Scribd
Upload
3 views

Network and IoT Security Part 1 - Damola O.

The document covers essential topics in network security, including the OSI and TCP/IP models, IP addressing, common network attacks, and methods to secure networks. It discusses various authentication types, network components like routers and switches, and the importance of subnetting. Additionally, it highlights security protocols such as IPSec and SSL/TLS, along with common network vulnerabilities and attack prevention techniques.

Uploaded by

omonkhoa97
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

Network and IoT Security Part 1 - Damola O.

The document covers essential topics in network security, including the OSI and TCP/IP models, IP addressing, common network attacks, and methods to secure networks. It discusses various authentication types, network components like routers and switches, and the importance of subnetting. Additionally, it highlights security protocols such as IPSec and SSL/TLS, along with common network vulnerabilities and attack prevention techniques.

Uploaded by

omonkhoa97
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 37

Network Security

DAMOLA O.

CISSP
To be covered…
What is a Network?
How does the Internet work?
OSI Model and TCP/IP Model
IP Addressing and Subnetting
Common Network Attacks
Wireless Vulnerability
Benefits of wired over wireless
How to secure your Network
Unsecure and Secure Protocols
Ports and Interfaces
Bluetooth Security
Quick Review – Authentication Types
Something you know
Type 1
E.g., password, memorable information, PIN

Something you have


Type 2
E.g., phone (OTP), token, key card

Something you are


Type 3
E.g., biometrics – fingerprint, voice, facial recognition etc.

Type 1 is the cheapest and easiest to replace | Type 3 is the most expensive to implement and almost impossible to replace if something happens
A Typical Network on the surface level

Access Point

Google.com
Google.com
Internet
{or any other resources}

Many APs perform a lot of duties including: Routing, DHCP, DNS, Firewall services.
Manages LAN traffic by forwarding data only to
Switch the intended device, improving network
efficiency.

Routes data packets between local and external


Router networks

DHCP | DNS | ARP


Maps an IP address to the corresponding
hardware (MAC) address on a LAN.

ARP |Firewalls | Automatically assigns IP addresses to devices on


DHCP
Router | a network.

Switches DNS
Resolves domain names to IP addresses, allowing
devices to locate and connect to remote servers
or websites.

Serves as an entry and exit point between a local


Gateway network and other networks, often the internet.

Caches and filters internet requests, enhancing


Proxy security and performance by reducing the need
for direct connections to external servers.

MAC addresses are unique to devices and theoretically should not be changeable | However we will see how this is possible in the lab
OSI
Application HTTP, Telnet, SNMP, FTP, TFTP, SNMP, POP3, DNS, DNSSec, DHCP,

Presentation Convert from ASCII to EBCDIC, compression, encryption

Session Logical connection between hosts

End-to-End reliability with TCP


Transport
Connectionless with UDP

Logical Addressing (IP)


Network
ICMP, IPSec, IGMP, OSPF, RIP

Point to Point Addressing (MAC)


Data Link Framing
Ethernet (802.3), Token Ring (802.5) FDDI, PPP, ARP, L2TP, Frame Relay, X.25, ATM

Bits and Cables


Physical
ISDN, POTS, PSTN, xDSL, Cable Modem, 802.11x

Please Do Not Throw Sausage Pizza Away!


TCP/IP
Application Layer
◦ Telnet, FTP, SNMP, SMTP, DNS

Transport Layer
◦ TCP, UDP

Internet Layer
◦ IP, ICMP

Network Layer
◦ Undefined in TCP/IP – Frames/MAC addresses
IP
▪Best effort protocol
▪Logical 32-bit address
▪Routing
▪Performs fragmentation
▪Attacks:
◦ Smurf - ICMP attack using broadcast address
◦ Teardrop – fragmented IP packets
◦ Land – source and destination IP the same
◦ Address Spoofing – faking source address

IP attempts to deliver packets to the best of its abilities but does not make commitments about the delivery time or reliability of the data.
IP Fragmentation
IP (Internet Protocol) performs fragmentation when it needs to transmit an IP packet that is
larger than the Maximum Transmission Unit (MTU) of the underlying network. The MTU
represents the maximum size of a packet that a particular network can handle. When an IP
packet is too large to fit within the MTU of a network, IP fragmentation is used to break the
packet into smaller fragments, allowing it to traverse the network and be reassembled at the
destination.
IP

IPv4 – 32 bit
IPv6 – 128 bit Class Range A 1-126
address, written in
address, written in Number of
dotted decimal
hexadecimal hosts 16,777,214
octets

B 128-191 C 192-223 D 224-239 E 240-254


65,534 254 Multicast not used
A.X.X.X
Class A
255.0.0.0

IP Classes Class B
B.B.X.X
255.255.0.0

C.C.C.X
Class C
255.255.255.0

Here are the 3 main classes of IP Addresses and their default subnets. Other classes include D and E.
Subnetting is a method used in networking to
divide a large IP address space into smaller, more
manageable segments.

Imagine taking a big piece of land and splitting it


Subnetting into smaller plots. Each plot has its own unique
address range, allowing devices in that area to
communicate with each other easily.

Subnetting helps with network organisation and


efficient address allocation.
A.X.X.X
10.168.10.2/8
255.0.0.0

Basic
Subnetting – B.B.X.X
172.16.200.10/16
255.255.0.0

Class Exercise

C.C.C.X
192.168.10.14/24
255.255.255.0
192.168.10.14/28 ?

Basic
Subnetting –
192.16.10.2/ 30 ?

up a notch!

192.168.10.14/18 ?
10.0.0.0
Private address 172.16.0.0 –
space 172.31.0.0
192.168.0.0

RFC 1918 &


Non-Public APIPA – Automatic 169.254.0.0
Private IP addressing
Addresses

Loopback address 127.0.0.1

APIPA is mainly used in scenarios where a device can’t obtain a valid IP from a DHCP server, often due to network issues/unavailability of a DHCP server
ICMP –layer 3
◦ Low level network diagnostics
ICMP ◦ PING
◦ Traceroute
◦ ICMP Redirect
•Reliable, connection-oriented protocol
•Retransmits lost or damaged segments
•TCP header contains port and sequence numbers
•Three-way handshake
◦ Syn
TCP ◦ Syn/Ack
◦ Ack
•Attacks
◦ Session hijacking
◦ Syn flood
◦ Fraggle attack – UDP against broadcast address

Remember the TCP operates on layer 4


Image Credit: MDPI

TCP

Remember the TCP operates on layer 4


UDP – layer 4
◦ Connectionless
UDP ◦ Fast
◦ No security
Tunneling
•Transferring data from one network through
another.
•Normally accomplished via encapsulating one
networks protocols inside of another.
•Protocols include:
◦ Point to Point Tunneling Protocol
◦ Layer 2 Tunneling Protocol

•VPN protocols include:


◦ IPSec Protocol
◦ SSL/TLS
VPN
VPN {Quick Class Activity}

Look at the image and determine


Which represents the data?
Which represents the VPN?
What represents the Internet?
Tor

Image credit: linuxreviews.org


IPSec
o IPSec is an OSI Layer 3 protocol that can provide confidentiality and
integrity checking
o IPSec is composed of three other protocols:
◦ IKE – Internet Key Exchange
◦ Exchanges Keys – i.e., Diffie Hellman
◦ AH – Authentication Header
◦ Provides integrity and data origin authentication
◦ ESP –Encapsulating Security Payload
◦ Primarily used for confidentiality
IPSec
oSets up Security Association in each direction
oEach SA is uniquely identified by:
◦ An IP Destination address
◦ The applicable security protocol (AH or ESP)
◦ A Security Parameter Index (SPI)- a unique identifier for that connection

An SA defines how IPsec should protect the communication between two endpoints
SSL
•Protocol used to secure HTTP connections
•Provides
◦ Data confidentiality
◦ Integrity control
◦ Server authentication
◦ Client authentication – optional

•Has been replaced by TLS


How SSL/TLS
Works

Image Credit: Okta Developer


Commonly used ports (out of 65,535)
Port Number Usage
20 File Transfer Protocol (FTP) Data Transfer
21 File Transfer Protocol (FTP) Command Control

22 Secure Shell (SSH)


23 Telnet - Remote login service, unencrypted text messages

25 Simple Mail Transfer Protocol (SMTP) E-mail Routing

53 Domain Name System (DNS) service


80 Hypertext Transfer Protocol (HTTP) used in World Wide Web
Commonly used ports
110 Post Office Protocol (POP3) used by e-mail clients to retrieve e-mail from a
server
119 Network News Transfer Protocol (NNTP)
123 Network Time Protocol (NTP)

143 Internet Message Access Protocol (IMAP) Management of Digital Mail

161 Simple Network Management Protocol (SNMP)

194 Internet Relay Chat (IRC)

443 HTTP Secure (HTTPS) HTTP over TLS/SSL


Network Attacks (p1)
Sniffing/Session Hijacking
Bettercap
Ethercap
ARP Poisoning/MITMF
Detecting and Protecting against ARP Poisoning
Manually by running arp –a and comparing MAC addresses
Xarp/Wireshark
Specific kinds of switches that prevent ARP poisoning
Static allocation of IP and MAC
Network Audit - Netstat

#netstat
Netstat –t {active internet connections}
Netstat –l {display listening server sockers}
Netstat –m {display masqueraded connections}
Netstat -a
Why would an attacker
want to change MAC
Addresses?

Before I changed my MAC…


After I changed my
MAC… Bingo!
To be continued next class..
Questions?

[email protected]
@L_damola_
Wireless & IoT Security

You might also like