Week 1: Network architecture

You’ve learned about security domains in
previous courses. Now we’ll explore one of those
domains further: networks. It’s important to secure networks because
network-based attacks are growing in both frequency and complexity. Hi there! My name is Chris, and I’m
the Chief Information Security Officer for Google Fiber. I’m excited to be your instructor for
this course! I’ve been working in network security and
engineering for over 20 years, and I’m looking forward to sharing some of
my knowledge and experience with you. This course will help you understand
the basic structure of a network (also referred to as network architecture)
and commonly used network tools. You’ll also learn about network operations
and explore some basic network protocols. Next, you’ll learn about
common network attacks and how network intrusion tactics can
prevent a threat to a network. Finally, the course will provide an
overview of security hardening practices and how you might use them
to help secure a network. There’s a lot to learn in
securing networks, and I’m excited to go on
this journey with you. Ready to get started? Let’s go!

Before securing a network, you need to understand the basic design
of a network and how it functions. In this section of the course, you will
learn about the structure of a network, standard networking tools, cloud networks, and the basic framework for organizing communications across
a network called the TCP/IP model. Securing networks is a big part of
a security analyst’s responsibilities, so I’m excited to help you understand how
to secure your organization’s network from threats, risks, and vulnerabilities. Let’s get going!

My name is Chris and I’m the Chief Information Security
Officer at Google Fiber. We provide high speed Internet to customers across
the United States. As the chief information
security officer, I’m responsible for making sure that the
network stays safe, our customers’ data
stays safe and that we are supporting law enforcement
and others as required. The career path was a
long and winding one. My actual first
job was working as a butcher at the
family grocery store. I eventually ended up with a job in the computer
center at college, which is where I learned a lot of my initial
computer skills. Then when I graduated
from college, I started off as a
software developer, designing accounting
software for a consulting company supporting the Department of Agriculture. Then I moved on from
that to other roles, eventually ending up in one of the first Internet
over cable companies. I ran several of their services, email, web services, etc. My stuff kept getting attacked. I fell into cybersecurity because I had to defend the
things that I was building. I realized it was fun. I realized that it was a
great career opportunity. I’ve just stuck with
that ever since then. When I got into this field, other than a couple of books, there wasn’t a lot of
training material out there. There were some other
people out there that I could ask questions of,
and I could get some mentoring from. But as a general rule of
thumb, I was on my own. Despite this being a
fairly technical field, the most important
thing you’re going to learn are the connections you’re going to make
to other people. I made a conscious decision
to become actively involved in some of the
outside work organizations, the trade associations,
the non profits, the meet ups, and other cybersecurity
organizations. This enabled me to build
the reputation and the relationships so that
as my career moved along, people were reaching out
to me saying, hey Chris, we have this opportunity,
are you interested? Because the cybersecurity
industry is so varied, it can seem like there is a tremendous amount you
have to learn that there is this huge step that you have to take in order to
get into the industry. That can be daunting. But the thing to remember is, once you have that
fundamental level of skills and fundamental
level of background, there are so many different
directions you can go and there’s so much
opportunity out there. There’s this continuous
education and curiosity aspect of the
job that is so much fun. It means that you are always having the opportunity
to learn something new, to change directions and
go in new ways because cybersecurity is going to be constantly changing.
And that’s part of the fun.

What are networks in cybersecurity?

A network is a group of connected devices that can communicate with each other. Networks can be wired or wireless, and can be small or large. Networks are essential for businesses and organizations of all sizes, as they allow employees to share resources and collaborate on projects.

Networks are also a target for cybercriminals. Attackers can exploit vulnerabilities in networks to steal data, disrupt operations, or launch denial-of-service attacks. Cybersecurity professionals need to understand how networks work in order to protect them from attack.

Types of networks

There are two main types of networks: local area networks (LANs) and wide area networks (WANs).

• LANs are networks that are confined to a small geographical area, such as an office building or home. LANs are typically connected using cables, but can also use wireless technology.
• WANs are networks that span a large geographical area, such as a city, state, or country. WANs are typically made up of multiple LANs that are connected using routers and other networking devices.

Network devices

Networks are made up of a variety of devices, including:

• Routers: Routers direct traffic between networks.
• Switches: Switches connect devices on a LAN.
• Firewalls: Firewalls protect networks from unauthorized access.
• Servers: Servers provide shared resources to network users.
• Workstations: Workstations are used by network users to access resources and applications.

Network security

Cybersecurity professionals need to implement a variety of security measures to protect networks from attack. These measures include:

• Firewalls: Firewalls can be used to block unauthorized traffic from entering a network.
• Intrusion detection and prevention systems (IDS/IPS): IDS/IPS systems can be used to monitor network traffic for suspicious activity.
• Encryption: Encryption can be used to protect sensitive data that is transmitted over a network.
• Access control: Access control can be used to restrict who has access to network resources.

Conclusion

Networks are essential for businesses and organizations of all sizes. Cybersecurity professionals need to understand how networks work in order to protect them from attack. By implementing a variety of security measures, cybersecurity professionals can help to keep networks safe and secure.

Fill in the blank: A _____ is a group of connected devices.

network

A network is a group of connected devices. The devices on a network can communicate with each other over network cables or wireless connections.

Welcome! Before you can understand
the importance of securing a network, you need to know what a network is. A network is a group of connected devices. At home, the devices connected to
your network might be your laptop, cell phones, and smart devices, like
your refrigerator or air conditioner. In an office, devices like workstations,
printers, and servers all connect to the network. The devices on a network can communicate
with each other over network cables, or wireless connections. Networks in your home and
office can communicate with networks in other locations, and the devices on them. Devices need to find each other on
a network to establish communications. These devices will use unique addresses, or
identifiers, to locate each other. The addresses will ensure that
communications happens with the right device. These are called the IP and MAC addresses. Devices can communicate
on two types of networks: a local area network, also known as a LAN, and a wide area network, also known as a WAN. A local area network, or LAN, spans a small area like an office
building, a school, or a home. For example, when a personal
device like your cell phone or tablet connects to the WIFI in your house,
they form a LAN. The LAN then connects to the internet. A wide area network or WAN spans
a large geographical area like a city, state, or country. You can think of
the internet as one big WAN. An employee of a company in
San Francisco can communicate and share resources with another employee
in Dublin, Ireland over the WAN. Now that you’ve learned about
the structure and types of networks, meet me in an upcoming video to learn
about the devices that connect to them.

My name is Tina and I’m a
software engineer at Google. As a software engineer, I work on an internal tool that serves the
security engineers and network engineers at Google. Network security is
important because we want to make sure that
our network systems are safe and resilient to be able to defend against
malicious hackers, and that we have the ability
to protect our user data. Working with network
security allows to see the overview of the whole
company’s network systems, which is super cool. My favorite part of my
job is the impact I get to have on the community
that I serve at Google. I would say most of my day
is a lot of coding, design, talking to security teams
and network teams on their priorities
and their blockers and being able to come
up with a solution. There are often going to be requests that come
from network teams and security teams that have
specific requirements on certain platforms or on a feature that they need in
one of the network policies, and usually we
would escalate that and try to work on
a fix for that. One piece of advice I would give for someone who wants to take on the cybersecurity
journey is to be able to always keep learning and be curious about how things work. Because security is an
ever changing field, cybersecurity is
definitely a team sport. Everybody has something
to contribute, and especially on
cybersecurity problems, there can be a lot
of possibilities and a lot of different
solutions to one problem. It’s always great to be able to have people to
brainstorm with and to track down issues
together because things can get very complex sometimes, but it’s also a
fun process to be able to work on things together.

My name is Emmanuel and I am an offensive security
engineer at Google. For offensive security, my job is to simulate
adversaries and threats that are targeting
various companies and I look at defending how we can protect Google’s
infrastructure. I make it harder to hack Google by actually
hacking Google. The technical skills that I
use is a lot of programming, as well as learning about operational and
platform security. Knowing how these
computers work, what is under the hood, and understanding the components that create this infrastructure. An entry-level
cybersecurity analyst would look at using command lines, log parsing, and
network traffic analysis in their
everyday scope of work. Command line allows
you to interact with various levels of
your operating system, whether it’s the
low-level things like the memory and the kernel, or if it’s high-level
things like the applications
and the programs that you’re running
on your computer. With log parsing,
they’re going to be times where you
may need to figure out and debug what is
going on in your program or application and
these logs are there to help you
and support you in finding the root issue and
then resolve it from there. With this network
traffic analysis, there may be times where
you need to figure out why is my
Internet going slow? Why is traffic not being routed to the
appropriate destination? What can I do to ensure that my network
is up and running? Network traffic analysis is
looking at network across various application
and network layers and seeing what that
traffic is doing, how we can secure that traffic, as well as identify any
vulnerabilities and concerns. In the contexts for
me, for security, I look at: are passwords being leaked in the traffic that’s being sent across the network? Are infrastructures
being secured? Are firewalls being readily configured and
configured safely? One skill that
has continued to grow with me in my current role has been communicating
effectively to product teams, engineers, and identifying an issue
that is influencing or affecting the business, and communicating to those teams
effectively to fix it. Being able to take
on these many hats and explain things with the
right business approach to things to ensure that
the issues that I do find in my work are identified but there
are also fixed. My advice to folks
who are taking this certificate would take things apart, feel
uncomfortable, learn and grow and find opportunities to learn
and understand how things work and
that skill set will benefit you for the
remainder of your journey.

Network tools in cybersecurity

Network tools are essential for cybersecurity professionals. They are used to monitor networks for suspicious activity, troubleshoot problems, and investigate security incidents.

Some of the most common network tools used in cybersecurity include:

• Firewalls: Firewalls are used to control incoming and outgoing network traffic. They can be used to block malicious traffic from entering a network and to prevent sensitive data from being leaked.
• Intrusion detection systems (IDS): IDSs monitor network traffic for suspicious activity. They can be used to detect malware infections, unauthorized access, and other security threats.
• Intrusion prevention systems (IPS): IPSs are similar to IDSs, but they can also take action to block malicious traffic. For example, an IPS could block a connection from a known malicious IP address.
• Network traffic analyzers (NTAs): NTAs can be used to capture and analyze network traffic. This can be used to troubleshoot network problems, investigate security incidents, and identify suspicious activity.
• Packet sniffers: Packet sniffers can be used to capture and analyze individual packets of network traffic. This can be used to identify malware infections, unauthorized access, and other security threats.

In addition to these general-purpose network tools, there are also a number of specialized tools that can be used for cybersecurity purposes. For example, there are tools that can be used to scan networks for vulnerabilities, tools that can be used to perform penetration testing, and tools that can be used to recover data from compromised systems.

Network tools are an essential part of any cybersecurity toolkit. By using network tools effectively, cybersecurity professionals can protect networks from a variety of security threats.

Here are some specific examples of how network tools can be used in cybersecurity:

• A firewall can be used to block a malicious actor from accessing a company’s network.
• An IDS can be used to detect malware that is being transmitted over the network.
• An IPS can be used to block malware from entering a network and to prevent sensitive data from being leaked.
• An NTA can be used to investigate a security incident by analyzing network traffic logs.
• A packet sniffer can be used to identify a malware infection by capturing and analyzing network traffic.

Network tools are constantly evolving, and new tools are being developed all the time. Cybersecurity professionals need to stay up-to-date on the latest network tools and how to use them effectively.

Fill in the blank: A ____ is a network device that broadcasts information to every device on the network.

hub

A hub is a network device that broadcasts information to every device on the network.

In this video,
you’ll learn about the common devices that make up a network. Let’s get started. A hub is a network device that broadcasts information to
every device on the network. Think of a hub like a radio
tower that broadcasts a signal to any radio tuned
to the correct frequency. Another network
device is a switch. A switch makes
connections between specific devices on a
network by sending and receiving data between them. A switch is more
intelligent than a hub. It only passes data to
the intended destination. This makes switches
more secure than hubs, and enables them to control
the flow of traffic and improve network performance. Another device that we’ll
discuss is a router. A router is a
network device that connects multiple
networks together. For example, if a
computer in one network wants to send information to
a tablet on another network, then the information will
be transferred as follows: First, the information travels from the computer to the router. Then, the router reads the
destination address, and forwards the data to the
intended network’s router. Finally, the receiving router directs that information
to the tablet. Finally, let’s discuss modems. A modem is a device
that connects your router to the internet, and brings internet
access to the LAN. For example, if a computer from
one network wants to send information to a
device on a network in a different
geographic location, it would be transferred
as follows: The computer would send
information to the router, and the router would then transfer the information through
the modem to the internet. The intended recipient’s modem
receives the information, and transfers it to the router. Finally, the recipient’s
router forwards that information to the
destination device. Network tools such
as hubs, switches, routers, and modems
are physical devices. However, many
functions performed by these physical devices can be completed by
virtualization tools. Virtualization
tools are pieces of software that perform
network operations. Virtualization tools
carry out operations that would normally be
completed by a hub, switch, router, or modem, and they are offered by
Cloud service providers. These tools provide
opportunities for cost savings and scalability. You’ll learn more about them later in the
certificate program. Now you’ve explored
some common devices that make up a
network. Coming up, you’re going to learn more
about cloud computing, and how networks can be
designed using cloud services.

Cloud networks in cybersecurity

Cloud networks are collections of servers or computers that store resources and data in a remote data center that can be accessed via the internet. Cloud networks are different from traditional networks because they use remote servers, which allow online services and web applications to be used from any geographic location.

Cloud security is becoming increasingly important as more businesses migrate to cloud services. Cloud service providers offer cloud computing to maintain applications, provide on-demand storage and processing power, and business and web analytics.

Security professionals need to understand how to secure cloud networks in order to protect businesses from cyberattacks. Some of the key security considerations for cloud networks include:

• Access control: Cloud networks need to be properly secured to prevent unauthorized access. This includes implementing strong authentication and authorization mechanisms, as well as monitoring access logs for suspicious activity.
• Data encryption: Sensitive data stored in the cloud should be encrypted to protect it from unauthorized access. Cloud service providers typically offer encryption services, but businesses should also implement their own encryption measures to add an extra layer of security.
• Network segmentation: Cloud networks should be segmented to isolate different types of traffic and prevent unauthorized access between different segments. This can be done using firewalls, VLANs, and other network security devices.
• Security monitoring: Cloud networks should be monitored for suspicious activity, such as unauthorized access attempts, malware infections, and denial-of-service attacks. Security professionals should use a variety of security tools and techniques to monitor cloud networks effectively.

In addition to these general security considerations, there are also some specific cybersecurity challenges that businesses need to be aware of when using cloud networks. For example, cloud service providers are often targets of cyberattacks, and businesses need to take steps to protect their data from being compromised. Additionally, businesses need to be aware of the shared responsibility model for cloud security, which means that they are responsible for securing their own data and applications, even when they are hosted in the cloud.

By understanding the unique cybersecurity challenges of cloud networks, businesses can take steps to protect their data and applications from cyberattacks.

Here are some additional tips for securing cloud networks:

• Use strong passwords and multi-factor authentication for all cloud accounts.
• Keep cloud software up to date with the latest security patches.
• Use a web application firewall (WAF) to protect cloud applications from common web attacks.
• Implement intrusion detection and prevention systems (IDS/IPS) to monitor cloud networks for suspicious activity.
• Regularly back up cloud data to an offline location.

By following these tips, businesses can help to protect their cloud networks from cyberattacks and keep their data safe.

Fill in the blank: A _____ is a collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet.

cloud network

A cloud network is a collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet.

Companies have traditionally
owned their network devices, and kept them in their own office buildings. But now, a lot of companies are using third-party
providers to manage their networks. Why? Well, this model helps companies save
money while giving them access to more network resources. The growth of cloud computing is
helping many companies reduce costs and streamline their network operations. Cloud computing is the practice of using
remote servers, applications, and network services that are hosted on the internet
instead of on local physical devices. Today, the number of businesses that use
cloud computing is increasing every year, so it’s important to understand how cloud
networks function and how to secure them. Cloud providers offer an alternative
to traditional on-premise networks, and allow organizations to have the benefits
of the traditional network without storing the devices and managing
the network on their own. A cloud network is a collection of servers
or computers that stores resources and data in a remote data center that
can be accessed via the internet. Because companies don’t house
the servers at their physical location, these servers are referred
to as being “in the cloud”. Traditional networks host web servers from
a business in its physical location. However, cloud networks are different from
traditional networks because they use remote servers, which
allow online services and web applications to be used
from any geographic location. Cloud security will become increasingly
relevant to many security professionals as more organizations migrate
to cloud services. Cloud service providers offer cloud
computing to maintain applications. For example,
they provide on-demand storage and processing power that their
customers only pay as needed. They also provide business and web analytics that organizations can use
to monitor their web traffic and sales. With the transition to cloud networking,
I have witnessed an overlap of identity-based security on top of the more
traditional network-based solutions. This meant that my focus needed to be
on verifying both where the traffic is coming from and
the identity that is coming with it. More organizations are moving their network
services to the cloud to save money and simplify their operations. As this trend has grown, cloud security has become a significant
aspect of network security.

Introduction to network communication in Cybersecurity

Network communication is the process of transferring data between devices over a network. Networks can be wired or wireless, and they can be private or public.

Cybersecurity professionals need to understand how network communication works in order to protect networks from attack.

Data packets

Network communication is typically broken down into small units of data called data packets. Each data packet contains information about where the packet is going, where it’s coming from, and the content of the message.

Network protocols

Network protocols are the rules that govern how data packets are exchanged over a network. There are many different network protocols, each with its own purpose.

Some common network protocols include:

• TCP (Transmission Control Protocol): TCP is a reliable protocol that guarantees that data packets are delivered in the correct order and without errors.
• UDP (User Datagram Protocol): UDP is a faster protocol that does not guarantee delivery of data packets.
• IP (Internet Protocol): IP is the protocol that assigns unique addresses to devices on a network.
• HTTP (Hypertext Transfer Protocol): HTTP is the protocol that is used to transfer web pages.
• HTTPS (Secure Hypertext Transfer Protocol): HTTPS is a secure version of HTTP that uses encryption to protect data in transit.

Cybersecurity threats to network communication

Network communication can be vulnerable to a variety of cybersecurity threats, including:

• Packet sniffing: Packet sniffing is the practice of capturing and inspecting data packets that are transmitted over a network.
• Man-in-the-middle attacks: Man-in-the-middle attacks involve an attacker intercepting and modifying data packets that are being transmitted between two devices.
• Denial-of-service attacks: Denial-of-service attacks involve flooding a network with traffic in order to make it unavailable to legitimate users.

Cybersecurity measures to protect network communication

There are a number of cybersecurity measures that can be taken to protect network communication, including:

• Using strong passwords and multi-factor authentication: Strong passwords and multi-factor authentication help to prevent unauthorized users from accessing networks.
• Keeping software up to date: Keeping software up to date helps to patch known security vulnerabilities.
• Using firewalls and intrusion detection systems: Firewalls and intrusion detection systems can help to protect networks from unauthorized access and malicious activity.
• Using encryption: Encryption can be used to protect data in transit and at rest.

Conclusion

Network communication is essential for modern businesses and organizations. Cybersecurity professionals need to understand how network communication works in order to protect networks from attack.

By following the cybersecurity measures outlined above, organizations can help to protect their networks from a variety of threats.

What is a data packet?

A basic unit of information that travels from one device to another within a network.

A data packet is a basic unit of information that travels from one device to another within a network.

Networks help organizations
communicate and connect. But communication makes network attacks
more likely because it gives a malicious actor an opportunity to take
advantage of vulnerable devices and unprotected networks. Communication over a network happens when
data is transferred from one point to another. Pieces of data are typically
referred to as data packets. A data packet is a basic unit of
information that travels from one device to another within a network. When data is sent from one device to
another across a network, it is sent as a packet that contains information about
where the packet is going, where it’s coming from, and
the content of the message. Think about data packets like
a piece of physical mail. Imagine you want to send
a letter to a friend. The envelope will need to have the address
where you want the letter to go and your return address.
Inside the envelope is a letter that contains the message that you
want your friend to read. A data packet is very
similar to a physical letter. It contains a header that includes
the internet protocol address, the IP address, and the media access control, or
MAC, address of the destination device. It also includes a protocol number that
tells the receiving device what to do with the information in the packet. Then there’s the body of the packet,
which contains the message that needs to be transmitted to the receiving device. Finally, at the end of the packet,
there’s a footer, similar to a signature on a letter, the footer signals to the receiving
device that the packet is finished. The movement of data packets across a
network can provide an indication of how well the network is performing. Network
performance can be measured by bandwidth. Bandwidth refers to the amount of
data a device receives every second. You can calculate bandwidth by dividing
the quantity of data by the time in seconds. Speed refers to the rate at which data
packets are received or downloaded. Security personnel are interested
in network bandwidth and speed because if either are irregular,
it could be an indication of an attack. Packet sniffing is
the practice of capturing and inspecting data packets
across the network. Communication on the network is
important for sharing resources and data because it allows organizations
to function effectively. Coming up, you’ll learn more about the protocols
to support network communication.

The TCP/IP model in Cybersecurity

The TCP/IP model is the standard model used for network communication. It is a four-layer model that defines how data is transmitted over a network. The four layers are:

• Application layer: This layer is responsible for providing services to applications, such as web browsing, email, and file transfer.
• Transport layer: This layer is responsible for establishing and maintaining connections between devices and ensuring that data packets are delivered in the correct order and without errors.
• Internet layer: This layer is responsible for routing data packets between devices on a network and assigning each device a unique address.
• Network access layer: This layer is responsible for transmitting data packets over a physical medium, such as a cable or wireless signal.

Cybersecurity professionals need to understand the TCP/IP model in order to protect networks from attack. For example, attackers can exploit vulnerabilities in the application layer to steal data or launch denial-of-service attacks. Attackers can also exploit vulnerabilities in the transport layer to intercept or modify data packets.

Here are some specific cybersecurity threats that can be exploited at each layer of the TCP/IP model:

• Application layer:
  • Cross-site scripting (XSS): XSS attacks allow attackers to inject malicious code into web pages that can be executed by unsuspecting users.
  • SQL injection attacks: SQL injection attacks allow attackers to execute malicious SQL queries on databases.
• Transport layer:
  • Session hijacking: Session hijacking attacks allow attackers to take over existing sessions between users and applications.
  • Man-in-the-middle attacks: Man-in-the-middle attacks allow attackers to intercept and modify data packets that are being transmitted between two devices.
• Internet layer:
  • Spoofing attacks: Spoofing attacks allow attackers to impersonate legitimate devices on a network.
  • Denial-of-service attacks: Denial-of-service attacks involve flooding a network with traffic in order to make it unavailable to legitimate users.
• Network access layer:
  • Eavesdropping attacks: Eavesdropping attacks allow attackers to intercept data packets that are being transmitted over a network.
  • Packet sniffing attacks: Packet sniffing attacks allow attackers to capture and inspect data packets that are being transmitted over a network.

Cybersecurity professionals can use a variety of security measures to protect networks from attack at each layer of the TCP/IP model. For example, they can use firewalls to filter traffic at the network access layer, use intrusion detection systems to monitor for suspicious activity at the transport layer, and use encryption to protect data packets at the application layer.

By understanding the TCP/IP model and the cybersecurity threats that can be exploited at each layer, cybersecurity professionals can help to protect networks from a wide range of attacks.

Hello again. In this video, you’ll learn more about
communication protocols and devices used to communicate with each other
across the internet. This is called the TCP/IP model. TCP/IP stands for Transmission Control Protocol
and Internet Protocol. TCP/IP is the standard model used for network communication. Let’s take a closer
look at this model by defining TCP and IP separately. First, TCP, or Transmission
Control Protocol, is an internet communication
protocol that allows two devices to form a
connection and stream data. The protocol includes a
set of instructions to organize data, so it can
be sent across a network. It also establishes a
connection between two devices and makes sure that packets reach their appropriate
destination. The IP in TCP/IP stands
for Internet Protocol. IP has a set of standards used
for routing and addressing data packets as they travel between devices on a network. Included in the Internet
Protocol (IP) is the IP address that functions as an address
for each private network. You’ll learn more about
IP addresses a bit later. When data packets are sent and
received across a network, they are assigned a port. Within the operating system
of a network device, a port is a software-based
location that organizes the sending and receiving of data between devices
on a network. Ports divide network
traffic into segments based on the service they will perform between two devices. The computers sending and receiving these data
segments know how to prioritize and process
these segments based on their port number. This is like sending a letter to a friend who lives in
an apartment building. The mail delivery person not only knows how to
find the building, but they also know exactly
where to go in the building to find the apartment number
where your friend lives. Data packets include
instructions that tell the receiving device what
to do with the information. These instructions come in
the form of a port number. Port numbers allow computers to split the network traffic and prioritize the operations they will perform with the data. Some common port
numbers are: port 25, which is used for e-mail, port 443, which is used for secure internet
communication, and port 20, for large
file transfers. As you’ve learned in this video, a lot of information
and instructions are contained in data packets as they travel across a network. Coming up, you’ll learn more
about the TCP/IP model.

The four layers of the TCP/IP model

The TCP/IP model is a conceptual model that describes how data is transmitted over a network. It has four layers:

• Network access layer: This layer is responsible for transmitting data packets over a physical medium, such as a cable or wireless signal.
• Internet layer: This layer is responsible for routing data packets between devices on a network and assigning each device a unique address.
• Transport layer: This layer is responsible for establishing and maintaining connections between devices and ensuring that data packets are delivered in the correct order and without errors.
• Application layer: This layer is responsible for providing services to applications, such as web browsing, email, and file transfer.

Cybersecurity professionals need to understand the four layers of the TCP/IP model in order to protect networks from attack. Attackers can exploit vulnerabilities in each layer of the model to launch attacks.

Network access layer

The network access layer is the lowest layer of the TCP/IP model. It is responsible for transmitting data packets over a physical medium, such as a cable or wireless signal.

Attackers can exploit vulnerabilities in the network access layer to eavesdrop on data packets, modify data packets, or disrupt network communication.

Internet layer

The internet layer is responsible for routing data packets between devices on a network and assigning each device a unique address.

Attackers can exploit vulnerabilities in the internet layer to spoof IP addresses, launch denial-of-service attacks, or redirect traffic to malicious websites.

Transport layer

The transport layer is responsible for establishing and maintaining connections between devices and ensuring that data packets are delivered in the correct order and without errors.

Attackers can exploit vulnerabilities in the transport layer to hijack sessions, launch man-in-the-middle attacks, or inject malicious code into data packets.

Application layer

The application layer is the highest layer of the TCP/IP model. It is responsible for providing services to applications, such as web browsing, email, and file transfer.

Attackers can exploit vulnerabilities in the application layer to steal data, launch denial-of-service attacks, or install malware on devices.

By understanding the four layers of the TCP/IP model, cybersecurity professionals can develop more effective security measures to protect networks from attack.

Here are some specific cybersecurity threats that can be exploited at each layer of the TCP/IP model:

• Network access layer:
  • Eavesdropping attacks: Eavesdropping attacks allow attackers to intercept data packets that are being transmitted over a network.
  • Packet sniffing attacks: Packet sniffing attacks allow attackers to capture and inspect data packets that are being transmitted over a network.
• Internet layer:
  • Spoofing attacks: Spoofing attacks allow attackers to impersonate legitimate devices on a network.
  • Denial-of-service attacks: Denial-of-service attacks involve flooding a network with traffic in order to make it unavailable to legitimate users.
• Transport layer:
  • Session hijacking: Session hijacking attacks allow attackers to take over existing sessions between users and applications.
  • Man-in-the-middle attacks: Man-in-the-middle attacks allow attackers to intercept and modify data packets that are being transmitted between two devices.
• Application layer:
  • Cross-site scripting (XSS) attacks: XSS attacks allow attackers to inject malicious code into web pages that can be executed by unsuspecting users.
  • SQL injection attacks: SQL injection attacks allow attackers to execute malicious SQL queries on databases.

Cybersecurity professionals can use a variety of security measures to protect networks from attack at each layer of the TCP/IP model. For example, they can use firewalls to filter traffic at the network access layer, use intrusion detection systems to monitor for suspicious activity at the internet layer, and use encryption to protect data packets at the application layer.

By understanding the TCP/IP model and the cybersecurity threats that can be exploited at each layer, cybersecurity professionals can help to protect networks from a wide range of attacks.

Now that we’ve discussed
the structure of a network and how
communications takes place, it’s important for
you to know how the security
professionals identify problems that might arise. The TCP/IP model is a
framework that is used to visualize how data is organized and transmitted
across the network. The TCP/IP model
has four layers. The four layers are: the
network access layer, the internet layer,
the transport layer, and the application layer. Knowing how the TCP/IP model
organizes network activity allows security professionals to monitor and secure
against risks. Let’s examine these
layers one at a time. Layer one is the
network access layer. The network access layer
deals with creation of data packets and their
transmission across a network. This includes hardware
devices connected to physical cables and switches that direct data
to its destination. Layer two is the internet layer. The internet layer is where
IP addresses are attached to data packets to indicate the location of the
sender and receiver. The internet layer also focuses on how networks
connect to each other. For example, data packets containing information
that determine whether they will stay on the
LAN or will be sent to a remote network,
like the internet. The transport layer
includes protocols to control the flow of
traffic across a network. These protocols permit or
deny communication with other devices and include information about the
status of the connection. Activities of this layer
include error control, which ensures data is flowing smoothly across the network. Finally, at the
application layer, protocols determine
how the data packets will interact with
receiving devices. Functions that are organized
at application layer include file transfers
and email services. Now you have an understanding of the TCP/IP model and its four layers. Meet you
in the next video.

What is the second layer of the TCP/IP model?

Internet layer

The internet layer is the second layer of the TCP/IP model. The internet layer is where IP addresses are attached to data packets to indicate the location of the sender and receiver. The internet layer also focuses on how networks connect to each other.

Tutorial on IP Addresses and Network Communication in Cybersecurity

IP addresses are essential for network communication, but they can also be a security risk. Cybersecurity professionals need to understand how IP addresses work and how they can be exploited by attackers.

What is an IP address?

An IP address is a unique numerical address that is assigned to every device connected to the internet. It is used to identify and locate devices on the internet so that they can communicate with each other.

How are IP addresses used in network communication?

When two devices want to communicate with each other over the internet, they exchange IP addresses. This allows them to identify each other and send data packets to each other.

What are the different types of IP addresses?

There are two main types of IP addresses: IPv4 and IPv6. IPv4 is the older and more common type of IP address. It is a 32-bit number that is written as four groups of numbers separated by dots. For example, 192.168.1.1 is an IPv4 address.

IPv6 is the newer and more modern type of IP address. It is a 128-bit number that is written as eight groups of four hexadecimal digits separated by colons. For example, fe80::200:57ff:fe00:1 is an IPv6 address.

What are the security risks associated with IP addresses?

IP addresses can be used by attackers to launch a variety of attacks, including:

• IP spoofing: This is when an attacker sends packets with a forged IP address, making it appear as if the packets are coming from a legitimate source. This can be used to launch denial-of-service attacks or to gain unauthorized access to systems.
• IP geolocation: Attackers can use IP addresses to track the location of users and devices. This information can be used to launch targeted attacks or to sell to other attackers.
• IP blacklisting: If a device is associated with malicious activity, its IP address may be blacklisted. This can prevent the device from accessing legitimate websites and services.

How can cybersecurity professionals protect against IP-based attacks?

Cybersecurity professionals can protect against IP-based attacks by implementing a variety of measures, including:

• Using firewalls: Firewalls can be used to filter traffic and block packets from suspicious IP addresses.
• Using intrusion detection/prevention systems (IDS/IPS): IDS/IPS systems can be used to detect and block malicious traffic, including traffic from suspicious IP addresses.
• Using IP reputation databases: IP reputation databases can be used to identify IP addresses that are associated with malicious activity.
• Educating users about IP-based attacks: Users should be educated about the risks of IP-based attacks and how to protect themselves. This includes teaching users how to identify and avoid phishing attacks and other social engineering attacks.

By understanding the security risks associated with IP addresses and implementing appropriate security measures, cybersecurity professionals can help to protect their organizations from IP-based attacks.

Which of the following is an example of an IPv4 address?

192.168.1.23

192.168.1.23 is an example of an IPv4 address. IPv4 addresses have four, 1 to 3 digit numbers separated by decimal points.

Let’s learn about how IP addresses are used to
communicate over a network. IP stands for internet protocol. An internet protocol
address, or IP address, is a unique string of
characters that identifies a location of a
device on the internet. Each device on the internet
has a unique IP address, just like every
house on a street has its own mailing address. There are two types
of IP addresses: IP version 4, or IPv4, and IP version 6, or IPv6. Let’s look at examples
of an IPv4 address. IPv4 addresses are
written as four, 1, 2, or 3-digit numbers
separated by a decimal point. In the early days
of the internet, IP addresses were all IPV4. But as the use
of the internet grew, all the IPv4 addresses
started to get used up, so IPv6 was developed. IPv6 addresses are made
up of 32 characters. The length of the IPv6 address will allow for more
devices to be connected to the internet
without running out of addresses as quickly as IPv4. IP addresses can be
either public or private. Your internet service
provider assigns a public IP address that is connected to your
geographic location. When network communications goes out from your device
on the internet, they all have the same
public-facing address. Just like all the roommates in one home share the
same mailing address, all the devices on
a network share the same public-facing
IP address. Private IP addresses
are only seen by other devices on the
same local network. This means that
all the devices on your home network can
communicate with each other using unique IP addresses that the rest of the
internet can’t see. Another kind of address used in network communications
is called a MAC address. A MAC address is a unique alphanumeric
identifier that is assigned to each physical
device on a network. When a switch receives
a data packet, it reads the MAC address of the destination device
and maps it to a port. It then keeps this information
in a MAC address table. Think of the MAC address table like an address book
that the switch uses to direct data packets
to the appropriate device. In this video, you learned about IP version 4 and IP
version 6 addresses. You learned how IP and MAC
addresses are used in network communication
and the difference between a public and
a private IP address.

Hey, you made it! Well done! Let’s wrap up what you’ve learned
in this section of the course. We explored the structure of a network,
including WANs and LANs. We also discussed standard
networking tools like hubs, switches, routers, and modems. We briefly introduced cloud networks, and
we discussed their benefits. We also spent some time
on the TCP/IP model. As a reminder, technicians and security
analysts often use this framework when communicating where network
problems have occurred. That wraps up this section. Next, you’ll learn more
about network operations and how data is transmitted
over wireless networks.