501 ch 3 network technologies and tools

Proprietary & Confidential
@GoCyberSec | January, 2021
Chapter 3
Exploring Network Technologies and
Tools
CompTIA Security +

Introduction
• Reviewing basic networking concepts
• Understanding basic network devices
• Implementing a secure network

Attack Introduction
• Sniffing attack
–Protocol Analyzer
• DoS and DDoS
–Disruption of Service
• DNS Poisoning attack
–Corrupt cache with different data

TCP/IP Network Stack (OSI Model)

Basic Networking Protocols
• Basic Connectivity Protocols
• TCP
–Guaranteed delivery
–Three-way handshake
• UDP
–Best effort

Basic Networking Protocols
• Reviewing Basic Connectivity Protocols
–IPv4 and IPv6
–ICMP
• Commonly blocked at firewalls
• If ping fails, ICMP may be blocked
• ARP - Resolves MAC addresses for IPv4
• NDP - Resolves MAC addresses for IPv6 (and more)
• Routing Protocols
–RIP, IGRP, EIGRP, OSPF, BGP

Protocols and Use Cases
• Transport voice and video over network
–RTP & SRTP
• Transfer files over a network
–FTP
–TFTP
–SSH
–SSL
–TLS
–IPsec
–SFTP
–FTPS

Reviewing Application Protocols
• HTTP – Port 80
• HTTPS – Port 443
• FTP – Ports 20 and 21
• SFTP – Port 22 (uses SSH)
• FTPS – Port varies
–Sometimes uses 989 and 990
• TFTP – UDP port 69
• DNS – Port 53
• RDP- Port 3389

Reviewing Encryption Protocols
• SSH (Secure Shell) – Port 22
• SCP (Secure Copy) – Port 22 with SSH
• SSL (Secure Sockets Layer)
• TLS (Transport Layer Security)
–SSL and TLS use port 443 with HTTPS
–SSL and TLS use port 636 with LDAP
• IPsec (Internet Protocol security)
–Port 500 with VPNs

Reviewing Encryption Protocols
• Authentication Header (AH)
–Protocol ID number 1
• Encapsulating Security Payload (ESP)
–Protocol ID number 50

• Email and web usage
–SMTP
–POP3 & Secure POP
–IMAP4 and Secure IMAP
–HTTP
–HTTPS
• Directory services
–LDAP – 389
• Port 636 when encrypted with SSL or TLS
• Kerberos – Port 88

• Remote access
- SSH
- Netcat / Telnet
- RDP
• Time synchronization
- NTP
- SNTP

Network Address Allocation
• IPv4 – 32 bits (192.168.100.1)
1 1 1 1 1 1 1 1
128 64 32 16 8 4 2 1

• IP Addresses Address Class

• Private IP Addresses
Class Private IP address Subnet Mask CIDR No. of Hosts
A 10.0.0.0 – 10.255.255.255 255.0.0.0 /8 16,777,212
B 172.16.0.0 – 172.16.31.255 255.255.0.0 /16 8190
C 192.168.0.0 – 192.168.255.255 255.255.255.0 /24 65,534
Private IPAddress

• IPv4 – 32 bits (192.168.1.5 )
• Each node / host / computer requires
• IP Address (Always required)
• Subnet Mask (Always required – Identifies NW and host
• Default Gateway (Address of router on your subnet)
• DNS Server (Required for name resolution to IP address)

• IPv6 – 128 bits
–fe80:0000:0000:0000:02d4:3ff7:003f:de62
• Zero compression
–Omit leading zeroes: fe80:0:0:0:2d4:3ff7:3f:de62
–Zero compression: fe80::02d4:3ff7:003f:de62
–Both rules: fe80::2d4:3ff7:3f:de62
• IPsec built into IPv6

Understanding DNS
• Resolves names to IP addresses
• Queries to DNS server use UDP port 53
• Zone transfers between servers use TCP port 53
• DNSSEC
• DNS poisoning

Understanding and Identifying Ports
• Port used to direct traffic to correct protocol/service or application
• Server ports
• Client ports
• Ports range from 0 – 65,535
• 0 – 1,023 = Well-known ports, server-side ports
• 1,024 – 49,151 = Registered ports
• 49,152 – 65,535 = Client side ports
• Blocking ports blocks protocol traffic

Putting it all together

Common Protocols
Protocol Port Protocol Port
FTP data port (active mode) TCP 20 NetBIOS (TCP rarely used) TCP/UDP 137
FTP control port TCP 21 NetBIOS UDP 138
SSH TCP 22 NetBIOS TCP 139
SCP (uses SSH) TCP 22 IMAP4 TCP 143
SFTP (using SSH) TCP 22 LDAP TCP 389
Telnet TCP 23 HTTPS TCP 443
SMTP TCP 25 SMTP SSL/TLS TCP 465
TACACS+ TCP 49 IPsec (for VPN with IKE) UDP 500
DNS name queries UDP 53 LDAP/SSL TCP 636
DNS name queries TCP 53 LDAP/TLS TCP 636
TFTP TCP 69 IMAP4 SSL/TLS TCP 636
HTTP TCP 80 POP SSL/TLS TCP 995
Kerberos UDP 88 L2TP UDP 1701
POP3 TCP 110 PPTP TCP 1723
SNMP UDP 161 Remote Desktop Protocol TCP/UDP 3389

Understanding Basic Network Devices
• Unicast – one-to-one traffic
• Broadcast – One-to-all traffic
• Switch learns
–Security benefit
–Port security
–Physical security

Switches
• Switching Loop
–Caused when there on or more path to a port
–STP and RSTP protect against switching loops
• Port security
–Disable unused ports
–MAC address filtering

Flood Attack Flood Guard
• Flood attack on switch
–Overloads a switch with different MAC addresses for a single
port
–Runs out of memory – operates in fail-open state
• Flood guard
–Might limit memory used for a port
–Typically sends an SNMP trap
–Might limit number of MAC addresses for a port

Access Control Lists (ACLs) Services
• List of rules to define access
• Identify what is allowed and what is not allowed
• ACLs often use an implicit deny policy
–NTFS uses a DACL to identify who is allowed access to a file
or a folder
• All others blocked
• Firewalls define what traffic is allowed
–Deny any any rule blocks all other traffic

Routers
• Route traffic between networks
• Do not pass broadcasts
• Routers and ACLs
–Filter based on
• IP addresses and networks
• Ports
• Protocols

Routers
• Implicit deny
–Last rule in ACL
• AntiSpoofing
–Allow or block IP addresses

Bridge
• Connects networks
• Can be used instead of a router

Firewall
• Host-based vs Network-based firewall
• Firewall rules
• Last rule
–deny any any
• Linux
–iptables
–ipv6tables
–arptables

Firewall
• Application-based firewalls
–Software running on a system
–Filters traffic to and from system
• Network-based firewalls
–System with two or more NICs
–All traffic passes through it
–Filters traffic to and from network

Firewall
• Stateless
–Permission (deny, allow)
–Protocol (TCP, UDP, Any)
–Source (IP address or IP block)
• IP address example: 192.168.1.20/32
• IP block example: 192.168.1.0/24
• Destination (IP address or IP block)
• Port or protocol (80 for HTTP, 25 for SMTP)
• Ends with deny any any (or something similar)

Firewall
• Stateful
–Makes decisions based on context, or state, of traffic
–Can ensure TCP traffic is part of an established TCP session
• If not, traffic is blocked

Firewall
• Web application firewall (WAF)
–Protects a web application or web server

Firewall Rule Example
• Allow all HTTP traffic to a web server with an IP of 192.168.1.25
• Allow all HTTP and HTTPS traffic to a web server with an IP of
192.168.1.25
• Allow DNS queries from any source to a computer with an IP of
192.168.1.10
• Block DNS zone transfer traffic from any source to any
destination
• Block all DNS traffic from any source to any destination
• Implement implicit deny

Firewall Rule Example

Zones and Topologies
• DMZ
• Public vs Private IPs
• NAT/PAT

Network Separation
• Physical isolation and airgaps
• Logical separation and segmentation
–Typically done with routers and firewalls
• VLAN (created with a switch)
–Logically group computers
–Logically separate/segment computers

Proxies (Proxy Servers)
• Caching content for performance
• Using URL filters to restrict access
• Transparent proxy vs nontransparent proxy

Unified Threat Management
• Combines multiple security controls
• Reduces administrative workload
• Web security gateways
• UTM security appliances
–Firewall, antivirus protection, anti-spam protection, URL
filtering, and content filtering

Routing & Switching Use Cases
• Switches
–Prevent switching loops.
• STP or RSTP on switches.
• Block flood attacks
–Flood guards block
• Prevent unauthorized users from connecting to unused ports.
–Port security methods
• Provide increased segmentation of user computers
• VLANs

Routing & Switching Use Cases
• Routers
–Prevent IP address spoofing.
• Antispoofing methods
• Provide secure management of routers
–Use SNMPv3

Chapter 3 Summary
• Reviewing basic networking concepts
• Understanding basic network devices
• Implementing a secure network

501 ch 3 network technologies and tools

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Similar to 501 ch 3 network technologies and tools

Similar to 501 ch 3 network technologies and tools (20)

More from gocybersec

More from gocybersec (19)

Recently uploaded

Recently uploaded (20)

501 ch 3 network technologies and tools

Editor's Notes