SlideShare a Scribd company logo

Networking recap

Download as PPTX, PDF
Dedi Dwianto, profile picture
Dedi Dwianto

The document provides an overview of networking concepts including the OSI 7 layer model, TCP/IP models, common network protocols, and application layer protocols. It discusses networking components, physical layer vulnerabilities, and connection-oriented and connectionless protocols like TCP and UDP. The document also reviews typical network applications with client-server models and examples of internet applications mapped to application and transport layer protocols.

1 of 30
Downloaded 38 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 Networking Recap Network Security Workshop Dedi Dwianto, C|EH, OSCP Daftar ISI
Contents  Review of networking basics  OSI 7 layer models  TCP/IP – Internet models  Common network protocols
Review of networking basics Networking
Networking Components  HUB  SWITCH  ROUTER  HOST
Networking Components  Network edge :  Applications  Hosts  Network core :  Routers  Network of networks  Access network, physical media :  Communication links
The Network Core  Mesh of interconnected routers
OSI 7 Layer Model
Physical Layer Vulnerabilities  Loss of power  Loss of environmental control  Physical damage or destruction of data and hardware  Unauthorized changes to the functional environment  Disconnection of physical data links  Undetectable interception of data
Data Link Layer Vulnerabilities  MAC address spoofing  VLAN circumvention  Spanning tree errors
Network Layer Vulnerabilities  Route spoofing - propagation of false network topology  IP Address Spoofing- false source addressing on malicious packets  Identity & Resource ID Vulnerability
Transport Layer Vulnerabilities  Mishandling of undefined, poorly defined, or “illegal” conditions  Differences in transport protocol implementation allow “fingerprinting’ and otherenumeration of host information  Overloading of transport-layer mechanisms such as port numbers limit the abilityto effectively filter and qualify traffic.  Transmission mechanisms can be subject to spoofing and attack based oncrafted packets.
Session Layer Vulnerabilities  Weak or non-existent authentication mechanisms  Session identification may be subject to spoofing and hijack  Leakage of information based on failed authentication attempts  Unlimited failed sessions allow brute-force attacks on access credentials
Presentation Layer Vulnerabilities  Poor handling of unexpected input can lead to application crashes or surrender of control to execute arbitrary instructions.  Unintentional or ill-advised use of externally supplied input in control contexts may allow remote manipulation or information leakage.  Cryptographic flaws may be exploited to circumvent privacy protections .
Application Layer Vulnerabilities  Open design issues allow free use of application resources by unintended parties  Backdoors and application design flaws bypass standard security controls  Inadequate security controls force “all-or-nothing” approach, resulting in either excessive or insufficient access.
TCP/IP – Model
TCP Header
UDP Header
IP Header
TCP/IP Tunneling
Connection-oriented service  TCP – Transmission Control Protocol  TCP Service [ RFC 793 ]  Reliable, in-order byte stream data transfer  Flow control  Congestion control
Connection-oriented service  TCP handshaking :  Setup (prepare for) data transfer ahead of time
Connection-oriented service  TCP – Transmission Control Protocol  TCP Service [ RFC 793 ]  Reliable, in-order byte stream data transfer  Flow control  Congestion control
Connectionless  UDP – User Datagram Protocol  UDP Service [ RFC 768 ]  Unreliable data transfer  No flow control  No congestion control
Internet  Internet “millions of connected computing devices : hosts, end-system”  Internet “ network of networks”  Internet standard :  RFC : Request for comments  IETF : Internet Engineering Task Force
Common Network Protocol  Protocols – control sending, receiving of messages  Example :  TCP  IP  HTTP  FTP  PPP
Application Layer Protocols  Application : communicating, distributed processes  Application-layer protocols :  One “piece” of an application  Define messages exchanged by applications and action taken  Use communication services provided by lower layer (TCP, UDP)  Types of messages exchanged
Application Layer Protocols  Public domain protocols :  Defined in RFCs  Allows for interoperability  Example : HTTP, SMTP  Proprietary protocols :  Skype  MS Exchange  VTP
Network Application  Typical network application has two pieces : client and server  Client :  Initiates contact with server  Typically request services from server  Web : client implemented in browser  Email : in mail reader
Network Application  Server:  Provides requested service to client  Example :  Web server send requested web page
Internet Apps : application, transport protocols Application App Layer Protocol Transport Protocol Email SMTP [RFC 2821] TCP Remote Terminal Access Telnet [RFC 854] TCP Web HTTP [RFC 2616] TCP File transfer FTP [RFC 959] TCP Streaming multimedia Proprietary TCP and UDP

More Related Content

PPTX
Cs
Ronak Dhola
 
PPT
Domain-Specific Software Engineering
elliando dias
 
PPTX
3d transistor
swatikamat
 
PPTX
Kr using rules
Deeksha Arya
 
PPTX
Junctionless transistors
Pratishtha Agnihotri
 
PPTX
A Simple Introduction to Word Embeddings
Bhaskar Mitra
 
PPTX
Care for Network and Computer Hardware L-2 (3).pptx
aytenewbelay1
 
PPTX
Ethics and computing profession
shahmansoor109
 
Cs
Ronak Dhola
 
Domain-Specific Software Engineering
elliando dias
 
3d transistor
swatikamat
 
Kr using rules
Deeksha Arya
 
Junctionless transistors
Pratishtha Agnihotri
 
A Simple Introduction to Word Embeddings
Bhaskar Mitra
 
Care for Network and Computer Hardware L-2 (3).pptx
aytenewbelay1
 
Ethics and computing profession
shahmansoor109
 

What's hot (20)

PPT
intrusion detection system (IDS)
Aj Maurya
 
PPTX
Vlsi stick daigram (JCE)
Hrishikesh Kamat
 
PPTX
Deep learning approach for network intrusion detection system
Avinash Kumar
 
PPTX
SE2023 0301 Software Project Management.pptx
Bharat Chawda
 
PPTX
Fundamentals of Network security
APNIC
 
PPT
Vlsi design and fabrication ppt
Manjushree Mashal
 
PPTX
Fasttext 20170720 yjy
재연 윤
 
PDF
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Edureka!
 
PDF
CERTIFICATE MCSA.PDF
Ashish Kumar
 
PPT
Object Oriented Design Concept
Sharath g
 
PPT
Intrusion Detection System using Snort
webhostingguy
 
PPTX
Ch 5 contract review
Kittitouch Suteeca
 
PDF
Introduction to VLSI Design
Kalyan Acharjya
 
PDF
Wps pixie dust attack
invad3rsam
 
PPT
Srs
sunil dutt
 
PPTX
Components of a complete electronic data processing
Jesus Obenita Jr.
 
PPTX
CNS Unit-1.pptx
bhaskar810658
 
PDF
Analyzing Text Preprocessing and Feature Selection Methods for Sentiment Anal...
Nirav Raje
 
PDF
Natural Language Toolkit (NLTK), Basics
Prakash Pimpale
 
PDF
Question Answering - Application and Challenges
Jens Lehmann
 
intrusion detection system (IDS)
Aj Maurya
 
Vlsi stick daigram (JCE)
Hrishikesh Kamat
 
Deep learning approach for network intrusion detection system
Avinash Kumar
 
SE2023 0301 Software Project Management.pptx
Bharat Chawda
 
Fundamentals of Network security
APNIC
 
Vlsi design and fabrication ppt
Manjushree Mashal
 
Fasttext 20170720 yjy
재연 윤
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Edureka!
 
CERTIFICATE MCSA.PDF
Ashish Kumar
 
Object Oriented Design Concept
Sharath g
 
Intrusion Detection System using Snort
webhostingguy
 
Ch 5 contract review
Kittitouch Suteeca
 
Introduction to VLSI Design
Kalyan Acharjya
 
Wps pixie dust attack
invad3rsam
 
Srs
sunil dutt
 
Components of a complete electronic data processing
Jesus Obenita Jr.
 
CNS Unit-1.pptx
bhaskar810658
 
Analyzing Text Preprocessing and Feature Selection Methods for Sentiment Anal...
Nirav Raje
 
Natural Language Toolkit (NLTK), Basics
Prakash Pimpale
 
Question Answering - Application and Challenges
Jens Lehmann
 
Ad

Similar to Networking recap (20)

PPT
Week1 lec2-bscs1
syedhaiderraza
 
PPT
App layer
khushali_modi
 
PPT
02 protocol architecture
chameli devi group of institutions
 
PDF
Computer networking (nnm)
nnmaurya
 
PPT
3rd edition chapter1
nguyễn cầm
 
PDF
02-ProtocolArchitecture.pdf
MiftaNurFarid2
 
PDF
Aplication and Transport layer- a practical approach
Sarah R. Dowlath
 
PPT
internet protocol and networking basic bachelor of science in informATION TEE...
DennisBacani3
 
PPT
ip-basics.ppt
GioSanBuenaventura1
 
PPT
ip net basic understanding slide show ppt
lolo749806
 
PDF
Chapter1 sept 8_05[one.]
LeelaRam Tenneti
 
PPT
Network Lauers in TCP/IP computer networks
pakadamfdp
 
PPT
Ccna introduction
Mukesh Gautam
 
PPTX
Week2 lec2-bscs1
syedhaiderraza
 
PPTX
Lecture 02 networking
HNDE Labuduwa Galle
 
PPT
Datacom_Section_2_-_Protocols.ppt
Kristopher Hefner
 
PDF
Lec 2 and_3
hz3012
 
PPTX
Ch4 Protocols.pptx
azmerawAnna1
 
PDF
Ccent notes part 1
ahmady
 
PPTX
OSI Model.pptx
milon24
 
Week1 lec2-bscs1
syedhaiderraza
 
App layer
khushali_modi
 
02 protocol architecture
chameli devi group of institutions
 
Computer networking (nnm)
nnmaurya
 
3rd edition chapter1
nguyễn cầm
 
02-ProtocolArchitecture.pdf
MiftaNurFarid2
 
Aplication and Transport layer- a practical approach
Sarah R. Dowlath
 
internet protocol and networking basic bachelor of science in informATION TEE...
DennisBacani3
 
ip-basics.ppt
GioSanBuenaventura1
 
ip net basic understanding slide show ppt
lolo749806
 
Chapter1 sept 8_05[one.]
LeelaRam Tenneti
 
Network Lauers in TCP/IP computer networks
pakadamfdp
 
Ccna introduction
Mukesh Gautam
 
Week2 lec2-bscs1
syedhaiderraza
 
Lecture 02 networking
HNDE Labuduwa Galle
 
Datacom_Section_2_-_Protocols.ppt
Kristopher Hefner
 
Lec 2 and_3
hz3012
 
Ch4 Protocols.pptx
azmerawAnna1
 
Ccent notes part 1
ahmady
 
OSI Model.pptx
milon24
 
Ad

More from Dedi Dwianto (7)

PDF
Application Security Trends and Issues
Dedi Dwianto
 
PPTX
Trend Kejahatan Cyber 2015
Dedi Dwianto
 
PPTX
Security Awareness
Dedi Dwianto
 
PPTX
Ancaman & kelemahan server
Dedi Dwianto
 
PPTX
Network Security Risk
Dedi Dwianto
 
PPTX
Vulnerability Assesment
Dedi Dwianto
 
PPTX
what is security
Dedi Dwianto
 
Application Security Trends and Issues
Dedi Dwianto
 
Trend Kejahatan Cyber 2015
Dedi Dwianto
 
Security Awareness
Dedi Dwianto
 
Ancaman & kelemahan server
Dedi Dwianto
 
Network Security Risk
Dedi Dwianto
 
Vulnerability Assesment
Dedi Dwianto
 
what is security
Dedi Dwianto
 

Networking recap

  • 1.  Networking Recap Network Security Workshop Dedi Dwianto, C|EH, OSCP Daftar ISI
  • 2. Contents  Review of networking basics  OSI 7 layer models  TCP/IP – Internet models  Common network protocols
  • 3. Review of networking basics Networking
  • 4. Networking Components  HUB  SWITCH  ROUTER  HOST
  • 5. Networking Components  Network edge :  Applications  Hosts  Network core :  Routers  Network of networks  Access network, physical media :  Communication links
  • 6. The Network Core  Mesh of interconnected routers
  • 7. OSI 7 Layer Model
  • 8. Physical Layer Vulnerabilities  Loss of power  Loss of environmental control  Physical damage or destruction of data and hardware  Unauthorized changes to the functional environment  Disconnection of physical data links  Undetectable interception of data
  • 9. Data Link Layer Vulnerabilities  MAC address spoofing  VLAN circumvention  Spanning tree errors
  • 10. Network Layer Vulnerabilities  Route spoofing - propagation of false network topology  IP Address Spoofing- false source addressing on malicious packets  Identity & Resource ID Vulnerability
  • 11. Transport Layer Vulnerabilities  Mishandling of undefined, poorly defined, or “illegal” conditions  Differences in transport protocol implementation allow “fingerprinting’ and otherenumeration of host information  Overloading of transport-layer mechanisms such as port numbers limit the abilityto effectively filter and qualify traffic.  Transmission mechanisms can be subject to spoofing and attack based oncrafted packets.
  • 12. Session Layer Vulnerabilities  Weak or non-existent authentication mechanisms  Session identification may be subject to spoofing and hijack  Leakage of information based on failed authentication attempts  Unlimited failed sessions allow brute-force attacks on access credentials
  • 13. Presentation Layer Vulnerabilities  Poor handling of unexpected input can lead to application crashes or surrender of control to execute arbitrary instructions.  Unintentional or ill-advised use of externally supplied input in control contexts may allow remote manipulation or information leakage.  Cryptographic flaws may be exploited to circumvent privacy protections .
  • 14. Application Layer Vulnerabilities  Open design issues allow free use of application resources by unintended parties  Backdoors and application design flaws bypass standard security controls  Inadequate security controls force “all-or-nothing” approach, resulting in either excessive or insufficient access.
  • 20. Connection-oriented service  TCP – Transmission Control Protocol  TCP Service [ RFC 793 ]  Reliable, in-order byte stream data transfer  Flow control  Congestion control
  • 21. Connection-oriented service  TCP handshaking :  Setup (prepare for) data transfer ahead of time
  • 22. Connection-oriented service  TCP – Transmission Control Protocol  TCP Service [ RFC 793 ]  Reliable, in-order byte stream data transfer  Flow control  Congestion control
  • 23. Connectionless  UDP – User Datagram Protocol  UDP Service [ RFC 768 ]  Unreliable data transfer  No flow control  No congestion control
  • 24. Internet  Internet “millions of connected computing devices : hosts, end-system”  Internet “ network of networks”  Internet standard :  RFC : Request for comments  IETF : Internet Engineering Task Force
  • 25. Common Network Protocol  Protocols – control sending, receiving of messages  Example :  TCP  IP  HTTP  FTP  PPP
  • 26. Application Layer Protocols  Application : communicating, distributed processes  Application-layer protocols :  One “piece” of an application  Define messages exchanged by applications and action taken  Use communication services provided by lower layer (TCP, UDP)  Types of messages exchanged
  • 27. Application Layer Protocols  Public domain protocols :  Defined in RFCs  Allows for interoperability  Example : HTTP, SMTP  Proprietary protocols :  Skype  MS Exchange  VTP
  • 28. Network Application  Typical network application has two pieces : client and server  Client :  Initiates contact with server  Typically request services from server  Web : client implemented in browser  Email : in mail reader
  • 29. Network Application  Server:  Provides requested service to client  Example :  Web server send requested web page
  • 30. Internet Apps : application, transport protocols Application App Layer Protocol Transport Protocol Email SMTP [RFC 2821] TCP Remote Terminal Access Telnet [RFC 854] TCP Web HTTP [RFC 2616] TCP File transfer FTP [RFC 959] TCP Streaming multimedia Proprietary TCP and UDP