autumn orange logo
  • [Landing]
  • [Letters]
  • [Crafts]
  • [Collections]
  • autumn orange logo
  • [Landing]
  • [Letters]
  • [Crafts]
  • [Collections]
  • user profile picture
  • [Coven]
  • [Profile]
  • user profile picture
  • [Coven]
  • [Profile]
  • a orange logo

    Principles of Networks and Security

    Everything is connected to every other thing- their ability to communicate and share data is based on their network. Networks allow data to move around. Networks can be between a small number of devices, or many. The internet is more or less a connection between every online device to every other online device.

    Sensors๐ŸŒก๏ธ generate data that can be accessed via a wireless network.

    Networks aren't necessarily just a concept in computing, since families can be networks that transmit data between family members. Networks are most often visualized through graphs to make them easier to understand, connecting end points, or terminals, which then communicate over intermediate devices, which includes routers, and switches. If a device wants to connect to the internet, it will need a router to do so, however for purely device to device communication you can just use a switch.

    Noteably, you can have an isolated network by connecting important servers only by a switch, and have one system connecting with both other machines on the switch LAN and the internet at the same time, allowing you to have one connected access point.

    The Internet

    is made up of three main "nuts and bolts. Networks are collections of devices, routers, and links, managed by an organization, and the internet is the networks that connect networks together.

    End systems Intermediary Network Devices Communication links
    Hosts and clients run software or applications Forwards packets (chunks of data) Fiber, copper, wireless, picks up, or disperses data
    Hosts

    Any computer connected to a network, client or server, is also known as a host.

    Protocols

    are agreed upon rules for communicating between systems, such that systems can communicate with and each other in a common way.

    Internet standards

    Individual home network routers are known as "edge" routers because they're the closest to devices, with each local network of devices existing like an island, then those islands are connected by Internet Service Providers. Sometimes Internet Service Providers mutually agree to share protocols and infrastructure, others charge each other as data passes from network provider to network provider.

    Intermediary Network Devices

    Includes wireless routers, LAN switches, routers, multilayer switches, firewall appliances

    Services are built on top of computer networks, applications run on systems, built on top of services.

    Services

    Services are built on top of computer networks, and applications run on end systems built on top of services. Media on the other hand is exchanged one way or another, and does not continuously require network.

    Network Applications run on different end systems and communicate over a network, eg, a web browser on a client side can send a request a website from a server.

    Servers provide data to clients and access resources along with permissions, while clients install software which can request data from a server.

    Services can be provided from a server to clients (Client-Server model), or between clients directly where each one acts as a server and client (peer-to-peer.)

    Server Client Peers Hybrid
    Servers need to be on 24/7 in order to receive and respond to requests, and have a fixed, well-known IP address Clients request services, may be intermittently connected with dynamic or static IP addresses, and clients do not communicate directly with each other.
    Data is spread across "peer" hosts, which request services from other peers which act as a client. It's easy to set up and cost-effective, but not as secure, and runs slower. Services that use both a central Server and Peer to Peer connection, for example authentication may be handled centrally and then provided. Mastodon is a great example.

    Types of networks

    Body Area Network (BAN)
    Connects to warbles or implanted devices within a few meters, using technologies such as Bluetooth, ZigBee, RFID, or Wi-Fi. Body Area Networks encompass networks between devices inside your body to other devices in your body, and optionally outside devices like a smart watch.

    Personal Area Network (PAN)
    Connect personal devices, such as a laptop, smart phone, printer, portable game module, tablet, PC and other peripherals using technology such as bluetooth, hotspot, ZigBee, RFID, Wi-Fi.

    Local Area Network (LAN)
    Connect devices within a single building, home, office, or school, through Ethernet, Wi-Fi, or bluetooth. This router can also work as an edge router for the Internet core, which is where the main routers are located.

    Metropolitan Area Networks (MAN)
    MAN networks cover a larger range of areas than the LAN network, such as an entire city or town

    Wide Area Networks (WAN)
    LANs seperated by geographic distance are connected by a network known as WAN. WAN includes multiple states, countries, and the world. You an think of the Internet as a network of networks, WAN is used interchangeably to refer to it.

    Structures of networks

    Fault Tolerance states that data should be stored redundancy, and networks should have alternate connection routes in case a device or link fails.

    Scalability determines how easy or difficult it is to add additional users to a network without reducing performance.

    Quality of Service is managed by the router and ensures that priorities are matched with the type of communication and its importance to the organization

    Security covers authentication, privacy, and reliability. Administrators need to protect the network with software and hardware security, and by preventing physical access to network devices.

    Layers of the Internet

    Edge, core, and acccess. The network edge contains hosts, which are clients and servers, the last stop on the network. Access networks and physical media include wired,or wireless communication links- anything that connects the edge to the core of the network. The network core is made up of interconnected, high-performance routers- also known as the network of networks, or WAN.

    Objection! Some servers are hosted in the core, not the edge, as is the case with cloud computing or CDNs (content distribution networks) as some major companies, such as Google or Facebook, may run network infrastructure through their CDNs or data centers to reduce latency.

    Access Networks contain Residental access (home) DSL, cable network, FTTH, and 5g fixed wireless, Enterprise access (school, company, home) Etherent (wired LAN), and Wi-Fi (wireless LAN), and Mobile Access Networks (Wi-Fi, LTE 4G/5G)

    CP / IP Handles data, HTTP/HTTPS handles web access, and RTC handles real time communication for data intensive serivces.

    Network Applications run over a network, not on a network. Routers do however need special infrastructure to handle resending dropped packets, and redirecting packets in the evnet of a failure. Essentially, there needs to be fault tolerance.

    Bits

    Data needs to be delivered in a series of bits, it must be converted into signals that can be sent across the network media to its destination (bits -> signals) (signals can come in different types, wired, wireless, etc)

    The network media can take many shapes and forms- and doesn't need to have the same transmitter / receiver pair to work along the way.

    Unguided media is natural, not man made, and includes the atmosphere, water, and deep space. Guided media is man made, and includes twisted pai (copper) wires, coaxial cable, or fiber optic (silica). Media can also be sent over the air through electromagnetic waves.

    Shower thought- Fiber optic cables don't need to be in twisted pairs because light is much less susceptible to interference

    Twisted Pair Coaxial Fiber Optical
    Twisted-pair copper cables are the least expensive and are often used for telephone and Ethernet networks. They have a limited distance of 100 meters, and they are sensitive to electromagnetic interference (EMI). Coaxial cables are expensive for cable or broadband internet, but are difficult to manage
    Fiber-optic cables are the most expensive (backbone of the internet) and can handle long distance communications with higher bandwidth and are completely immune to EMI.

    Unshielded twisted pair (UTP) vs Shielded twisted pair (STP) cables. Less expensive, more susceptable to interference, vs more expensive, shielded against interference. Unshielededpairs have each set of wires free inside the plastic shell, while shielded cables have foil shields wrapping every wire, as well as an additional braded of foil shield shell surrounding all of the inner indvidually shielded wires.

    Single-model fiber (SMF) is generally more expensive than MMF, ahs a smaller core, higher bandwidth, and longer transmission distance. Single mode fiber uses a laser to send a signal.

    Multi-mode fiber (MMF) is less expensive and contains a larger core. It has lower bandwidth compared to MSF, as multiple light paths (modes) can cause distortion over longer distances, thus, it has a shorter practical transmission distance. Multi-mode fiber optics use LEDs over lasers, and are more often used in LANs or distances of a couple hundred meters within a campus network.

    Undersea cables are usually manged by international ISPs, there are many which connect country to country, so it's also possible for countries to directly negotiate. They are part of the network core, and are a great example of WAN. Routers and switches are also part of it, conencting and handling connections sent through the cables.

    Topology Diagrams

    provide a viasual map of how the network is connected. I hope you liked E-R diagrams because here we go again (I actually really enjoy making them so.. I can't complain)

    Modems vs Routers

    In the past, routers would allow you to connect to your local area via an ISP, however it wouldn't have the capcity to handle WAN communication, so you would need an additional device, a Modem, to convert and handle data for sharing over long distances, eg, the internet. Nowadays, the fucntionality of modems is built into routers, so they're more or less now one combined devices.

    Latency is the ammount of time it takes for data to travel from a sender to its destination. It's impotant for measuring netowrk performance, and can be checked in several wyas such as round-trip time, or a one-way data transfer. It's usually measured in seconds, but can be measured in milliseconds (ms) if speeds are high enough. Delay types include transmission delay, propocation delay, queuing delay,, and processing delay. Combined, they're called end-to-end delay, which includes the time it takes to be forwarded by a router or switch, waiting in queue, time spent travel through a link.

    If your network is running slow during peak hours, it's because of congestion.

    Bandwidth

    Measures the maximum amount of data that can pass through a network medium (wired or wireless) in a fixed interval of time. Capacity, or the theoretical maximum bit rate based. Bandwidth is not affected by the diatance between two points, or necessairily how fast it can turn on and off (although this is a factor), but the throughput is the actual ammount of data that can pass through a network medium in a fixed interval of time.

    THe line rate is the actual consistant bit rate for a particular link. The number of bits that can be sent over one second. We'll assume this as a fixed rate for this course.]

    Examples of bandwidth, throughput, and line rates

    My DSL cable line could cary up to a capacity of 64 Mbps (bandwidth), but my line rate is 15 Mbps because I'm paying for the basic internet plan at $35 per month.
    Last time I did an iTunes download, I got a throughput of abot 10.4 Mbps.

    SI Prefix (international system of units) works in powers of 10, while binary prefix is a different prefix system that works wiht powers of 2, rather than 10. Machines use binary. Bits are small b, bytes are large B. Eg, Mbps vs MBps. You can tell if you're working with Binary prefix or SI prefix because the measurement will have i for binary prefix, eg Gi Ki, etc. Each letter up raises the power the letters are raised to by a power of three, eg killo is 10^3, mega is 10^6, giga is 10^9, etc.

    Basically, i = 2^n, no i, 10^n, if b is lower case it's a bit, if B is upper case it's a byte. Gibps vs MBps for example.

    A byte is a bit multiplied by 2^3

    Transmission Speed (SI) File Size (SI) Transmission Speed (Binary) File Size (Binary)
    Kbps = 10^3b Kb Kibps = 2^10b Kib
    Mbps = 10^6b Mb Mibps = 2^20b Mib
    Gbps = 10^9b Gb Gibps = 2^30b Gib
    Tbps = 10^12b Tb Tibps = 2^40b Tib

    Make sure to include equations in your answers on tests or you will lose points

    Remember that you can decompose and move around values between exponents to simplify- for example, because 20 breaks down into 2 and 10

    To help connect ISPs together, Internet Exchange Points allow packets to be handed off between service providers without them charging each other. Tier 1 internet providers are the networks that provide the backbone of the internet, allowing data to be exchanged between continents and countries. Tier 2 ISPs are regional, and Access ISP are local for areas that don't have coverage provided by a Tier 1 or 2 provider.. Content provider networks are run by companies such as Google or Microsoft to being content closer to end users, often bypassing tier-1 regional ISPs.

    Encapsulation / Decapsulation

    When files are encapsulated on the source side headers are added in the application layer, then have additional data added as they pass through each step

    Protocol Data Units are a single unit of data transmitted among peer entities of a computer network. A PDU is composed of protocol-specific control information and user data. PDUs include messages, segments, datagrams/packets, frames, and bits. Encapsulation adds each layer's headers and decapsulation strips them off at the other end.

    Application layer (5) (software)

    A datagram is a contained unit packed and ready to be sent through a network.

    DHCP

    DHCP, or dynamic host configuration protocol, assigns IP addresses to routers and devices on a specific network. Devices that join try to find and communicate with a DHCP server, for most consumer devices this will be built into the router, but for some large scale networks one or more dedicated machines may be used. For this class, you only need to worry about one such server.

    The DHCP server returns the following:

    1. IP Address
    2. Subnet Mask
    3. Default Gateway Address
    4. DNS server address
    5. Lease time

    ARP

    IP addresses are resolved by DNS, then IP addresses need to be resolved to MAC addresses- this is where ARP (Address resolution protocol) comes in, translating IPs to MACs on the same subnet only. Because routers are connected to other routers on a broader subnet, they can use ARP to find the next hop in sequence and then pass the packet along.

    How does ARP know who else is out there? ARP broadcasts a "MARCO" request and waits for other devices to respond "POLO" with their MAC addresses and IP addresses. You can also do an advanced technique called LYING to do a little IP spoofing.

    Unicast vs Anycast vs Multicast
    Unicast is one-to-one
    Anycast is one-to-many all (eg, FF:FF:FF:FF:FF to broadcast to all devices)
    Multicast is one-to-many, but only within a group

    ICMP, or Intenret Control Message Protocol helps with error reporting

    Switch Forwarding (layer 2, so no IP address)

    Every switch has a forwarding table (MAC table). Each entry contains MAC addresses of the host, interface to reach the host on, and a time stamp.

    Switches learn which hosts can be reached through which interfaces by receiving incoming frames from each device and adding it to the forwarding table. Instead of devices sending DHCP requests and getting IPs, switches just check when a packet comes from a given ethernet port and notes down the address of the sender. For anycast packets, layer 2 switches send packets to every port, even if it doesn't know if a device is listening. If a unicast packet is sent and the destination is unknown, the switch will flood it, eg, sending it to each connection as if it was an anycast packet. ๐Ÿ›‘ Routers will never do this. ๐Ÿ›‘

    The Mac address of the local router is called the default gateway. Sometimes the router's IP is referred to as the gateway instead.

    You can find other devices using arp -a -l and check your IP neighbors with ip neighbor

    Status codes

    Information Success Redirect Client Error Server Error
    100-199 200-299 300-399 400-499 500-599

    The maximum transmission unit size is the largest a packet can be, Ethernet sets the limit at 1500 bytes.

    IP protocol characteristics

    Binary (base 2) to Decimal (base 10) conversions (and vice versa)

    Binay to decimal
    8 bit binary numbers have 8 places, with each being twice the one following it to add up to any number between 0 and 255, which would be the case if the bits were 11111111.

    128's 64's 32's 16's 8's 4's 2's 1's
    2^7 2^6 2^5 2^4 2^3 2^2 2^1 2^0

    Decimal to binary
    Converting decimal to binary has an elegant trick, divide the number (less than 255) by two repeatedly and leave a 1 every time there is a remainder, otherwise, leave a zero and keep going.

    The / after your IP address is called the subnet mask or network mask determines how many bits are part of the network address; however many are left represent the host address

    Reserved IPs
    The first IP address, Network ID is always has its host bits set to 0 and refers to the network itself, while the last IP address is all 1s and is called the Broadcast IP, which sends the data to all devices on the network (eg, FF.FF.FF.FF)

    IPv6 address have 128 bits, or 16 bytes, while IPv4 addresses have 64 bits, or 4 bytes.

    The limited broadcast ip is always 255.255.255.255 and broadcasts to your local network, while the dedicated broadcast ip starts with the ip of the subnet and ends with the last possible IP for that subnet. So far, we've been talking only about directed broadcast IPs.

    Classful & Classless addressing

    Before classless addressing, when we still used classful addresses
    Class A IPs: Few networks, each with many hosts (1 byte host, 3 byte device)
    Class B: Medium networks, medium hosts (2 byte host, 2 byte device)
    Class C IPs: Many networks, with a few hosts
    Class D: All 1s, reserved for multicast
    Class E: Reserved for experimental purposes

    Now we just throw on a subnet mask with variable network and host bits, which is called Classless Inter-Domain Routing, or CIDR. Other solutions to classful addressing include IPv6, and NAT.

    ICANN and IP assignment

    IANA, or the Internet Assigned Numbers Authority is a subdivision of ICANN (the Internet Corporation for Assigned Names and Numbers) that handles assigning blocks of IP addresses globally to RIRs, or Regional Internet Registries. There are 5 RIRs, including APNIC, ARIN, RIPE NCC, LACNIC, and AFRINIC. IANA also manages root DNS servers, assigns domain names, and handles domain name disputes.

    1. RIRs get a block if IP addresses to assign to ISPs
    2. ISPs allocate smaller blocks of IP addresses to customers as needed, using an appropriate subnet mask
    3. IPs given to local networks are then used to map devices in internal LANs
    4. IP Subnetting takes an IP block address assigned by an ISP and divides it into even smaller subnetworks, if needed

    Network Address Translation (NAT)

    NAT allows you to hide the composition of a network from the outside world, with the entire network addressed by a single public IP address.

    Without NAT, every device needs it's own IP, but with NAT a single locally unique IP can be assigned to each device with each one behind a single public IP.

    Private IPs cannot be used as source or destination addresses because the same private IP may appear countless places across the web.

    10.---.---.---, 192.168.---.---, and 172.16โ€“31.---.---, are all private IP addresses that are locally unique. T

    NAT has some major security upsides, because devices inside the local network are not directly addressable / visible to the outside world

    A NAT Translation table is populated when a network request is sent to an outside address mapping internal addresses and ports within the LAN to global WAN side addresses.

    Handling IPv6

    There's still around 20 years left until IPv6 will be fully mandatory, as it stands now some systems have been upgraded with others still running IPv4. To handle intermediary communication between IPv6 routers over IPv4 routers, routers with the ability to handle both encapsulate the IPv6 packet such that it has an IPv4 address which can decapsulate it before sending it along more IPv6 compatible routers to its destination.

    Transport layer

    Transport layer items are identified not by IP addresses, but by port numbers while application layer modules are usually identified by domain names.

    The transport layer handles logical communication between application processes running on different hosts. It handles the network on behalf of applications, and deals with applications on behalf of the network. Importantly, it's end to end and not point to point.

    Transport protocol actions in end systems have two parts:

    Transmission Control Protocol (TCP) uses reliable, in-order delivery using Segment numbers and ACK#, congestion control to avoid overwhelming the network, flow control to avoid overwhelming the receiver, and is connection oriented. NACK can also be sent as a negative acknowledgement if a packet needs to be resent.

    TCP starts by sending a SYN (SYNC) packet resetting packet sequence values and ensuring that both ends are ready, once the server sends an ACK data transmission can begin.
    ``
    User Datagram Protocol (UDP) is unreliable, with unordered delivery, it's a 'no frills', 'bare bones' protocol that gives it's best effort, but UDP segments may be lost. UDP is connection-less, meaning there's no handshaking between the sender and receiver.

    Sockets

    When two programs are executed on hosts, a client and server process are created that communicate with each other using sockets, or software interfaces. Applications use the socket API to create sockets and bind them to port numbers, which can then push and receive messages on a given port. The processes then rely on other network layers to deliver the packet to the other side's socket, which then receives the data.

    ๐Ÿ’  Port numbers are made up of 16-bit binary numbers ranging fro 0 to 65535, well known port numbers are restricted ranging form 0-1023, including HTTP on port 80, DNS on port 53, and FTP on port 21. General use ports range from 1024-65535.

    The transport layer is:

    1. Passed an application layer message
    2. Determines segment header field values
    3. Creates a segment
    4. Passes segments to IP

    Multiplexing and demultiplexing extend host to host delivery service to process-to-process, allowing multiple data chunks at the source from different sockets to create encapsulated segments, which are then passed to the network layer. Demultiplexing happens after the data is delivered, and the segment is passed back to the transport layer where the correct sockets are called with their respective data.

    Each datagram carries one transport-layer segment, each datagram has a source and destination IP, while a segment has a source, destination, and port number.

    UDP = 2-Tuple multiplexing needs a destination port number and destination IP address, while TCP = 4-Tuple multiplexing source + destination IPs and port numbers

    Application Application-layer protocol Underlying transport protocol
    E-Mail SMTP TCP
    Web HTTP TCP
    File transfer FTP TCP
    Name translation DNS UDP
    Web HTTP/3 UDP

    TCP is fully tolerant, while UDP is only delay tolerant, meaning if a packet arrives late it doesn't hold things up too much.

    A note on processes

    It's NOT actually the programs, but rather processes that talk to each other.

    DNS Hierarchy

    1. Root servers
    2. Top level domain (TDL) servers, including .com DNS servers, .org DNS servers, and .edu. DNS servers.
    3. Authoritative servers (domains), including google.com DNS servers, amazon.com DNS servers, pbs.org DNS servers, or depaul.edu DNS servers.

    Recursive queries

    1. Host requests IP from local DNS server
    2. Root DNS server directly contacts TLD DNS server
    3. TLD DNS server directly contacts authoritative DNS server
      From there, the TLD DNS gets the ip from the authoritative server, which gets passed back to the root dns server, passed back to the local dns server.

    Non-recursive queries

    1. Host requests IP from local DNS sever
    2. Host requests IP from root DNS server
    3. Host requests IP from TLD DNS server
    4. Host requests IP from authoritative server

    DNS poisioning is when attackers insert a fake IP into a DNS server.

    Non-repudiation** = the sender of the message cannot later deny having sent that message

    A firewall is a security guard that can forward allow a packet, redirect a packet, silently deny a packet, or respond with an icmp packet explaining why the packet is being declined

    What do hackers want?

    1. Data access
    2. Bot nodes (for DDoS attacks / DoS attacks)
    3. Money

    Protecting an entire network is Network security, protecting information at rest is information security, and protecting a device is device / computer security.

    Computer security

    is the application of hardware and software security features to a computer system, usually limited to a single computer.

    Common malware includes

    1. Virus - Attaches itself to a clean file and replicates itself through the modification of other files
    2. Worm - Like a virus, except it replicates and spreads through networks and don't need to attach themselves to a file, so they run primarily through backdoors
    3. Trojan - Looks like legit software, it's not.
    4. Logic Bomb - A malicious script that triggers at a specific time and date
    5. Backdoor
    6. Spyware - Monitors user computer activity and sends it back to the malicious users. Eg, keyloggers.
    7. Ad-ware
    8. Rootkit
    9. Botnet
    10. Wiper
    11. Scare-ware
    12. Ransomware - Encrypts a victim's files or system until a ransom is paid

    How do you get infected?

    1. USB drives
    2. Removable data / disks / SD cards
    3. Malicious links / file downloads
    4. Social engineering / tricking users with social skills, eg, phishing, email attachments

    Network security

    Protection of networks and their services from unauthorized modification, destruction, or disclosure.

    Network security can help mitigate Denial of Service attacks, which use Ping, or might use a Ping of Death attack (which sends oversize packets to halt a server)

    Network spoofing attacks

    1. ARP spoofing - False ARP msg linking attacker IP with legitimate MAC, pretending as a one-off
    2. ARP poisoning - An attacker replaces a legitimate mac address with a false one in an ARP table
    3. DNS spoofing - Fake DNS entires injected into server
    4. DNS poisoning -
    5. Email spoofing - Altered email header file
    6. URL spoofing
    7. IP spoofing - Change source / destination IP to hide attacker's identity
    8. Message alteration attack - The payload of a packet is changed, rather than just the header
    9. Replay attacks store data sniffed from a connection and uses it later
    10. Evil Twin attacks broadcast a fake Wi-Fi network to collect data run through the connection