System Architecture For Cyber Security
In order to determine efficient attack vectors, we should have deep good understanding about System Architecture. With this we will be able to have out-of-box perspective. But for all of them, we must dominate OSI MODEL. First, let me talk about the working strategy of the system for a few mins. Then narrative will evolve into a security perspective.
Let’s define the system. First of all, It is necessary to distinguish between server and client. Both of them have RAM, CPU and both of them can also make web requests, ssh requests and port listening. So, at first look both of them are similar. But the components has different quests, duties.
Clients are only responsible for sending requests. i.e. PUT, POST, GET, TRACE. But servers works differently. Servers handle too many different types of data. So what kind of data? Let’s dig further.
Server-Client Architecture
As you can see at below, server seems like a tower. There are too many data entries with a lot of different type. Of course I am not gonna explain all of the protocols. I’ve already done at here OSI Model. We can see one to many relations on server-client communication. Let’s model that communication.
Server gets bunch of request from varied clients. Such as FTP for file transfers, SSH for remote login, WEB for surfing on website… Server processes or Servers process all the requests and returns a response for relevant request.
Handle Mechanism
Imagine the requests coming in through the window. However, each request knows which window to go with the encapsulated data it contains. Finally varied requests go to windows, where they need to go. This is exactly why the server processes each type of request in a different window. We will call these windows, as “ports” in the future.
Let’s calculate; What are the chances that the server forwards a packet to the wrong client?
Request={“Mac”:”LocalIPv4":”LocalPort”:”DestinationWanIPv4":”DestPort”}
Risk Statistics = 1 / (2⁴⁸ x 2⁵⁶ x 16383 x 3,706,452,992 x 65535)
It seems endless.
Cyber Security Vectors
System engineers like the communication channels(ports) , to windows. However, these are doors for us, not windows. The door can be opened, closed or half-opened/filtered. Also even a door can be closed, we can knock them. But port knocking is not the topic.
Let’s get more technical. Every single server can serve 65.535 different service. Also clients have 65k ports too. Server makes own services work on its own ports. Such as Web:80, FTP:21, Fax:9001/9002 … Web client want to use a service which is running on the server. Don’t need to talk too much. You can see below;
I hope you can visualize it. It’s very important for me. Attack vectors are divided into three: web, operating system and network attacks(green, blue, red). At the description of red zone you are able to see three way handshake. It models us to end2end port connection on network layer. Check this out:
In the next article, I will cover detecting state of ports and exploit services. I hope it was useful. See you next time.
