Presentation on

 Enterprise IT Fundamentals
 Computer Networking
 Enterprise Security Fundamentals

K.T. Harsha

Enterprise IT Fundamentals
Enterprise IT Environments - Dev, QA, UAT, Prod
Hardware Stacks – Compute, Storage, Network
Software Stacks
Network Stacks
Virtualization Technologies
Cloud Computing & Services
Private vs Public Clouds

2
 Enterprise IT Fundamentals
Enterprise IT Environments - Dev, QA, UAT, Prod, DR
• DEV UAT PROD are common names of development environments (instance
of running application or group of the applications, together with
operational infrastructure)
• Dev environment is used for developer’s tasks, like merging commits in the
first place, running unit tests. Dev environment is usually not guaranteed to
be stable. The operation can be disrupted by commit, and it doesn’t do harm
for the whole company.
• DEV environment is usually hooked to some continuous integration and
continuous deployment (CI/CD) system. When developers do code merge,
the build is automatically triggered, and application code is automatically
redeployed to Dev.

Enterprise IT Fundamentals
• QA is for testing by Quality Assurance team, both manual and automated,
including running automated integration tests. It’s considered to be more
stable than Dev, because code doesnt’ change so often on every merge, as in
Dev. So, developers cannot disrupt ongoing work of QA engineers by “risky”
change.
• UAT environment is for pre-release testing. It is used by QA engineers,
business analysts, product owners, for verifying functional requirements.
UAT is required to be stable, because it’s used not only by developers but
also by business users , who serve as “functional testers”. It also can be used
as demo environment for showing new features to the customers.
• Prod is production environment, serving primary business purpose. Access
of developers to it usually limited only to perform technical support duties.

4
 Enterprise IT Fundamentals
• Sometimes, there are more intermediate test environments, called IT, SIT
(for integration testing ), or Regression (pre-release regression testing).
• From testing perspective, these environments ordered in such way, so
application migrates to the next environment only after it is passed all tests
at previous stage.
• example:
• DEV (dev tests passed) -> deploy to QA (QA integration tests passed) - > deploy to UAT
(UAT acceptance tests passed) -> deploy to Prod

Enterprise IT Fundamentals
Hardware Stacks – Compute, Storage, Network
Hyperconvergence is an IT framework
that unifies computing, storage,
networking and software into a single
system in an attempt to minimize data
center complexity and increase scalability.
Platforms that meet this description are
called hyperconverged, which is a
software-centric architecture that tightly
integrates and virtualizes all these
resources in a single system that usually
consists of x86 hardware.

6
 Enterprise IT Fundamentals
Software Stacks
A software stack is a collection of
independent components that work together to support the
execution of an application. The components, which may
include an operating system, architectural layers, protocols,
runtime environments, databases and function calls, are
stacked one on top of each other in a hierarchy. Typically,
the lower-level components in the hierarchy interact with
hardware, while the higher-level components in the
hierarchy perform specific tasks and services for the end
user. Components communicate directly with the application
through a series of complex instructions that traverse the
stack.

Enterprise IT Fundamentals
Network Stacks
The protocol stack or network stack is an implementation of a computer
networking protocol suite or protocol family.
Some of these terms are used interchangeably but strictly speaking, the suite
is the definition of the communication protocols, and the stack is the software
implementation of them.

Individual protocols within a suite are often designed with a single purpose in
mind. This modularization simplifies design and evaluation. Because each
protocol module usually communicates with two others, they are commonly
imagined as layers in a stack of protocols.

The lowest protocol always deals with low-level interaction with the
communications hardware.

Each higher layer adds additional capabilities. User applications usually deal
only with the topmost layers.

8
 Enterprise IT Fundamentals
Virtualization Technologies
In computing, virtualization or virtualisation is the act of creating a virtual (rather than actual) version of something at
the same abstraction level, including virtual computer hardware platforms, storage devices, and computer network
resources.
Hardware virtualization

Hardware virtualization or platform virtualization refers to the creation of a virtual machine that acts like a real
computer with an operating system. Software executed on these virtual machines is separated from the underlying
hardware resources. For example, a computer that is running Arch Linux may host a virtual machine that looks like a
computer with the Microsoft Windows operating system; Windows-based software can be run on the virtual machine.

In hardware virtualization, the host machine is the machine that is used by the virtualization and the guest machine is
the virtual machine. The words host and guest are used to distinguish the software that runs on the physical machine
from the software that runs on the virtual machine. The software or firmware that creates a virtual machine on the host
hardware is called a hypervisor or virtual machine monitor.

Enterprise IT Fundamentals
Virtualization Technologies
Different types of hardware virtualization include:

Full virtualization – almost complete simulation of the actual hardware to allow software environments, including a
guest operating system and its apps, to run unmodified.

Paravirtualization – the guest apps are executed in their own isolated domains, as if they are running on a separate
system, but a hardware environment is not simulated. Guest programs need to be specifically modified to run in this
environment.

Hardware-assisted virtualization is a way of improving overall efficiency of virtualization. It involves CPUs that
provide support for virtualization in hardware, and other hardware components that help improve the performance
of a guest environment.

10
 Enterprise IT Fundamentals
Virtualization Technologies
Desktop virtualization

Desktop virtualization is the concept of separating the logical desktop from the physical machine.

One form of desktop virtualization, virtual desktop infrastructure (VDI), can be thought of as a more advanced form
of hardware virtualization. Rather than interacting with a host computer directly via a keyboard, mouse, and
monitor, the user interacts with the host computer using another desktop computer or a mobile device by means of
a network connection, such as a LAN, Wireless LAN or even the Internet. In addition, the host computer in this
scenario becomes a server computer capable of hosting multiple virtual machines at the same time for multiple
users.

11

Enterprise IT Fundamentals
Virtualization Technologies
Containerization

Operating-system-level virtualization, also known as containerization, refers to an operating system feature in which
the kernel allows the existence of multiple isolated user-space instances. Such instances, called containers,partitions,
virtual environments (VEs) or jails (FreeBSD jail or chroot jail), may look like real computers from the point of view of
programs running in them.

A computer program running on an ordinary operating system can see all resources (connected devices, files and
folders, network shares, CPU power, quantifiable hardware capabilities) of that computer. However, programs
running inside a container can only see the container's contents and devices assigned to the container.

Containerization started gaining prominence in 2014, with the introduction of Docker.

12
 Enterprise IT Fundamentals
Cloud Computing & Services
cloud computing is the delivery of computing services—including servers, storage,
databases, networking, software, analytics, and intelligence—over the Internet (“the
cloud”) to offer faster innovation, flexible resources, and economies of scale.

• You typically pay only for cloud services you use,

• helping lower your operating costs,
• run your infrastructure more efficiently and scale as your business needs change.

Types of cloud services: IaaS, PaaS, serverless and SaaS

Most cloud computing services fall into four broad categories: infrastructure as a
service (IaaS), platform as a service (PaaS), serverless and software as a service
(SaaS). These are sometimes called the cloud computing stack because they build on
top of one another. Knowing what they are and how they are different makes it
easier to accomplish your business goals.

13

Enterprise IT Fundamentals
Infrastructure as a service (IaaS) - The most basic category of cloud computing services. With IaaS, you rent IT infrastructure—servers
and virtual machines (VMs), storage, networks, operating systems—from a cloud provider on a pay-as-you-go basis.

Platform as a service (PaaS) - Platform as a service refers to cloud computing services that supply an on-demand environment for
developing, testing, delivering and managing software applications. PaaS is designed to make it easier for developers to quickly create
web or mobile apps, without worrying about setting up or managing the underlying infrastructure of servers, storage, network and
databases needed for development.

Serverless computing - Overlapping with PaaS, serverless computing focuses on building app functionality without spending time
continually managing the servers and infrastructure required to do so. The cloud provider handles the setup, capacity planning and
server management for you. Serverless architectures are highly scalable and event-driven, only using resources when a specific function
or trigger occurs.

Software as a service (SaaS) - Software as a service is a method for delivering software applications over the Internet, on demand and
typically on a subscription basis. With SaaS, cloud providers host and manage the software application and underlying infrastructure and
handle any maintenance, like software upgrades and security patching. Users connect to the application over the Internet, usually with a
web browser on their phone, tablet or PC.

14
 Enterprise IT Fundamentals
Private, Public & Hybrid Clouds

• A Public clouds are owned and operated by a third-party cloud service providers, which deliver
their computing resources like servers and storage over the Internet. Microsoft Azure is an
example of a public cloud. With a public cloud, all hardware, software and other supporting
infrastructure is owned and managed by the cloud provider. You access these services and
manage your account using a web browser.

• A private cloud refers to cloud computing resources used exclusively by a single business or
organization. A private cloud can be physically located on the company’s on-site datacenter. Some
companies also pay third-party service providers to host their private cloud. A private cloud is one
in which the services and infrastructure are maintained on a private network.

• A Hybrid clouds combine public and private clouds, bound together by technology that allows
data and applications to be shared between them. By allowing data and applications to move
between private and public clouds, a hybrid cloud gives your business greater flexibility, more
deployment options and helps optimize your existing infrastructure, security and compliance.

15

Enterprise IT Fundamentals

16
 Enterprise IT Fundamentals

17

Computer Networking
Basic Networking Terms
OSI Model
IP Addressing
Setup GNS3 for Labs
IP Subnetting
TCP UDP
DHCP DNS
VLANs & 802.1Q
Demo

18
 Networking Benefits
Information
Sharing

Centralized
Administration
and Support
(Hardware and Software) Resource Sharing

19

Roles of Computers in a Network

Mail Server
Database Server Fax Server

Database
Database

File
File and
and Print
Print Server
Server Directory Services
Server

Client Computer

20
 Classification of networks
• Based On Operating System
• Based On Processing
• Based On Size

21

Based On Operating System

• Peer to Peer Network
• Any host can act as a server or client
• Netwarelite, Windows 95 / 98 / 2000 / XP / Vista / Windows 7

• Client Server based network

• Clients contact the server for resources both have different
Operating systems
• Novell NetWare, Windows NT / 2000 / 2003

22
 Typical peer-to-peer and server-based
networks

Peer-to-peer

Server-based

23

Server based Processing

Centralized
Processing

24
 Based On Processing
• Centralized Processing
• - Processing, Data Storage centralized
• - UNIX Network

• Distributed Processing
• - Processing Distributed, Data Storage / Admin Centralized
• - Netware / Windows NT

25

Centralized Processing
• A single server does all processing
• Clients possess a monitor, keyboard, mouse and a box
• All clients connected to the server are only input devices
• If server is down clients are also down
• Clients are known as “Dumb Terminals” - UNIX networks

Distributed Processing

• Client / Server network technology

• Primarily used for centralized data storage and to share resources
• Clients can process without the help of the server to whom they are connected
• Clients can connect to different servers for different services, fileserver, mail server, web
server, application server print server

26
 BASED ON SIZE
• PAN - Personal area network
• HAN - Home Area Network
• LAN - Local Area Network
• CAN - Campus Area Network
• MAN - Metropolitan Area Network
• WAN - Wide Area Network

27

PAN - Personal area network

• Computer network used for communication among personal
computer devices
• Telephones, mobile phones, digital camera, digital camcorder,
personal digital assistants close to one person
• Reach is typically a few meters. (max 10 feet or 3 mts.)
FireWire icon
• Can be wired or wireless
• Wired such USB and FireWire (IEEE 1394).
• Wireless personal area network (WPAN) such as IrDA and
Bluetooth.
• Standards - IEEE 802.15, Bluetooth, Ultra-wideband networks

28
 HAN - Home area network
• A network contained within a user's home
• Connects a person's digital devices, from multiple computers and their peripheral
devices to telephones, VCRs, televisions, video games, home security systems,
"smart" appliances, fax machines and other digital devices that are wired into the
network.

29

LAN - Local Area Network

• Inside a office building or building to building or inside a corporate facility.
• Establishing High - Speed Networks for hosts in the organization
• Up to 500 meters (half a km)

30
 CAN - Campus Area Network
• An interconnection of local-area networks within a limited geographical space, such as a
college campus or a military base.
• Security, VLANs, quality of service (QoS), and traffic management is mandatory
• Wireless LANs (WLANs) inside the campus is optional for mobile users

31

Campus Network

32
 MAN - Metropolitan Area Network

• Spans in a city or metropolitan area.

• It is a extension of LAN in the same organization. (DAX LAN Extender uses SHDSL in your
case – 64kbps to 2Mbps. Spans in kilometers)
• Could be wired or wireless.

33

WAN - Wide Area Network

• Transcontinental or global area limitations
• Purely depends on the service provider
• Speeds and distance together match the cost variable
• Very expensive for high speeds and longer distance

34
 Network Interface Card
• Amplifies electronic signals
• Packages data for transmission
• Physically connects computer to transmission media
(cable)

Connector Port
Network Interface
Card (NIC)

35

Sample network adapter card

36
 Parallel data stream converted to a serial data stream

Serial data

parallel data

37

MAC Address
24 bits 24 bits

Vendor Code Serial Number

00-00-0c-12-34-56
ROM
RAM

• MAC address is burned into ROM on a network interface card

38
 Warm-up…
• Network Interface Card
• Network Cables
• Network Topologies

39

Network Cables
• Coaxial Cables
• Thinnet
• Thicknet
• Twisted Pair Cables
• Shielded Twisted Pair
• Unshielded Twisted Pair
• Optic fiber Cables
• Single mode
• Multimode

40
 OFC

41

OFC

42
 Network Topologies
• common types
• Bus topology
• Star topology
• Ring topology
• Hybrid – TREE & RING-STAR
• Topologies are logical architectures
• Actual devices need not be physically
organized in these configurations

43

Hardware components of networking

44
 Network Management Devices
• Devices used in Networking and their significance
• Repeater
• Hub
• Switch
• Bridges
• Routers
• Gateways

45

Repeaters regenerate weakened signals

Weakened signal
Repeater

Regenerated signal

46
 Repeaters can connect different types
of media

Fiber-optic
Thin coax

47

Hub
• Device that serves as the center of a star
topology network, sometimes referred to as a
multiport repeater, or in Ethernet, a
concentrator; no forwarding intelligence
• A hub is a device that is used to extend an
Ethernet wire to allow more devices to
communicate with each other.
• Hubs are most commonly used in Ethernet
10BASE-T or 100BASE-T networks, although
there are other network architectures that
use them.

48
 Parent hub with five attached child hubs

Parent

Child Child

Child Child Child

49

Switches
• A switch is a multi-port bridge.
• It operates at OSI data link layer 2.
• It stores MAC addresses in an internal lookup table.
• Temporary switched paths are created between the frame’s source destination.
• Some Switches have limited layer 3 IP routing capabilities.
• Switches can be configured to use VLANS.
• Switches support spanning tree protocol to create resilient networks.

50
 Switches

51

Types Of Switches
• Unmanageable
• Manageable

• Advantages Of Manageable Switches:

• VLANs
• Port-Security
• VTP

52
 Switched Ethernet

53

Example Topology
UTP

10Mbs

Hub

Fibre

100Mbs

Switch

54
 Bridge
• Bridges connect network segments.
• The basic functionality of the bridge resides in its ability
to make decisions about whether to pass signals on to
the next segment of a network.
• A switch is a more sophisticated device than a bridge,
although the basic function of the switch is deceptively
simple.
• Ethernet switches are becoming popular connectivity
solutions because they increase network performance.

55

Using a bridge to segment a network and reduce

network traffic

Segment 1

Bridge

Segment 2

56
 A bridge connecting two networks
Segment 1

Bridge

Segment 2

57

Routers
• Interconnect LANs and WANs
• Provide path determination using metrics
• Forward packets from one network to another
• Control broadcasts to the network

58
 Routers
• Routers are slower than bridges and switches, but make “smart” decisions on how to route (or send) packets
received on one port to a network on another port.
• Routers contain tables of network addresses along with optimal destination routes to other networks.

59

Gateways strip off an old protocol stack and add a

new protocol stack
Stripped packet

Packet

60
 Mainframe gateways connect
personal computers to
mainframes

Mainframe

Gateway
computer

LAN

61

Devices Function at Layers

7 Application
6 Presentation
5 Session
4 Transport
NIC Card
3 Network
2 Data Link
1 Physical Hub

62
 UTP Implementation (Straight-Through)
Cable 10BASE-T/
100BASE-TX Straight-Through Straight-Through Cable

Pin Label Pin Label

1 TX+ 1 TX+
2 TX- 2 TX-
3 RX+ 3 RX+
4 NC 4 NC
5 NC 5 NC
6 RX- 6 RX- Wires on cable ends
7 NC 7 NC are in same order.
8 NC 8 NC

63

UTP Implementation (Crossover)

Cable 10BASE-T or
100BASE-TX Straight-Through Crossover Cable

EIA/TIA T568A EIA/TIA T568B

Pin Label Pin Label

1 TX+ 1 TX+
2 TX- 2 TX-
3 RX+ 3 RX+
4 NC 4 NC
5 NC 5 NC
6 RX- 6 RX-
7 NC 7 NC Some wires on cable
8 NC 8 NC ends are crossed.

64
 UTP Implementation: Straight-Through vs. Crossover

65

ISO’S
7 LAYER OSI MODEL

66
 Why a Layered Network Model?
7 Application • Reduces complexity (one big problem to
seven smaller ones)
6 Presentation • Standardizes interfaces
• Facilitates modular engineering
5 Session • Assures interoperable technology
• Accelerates evolution
4 Transport
• Simplifies teaching and learning
3 Network
2 Data Link
1 Physical

67

Host Layers
7 Application
• Host layers: Provide accurate data
6 Presentation delivery between computers

5 Session
4 Transport
3 Network
2 Data Link
1 Physical

68
 Media Layers
7 Application
• Host layers: Provide accurate data
6 Presentation
delivery between computers
5 Session

}
4 Transport
3 Network
• Media layers: Control
2 Data Link • physical delivery of messages over
the network
1 Physical

69

Layer Functions
7 Application • Provides network services to application
processes (such as electronic mail, file
transfer, and terminal emulation)

70
 Application Layer
COMPUTER
• Internetwork
APPLICATIONS applications
NETWORK
can extend beyond theAPPLICATIONS
Word Processor INTERNETWORK
enterprise (i.e., to suppliers, etc.) APPLICATIONS
Presentation Graphics Electronic Mail
Spreadsheet File Transfer Electronic Data Interchange
Database Remote Access World Wide Web
Design/Manufacturing Client-Server Process E-Mail Gateways
Project Planning Information Location Special-Interest Bulletin Boards
Others Network Management Financial Transaction Services
Others Internet Navigation Utilities
Conferencing (Voice, Video, Data)
Others

71

Layer Functions
7 Application • Network services to applications

6 Presentation • Data representation

• Ensures data is readable by
receiving system
• Format of data
• Data structures
• Negotiates data transfer syntax for
application layer

72
 Presentation Layer
• Text • Graphics
• Data • Visual images
ASCII PICT
login:
EBCDIC TIFF
Encrypted JPEG
• Sound GIF
MIDI
•Video
MPEG
QuickTime

• Provides code formatting and

conversion for applications

73

Layer Functions
7 Application • Network services to applications

6 Presentation • Data representation

5 Session • Inter-host communication

• Establishes, manages, and terminates
sessions between applications

74
 Session Layer
• Network File System (NFS)
• Structured Query Language (SQL)
• Remote-Procedure Call (RPC)
• X Window System
• AppleTalk Session Protocol (ASP)
• DEC Session Control Protocol (SCP)
• Coordinates applications as
they interact on different hosts
Service Request

Service Reply

75

Layer Functions
7 Application • Network services to applications

6 Presentation • Data representation

5 Session • Inter-host communication

4 Transport • End-to-end connection reliability

• Concerned with data transport issues
between hosts
• Data transport reliability
• Establishes, maintains, and terminates
virtual circuits
• Fault detection and recovery
• Information flow control

76
 Layer Functions
7 Application • Network services to applications

6 Presentation • Data representation

5 Session • Inter-host communication

4 Transport • End-to-end connection reliability

3 Network • Addresses and best path

• Provides connectivity and path
selection between two end systems
• Domain of routing

77

Layer Functions
7 Application • Network services to applications

6 Presentation • Data representation

5 Session • Inter-host communication

4 Transport • End-to-end connection reliability

3 Network Addresses and best path

2 Data Link • Access to media

• Provides reliable transfer of data
across media
• Physical addressing, network topology,
error notification, flow control

78
 Layer Functions
7 Application • Network services to applications

6 Presentation • Data representation

5 Session • Inter-host communication

4 Transport • End-to-end connection reliability

3 Network • Addresses and best path

2 Data Link • Access to media

1 Physical • Binary transmission

• Wires, connectors, voltages, data rates

79

The complete packet

Data
Application Header

Presentation Header

Session Header

Transport Header

Network Header

Data Link Header Data Link Trailer (CRC)

Frame Preamble

Packet

80
 Packet creation
Data
process
Data

81

Data Encapsulation
Host A
Host B
Application Application

Presentation Presentation
Data

Session Session

Transport Transport

Network Network

Data Link Data Link

Physical Physical

82
 Data Encapsulation
Host A Host B
Application Application

Presentation Presentation
Data

Session Session

Transport Transport
Network
Data
Network Header Network

Data Link Data Link

Physical Physical

83

Data Encapsulation
Host A Host B
Application Application

Presentation Presentation
Data

Session Session

Transport Transport
Network
Data
Network Header Network

Data Link Network Data Link

Data
Header

Physical Physical

84
 Data Encapsulation
Host A Host B
Application Application

Presentation Presentation
Data

Session Session

Transport Transport
Network
Data
Network Header Network

Frame Network Frame

Data Link Data Data Link
Header Header Trailer

Physical Physical
0101101010110001

85

Peer-to-Peer Communications
Host A Host B

7 Application Application
Data

6 Presentation Presentation
5 Session Session
Segments
4 Transport Transport
Packets
3 Network Network
Frames
2 Data Link Data Link
Bits
1 Physical Physical

86
 A simple data frame

Destination ID Control CRC

Sender ID Data

87

Common Protocols
• NetBIOS Enhanced User Interface (NetBEUI)
• Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)
• Transmission Control Protocol/Internet Protocol (TCP/IP)
• AppleTalk

88
 Types of Protocols
TCP/IP

 Open Protocols Internet

 Vendor-Specific IPX/SPX
Protocols

89

Application Layer
Application
Presentation Layer
Protocols
Session Layer

Transport Layer Transport Protocols

Network Layer Internet Protocols

Data Link Layer Network Access

Physical Layer Protocols

90
 Types of Data Transmissions
Unicast Broadcast

Multicast

91

NetBIOS (Network Basic Input Output

System)
• Designed by IBM & Skytek to support client / server in LAN environments
• It is Non-Routable
• Popularized by MS implementations
• Simple & easy to manage naming service
• Double click network neighborhood & see names of computers in network
• 16-byte name length

92
 IPX /SPX
• Internetwork Packet Exchange / Sequenced Packet Exchange
• Derived from XNS (Xerox Network System)
• Used in Netware products by Novell
• IPX addresses includes net id & host id
• Host is Mac address of the NIC
• 12 byte hex address

93

TCP / IP
• Internet Protocol suite
• Widely adopted (Internet)
• Hierarchical addressing system

94
 TCP/IP Model
• Although some of the layers in the TCP/IP model have the same name as layers in the OSI
model, the layers of the two models do not correspond exactly.

95

What is an IP address

• IP address is a network layer address

• It is a unique identifier
• A way to identify machines on a network
• It is a 32-bit (4 byte) address used to create logical groups
• Routers and computers use IP address

96
 IP usage
• Used to connect to another computer
• IP address is defined to the interface
• Represents the network and the host
• IP addressing uses a hierarchical format
• Left bits represent the network
• Right bits represent the host

97

IP Structure
• IP addresses consist of four octet
• Each octet is 8 bits long
• To make it easier for humans to remember it is expressed in dotted decimal format
• For example 192.168.1.1
• Each octet can range from 0 to 255
• In windows command prompt type C:\>ipconfig/all

98
 IP and MAC address

99

IP Addresses
192.168.2.100 192.168.3.100

IP
Address 192.168.1.100

192.168.1.0 192.168.2.0 192.168.3.0

Network ID

192.168.1.100 192.168.2.101
Host ID

100
 TCP/IP Protocol Suite
• Application Layer Protocols
• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)
• Internet Protocol (IP)
• Internet Control Message Protocol (ICMP)
• Internet Group Management Protocol (IGMP)
• Address Resolution Protocol (ARP)
• TCP/IP Utilities

101

TCP/IP Layers

Application
HTTP FTP
Application Layer
Layer

TCP UDP
Transport Layer Transport Layer

IP ICMP
Internet IGMP
Layer ARP Internet Layer

Network
ATM Interface
Network Ethernet
Layer
Interface Layer

102
 TCP/IP Model
• The figure illustrates some of the common protocols specified by the TCP/IP reference
model layers.

103

Application Layer Protocols & Port

Numbers

104
 Application Sockets
IP Address + TCP Port or UDP
Port
= Socket
TCP Port 20, 21 HTTP FTP
FTP Server
TCP UDP
TCP Port 80
HTTP Server 192.168.2.150

105

Transport Layer
• Segments upper-layer applications
• Establishes an end-to-end connection
• Sends segments from one end host to another
• Optionally, ensures data reliability

106
 User Datagram Protocol (UDP)

TCP UDP
IP ICMP IGMP ARP

107

Transmission Control Protocol (TCP)

TCP UDP

IP ICMP IGMP ARP

108
 Transport Layer— Establishes Connection

Sender Receiver
Synchronize
Negotiate Connection
Synchronize
Acknowledge

Connection Established
Data Transfer

(Send Segments)

109

Transport Layer—Sends Segments with

Flow Control
Transmit

Sender Receiver

Not Ready
Stop Buffer Full

Process
Segments

Go Ready

Buffer OK
Resume Transmission

110
 Transport Layer— Reliability with
Windowing
•Window Size = 1
Send 1 Receive 1
Ack 2
Sender Send 2 Receive 2 Receiver
Ack 3

•Window Size = 3
Send 1 Receive 1
Send 2 Receive 2
Sender
Send 3 Receive 3 Receiver
Ack 4
Send 4

111

Transport Layer— An Acknowledgement

Technique
Sender Receiver

1 2 3 4 5 6 7 1 2 3 4 5 6 7
Send 1
Send 2
Send 3
Ack 4
Send 4
Send 5
Send 6
Ack 5
Send 5
Ack 7

112
 Internet Protocol (IP)

TCP UDP Router

IP ICMP IGMP ARP

113

Internet Control Message Protocol (ICMP)

Router
TCP UDP

IP ICMP IGMP ARP

114
 Internet Group Management Protocol (IGMP)

TCP UDP

IP ICMP IGMP ARP

115

Address Resolution Protocol (ARP)

1 ARP B
5 Cache
2
A 3 ARP
Cache
6
C
TCP UDP
4

1. ARP cache is checked

IP ICMP IGMP ARP 2. ARP request is sent
3. ARP entry is added
4. ARP reply is sent
5. ARP entry is added
6. IP packet is sent

116
 Reverse Address Resolution Protocol (RARP)

The source initiates a

RARP request, which
helps it detect its
own IP address.

117

Ethernet Protocol (CSMA/CD)

• CSMA/CD (Carrier Sense Multiple Access/ Collision Detection) is a media access control method
that was widely used in Early Ethernet technology/LANs When there used to be shared Bus
Topology and each node ( Computers) were connected By Coaxial Cables. Now a Days Ethernet is
Full Duplex and CSMA/CD is not used as Topology is either Star (connected via Switch or Router) or
Point to Point ( Direct Connection) but they are still supported though.
• Consider a scenario where there are ‘n’ stations on a link and all are waiting to transfer data
through that channel. In this case, all ‘n’ stations would want to access the link/channel to transfer
their own data. Problem arises when more than one station transmits the data at the moment. In
this case, there will be collisions in the data from different stations.
• CSMA/CD is one such technique where different stations that follow this protocol agree on some
terms and collision detection measures for effective transmission. This protocol decides which
station will transmit when so that data reaches the destination without corruption.

118
119

TCP/IP Utilities
Ftp
Arp Connectivity
Telnet
Hostname Utilities
Tftp
Ipconfig
Diagnostic Nbstat
Utilities TCP/IP
Netstat Printing
Ping Server-based Service
Tracert Software Internet
Information
Services

120
 Data Flow

CRC

HTTP FTP Data HTTP FTP

TCP UDP Application TCP UDP

Transport
IP ICMP IGMP ARP IP ICMP IGMP ARP
Internet

Preamble
ATM Ethernet ATM Ethernet

121

Internet Protocol Characteristics

• Operates at network layer of OSI
• Connectionless protocol
• Packets treated independently
• Hierarchical addressing
• Best-effort delivery
• No data-recovery features

122
 Why IP Addresses?
• They uniquely identify each device on an IP network.
• Every host (computer, networking device, peripheral) must
have a unique address.
• Host ID:
• Identifies the individual host
• Is assigned by organizations to individual devices
Network.Host

123

IP Header

124
 IP Address Format: Dotted Decimal
Notation

The binary-to-decimal and decimal-to-

binary conversion will be detailed later in
this course.

125

IP Address Classes: The First Octet

126
 IP Address Ranges

*127 (01111111) is a Class A address reserved for loopback testing and cannot
be assigned to a network.

127

Reserved Address

128
 Public IP Addresses

129

Private IP Addresses

Class Private Address Range

A 10.0.0.0 to 10.255.255.255

B 172.16.0.0 to 172.31.255.255

C 192.168.0.0 to 192.168.255

130
 DHCP

131

DNS

 Application specified in the TCP/IP suite

 A way to translate human-readable names into IP addresses

132
 Subnetworks
 Smaller networks are
easier to manage.
 Overall traffic is
reduced.
 You can more easily
apply network
security policies.

133

What a Subnet Mask Does

• Tells the router the number
of bits to look at when
routing
• Defines the number of bits
that are significant
• Used as a measuring tool,
not to hide anything

134
 Possible Subnets and Hosts for a Class C
Network

135

Possible Subnets and Hosts for a Class B

Network

136
 Possible Subnets and Hosts for a Class A
Network

137

End System Subnet Mask Operation

138
 How Routers Use Subnet Masks

139

Octet Values of a Subnet Mask

Subnet masks, like IP addresses, are represented in the dotted decimal format
like 255.255.255.0

140
 Default Subnet Masks
Example Class A address (decimal): 10.0.0.0
Example Class A address (binary): 00001010.00000000.00000000.00000000
Default Class A mask (binary): 11111111.00000000.00000000.00000000
Default Class A mask (decimal): 255.0.0.0
Default classful prefix length: /8

Example Class B address (decimal): 172.16.0.0

Example Class B address (binary): 10010001.10101000.00000000.00000000
Default Class B mask (binary): 11111111.11111111.00000000.00000000
Default Class B mask (decimal): 255.255.0.0
Default classful prefix length: /16

Example Class C address (decimal): 192.168.42.0

Example Class C address (binary): 11000000.10101000.00101010.00000000
Default Class C mask (binary): 11111111.11111111.11111111.00000000
Default Class C mask (decimal): 255.255.255.0
Default classful prefix length: /24

141

Procedure for Implementing Subnets

1. Determine the IP address assigned by the registry authority.
2. Based on the organizational and administrative structure,
determine the number of subnets required.
3. Based on the address class and required number of subnets,
determine the number of bits you need to borrow from the host
ID.
4. Determine the binary and decimal value of the subnet mask.
5. Apply the subnet mask to the network IP address to determine
the subnet and host addresses.
6. Assign subnet addresses to specific interfaces.

142
 Eight Easy Steps for Determining Subnet
Addresses

143

Eight Easy Steps for Determining Subnet

Addresses (Cont.)

144
 Example: Applying a Subnet Mask for a
Class C Address

145

Example: Applying a Subnet Mask for a

Class B Address

146
 Example: Applying a Subnet Mask for a
Class A Address

147

VLSM and CIDR

Routing Protocols and Concepts

148
 Objectives
• Compare and contrast classful and classless IP addressing.
• Review VLSM and explain the benefits of classless IP addressing.
• Describe the role of the Classless Inter-Domain Routing (CIDR) standard in making
efficient use of scarce IPv4 addresses.

149

Introduction
• Prior to 1981, IP addresses used only the first 8 bits to specify the network portion of the
address
• In 1981, RFC 791 modified the IPv4 32-bit address to allow for three different classes
• IP address space was depleting rapidly
• The Internet Engineering Task Force (IETF) introduced Classless
Inter-Domain Routing (CIDR)
• CIDR uses Variable Length Subnet Masking (VLSM) to help conserve
address space

150
 Classful and Classless IP Addressing
• Classful IP addressing
• As of January 2007, there are over 433 million hosts on
internet
• Initiatives to conserve IPv4 address space include:
• VLSM & CIDR notation (1993, RFC
1519)
• Network Address Translation (1994,
RFC 1631)
• Private Addressing (1996, RFC 1918)

151

Classful and Classless IP Addressing

• The High Order Bits
– These are the leftmost bits in a 32 bit address

152
 Classful and Classless IP Addressing
• Classes of IP addresses are identified by the decimal
number of the 1st octet
– Class A address begin with a 0 bit
• Range of class A addresses = 0.0.0.0 to 127.255.255.255
– Class B address begin with a 1 bit and a 0 bit
• Range of class B addresses = 128.0.0.0 to 191.255.255.255
– Class C addresses begin with two 1 bits & a 0 bit
• Range of class C addresses = 192.0.0.0 to 223.255.255.255

153

Classful and Classless IP Addressing

• The IPv4 Classful Addressing Structure (RFC 790)
– An IP address has 2 parts:
• The network portion
– Found on the left side of an IP address
• The host portion
– Found on the right side of an IP address

154
 Classful and Classless IP Addressing

155

Classful and Classless IP Addressing

• Purpose of a subnet mask
– It is used to determine the network portion of an IP address

156
 Classful and Classless IP Addressing
• Classful Routing Updates
– Classful routing protocols (i.e. RIPv1) do not send subnet masks
in their routing updates
– The reason is that the Subnet mask is directly related to the
network address

157

Classful and Classless IP Addressing

• Classless Inter-domain Routing (CIDR – RFC 1517)
• Advantage of CIDR :
• More efficient use of IPv4 address space
• Route summarization
• Requires subnet mask to be included in routing update because
address class is meaningless
• Recall purpose of a subnet mask:
• To determine the network and host portion of an IP address

158
 Classful and Classless IP Addressing
• Classless IP Addressing
• CIDR & Route Summarization
• Variable Length Subnet Masking
(VLSM)
• Allows a subnet to be further sub-
netted according to individual
needs
• Prefix Aggregation a.k.a. Route
Summarization
• CIDR allows for routes to be
summarized as a single route

159

Classful and Classless IP Addressing

• Classless Routing Protocol
• Characteristics of classless routing protocols:
• Routing updates include the subnet mask
• Supports VLSM
• Supports Route Summarization

160
 Classless Routing Protocol

Routing Routing updates Include Supports Ability to send

Protocol subnet Mask VLSM Supernet routes
Classful No No No
Classless Yes Yes Yes

161

Address Space Management

Transitioning to IPv6

162
 IPv4 and IPv6

 Currently, there are approximately 1.3 billion usable IPv4 addresses

available.

163

Why Do We Need a Larger Address

Space?
• Internet population
• Approximately 2,267,233,742 users as on dec 2011 (32.7% of world
population)
• Emerging population and geopolitical address space
• Mobile users
• PDA, pen tablet, notepad, and so on
• Approximately 20 million in 2004
• Mobile phones
• Already 1 billion mobile phones delivered by the industry
• Transportation
• 1 billion automobiles forecast for 2008
• Internet access in planes, for example, Lufthansa
• Consumer devices
• Sony mandated that all its products be IPv6-enabled by 2005
• Billions of home and industrial appliances

164
 IPv6 Advanced Features
• Larger address space:
• Simpler header:
• Global reachability and flexibility • Routing efficiency
• Aggregation • Performance and
• Multihoming forwarding rate
scalability
• Autoconfiguration • No broadcasts
• Plug-and-play • No checksums
• Extension headers
• End-to-end without NAT • Flow labels
• Renumbering • Transition richness:
• Mobility and security: • Dual stack
• Mobile IP RFC-compliant • 6to4 and manual
tunnels
• IPsec mandatory (or native) • Translation
for IPv6

165

IPv6 Address Representation

• Format:
• x:x:x:x:x:x:x:x, where x is a 16-bit hexadecimal field
• Case-insensitive for hexadecimal A, B, C, D, E, and F
• Leading zeros in a field are optional
• Successive fields of zeros can be represented as :: only once per address
• Examples:
• 2031:0000:130F:0000:0000:09C0:876A:130B
• Can be represented as 2031:0:130f::9c0:876a:130b
• Cannot be represented as 2031::130f::9c0:876a:130b
• FF01:0:0:0:0:0:0:1 FF01::1
• 0:0:0:0:0:0:0:1 ::1
• 0:0:0:0:0:0:0:0 ::

166
 IPv6 Address Types
• Unicast:
• Address is for a single interface
• IPv6 has several types (for example, global, reserved, link-local, and site-
local)
• Multicast:
• One-to-many
• Enables more efficient use of the network
• Uses a larger address range
• Anycast:
• One-to-nearest (allocated from unicast address space)
• Multiple devices share the same address
• All anycast nodes should provide uniform service
• Source devices send packets to anycast address
• Routers decide on closest device to reach that destination
• Suitable for load balancing and content delivery services

167

IPv6 Unicast Addressing

• Types of IPv6 unicast addresses:
• Global: Starts with 2000::/3 and assigned by IANA
• Reserved: Used by the IETF
• Private: Link local (starts with FE80::/10)
• Loopback (::1)
• Unspecified (::)
• A single interface may be assigned multiple IPv6 addresses of
any type: unicast, anycast, or multicast.
• IPv6 addressing rules are covered by multiple RFCs.
• Architecture defined by RFC 4291

168
 IPv6 Global Unicast (and Anycast) Addresses

• IPv6 has the same address format for global unicast and for
anycast addresses.
– Uses a global routing prefix—a structure that enables aggregation upward,
eventually to the ISP.
– A single interface may be assigned multiple addresses of any type
(unicast, anycast, multicast).
– Every IPv6-enabled interface contains at least one loopback (::1/128)
and one link-local address.
– Optionally, every interface can have multiple unique local and global
addresses.

169

Link-Local Addresses

• Link-local addresses have a scope limited to the link and are dynamically
created on all IPv6 interfaces by using a specific link-local prefix FE80::/10
and a 64-bit interface identifier.
• Link-local addresses are used for automatic address configuration, neighbor
discovery, and router discovery. Link-local addresses are also used by many
routing protocols.
• Link-local addresses can serve as a way to connect devices on the same local
network without needing global addresses.
• When communicating with a link-local address, you must specify the outgoing
interface because every interface is connected to FE80::/10.

170
 Assigning IPv6 Global Unicast Addresses

– Static assignment
• Manual interface ID assignment
• EUI-64 interface ID assignment
– Dynamic assignment
• Stateless autoconfiguration
• DHCPv6 (stateful)

171

IPv6 EUI-64 Interface Identifier

 Cisco can use the EUI-64 format for interface identifiers.

 This format expands the 48-bit MAC address to 64 bits by
inserting “FFFE” into the middle 16 bits.
 To make sure that the chosen address is from a unique
Ethernet MAC address, the U/L bit is set to 1 for global scope
(0 for local scope).

172
 Switching basics

173

Manageable and Un-Manageable switch

Manageable

Un-manageable

174
 Modular and Un-modular switch

Un-modular

Modular

175

High End switches

CISCO Nexus 7000 series

CISCO catalyst 6500 series

176
 Console cable

DB9 connector RJ45 connector

177

Console cable connected to PC COM port

Console port
com port

178
 Explain the Functions that Enable a Switch
to Forward Ethernet Frames in a LAN
• Describe the switch forwarding methods

179

Initial Startup of the Catalyst Switch

• System startup routines initiate switch software.
• Initial startup uses default configuration parameters.

180
 Catalyst 2960 Switch LED Indicators

181

Showing Switch Initial Startup

Status
SwitchX#show version

 Displays the configuration of the system hardware, software version,

names and sources of configuration files, and boot images

SwitchX#show running-config

 Displays the current active configuration file of the switch

SwitchX#show interfaces

 Displays statistics for all interfaces configured on the switch

182
 Switch show version Command
Switch#show version
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version
12.2(25)SEE2, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 28-Jul-06 11:57 by yenanh
Image text-base: 0x00003000, data-base: 0x00BB7944
ROM: Bootstrap program is C2960 boot loader
BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)SEE1, RELEASE
SOFTWARE (fc1)
Switch uptime is 24 minutes

System returned to ROM by power-on

System image file is "flash:c2960-lanbasek9-mz.122-25.SEE2/c2960-lanbasek9-
mz.122-25.SEE2.bin"
cisco WS-C2960-24TT-L (PowerPC405) processor (revision B0) with
61440K/4088K bytes of memory.
Processor board ID FOC1052W3XC
Last reset from power-on
1 Virtual Ethernet interface
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
! Text omitted
Switch#

183

Switch show interfaces Command

SwitchX#show interfaces FastEthernet0/2
FastEthernet0/2 is up, line protocol is up (connected)
Hardware
Hardware is
is Fast
Fast Ethernet,
Ethernet, address
address is
is 0008.a445.ce82
0008.a445.ce82 (bia
(bia 0008.a445.ce82)
0008.a445.ce82)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex,
Half-duplex, 10Mb/s
10Mb/s
input flow-control is unsupported output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 4w6d, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
182979 packets input, 16802150 bytes, 0 no buffer
Received 49954 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 8 ignored
0 watchdog, 20115 multicast, 0 pause input
0 input packets with dribble condition detected
3747473 packets output, 353656347 bytes, 0 underruns
--More--

184
 Managing the MAC Address Table
Catalyst 2960 Series

SwitchX#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0008.a445.9b40 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 0008.e3e8.0440 DYNAMIC Fa0/2
Total Mac Addresses for this criterion: 5
SwitchX#

185

186
 • Finally switch ports learn the mac addreeses of the computers which are connected in
the respective ports.

187

VLANS

188
 Use of VLAN
• A virtual LAN is a group of hosts with a
common set of requirements that
communicate as if they were attached to the
same broadcast domain.
• Each VLAN consists of a separated broadcast
domain.
• Virtual LANs within a switched local area
network provide segmentation as well as
security.

189

Role of VLANs in a Converged Network

• VLAN port membership modes

190
 Role of VLANs in a Converged Network

191

Configure VLANs on the Switches in a Converged

Network Topology
• Describe the steps to configure trunks and VLANs

192
 Configure VLANs on the Switches in a Converged
Network Topology
• Describe the Cisco IOS commands used to create a VLAN on a Cisco Catalyst switch

193

Role of Trunking VLANs in a Converged Network

• Switch port trunking modes

194
 Summary
• VLANS
• Allows an administrator to logically group devices that act as their own network
• Are used to segment broadcast domains
• Some benefits of VLANs include Cost reduction, security, higher performance,
better management

195

General Role of the Router

• Functions of a Router
• Forwarding packets from
one IP Network to
another IP Network
• Best Path Selections
• Introducing the Topology
• Three series routers
connected via WAN links
• Each router connected to
a LAN represented by a
switch and a PC

196
 General Role of the Router
• Connections of a Router for WAN
• -A router has WAN Serial port that can support 5 different
cabling standards
• Connections of a Router for Ethernet
• -2 types of connections can be used: Straight through and
Cross-over
• Straight through used to connect:
• -Switch-to-Router, Switch-to-PC, Router-to-Switch, Hub-to-PC, Hub-to-
Server
• Cross-over used to connect:
• -Switch-to-Switch, PC-to-PC, Switch-to-Hub, Hub-to-Hub, Router-to-
Router

197

Routers

Un-Modular
Modular

WIC card

198
 Router interfaces

Serial port (DB60)

Fast Ethernet interface Console port

199

Interfaces
• Examining Router Interfaces
• -Physically connecting a WAN Interface.
• -A WAN Physical Layer connection has sides:
• Data Communications Equipment (DCE) – This is the service provider.
CSU/DSU is a DCE device.
• Data Terminal Equipment (DTE) – Typically the router is the DTE device.

200
 • WHAT IS ROUTING?
• IT IS A PROCESS OF FORWARDING PACKETS FROM ONE NETWORK TO OTHER
NETWORK.
• FORWARDING DECISIONS TAKEN BY REFERING THE ROUTING TABLE.

• ROUTING TABLE MAINTAINS,

• DIRECTLY CONNECTED NETWORK ADDRESS
• REMOTE NETWORK ADDERESS.

201

Interfaces
• Configuring an Ethernet interface
• -By default all serial and Ethernet interfaces are down
• -To enable an interface use the No Shutdown command

202
 Interface Configuration
• To configure an Ethernet interface
• Example:
• -R1(config)#interface fast ethernet 0/0
• -R1(config-if)#ip address 10.0.0.1 255.0.0.0
• -R1(config-if)#no shutdown
• SERIAL INTERFACE
• R1(CONFIG)#INT S0/0
• R1(config-if)#ip address 100.0.0.1 255.0.0.0
• -R1(config-if)#no shutdown

203

Interfaces
• Configuring serial links in a lab environment
• One side of a serial connection must be considered a DCE
• This requires placing a clocking signal – use the clock rate command.
• Example:
• -R2(config)#interface serial 0/0
• -R2(config-if)#clock rate 64000

• Serial Interfaces require a clock speed to control the speed of the

communications.

204
 • -R2(config)#interface serial 0/0
• -R2(config-if)#ip address 100.0.0.2 255.0.0.0 R2(config-if)#clock rate 64000
• -R2(config-if)#no shutdown

• R2(CONFIG)#interface Fast ethnet 0/0

• -R2(config-if)#ip address 20.0.0.2 255.0.0.0
• -R2(config-if)#no shutdown

205

206
 Routing Table
• To see the routing table
• SH IP ROUTE
• After the interface configuration.
• Routing table of R1

207

• Routing table of R2

208
 Enterprise Security Fundamentals
 Attacks, Threats, and Vulnerabilities
 Compare and contrast different types of social engineering techniques.
 Explain different threat actors, vectors, and intelligence sources.
 Architecture and Design
 Explain the importance of security concepts in an enterprise environment.
 Secure application development, deployment, and automation concepts.
 Authentication and authorization design concepts.
 Implementation
 Secure protocols
 Host or application security solutions
 Secure network designs
 Wireless security settings
 Secure mobile solutions
 Identity and account management controls
 Authentication and authorization solutions
 Public key infrastructure

209

Information Security
• Security is an ongoing process that includes assessing requirements, setting up
organizational security systems, hardening them, monitoring them, responding
to attacks in progress, and deterring attackers
• Information security (or infosec) refers to the protection of data resources from
unauthorized access, attack, theft, or damage. Data may be vulnerable because of the
way it is stored, the way it is transferred, or the way it is processed. The systems used to
store, transmit, and process data must demonstrate the properties of security

210

210
 Information Security
• CIA Triad
• Confidentiality
• Information should only be known to certain people
• Integrity
• Data is stored and transferred as intended and that any modification is authorized
• Availability
• Information is accessible to those authorized to view or modify it
• Non-repudiation
• Subjects cannot deny creating or modifying data

211

211

Vulnerability, Threat, and Risk

212

212
 Threats, Vulnerabilities risks
• The word “threat” is often confused with (or used
interchangeably with) the words “risk” and “vulnerability.”
But in cybersecurity, it’s important to differentiate
between threat, vulnerability, and risk.
• A threat exploits a vulnerability and can damage or destroy an
asset.
• Vulnerability refers to a weakness in your hardware, software, or
procedures. (In other words, it’s a way hackers could easily find
their way into your system.)
• risk refers to the potential for lost, damaged, or destroyed
assets.

213

Threat Actors, Vectors, and Intelligence Sources

• A threat actor is the source of the threat on the system.
• Vectors are the methods that threat actors use to attack a vulnerability in a
system in order to achieve their objective.
• Threat intelligence is knowledge based on evidence that allows you to
prevent or mitigate cyber threats.

214
 Attributes of Threat Actors
• Known threats versus adversary behaviors
• Internal/external
• Intent/motivation
• Maliciously targeted versus opportunistic
• Accidental/unintentional
• Level of sophistication(capability)
• Resources/funding
• Adversary capability levels

215

215

Hackers, Script Kiddies, and Hacktivists

• The “Lone Hacker”
• White hats versus black hats versus gray hats
• Authorized versus non-authorized versus semi-authorized
• Script kiddies
• Hacker teams and hacktivists

216

216
 State Actors and Advanced Persistent Threats
• State-backed groups
• Attached to military/secret services
• Highly sophisticated
• Advanced Persistent Threat (APT)

Screenshot used with permission from fireeye.com.

217

217

Criminal Syndicates and Competitors

• Criminal syndicates (overtook actual criminals)
• Operate across legal jurisdictions
• Motivated by criminal profit
• Can be very well resourced and funded
• Competitors
• Cyber espionage
• Combine with insider threat

218

218
 Insider Threat Actors
• Malicious insider threat
• Has or has had authorized access
• Employees, contractors, partners
• financial gain, business advantage
• Unintentional insider threat
• Weak policies and procedures
• Weak adherence to policies and procedures
• Lack of training/security awareness
• Shadow IT

219

219

Attack Surface and Vectors

• Attack surface
• Points where an attacker can discover/exploit vulnerabilities in a
network or application
• Minimizing the attack surface means restricting access so that only a
few known endpoints, protocols/ ports, and services/methods are
permitted
• Vectors
• Direct access ex: unlocked system
• Removable media ex: trick to connect USB
• Email : ex: maclicious file attachment
• Remote and wireless : break weak security
• Supply chain : through third party
• Web and social media ex malware in the uploaded posts
• Cloud ex: targeting accounts that are used to manage services
220

220
 social engineering techniques
• Social Engineer is someone who is a master of asking seemingly non-invasive
or unimportant questions to gather information over time.
- Gain trust
- Reduces the defenses of the specific target
• Can be combined with a number of techniques to gather sensitive
information
“Let see a document containing various type of social engineering techniques”

221

security concepts in an enterprise environment

concepts of security related to operating in an enterprise environment.
It delves into enterprise security issues such as change and configuration
management, data sovereignty, protection, and loss prevention.
The Significance of Security Ideas in a Business Setting
Security Overview : - The methods and procedures for preventing
unauthorized access, disclosure, use, or modification of data and information
systems are system security. Data security ensures that information is kept
private, secure, and accessible. An organization's confidential information and
data will not be protected if it lacks security policies and suitable security
standards, placing the organization in danger. Security policies and
welldefined procedures can help secure an organization's assets from
unauthorized access and disclosure.

222
 security concepts in an enterprise environment
• Configuration management • API considerations
• Diagrams
• Site resiliency
• Baseline configuration
• Hot site
• Standard naming conventions
• Cold site
• Internet protocol (IP) schema
• Warm ...
• Data sovereignty
• Data protection
• Data loss prevention (DLP)
• Masking
• Encryption at rest, in transit/motion, and in processing
• Tokenization
• Rights management
• Geographical considerations
• Response and recovery controls
• Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
inspection
• Hashing

223

Architecture and Design

224
 Secure Application Development, Deployment, and
Automation Concepts
• application environment • code reuse
• provisioning • dead code
• deprovisioning • server-side validation
• integrity measurement • client-side validation
• secure coding • data exposure
• normalization • memory management
• stored procedure • automation
• continuous integration and • scripting
continuous delivery (CI/CD) • elasticity
• Open Web Application • scalability
Security Project (OWASP)

225

Authentication and authorization design concepts.

• It is necessary to discern the differences between the actions identification
and authentication, authorization, and accounting (AAA) because you will
be tested on all these concepts. Identification occurs when a user or device
presents information such as a username, a process ID, a smart card, or
another unique identifier and claims an identity.

226
 Authentication and authorization design concepts.
• Authentication is the process of validating an identity. It occurs when the
user provides appropriate credentials, such as the correct password with a
username.
• When identification through the presentation and acceptance of credentials
is accomplished, the credentials must be measured against a list of all known
credentials by the authentication service to determine authorization of the
request before access rights during the session can be established.
Authorization is based on security policy.
• Accounting keeps track of the resources a user accesses by keeping a record
of authentication and authorization actions. Accounting functions log session
statistics and usage information, which can then be used for management
tasks such as access control and resource utilization.

227

core components of AAA:

• The device that wants to access the network is known as the client.
• The policy enforcement point (PEP) is the authenticator. The PEP enforces
the conditions of the client’s access.
• The policy information point (PIP) holds data relevant to the decision on
whether to grant access to the client.
• The policy decision point (PDP) is the crux of the AAA decision and is
responsible for making the final decision about whether to grant access to
the client.
• The accounting and reporting system tracks the client network usage and
reports the “who, what, where, when, and why.”
• Core AAA components are logical functions that can be combined and are
not necessarily physical devices.

228
 Multifactor Authentication & Single Sign-on
• MFA : - A method for authenticating users must be designed and implemented properly
for an organization to achieve established business goals and security control objectives.
Several common factors are used for authentication: something you know, something you
have, something you are, something you do, and somewhere you are. Authentication
factors provide a means of implementing multifactor authentication. Multifactor
authentication provides additional security because account access requires more than a
password.
• Single Sign-on: The proper identification of a person, device, or group is important to
protect and maintain the confidentiality, integrity, and availability (CIA) of an
organization’s assets and infrastructure. Based on business policies, identification and
access controls can be created to authenticate users and devices. Various methodologies
are used to validate identification and grant resource access. Federation, single sign-on,
and transitive trust are the three most popular methods of object identification and
access validation.

229

Secure Protocols
• The network infrastructure is subject to myriad internal and external
attacks through services, protocols, and open ports.
• Older protocols that are still in use might leave a network vulnerable.
• Protocols such as Simple Network Management Protocol (SNMP) and
Domain Name System (DNS) that were developed a long time ago and
have been widely deployed can pose security risks, too.
• We must understand how to properly secure these protocols, especially if
the network has been in existence for a while and newer or more secure
protocols or versions have been developed.

230
 Secure Protocols
• Domain Name System Security Extensions (DNSSEC)
• Secure Shell (SSH)
• Secure/Multipurpose Internet Mail Extensions (S/MIME)
• Secure Real-Time Transport Protocol (SRTP)
• LDAP over SSL (LDAPS)
• File Transfer Protocol, Secure (FTPS)
• SSH File Transfer Protocol (SFTP)
• Simple Network Management Protocol, version 3 (SNMPv3)
• Hypertext Transfer Protocol over SSL (HTTPS)
• Internet Protocol Security (IPsec)
• Authentication Header (AH)
• Encapsulated Security Payload (ESP)
• Secure Post Office Protocol, version 3 (POP3)
• Internet Message Access Protocol (IMAP)

231

Host and Application Security Solutions

• Endpoint Protection
• Organizational attacks are likely to continue increasing in complexity, and all host
devices must have some type of malware protection.
• Malicious code authors are using the dark parts of the Internet to create smarter,
shadier, and stealthier threats. Worse, those authors can adeptly camouflage their work.

• Firewalls and HIPS/HIDS Solutions

• Desktops and laptops need to have layered security, just as servers do. However, many
organizations stop this protection at antivirus software. In today’s environment, that
might not be enough to ward off malware, phishing, and rootkits.
• One of the most common ways to protect desktops and laptops is to use a host firewall.
• A firewall can consist of hardware, software, or a combination of both.
• software firewalls, or host-based firewalls that can be implemented in the user
environment.

232
 Secure Network Design
• Secure network design depends on understanding the concepts of
basic perimeter and internal network devices and devices that provide
a myriad of additional services, such as acting as load balancers and as
proxies that improve network functionality.
• Many of these devices were developed for faster connectivity and to
eliminate traffic bottlenecks; others were developed for convenience.
With all devices that touch a network, proper placement and security
features are important implementation considerations.

233

Essential Terms and Components

• load balancing • network-based intrusion detection
system (NIDS)
• network segmentation
• network-based intrusion prevention
• screened subnet (previously
system (NIPS)
known as demilitarized zone)
• web application firewall (WAF)
• virtual private network (VPN)
• next-generation firewalls (NGFW)
• network access control (NAC)
• unified threat management (UTM)
• port security
• network address translation (NAT)
• jump server
gateway
• proxy server
• access control list (ACL)
• IPv6

234
 Wireless Security Settings
• As wireless technology has become nearly ubiquitous, the focus on wireless security has
increased. Many improvements have been made over the years, in particular in terms of
preventing unauthorized access to wireless networks. It is important to understand how
access is provided to authorized clients, while ensuring that those who are not authorized
are not allowed.
• Authentication to wireless networks is typically accomplished through one of the following
methods:
• Open authentication
• Shared authentication
• Extensible Authentication Protocol (EAP) authentication
• Extensible Authentication Protocol (EAP) is commonly used in larger organizations.
• The authentication process is a bit more involved because an authentication server is required. EAP is an
extension of Point-to-Point Protocol (PPP) and allows for flexibility in authentication, including authentication
methods beyond just a username and a password.
• Instead of using PPP, however, the IEEE 802.1X standard defines using EAP over both wired Ethernet and
wireless networks.

235

Wireless Cryptographic Protocols

• To properly manage the risk of wireless networks and prevent unauthorized access, you
must understand the wireless cryptographic protocols available. Organizations of all
sizes—even home users—need to be aware of the available technologies. The industry
has done a lot to help make technology simple and easy to use, but it has also introduced
vulnerable technologies to make the setup and configuration of wireless clients mindlessly
simple.

236
 Wireless Cryptographic Protocols
• Wired Equivalent Privacy (WEP): This original wireless encryption standard
should not be used today, but it still occasionally is. Its goal was to provide
security on par with that of wired networks, but WEP has many known
security issues. It was superseded in 2003 by WPA.
• Wi-Fi Protected Access (WPA): WPA was developed in response to security
concerns over WEP. WPA is implemented using a couple different options for
encryption.
• Wi-Fi Protected Access Version 2 (WPA2): WPA2 further improved on WPA.
Since 2006, it has been required for Wi-Fi-certified devices. WPA2 introduced
the use of Advanced Encryption Standard (AES) for encryption.
• Wi-Fi Protected Access Version 3 (WPA3): WPA3 added more features and
strengths to the widely adopted WPA2 protocol. Specifically, WPA3 maintains
strong cryptographic algorithms while improving key exchange.

237

Secure mobile solutions

• A mobile device contains a full filesystem, applications, and data. Mobile
devices need to be protected in a similar manner to regular computers.
• The composition of a mobile device is different than that of a regular
computer, though, because it is an embedded device, so security is a bit more
challenging.
• Mobile devices can communicate using several methods, including cellular,
Bluetooth, Wi-Fi, and near-field communication.
“Just about every technology magazine and article published mentions a new
mobile device, operating system release, or service provider merger. We are
just beginning to see the benefits of 5G (the fifth generation of cellular wireless
standards) technology, which provides capabilities beyond 4G LTE mobile
networks to accommodate real-time applications across billions of
interconnected devices”

238
 Secure mobile solutions
• Cellular communications are the main mode that a mobile
device uses to connect to a service provider network. A cellular
network consists of the following components:
• Cellular layout (towers)
• Base station (which connects to the tower)
• Mobile switching office (the centerpiece of the operation)
• Public switched telephone network (PSTN)
• Today wireless providers transmit voice calls over this traditional
circuit-switched network design, and subscribers use the newer
IP-based 4G and 5G LTE networks to access the Internet and
other data services.

239

Essential Terms and Components

• mobile device management (MDM)
• MicroSD hardware security module (HSM)
• unified endpoint management (UEM)
• mobile application management (MAM)
• SEAndroid
• rooting/jailbreaking
• sideloading
• bring your own device (BYOD)
• corporate-owned, personally enabled (COPE)
• choose your own device (CYOD)
• virtual desktop infrastructure (VDI)

240
 Identity and Account Management Controls
• The accounts tied to a user’s identity directly affect your organization’s
level of protection.
• You might find it strange to think that you need to protect a system from
its own users.
• However, internal users have the greatest access to data and, therefore,
the greatest opportunity to either deliberately sabotage it or accidentally
delete it.
“ A logon banner statement should tell users that network access is granted
under certain conditions and that their activities might be monitored. This
helps the organization cover itself legally and reminds users that they are
expected to follow security policy protocols”

241

Identity and Account Management Controls

• IT organizations often use shared accounts for privileged users,
administrators, or applications. This practice presents security and
compliance risks because use cannot be attributed to a particular user, and
determination of specific access rights and audit of access use is impossible.
• One of the first steps in providing a secure account access environment is to
eliminate the use of shared accounts.
• Providing each set of access credentials to a single principal—either a user or
a machine service—enables an organization to measure every use of data
access to determine a baseline for expected and acceptable use.
• We can then monitor against the baseline to look for variations that indicate
potential misuse of enterprise resources or data access.

242
 Identity and Account Management Controls
• Account management
• Account management is fundamental to security practices. Following good practice is
important as it’s the foundation for how users and services gain access to other
systems. The following sections provide general concepts around good practices as
they relate to the account life cycle.

243

Authentication and Authorization Solutions

• Authentication management • Open Authorization (OAuth)
• password vault • OpenID
• Trusted Platform Module (TPM) • Kerberos
• hardware security module (HSM) • attribute-based access control (ABAC)
• knowledge-based authentication (KBA) • role-based access control (RBAC)
• Extensible Authentication Protocol (EAP) • rule-based access control
• Challenge Handshake Authentication Protocol (CHAP) • mandatory access control (MAC)
• Password Authentication Protocol (PAP) • discretionary access control (DAC)
• 802.1X • conditional access
• Remote Authentication Dial-In User Service (RADIUS) • privileged access management (PAM)
• single sign-on (SSO)
• Security Assertion Markup Language (SAML)
• Terminal Access Controller Access Control System Plus
(TACACS+)
•

244
 Public key infrastructure
• A PKI is a vast collection of varying technologies and policies for the creation and use of
digital certificates. A PKI encompasses certificate authorities, digital certificates, and a
variety of tools, systems, and processes.
• Digital signatures are digitally signed data blocks, and they provide several potential
functions but most notably are used for identification and authentication purposes.
• This infrastructure makes use of both types of keys and lays a foundation for binding keys
to an identity via a certificate authority (CA).
• This gives the system a way to securely exchange data over a network using an asymmetric
key system.
• For the most part, this system consists of digital certificates and the CAs that issue the
certificates. These certificates identify individuals, systems, and organizations that have
been verified as authentic and trustworthy.

245

Public key infrastructure

• PKI is widely used to provide secure infrastructure for applications and
networks, including access control, resources from web browsers, and
secure email. PKI protects information by providing the following:

• Identity authentication
• Integrity verification
• Privacy assurance
• Access authorization
• Transaction authorization
• Nonrepudiation support

246