RITx: Cybersecurity Fundamentals, Unit 4&5— Course notes

Networking

Xavier Briand
Mar 4, 2019 · 4 min read

OSI Layer 1&2: Ethernet

Ethernet, with Wireless LAN, is part of the IEEE 802 family of standards.
The services and protocol specified in IEEE 802 map the physical layer and data link layer of the OSI model.

Ethernet is a family of networking technologies used for wired LAN and WAN networks.

An Ethernet packet (Layer 1) contains a Ethernet frame (Layer 2). An Ethernet frame is made of a MAC destination, a MAC source, a payload and a CRC error detecting code.

Ethernet was created for devices to communicate over a shared cable (think collision-prone radio systems). Since the communication happens on a same wire, any information sent is received by all; though the Network Interface Controller/Card (NIC) would only interrupt the CPU if it’s the packet’s recipient. The shared wired also means shared bandwidth.
Modern Ethernet networks connect devices to switches and use full-duplex. This create a fast, collision-free, star-shaped switched network.
Switched networks suffer from single point of failure, as they don’t allow for physical loops. Shortest Path Bridging (SPB) technology allows for physical loop while keeping the logical topology loop-free, thus enabling redundant and load-balanced mesh networks.

VLAN are an other example of logical segmentation of a same physical network.

Nodes on a LAN are addressed using a uniquely identifying MAC address. Each NIC has its own MAC address.
The MAC address is 48-bit longs (12x base16 characters). The first 6 characters represents the NIC’s manufacturer; the last 6 are the device ID.

As frames come and go through the switch, it keeps track in a Source Address Table (SAT) of with MAC addresses are behind which interface, and eventually stop flooding frame on all its interfaces -1.

OSI Layer 3: Internet Protocol (IP)

Communication protocol to relay packets across network boundaries. It enables inter-networking and thus the Internet.
Source and destination NICs are identified using IP addresses.

IP address

Logical address bound to a NIC. An IP address is divided in two parts: the network/routing prefix and the host identifier.

Are 32-bit numbers, represented by 4 decimal separated decimal numbers.

There is two notation to “extract” the network prefix:

  • Classless Inter-Domain Routing (CIDR) notation, adds a /followed by the bit-length of the prefix (eg. 192.168.0.10/24).
  • Subnet mask (aka netmask) is a bitmask that when applied by a bitwise AND operation to an IP address yield the routing prefix (eg. 192.168.0.1 and 255.255.255.0)

Private Address ranges: 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16.

Are 128-bit long. Represented by 8 colon-separated groups of four base16 digits. Leading 0 may be omitted. One or consecutive groups of 0 may be replaced by a single empty group ::. This substitution can only happen once.

In the case where IPv6 addresses map IPv4 address the following notation can be used: ::ffff:192.168.0.10 to represent IPv6 address ::ffff:c0a8:000A.

IPv6 networks use group of addresses with a size that is a power of two. They use CIDR notation.

Subnet communication

If the source and the destination of the message are on the same network (ie. have the same network prefix). The source needs to then resolve the recipient IP address to a MAC address.

Protocol to resolve an IP address to a MAC address.

The source broadcasts a request message on the network using the ARP protocol. If one of the recipient is the intended destination, it return a response message using unicast.

Provides equivalent functions as ARP and ICMP, with a lot of improvement.

IP routing

If the source and the destination aren’t on the same network, the source forwards its message to its default gateway — a router — IP address.

The router has a routing table that contains information about the topology of the network immediately around it. The routing table associate network prefix with one of its NIC or an other router IP address (the next hop) to forward a message to.
Routing tables can be statically configured (eg. default route) and/or dynamically configured via routing protocols, like Interior Gateway Protocol (IGP).

In case of error (eg. no route associated to the destination’s network prefix), the router uses the Internet Control Message Protocol (ICMP) to send back an error message to the source of the message.

From a layer 2 perspective, each time a packet go through a router, its previous Ethernet frame gets thrown away and rebuilt.

Collection of networks under one administrative control (eg. ISP, IXP). Have a Autonomous System Number (ASN). ASN are 32-bit integers. ASN are administered by IANA via regional Internet registries (RIRs)

Within an autonomous system, routers share routing information and infer metrics to eventually decide what is the best way to forward a packet using IGP.
See Open Shortest Path First (OSPF) and Cisco’s Enhanced Interior Gateway Routing Protocol (EIGRP).

Exterior Gateway Protocol (EGP) enables routing from different autonomous system to exchange routing information with each other. Internet uses Border Gateway Protocol (BGP).

Network Address Translation (NAT)

NAT allows IP masquerading, a technique to hide private IP addresses behind one public IP address — the gateway. This technique is widely use to conserve the IPv4 limited public address space.
NAT rewrites packets’ IP addresses, and keep track of the original IP addresses to be able to reverse the translation.

OSI Layer 4: TCP/UDP

Transmission Control Protocol (TCP): Layer 4&5 protocol, establishes connection between source and destination for reliable data transfer and flow control.

User Datagram Protocol (UDP): Connectionless (no flow-control)

Both ensure order of segments/datagrams.

My journey into Cybersecurity

My experience trailblazing the practice of Cybersecurity