Google Cybersecurity -Networks and Network Security

 Network

A network is a group of connected devices.

Devices can communicate on two types of networks: 

a local area network, also known as a LAN, 

and a wide area network, also known as a WAN.

A hub is a network device that 

broadcasts information to every device on the network,

A switch makes connections between 

specific devices on a network by sending 

and receiving data between them. 

A switch is more intelligent than a hub. 

It only passes data to the intended destination. 

This makes switches more secure than hubs, 

and enables them to control the flow of traffic 

and improve network performance.

 

A router is a network device that 

connects multiple networks together.

 

A modem is a device that connects 

your router to the internet, 

and brings internet access to the LAN.

 

For example, if a computer from one network wants to send 

information to a device on a network 

in a different geographic location, 

it would be transferred as follows: 

The computer would send information to the router, 

and the router would then transfer 

the information through the modem to the internet. 

The intended recipient's modem receives the information, 

and transfers it to the router. 

Finally, the recipient's router forwards 

that information to the destination device.

M0re about this-https://www.coursera.org/learn/networks-and-network-security/supplement/AdErf/network-components-devices-and-diagrams

Data Packet

A data packet is a basic unit of information that travels from one 

device to another within a network. 

When data is sent from one device to another across a network, it is sent as 

a packet that contains information about where the packet is going, where it's 

coming from, and the content of the message

.

A data packet is a basic unit of information that travels from one 

device to another within a network. 

When data is sent from one device to another across a network, it is sent as 

a packet that contains information about where the packet is going, where it's 

coming from, and the content of the message.

Bandwidth refers to the amount of data a device receives every second. 

You can calculate bandwidth by dividing the quantity of data by the time in 

seconds. 

Speed refers to the rate at which data packets are received or downloaded.

The TCP/IP model-

TCP, or Transmission Control Protocol, 

is an internet communication protocol that allows 

two devices to form a connection and stream data. 

The protocol includes a set of instructions to 

organize data, so it can be sent across a network. 

It also establishes a connection between two devices 

and makes sure that packets 

reach their appropriate destination.

The IP in TCP/IP stands for Internet Protocol. 

IP has a set of standards used for routing and addressing 

data packets as they travel 

between devices on a network. 

Included in the Internet Protocol (IP) is the IP address 

that functions as an address for each private network

a port is a software-based location that organizes 

the sending and receiving of data 

between devices on a network. 

Some common port numbers are: 

port 25, which is used for e-mail, 

port 443, which is 

used for secure internet communication, 

and port 20, for large file transfers.

The TCP/IP model has four layers. 

The four layers are: the network access layer, 

the internet layer, the transport layer, 

and the application layer.

more-https://www.coursera.org/learn/networks-and-network-security/supplement/SXl0z/learn-more-about-the-tcp-ip-model

https://www.coursera.org/learn/networks-and-network-security/supplement/YbKL0/the-osi-model

IP vs MAC

A MAC address is 

a unique alphanumeric identifier that is 

assigned to each physical device on a network. 

When a switch receives a data packet, 

it reads the MAC address of 

the destination device and maps it to a port. 

It then keeps this information in a MAC address table. 

Think of the MAC address table 

like an address book that the switch 

uses to direct data packets to the appropriate device.

network protocols organize the sending and receiving of data across a network. You also learned that protocols can be divided into three categories: communication protocols, management protocols, and security protocols.

Network protocols (common))

IEEE 802.11 - wifi

more about protocols-https://www.coursera.org/learn/networks-and-network-security/supplement/x73QK/the-evolution-of-wireless-security-protocols

Firewall

A firewall is a network security device that 

monitors traffic to and from your network. 

It either allows traffic or it blocks 

it based on a defined set of security rules. 

A firewall can use port filtering, 

which blocks or allows 

certain port numbers to limit unwanted communication. 

For example, it could have a rule 

that only allows communications on port 

443 for HTTPS or port 

25 for email and blocks everything else. 

These firewall settings will be determined by 

the organization's security policy.

Hardware vs software firewall.

stateful or stateless vs Next Gen firewall

VPN

A virtual private network, 

also known as a VPN, 

is a network security service that changes 

your public IP address and hides 

your virtual location so that you can keep your data 

private when you're using a public 

network like the internet.

 

A VPN service performs 

encapsulation on your data in transit. 

Encapsulation is a process performed 

by a VPN service that protects 

your data by wrapping 

sensitive data in other data packets

.more -https://www.coursera.org/learn/networks-and-network-security/supplement/gEKES/vpn-protocols-wireguard-and-ipsec

Security Zone

Security zones are a segment of a network 

that protects the internal network from the internet. 

Each network segment has 

its own access permissions and security rules.

An organization's network is classified into 

two types of security zones. First, 

there's the uncontrolled zone, 

which is any network outside of 

the organization's control, like the internet. 

Then, there's the controlled zone, 

which is a subnet that protects 

the internal network from the uncontrolled zone. 

There are several types of 

networks within the controlled zone. 

On the outer layer is the demilitarized zone, 

or DMZ, which contains 

public-facing services that can access the internet. 

This includes web servers, 

proxy servers that host websites for the public, 

and DNS servers that provide 

IP addresses for internet users. 

It also includes email and file 

servers that handle external communications. 

The DMZ acts as 

a network perimeter to the internal network. 

The internal network contains private servers and 

data that the organization needs to protect. 

Inside the internal network is 

another zone called the restricted zone. 

The restricted zone protects 

highly confidential information that is only 

accessible to employees with certain privileges.

More about subnetting

Proxy Server

Proxy servers are an important component of network security. Here's a brief understanding of what proxy servers are and how they work:

• A proxy server is a dedicated server that sits between the internet and the rest of the network.
• It acts as an intermediary between clients (users) and other servers on the internet.
• When a client makes a request to connect to the network, the proxy server determines if the connection request is safe.
• The proxy server has a public IP address that is different from the private network's IP address, which adds a layer of security by hiding the private network's IP address from malicious actors on the internet.
• Proxy servers can be used to block unsafe websites that users aren't allowed to access on an organization's network.
• They can also store frequently requested data in temporary memory, reducing the need to fetch data from internal servers and enhancing security by minimizing contact with the internal server.
• There are different types of proxy servers that support network security:
  • Forward proxy server: Regulates and restricts a person's access to the internet, hiding their IP address and approving outgoing requests.
  • Reverse proxy server: Regulates and restricts internet access to an internal server, accepting traffic from external parties, approving it, and forwarding it to the internal servers.
  • Email proxy server: Filters spam email by verifying the sender's address, reducing the risk of phishing attacks.

summary till here -https://www.coursera.org/learn/networks-and-network-security/supplement/mMvwY/virtual-networks-and-privacy

Attacks -Module 3

• Network interception attacks involve intercepting network traffic to steal information or interfere with transmission.
• Backdoor attacks exploit weaknesses intentionally left in systems to bypass access controls.

Dos attack

 

A denial of service attack is 

an attack that targets a network or server 

and floods it with network traffic.

A distributed denial of service attack, or DDoS, 

is a kind of DoS attack that uses 

multiple devices or servers in 

different locations to flood 

the target network .N

etwork level DoS attacks 

that target network bandwidth to slow traffic. 3 types-

•  SYN flood attacks, ICMP flood attacks, and ping of death attacks.
• SYN flood attacks simulate the TCP connection and flood the server with SYN packets, overwhelming the server if the number of requests exceeds available ports.
• ICMP flood attacks repeatedly send ICMP packets to a network server, consuming all the bandwidth and causing the server to crash.
• Ping of death attacks involve sending an oversized ICMP packet to a vulnerable network server, overloading the system and causing it to crash.

network protocol analyzer-https://www.coursera.org/learn/networks-and-network-security/supplement/vqo1C/read-tcpdump-logs

Packet sniffing can be passive or active. 

Passive packet sniffing is a type of 

attack where data packets are read in transit. 

Since all the traffic on a network 

is visible to any host on the hub, 

malicious actors can view 

all the information going 

in and out of the device they are targeting. 

Thinking back to the example of a letter being delivered, 

we can compare a passive packet sniffing 

attack to a postal delivery person 

maliciously reading somebody's mail. 

The postal worker, or packet 

sniffer, has the right to deliver the mail, 

but not the right to read the information inside. 

Active packet sniffing is a type of 

attack where data packets are manipulated in transit. 

This may include injecting 

internet protocols to redirect the packets to 

an unintended port or 

changing the information the packet contains. 

Active packet sniffing attack would 

be like a neighbor telling the delivery person 

"I'll deliver that mail for you," and then reading the mail 

or changing the letter before putting it in your mailbox.

ip spoofing-

• IP spoofing is a network attack where an attacker changes the source IP of a data packet to impersonate an authorized system and gain access to a network.
• Common types of IP spoofing attacks include on-path attacks, replay attacks, and smurf attacks.
• In an on-path attack, the attacker intercepts and alters data in transit by placing themselves between two devices communicating on a network.
• A replay attack involves intercepting and delaying or repeating a data packet at a later time to impersonate an authorized user.
• A smurf attack combines IP spoofing with a DDoS attack, flooding an authorized user's IP address with packets to overwhelm the target computer or network.
• Encryption should be implemented to protect data in network transfers from being read by malicious actors.
• Firewalls can be configured to protect against IP spoofing by rejecting incoming traffic with the same IP address as the local network.

practice- https://www.coursera.org/learn/introduction-to-front-end-development/supplement/p7wrY/other-internet-protocols

terms- https://www.coursera.org/learn/networks-and-network-security/supplement/xiHgn/glossary-terms-from-module-3

Security hardening

 

Security hardening is the process of strengthening a system to reduce its 

vulnerability and attack surface.