 hosts for each subnet.

Step4: Ip addressing

By changing the 1st bit(MSB) we divided the network into 2 sets of 128.

using A + B + 1

where A is starting address, B is no of hosts

for Subnet 1

A = 0, B= 126

0+126+1 = 127

for Subnet 2

A = 128, B = 126

128+126+1 = 255

For subnet 2 A = 128 because of CSN.

Subnet 1 [192.168.1.0 - 192.168.1.127 ] and Subnet 2 [192.168.1.128 - 192.168.1.255 ].

Like each network has reserved NID and BID, each subnet also has a NID and BID. According to the above example, for Subnet 1 we have NID and BID 192.168.1.0 and 192.168.1.127 respectively, and for Subnet 2 we have NID and BID 192.168.1.128 and 192.168.1.255 respectively.

The NID for a network is used when routing packets outside the network(among different networks). NID of a subnet is used when routing packets within the network(among different subnets).

Public and Private IP addresses

Public IP Private IP
Outside LAN Inside LAN
assigned by ISP assigned by user/admin
Can be read but not modified Can be read as well as modified
Class Range Corresponding private Ip range
A 0 - 127 10.0.0.0 - 10.255.255.255
B 128 - 191 172.16.0.0 - 172.31.255.255
C 192 - 223 192.168.0.0 - 192.168.10.255

NAT

NAT stands for Network Address Translation. It is the process of converting public IP address into a private IP address and vice-versa. It is free from user interaction i.e. it's an automatic process. It is done by a router.

Life of a packet

Addressing

It is the process of assigning IP addresses to devices. There are 2 types of addressing, static and dynamic.

Static addressing

Ip addresses are assigned manually and they will remain unchanged.

Dynamic addressing

Ip addresses are dynamically assigned to every device from a pre-defined range. A DHCP server must be present within the network which dynamically provides an IP address and other configuration parameters through the DORA process.

a device is referred to as client here and the router is a DHCP server

DHCP

DHCP stands for Dynamic Host Configuration Protocol. It should be manually enabled.

Properties of DHCP

  • DHCP scope

  • It is the range of IP addresses from a given IP address to a particular length of devices that can be connected.

  • Lease time

  • It is the time during which an IP address is provided by the router. It can be preset for all devices, after the lease time ends the client will be automatically disconnected.

  • DHCP client table

  • It is a table in which a DHCP server stores data about devices in the network(connected to the server).

  • DHCP reservation

  • It is the process of reserving an IP address in the IP table, as a result, it won't be disconnected even after the lease time ends.

    DORA process

DORA process

This process occurs during the initialization and end of data communication.

Discover: Using BID Client discovers any server in the network.

Offer: A server if present in the network will receive a 'discover' request from the client and in return will offer its IP address and mac address to the client, through BID.

Request: Now the client will request an IP address from the DHCP server.

Acknowledgment: Now the server will send an acknowledgment of the assigned IP address to the client through BID.

Router

It is a smart device that is employed to find the best route for a packet from the source(itself) to the destination(another router or some other device), this process is known as routing. A router at the root of a network is called a gateway.

Router Concepts

  1. Router ports
  2. Router rules
  3. Router modes
  4. Router basic Configuration

Router Ports

Router ports are classified based on functionality.

  • Interface Port, To connect it to other devices.

    1. Ethernet interface: Old and slow port, not used now.
    2. Fast Ethernet interface: New and fast.
    3. GigabitEthernet interface: Very Fast
    4. Serial interface: Used to connect a router to another router.
  • Line Port: To configure the router.

    1. Console: Used to configure the router directly connected to a computer.
    2. Auxiliary: Remote configuration of the router from a distant computer.

Router Rules

  1. All the interfaces of a router should be in a different network or should have different NID.
  2. A serial interface connecting two routers should be in the same network or should have the same NID.

3 interconnected routers

Connecting 3 router networks to form an internetwork

Router Modes

  • User mode
  • Privilege mode
  • Global Configuration Mode

Basic Router Configuration(LAN)


Router>enable

Router#configure terminal

Router(config)#interface gigabitEthernet0/0/0

Router(config-if)#ip address 192.168.1.1 255.255.255.0

Router(config-if)#no shutdown

Enter fullscreen mode Exit fullscreen mode

Router>(user mode)

Router#(privilege mode)

Router(config)#(global configuration mode)

Enter fullscreen mode Exit fullscreen mode

router to PC through switch

A router has a memory IP table where it stores Ip addresses of known as well unknown networks.

Types of routing

Static Routing Dynamic Routing
Manually configuring the router, where the packets should be sent Using some dynamic routing protocol to decide the flow of traffic.
Filling unknown NID in the IP table. Filling known NID in the IP table.
Employed in small networks Employed in large networks

A HOP occurs when a packet is passed from 1 network node to the next node.

Dynamic Routing

It's employed with known networks, to identify the best path in different ways(depending on the type).


Types:

  • Distance Vector Protocol(Routing Information Protocol in CPT): It is based on HOP counts, minimum HOPs are optimal.

  • Link State Protocol(Open Shortest Path First): It is based on maximizing the bandwidth on a path.

RIP & OSPF

The magenta path is best according to RIP, Orange is best according to OSPF.

  • Advance Distance Vector Protocol(Enhanced Interior Gateway Protocol): It is based on bandwidth + delay(min)+travel time(min). An Autonomous number between [0, 65535] is a number given to all the routers in a network.

EIGRP and BGP

To connect areas with different autonomous numbers Border Gateway Protocol(BGP) is used. All routers(an area) having the same autonomous number can be configured at once however, the process ID of each router is different.

Router Rules

Implementation of EIGRP


Router>enable

Router#configure terminal

Router(config)#router EIGRP 100

Router(config)#network 192.168.1.0

Router(config)#network 192.168.2.0

Router(config)#exit

Enter fullscreen mode Exit fullscreen mode

only those networks that are directly connected (adjacent networks aka known networks) are used. After implementing EIGRP 2 routers can communicate with each other.

Switch

A switch is a device that is used to interconnect other devices like a PC, router, another switch, etc. It is quite analogous to the extension box. A switch can be used to form a LAN.

Switch Concepts

  1. Switch Ports
  2. Switch Rules
  3. Switch Modes
  4. Switch Configuration

Switch Ports

  1. Access Port: Used to connect switch with PC.
  2. Trunk Port: Used to connect the switch to a router or another switch.

Switch Rules

  1. Switch - router: It's recommended to connect to 1st port(0/1 probably).
  2. Switch - switch: It's recommended last port of a switch should be connected to 1st port of the next switch.

Switch Modes

  1. User mode
  2. Privilege mode
  3. Global Configuration mode ### Switch Configuration

Switch>enable

Switch#configure terminal

Switch(config)#interface fastethernet0/2

Switch(config-if)#switchport mode access

Switch(config-if)#exit

Enter fullscreen mode Exit fullscreen mode

VLAN

2 VLANs

VLAN stands for virtual local area network. VLAN in a way is a better alternative to subnetting.

Disadvantages of subnetting

  1. Time Consuming
  2. It's done at the user device, by giving a custom subnet mask.
  3. Increase in the workload of the network administrator.

Unlike subnetting VLAN configuration is done at the switch to which other devices are connected.

Advantages of VLAN over subnetting

  1. Easy and Less time consuming
  2. No need to configure the user device

VLAN Configuration

  1. Create a VLAN number [0-65535]
  2. Create VLAN Name
  3. Choose and configure(ACCESS/TRUNK) an interface of the switch.
  4. Link VLAN with the interface. ### Implementation
Switch>enable

Switch#vlan database

Switch#vlan 10 name VLAN1

Switch(config)#interface FastEthernet0/1

Switch(config-if)#switchport mode access

Switch(config-if)#switchport access vlan 10

Switch(config-if)#exit

Enter fullscreen mode Exit fullscreen mode

ACL

ACL

ACL stands for access control list. It is employed to control incoming and outgoing traffic(permit/deny) by configuring the router. It uses an entity called a Wild-Card mask.

Wild-Card Mask

The wild-card mask works similarly to the subnet mask, by ANDing the IP requested by the host to WCM. It can be used to block a whole network or a particular device on any network. It looks like 0.0.0.255 for a network and 0.0.0.0 for a device. For example, a host tries to access the unauthorized network 192.168.4.0 then after configuring ACL wildcard mask 0.0.0.255 is bitwise ANDed on the requested NID resulting in 0.0.0.0 hence denying access.

Type of ACL

Standard Extended
Old, not used now New, In use
For small networks For large networks
Number range: 0-99 number range: 100-199
Configured closed to destination Configured close to the source
Permit/Deny based on source IP permit/Deny based on source IP, Destination IP, Port no, protocol.

ACL Configuration(Extended)

denying connection through TCP, IMCP will still work(ping command)

Syntax:

Router(config)#access-list <ACL Number> permit/deny <protocol> <source IP> <source WCM> <destination IP> <destination WCM> <operator> <port no>

Enter fullscreen mode Exit fullscreen mode
Router(config)#access-list 110 deny TCP 192.168.1.10 0.0.0.0 10.0.0.2 0.0.0.0 eq 80

Router(config)#access-list 110 permit ICMP any any

Router(config)#interface fastethernet0/0 IP access-group 110 IN

Enter fullscreen mode Exit fullscreen mode

IMCP

TCP(HTTP)

fastethernet0/0 here is the interface of the source.

NAT for IP address conservation

NAT stands for network address translation. It is designed to preserve IP addresses. NAT is configured on the gateway router of a local network. It is essential from the security aspect.

Working

NAT allows a single device(such as a router) to act as an agent between the internet and a local network, which means that only a single unique IP address is required to represent an entire group of computers to anything outside the network.

NAT

NAT implementation


Router(config)#ip nat inside source static 10.0.0.2 200.1.1.2

Router(config)#interface gigabitethernet0/0/1

Router(config-if)#ip nat inside

Router(config-if)#exit

Router(config)#interface serial0/1/0

Router(config-if)#ip nat outside

Router(config-if)#exit

Enter fullscreen mode Exit fullscreen mode

NAT implementation

pinged for 10.0.0.2 but 200.1.1.2 replied

Firewall

It is a network security device that monitors and filters incoming and outgoing network traffic based on the configuration of the firewall. A firewall may be a hardware device or software.

Types

  1. Stateful: Records every stage from the beginning.
  2. Stateless: Only the current event is recorded. ### Firewall configuration

Choose 5505 firewall: firewall controls network traffic using two rules namely

  1. Inbound
  2. Outbound

Cisco Adaptive Security Appliance(ASA) firewall

It is a device that combines firewall, antivirus, intrusion prevention, VPN & SSL capabilities.

Points to consider

  1. We can’t assign IP directly to any interface of a firewall.
  2. We have to assign IP to VLAN & then link VLAN to any interface so IP address is indirectly assigned to an interface.
  3. The INSIDE network is inside your LAN.
  4. The OUTSIDE network will be out of LAN.
  5. VLAN 1 will always be linked with the INSIDE network.
  6. VLAN 2 will always be linked with the OUTSIDE network.
  7. SECURITY LEVEL of the INSIDE network will be 100 & OUTSIDE will be 0.
  8. Ethernet 0/1 of the firewall will be assigned to VLAN1.
  9. Ethernet 0/0 of the firewall will be assigned to VLAN2.

firewall

Configuring a firewall

STEP 1: REMOVE DEFAULT IP ADDRESS AND DHCP SCOPE RANGE


ciscoasa(config)# interface vlan 1

ciscoasa(config-if)# no ip address

ciscoasa(config-if)# exit

ciscoasa(config)# no dhcpd address 192.168.1.5 - 192.168.1.15 inside

Enter fullscreen mode Exit fullscreen mode

We can find this using the SHOW command

STEP 2: ASSIGN IP, NAME, AND SECURITY LEVEL TO VLAN 1&2

ciscoasa(config)# interface vlan 1

ciscoasa(config-if)# ip address 172.16.1.1 255.255.255.0

ciscoasa(config-if)# no shutdown

ciscoasa(config-if)# nameif inside

ciscoasa(config-if)# security-level 100

ciscoasa(config-if)# exit


ciscoasa(config)# interface vlan 2

ciscoasa(config-if)# ip address 210.2.2.2 255.255.255.0

ciscoasa(config-if)# no shutdown

ciscoasa(config-if)# nameif outside

ciscoasa(config-if)# security-level 0

ciscoasa(config-if)# exit

Enter fullscreen mode Exit fullscreen mode

STEP 3: LINK CORRESPONDING VLAN 1&2 WITH RESPECTIVE INTERFACE

ciscoasa(config)# interface ethernet0/1

ciscoasa(config-if)# switchport access vlan 1

ciscoasa(config-if)# exit

ciscoasa(config)# interface ethernet0/0

ciscoasa(config-if)# switchport access vlan 2

ciscoasa(config-if)# exit

Enter fullscreen mode Exit fullscreen mode

STEP 4: CONFIGURE DHCP & DNS SERVER

We can give DHCP range as much as we want, here we give 6 IP's starting from 1.5 to 1.10


ciscoasa(config)# dchpd address 172.16.1.5 - 172.16.10 inside

Enter fullscreen mode Exit fullscreen mode

Above command allows all computers from inside the network to communicate with the DNS server.

STEP 5: CONFIGURE DEFAULT ROUTE

The command will let the firewall communicate with the outside network. 0.0.0.0 means any source IP can communicate with any destination IP through router IP 210.2.2.1


cisocasa(config)# route outside 0.0.0.0 0.0.0.0 210.2.2.1

Enter fullscreen mode Exit fullscreen mode

STEP 6: OBJECT NETWORK CREATION & ENABLING NAT

This will allow the INSIDE network to communicate with the OUTSIDE network (& vice-versa) with the public IP address.


ciscoasa(config)# object network LAN

ciscoasa(config-network-object)# subnet 172.16.1.0 255.255.255.0

ciscoasa(config-network-object)# nat (inside,outside) dynamic interface

Enter fullscreen mode Exit fullscreen mode

STEP 7: CREATE ACL

Here we are using EXTENDED NAMED ACL( i.e 3rd type of ACL apart from the previous two where we use alphabets instead of numbers). This ACL allows both TCP and ICMP traffic to be allowed outside the network.


cisco(config)# access-list inside_to_internet extended permit tcp any any

cisco(config)# access-list inside_to_internet extended permit icmp any any

cisco(config)#access-group inside_to_internet in interface outside

Enter fullscreen mode Exit fullscreen mode

STEP 8: CONFIGURE ROUTER

ASSIGN IP ADDRESS TO ROUTER, Configure OSPF for ISP Router


router(config)# router ospf 1

router(config)# network 210.2.2.0 0.0.0.255 area 0

router(config)# network 210.2.20.20 0.0.0.255 area 0

router(config)# exit

Enter fullscreen mode Exit fullscreen mode

STEP 9: Go to PCs

Switch to DHCP addressing.

Security

Security means securing something from unauthorized access, minimizing vulnerabilities, etc through layers of defense. Read more about networking security here.

Virtualization

It is the process of creating a virtual instance of a system within an already running system. This virtual instance act as a sandbox environment, any changes made to the sandbox environment stay there and are not leaked to the original system. It's a good means of experimenting without any additional cost.

Selection of OS

There are specially designed operating systems for practicing and experimenting with security. For example Kali Linux, Parrot OS, etc. These are Debian-based Linux distros. Kali Linux comes with 300+ inbuilt tools

for auditing and exploitation and capabilities for vulnerability assessment.

Network Scanning

Networking Scanning means finding crucial details about the network, which are used to analyze the network and its vulnerabilities.

Fing(application)

It is a mobile/desktop application used for network scanning. The device with 'fing' should be connected to the network. It will show

  • open ports
  • number of devices and their IP addresses
  • MAC addresses of all the devices
  • Services running on the network

get fing here

NMap(CLI tool)

Nmap means network mapper. It is a command-line tool for analyzing a network or even a particular host in a network. Usage:


$ NMAP -sT 192.168.0.0/24

$ NMAP -sT 192.168.0.2

$ NMAP -sT google.com

Enter fullscreen mode Exit fullscreen mode

Nmap is pre installed in kali linux, use Nmap -h for a complete list of wild cards to use with Nmap

Traffic Analysis

WireShark

This is an information-gathering tool. It is used to monitor the incoming and outgoing packets. It allows various facilities like filtering based on protocol, source, destination, etc.

it's pre installed in kali linux

Splunk

It is a web-based application for indexing, storing, and analyzing data. It can be configured to work with real-time data. It can also act as a firewall or antivirus, can create alerts, etc. There are a lot of resources for data to analyze in Splunk.

IDS and IPS

IDS stands for Intrusion Detection System and IPS stands for Intrusion Protection System. IDS can only detect an intrusion in the system but can't perform any action in response to that, For example, Wireshark, CCTVs, etc. IPS on the other hand will not only detect the intrusion but can also perform an action to prevent the intrusion.

Honeypot

A honeypot is a system through which creates an illusion of a vulnerable target to acts as bait for attackers. When an attacker tries to attack the fake target, the attacker ends up leaving its own information. Also, the attacker can't perform an attack on the fake target. There are many honeypots available namely, pentbox, honeydrive, etc.

Summary

You might not be able to hack into some reputed company with this knowledge, but I'm sure you'll have a better understanding of basic networking.

Discussion (0)

Forem Open with the Forem app