Principles of Networks and Security

Everything is connected to every other thing- their ability to communicate and share data is based on their network. Networks allow data to move around. Networks can be between a small number of devices, or many. The internet is more or less a connection between every online device to every other online device.

Sensors🌡️ generate data that can be accessed via a wireless network.

Networks aren't necessarily just a concept in computing, since families can be networks that transmit data between family members. Networks are most often visualized through graphs to make them easier to understand, connecting end points, or terminals, which then communicate over intermediate devices, which includes routers, and switches. If a device wants to connect to the internet, it will need a router to do so, however for purely device to device communication you can just use a switch.

Noteably, you can have an isolated network by connecting important servers only by a switch, and have one system connecting with both other machines on the switch LAN and the internet at the same time, allowing you to have one connected access point.

The Internet

is made up of three main "nuts and bolts. Networks are collections of devices, routers, and links, managed by an organization, and the internet is the networks that connect networks together.

End systems	Intermediary Network Devices	Communication links
Hosts and clients run software or applications	Forwards packets (chunks of data)	Fiber, copper, wireless, picks up, or disperses data

Hosts

Any computer connected to a network, client or server, is also known as a host.

Protocols

are agreed upon rules for communicating between systems, such that systems can communicate with and each other in a common way.

Internet standards

RFC: request for comments are technical papers that serve as official documents rfc-editor
IETF: Internet engineering task force

Individual home network routers are known as "edge" routers because they're the closest to devices, with each local network of devices existing like an island, then those islands are connected by Internet Service Providers. Sometimes Internet Service Providers mutually agree to share protocols and infrastructure, others charge each other as data passes from network provider to network provider.

Intermediary Network Devices

Includes wireless routers, LAN switches, routers, multilayer switches, firewall appliances

Regenerate and re-transmit data signals
Maintain info about what pathways exist through the network
Notify other devices of errors and communication failures
Direct data along alternative pathways when there is a link failure
Classify and direct messages according to priorities
Permit or deny the flow of data, based on security settings

Services are built on top of computer networks, applications run on systems, built on top of services.

Services

Services are built on top of computer networks, and applications run on end systems built on top of services. Media on the other hand is exchanged one way or another, and does not continuously require network.

Network Applications run on different end systems and communicate over a network, eg, a web browser on a client side can send a request a website from a server.

Servers provide data to clients and access resources along with permissions, while clients install software which can request data from a server.

Services can be provided from a server to clients (Client-Server model), or between clients directly where each one acts as a server and client (peer-to-peer.)

Server	Client	Peers	Hybrid
Servers need to be on 24/7 in order to receive and respond to requests, and have a fixed, well-known IP address	Clients request services, may be intermittently connected with dynamic or static IP addresses, and clients do not communicate directly with each other.	Data is spread across "peer" hosts, which request services from other peers which act as a client. It's easy to set up and cost-effective, but not as secure, and runs slower.	Services that use both a central Server and Peer to Peer connection, for example authentication may be handled centrally and then provided. Mastodon is a great example.

Types of networks

Body Area Network (BAN)
Connects to warbles or implanted devices within a few meters, using technologies such as Bluetooth, ZigBee, RFID, or Wi-Fi. Body Area Networks encompass networks between devices inside your body to other devices in your body, and optionally outside devices like a smart watch.

Personal Area Network (PAN)
Connect personal devices, such as a laptop, smart phone, printer, portable game module, tablet, PC and other peripherals using technology such as bluetooth, hotspot, ZigBee, RFID, Wi-Fi.

Local Area Network (LAN)
Connect devices within a single building, home, office, or school, through Ethernet, Wi-Fi, or bluetooth. This router can also work as an edge router for the Internet core, which is where the main routers are located.

Metropolitan Area Networks (MAN)
MAN networks cover a larger range of areas than the LAN network, such as an entire city or town

Wide Area Networks (WAN)
LANs seperated by geographic distance are connected by a network known as WAN. WAN includes multiple states, countries, and the world. You an think of the Internet as a network of networks, WAN is used interchangeably to refer to it.

Structures of networks

Fault Tolerance states that data should be stored redundancy, and networks should have alternate connection routes in case a device or link fails.

Scalability determines how easy or difficult it is to add additional users to a network without reducing performance.

Quality of Service is managed by the router and ensures that priorities are matched with the type of communication and its importance to the organization

Security covers authentication, privacy, and reliability. Administrators need to protect the network with software and hardware security, and by preventing physical access to network devices.

Layers of the Internet

Edge, core, and acccess. The network edge contains hosts, which are clients and servers, the last stop on the network. Access networks and physical media include wired,or wireless communication links- anything that connects the edge to the core of the network. The network core is made up of interconnected, high-performance routers- also known as the network of networks, or WAN.

Objection! Some servers are hosted in the core, not the edge, as is the case with cloud computing or CDNs (content distribution networks) as some major companies, such as Google or Facebook, may run network infrastructure through their CDNs or data centers to reduce latency.

Access Networks contain Residental access (home) DSL, cable network, FTTH, and 5g fixed wireless, Enterprise access (school, company, home) Etherent (wired LAN), and Wi-Fi (wireless LAN), and Mobile Access Networks (Wi-Fi, LTE 4G/5G)

CP / IP Handles data, HTTP/HTTPS handles web access, and RTC handles real time communication for data intensive serivces.

Network Applications run over a network, not on a network. Routers do however need special infrastructure to handle resending dropped packets, and redirecting packets in the evnet of a failure. Essentially, there needs to be fault tolerance.

Bits

Data needs to be delivered in a series of bits, it must be converted into signals that can be sent across the network media to its destination (bits -> signals) (signals can come in different types, wired, wireless, etc)

The network media can take many shapes and forms- and doesn't need to have the same transmitter / receiver pair to work along the way.

Unguided media is natural, not man made, and includes the atmosphere, water, and deep space. Guided media is man made, and includes twisted pai (copper) wires, coaxial cable, or fiber optic (silica). Media can also be sent over the air through electromagnetic waves.

Shower thought- Fiber optic cables don't need to be in twisted pairs because light is much less susceptible to interference

Twisted Pair	Coaxial	Fiber Optical
Twisted-pair copper cables are the least expensive and are often used for telephone and Ethernet networks. They have a limited distance of 100 meters, and they are sensitive to electromagnetic interference (EMI).	Coaxial cables are expensive for cable or broadband internet, but are difficult to manage	Fiber-optic cables are the most expensive (backbone of the internet) and can handle long distance communications with higher bandwidth and are completely immune to EMI.

Unshielded twisted pair (UTP) vs Shielded twisted pair (STP) cables. Less expensive, more susceptable to interference, vs more expensive, shielded against interference. Unshielededpairs have each set of wires free inside the plastic shell, while shielded cables have foil shields wrapping every wire, as well as an additional braded of foil shield shell surrounding all of the inner indvidually shielded wires.

Single-model fiber (SMF) is generally more expensive than MMF, ahs a smaller core, higher bandwidth, and longer transmission distance. Single mode fiber uses a laser to send a signal.

Multi-mode fiber (MMF) is less expensive and contains a larger core. It has lower bandwidth compared to MSF, as multiple light paths (modes) can cause distortion over longer distances, thus, it has a shorter practical transmission distance. Multi-mode fiber optics use LEDs over lasers, and are more often used in LANs or distances of a couple hundred meters within a campus network.

Undersea cables are usually manged by international ISPs, there are many which connect country to country, so it's also possible for countries to directly negotiate. They are part of the network core, and are a great example of WAN. Routers and switches are also part of it, conencting and handling connections sent through the cables.

Topology Diagrams

provide a viasual map of how the network is connected. I hope you liked E-R diagrams because here we go again (I actually really enjoy making them so.. I can't complain)

Physical topology diagrams illustrate the actual physical location of intermediary devices and cable instillations
Logical topology diagrams illustrate which end devices are connected to which intermediary devices and what media is being used.

Modems vs Routers

In the past, routers would allow you to connect to your local area via an ISP, however it wouldn't have the capcity to handle WAN communication, so you would need an additional device, a Modem, to convert and handle data for sharing over long distances, eg, the internet. Nowadays, the fucntionality of modems is built into routers, so they're more or less now one combined devices.

Latency is the ammount of time it takes for data to travel from a sender to its destination. It's impotant for measuring netowrk performance, and can be checked in several wyas such as round-trip time, or a one-way data transfer. It's usually measured in seconds, but can be measured in milliseconds (ms) if speeds are high enough. Delay types include transmission delay, propocation delay, queuing delay,, and processing delay. Combined, they're called end-to-end delay, which includes the time it takes to be forwarded by a router or switch, waiting in queue, time spent travel through a link.

If your network is running slow during peak hours, it's because of congestion.

Bandwidth

Measures the maximum amount of data that can pass through a network medium (wired or wireless) in a fixed interval of time. Capacity, or the theoretical maximum bit rate based. Bandwidth is not affected by the diatance between two points, or necessairily how fast it can turn on and off (although this is a factor), but the throughput is the actual ammount of data that can pass through a network medium in a fixed interval of time.

THe line rate is the actual consistant bit rate for a particular link. The number of bits that can be sent over one second. We'll assume this as a fixed rate for this course.]

Examples of bandwidth, throughput, and line rates

My DSL cable line could cary up to a capacity of 64 Mbps (bandwidth), but my line rate is 15 Mbps because I'm paying for the basic internet plan at $35 per month.
Last time I did an iTunes download, I got a throughput of abot 10.4 Mbps.

SI Prefix (international system of units) works in powers of 10, while binary prefix is a different prefix system that works wiht powers of 2, rather than 10. Machines use binary. Bits are small b, bytes are large B. Eg, Mbps vs MBps. You can tell if you're working with Binary prefix or SI prefix because the measurement will have i for binary prefix, eg Gi Ki, etc. Each letter up raises the power the letters are raised to by a power of three, eg killo is 10^3, mega is 10^6, giga is 10^9, etc.

Basically, i = 2^n, no i, 10^n, if b is lower case it's a bit, if B is upper case it's a byte. Gibps vs MBps for example.

A byte is a bit multiplied by 2^3

Transmission Speed (SI)	File Size (SI)	Transmission Speed (Binary)	File Size (Binary)
Kbps = 10^3b	Kb	Kibps = 2^10b	Kib
Mbps = 10^6b	Mb	Mibps = 2^20b	Mib
Gbps = 10^9b	Gb	Gibps = 2^30b	Gib
Tbps = 10^12b	Tb	Tibps = 2^40b	Tib

Make sure to include equations in your answers on tests or you will lose points

Remember that you can decompose and move around values between exponents to simplify- for example, because 20 breaks down into 2 and 10

To help connect ISPs together, Internet Exchange Points allow packets to be handed off between service providers without them charging each other. Tier 1 internet providers are the networks that provide the backbone of the internet, allowing data to be exchanged between continents and countries. Tier 2 ISPs are regional, and Access ISP are local for areas that don't have coverage provided by a Tier 1 or 2 provider.. Content provider networks are run by companies such as Google or Microsoft to being content closer to end users, often bypassing tier-1 regional ISPs.

Encapsulation / Decapsulation

When files are encapsulated on the source side headers are added in the application layer, then have additional data added as they pass through each step

Protocol Data Units are a single unit of data transmitted among peer entities of a computer network. A PDU is composed of protocol-specific control information and user data. PDUs include messages, segments, datagrams/packets, frames, and bits. Encapsulation adds each layer's headers and decapsulation strips them off at the other end.

Application layer (5) (software)

End-to-end data (message) delivery
Supports network applications
Controls the exchange of Requests and Responses between the client process and server process
Application specific addresses
Protocols include HTTP/HTTPS, FTP, DNS, and DHCP
Not involved in hop to hop communication, just handles logically communicating
Transport layer (4) (software)
End-to-end data (segment) delivery

Intermediate layer that deals with networks on behalf of applications, and applications on behalf of the network.
End-to-end data delivery
Each application program can use the protocol that best matches its requirement
Protocols include TCP and UDP.
Network Layer (3) (software and hardware mix)
End to end data (packet / datagram) (origin to destination)
Sender encapsulates segments into data-grams/packets and passes to link layer
Receivers deliver segments to transport layer protocol
Network layer address: IP address
Protocols include routing protocols, IP protocol, ICMP, and ARP.
Link Layer (2) (Firmware + hardware mix)

Hop-to-hop data (frame) delivery, the payload is actual content not including MAC address headers
Link layer has the responsibility of transferring data from one node to a physically adjacent node (hop to hop)
Link layer address: MAC / Physical address
Protocols: Ethernet and MAC Protocol
Physical Layer (1) (hardware)
Hop-to-hop data (bits) delivery
Transmits raw bit stream over the physical medium
The physical layer specifies how to transmit bits across different kinds of media as electrical or other analog signals
Protocols include Wi-Fi, Bluetooth, or USB.

A datagram is a contained unit packed and ready to be sent through a network.

DHCP

DHCP, or dynamic host configuration protocol, assigns IP addresses to routers and devices on a specific network. Devices that join try to find and communicate with a DHCP server, for most consumer devices this will be built into the router, but for some large scale networks one or more dedicated machines may be used. For this class, you only need to worry about one such server.

The DHCP server returns the following:

IP Address
Subnet Mask
Default Gateway Address
DNS server address
Lease time

ARP

IP addresses are resolved by DNS, then IP addresses need to be resolved to MAC addresses- this is where ARP (Address resolution protocol) comes in, translating IPs to MACs on the same subnet only. Because routers are connected to other routers on a broader subnet, they can use ARP to find the next hop in sequence and then pass the packet along.

How does ARP know who else is out there? ARP broadcasts a "MARCO" request and waits for other devices to respond "POLO" with their MAC addresses and IP addresses. You can also do an advanced technique called LYING to do a little IP spoofing.

Unicast vs Anycast vs Multicast
Unicast is one-to-one
Anycast is one-to-many all (eg, FF:FF:FF:FF:FF to broadcast to all devices)
Multicast is one-to-many, but only within a group

ICMP, or Intenret Control Message Protocol helps with error reporting

Switch Forwarding (layer 2, so no IP address)

Every switch has a forwarding table (MAC table). Each entry contains MAC addresses of the host, interface to reach the host on, and a time stamp.

Switches learn which hosts can be reached through which interfaces by receiving incoming frames from each device and adding it to the forwarding table. Instead of devices sending DHCP requests and getting IPs, switches just check when a packet comes from a given ethernet port and notes down the address of the sender. For anycast packets, layer 2 switches send packets to every port, even if it doesn't know if a device is listening. If a unicast packet is sent and the destination is unknown, the switch will flood it, eg, sending it to each connection as if it was an anycast packet. 🛑 Routers will never do this. 🛑

The Mac address of the local router is called the default gateway. Sometimes the router's IP is referred to as the gateway instead.

You can find other devices using arp -a -l and check your IP neighbors with ip neighbor

Status codes

Information	Success	Redirect	Client Error	Server Error
100-199	200-299	300-399	400-499	500-599

The maximum transmission unit size is the largest a packet can be, Ethernet sets the limit at 1500 bytes.

IP protocol characteristics

Connectionless - no connection with the destination before sending packets
Media independent, works over any medium carrying the data (including carrier pigeon, in IPOAC)
Best effort: IP Is inherently unreliable because packet delivery is not guaranteed

Binary (base 2) to Decimal (base 10) conversions (and vice versa)

Binay to decimal
8 bit binary numbers have 8 places, with each being twice the one following it to add up to any number between 0 and 255, which would be the case if the bits were 11111111.

128's	64's	32's	16's	8's	4's	2's	1's
2^7	2^6	2^5	2^4	2^3	2^2	2^1	2^0

Decimal to binary
Converting decimal to binary has an elegant trick, divide the number (less than 255) by two repeatedly and leave a 1 every time there is a remainder, otherwise, leave a zero and keep going.

The / after your IP address is called the subnet mask or network mask determines how many bits are part of the network address; however many are left represent the host address

Reserved IPs
The first IP address, Network ID is always has its host bits set to 0 and refers to the network itself, while the last IP address is all 1s and is called the Broadcast IP, which sends the data to all devices on the network (eg, FF.FF.FF.FF)

IPv6 address have 128 bits, or 16 bytes, while IPv4 addresses have 64 bits, or 4 bytes.

The limited broadcast ip is always 255.255.255.255 and broadcasts to your local network, while the dedicated broadcast ip starts with the ip of the subnet and ends with the last possible IP for that subnet. So far, we've been talking only about directed broadcast IPs.

Classful & Classless addressing

Before classless addressing, when we still used classful addresses
Class A IPs: Few networks, each with many hosts (1 byte host, 3 byte device)
Class B: Medium networks, medium hosts (2 byte host, 2 byte device)
Class C IPs: Many networks, with a few hosts
Class D: All 1s, reserved for multicast
Class E: Reserved for experimental purposes

Now we just throw on a subnet mask with variable network and host bits, which is called Classless Inter-Domain Routing, or CIDR. Other solutions to classful addressing include IPv6, and NAT.

ICANN and IP assignment

IANA, or the Internet Assigned Numbers Authority is a subdivision of ICANN (the Internet Corporation for Assigned Names and Numbers) that handles assigning blocks of IP addresses globally to RIRs, or Regional Internet Registries. There are 5 RIRs, including APNIC, ARIN, RIPE NCC, LACNIC, and AFRINIC. IANA also manages root DNS servers, assigns domain names, and handles domain name disputes.

RIRs get a block if IP addresses to assign to ISPs
ISPs allocate smaller blocks of IP addresses to customers as needed, using an appropriate subnet mask
IPs given to local networks are then used to map devices in internal LANs
IP Subnetting takes an IP block address assigned by an ISP and divides it into even smaller subnetworks, if needed

Network Address Translation (NAT)

NAT allows you to hide the composition of a network from the outside world, with the entire network addressed by a single public IP address.

Without NAT, every device needs it's own IP, but with NAT a single locally unique IP can be assigned to each device with each one behind a single public IP.

Private IPs cannot be used as source or destination addresses because the same private IP may appear countless places across the web.

10.---.---.---, 192.168.---.---, and 172.16–31.---.---, are all private IP addresses that are locally unique. T

NAT has some major security upsides, because devices inside the local network are not directly addressable / visible to the outside world

A NAT Translation table is populated when a network request is sent to an outside address mapping internal addresses and ports within the LAN to global WAN side addresses.

Handling IPv6

There's still around 20 years left until IPv6 will be fully mandatory, as it stands now some systems have been upgraded with others still running IPv4. To handle intermediary communication between IPv6 routers over IPv4 routers, routers with the ability to handle both encapsulate the IPv6 packet such that it has an IPv4 address which can decapsulate it before sending it along more IPv6 compatible routers to its destination.

Transport layer

Transport layer items are identified not by IP addresses, but by port numbers while application layer modules are usually identified by domain names.

The transport layer handles logical communication between application processes running on different hosts. It handles the network on behalf of applications, and deals with applications on behalf of the network. Importantly, it's end to end and not point to point.

Transport protocol actions in end systems have two parts:

Sender: Breaks application messages into segments, which are passed on to the network layer
Receiver: Reassembles segments into messages, passes to application layer

Transmission Control Protocol (TCP) uses reliable, in-order delivery using Segment numbers and ACK#, congestion control to avoid overwhelming the network, flow control to avoid overwhelming the receiver, and is connection oriented. NACK can also be sent as a negative acknowledgement if a packet needs to be resent.

TCP starts by sending a SYN (SYNC) packet resetting packet sequence values and ensuring that both ends are ready, once the server sends an ACK data transmission can begin.
``
User Datagram Protocol (UDP) is unreliable, with unordered delivery, it's a 'no frills', 'bare bones' protocol that gives it's best effort, but UDP segments may be lost. UDP is connection-less, meaning there's no handshaking between the sender and receiver.

Sockets

When two programs are executed on hosts, a client and server process are created that communicate with each other using sockets, or software interfaces. Applications use the socket API to create sockets and bind them to port numbers, which can then push and receive messages on a given port. The processes then rely on other network layers to deliver the packet to the other side's socket, which then receives the data.

💠 Port numbers are made up of 16-bit binary numbers ranging fro 0 to 65535, well known port numbers are restricted ranging form 0-1023, including HTTP on port 80, DNS on port 53, and FTP on port 21. General use ports range from 1024-65535.

The transport layer is:

Passed an application layer message
Determines segment header field values
Creates a segment
Passes segments to IP

Multiplexing and demultiplexing extend host to host delivery service to process-to-process, allowing multiple data chunks at the source from different sockets to create encapsulated segments, which are then passed to the network layer. Demultiplexing happens after the data is delivered, and the segment is passed back to the transport layer where the correct sockets are called with their respective data.

Each datagram carries one transport-layer segment, each datagram has a source and destination IP, while a segment has a source, destination, and port number.

UDP = 2-Tuple multiplexing needs a destination port number and destination IP address, while TCP = 4-Tuple multiplexing source + destination IPs and port numbers

Application	Application-layer protocol	Underlying transport protocol
E-Mail	SMTP	TCP
Web	HTTP	TCP
File transfer	FTP	TCP
Name translation	DNS	UDP
Web	HTTP/3	UDP

TCP is fully tolerant, while UDP is only delay tolerant, meaning if a packet arrives late it doesn't hold things up too much.

A note on processes

It's NOT actually the programs, but rather processes that talk to each other.

DNS Hierarchy

Root servers
Top level domain (TDL) servers, including .com DNS servers, .org DNS servers, and .edu. DNS servers.
Authoritative servers (domains), including google.com DNS servers, amazon.com DNS servers, pbs.org DNS servers, or depaul.edu DNS servers.

Recursive queries

Host requests IP from local DNS server
Root DNS server directly contacts TLD DNS server
TLD DNS server directly contacts authoritative DNS server
From there, the TLD DNS gets the ip from the authoritative server, which gets passed back to the root dns server, passed back to the local dns server.

Non-recursive queries

Host requests IP from local DNS sever
Host requests IP from root DNS server
Host requests IP from TLD DNS server
Host requests IP from authoritative server

DNS poisioning is when attackers insert a fake IP into a DNS server.

Non-repudiation** = the sender of the message cannot later deny having sent that message

A firewall is a security guard that can forward allow a packet, redirect a packet, silently deny a packet, or respond with an icmp packet explaining why the packet is being declined

What do hackers want?

Data access
Bot nodes (for DDoS attacks / DoS attacks)
Money

Protecting an entire network is Network security, protecting information at rest is information security, and protecting a device is device / computer security.

Computer security

is the application of hardware and software security features to a computer system, usually limited to a single computer.

Common malware includes

Virus - Attaches itself to a clean file and replicates itself through the modification of other files
Worm - Like a virus, except it replicates and spreads through networks and don't need to attach themselves to a file, so they run primarily through backdoors
Trojan - Looks like legit software, it's not.
Logic Bomb - A malicious script that triggers at a specific time and date
Backdoor
Spyware - Monitors user computer activity and sends it back to the malicious users. Eg, keyloggers.
Ad-ware
Rootkit
Botnet
Wiper
Scare-ware
Ransomware - Encrypts a victim's files or system until a ransom is paid

How do you get infected?

USB drives
Removable data / disks / SD cards
Malicious links / file downloads
Social engineering / tricking users with social skills, eg, phishing, email attachments

Network security

Protection of networks and their services from unauthorized modification, destruction, or disclosure.

Network security can help mitigate Denial of Service attacks, which use Ping, or might use a Ping of Death attack (which sends oversize packets to halt a server)

Network spoofing attacks

ARP spoofing - False ARP msg linking attacker IP with legitimate MAC, pretending as a one-off
ARP poisoning - An attacker replaces a legitimate mac address with a false one in an ARP table
DNS spoofing - Fake DNS entires injected into server
DNS poisoning -
Email spoofing - Altered email header file
URL spoofing
IP spoofing - Change source / destination IP to hide attacker's identity
Message alteration attack - The payload of a packet is changed, rather than just the header
Replay attacks store data sniffed from a connection and uses it later
Evil Twin attacks broadcast a fake Wi-Fi network to collect data run through the connection