Essential Networking Concepts for Cybersecurity

Okay, so you want to get into cybersecurity, but you have been told you need to know and understand networking first Well, that's what we're gonna cover in this video Okay, we're gonna be talking about networking for cybersecurity and what you actually need to know in order to break into the world of cybersecurity usually when you start looking into networking and networking for cybersecurity Everything you're gonna find is extreme overkill it's like information that you would need to know if you were going to be a network engineer and that's just not the case. You don't need to know an insane amount of networking in order to break into the world of cyber security and realistically there's a very little networking you need to know in order to get certified and get into the certification realm of cyber security. So in this video we're going to be covering what you need to know for networking in the world of cyber security specifically and if you're going to be trying to get a job, not working towards any certifications, though this would help. But more specifically, what it is you need to know when you're looking for a job or what you would need to know for a job interview. So with that, the first slide we are covering is networking for cyber security. That is the question. That's what we want to know. TCP versus UDP, both get packaged up. TCP checks for incoming packets. UDP says ready or not. Here they come. They just send the packets. And why should you care? So this is what we're covering in this slide. The first one, TCP. When you think of a TCP connection, you're going to hear TCP IP all the time. And you're going to see the question, what is TCP IP? You're probably going to get asked in an interview question, what is TCP IP? And so TCP is the TCP is the transmission control protocol. And so TCP IP. is going to send out a synchronization packet to the server from the client and then the server will send back a send act so it sends back the synchronization as long as well as an acknowledgement and then the client will send back an acknowledgement and then the communication will begin to flow between the client and the server and you're going to see this in the future and you're going to hear it you're going to have have this question come up what is tcpip and so now you know it's the send the synac it's the send the synac and the ac so it's called the three-way handshake and you will hear this again so the udp it just has a request it sends out the request and it just sends out the response so what the udp does is it has information it wants to send it packages it up and it just sends it some of the packets can get lost it doesn't really care what the server or the recipient of the information is has going on it just sends the information so you're going to see tcp quite often the next slide tcp we already talked a little bit about the transmission control protocol what it is the it's it's viewed typically as the reliable delivery when tcp sends data it always receives the acknowledgement that the data was indeed received so if some packets get lost the sender will actually know okay some packets was lost TCP can also handle getting data out of order, and so it can organize the boxes as they show up. I put the picture in here of a mail truck with the packaged up boxes because this is what it's like when data gets packaged up, and then it goes through the network to the recipient, and then the boxes are unboxed, and it can handle getting the boxes out of order. So UDP, we talked about this. It's connectionless. It sends data and it sends it as it's available, not relying on the receiving end. It just sends the data. If there's lost data, then it is lost data. The delivery, the IP delivery sends the data from one IP to another IP. So as you think about the common analogy for this is a house. Like you have a house and you have different rooms and you tell one of your children, hey, can you go to this room? and get my watch. They have the data, get the watch, and then they have the location, which is the room, and then they go to the room, they get the watch. So when you think of it in the world of cybersecurity, you can think of ports. So we have an image of ports here. The ports are the rooms that are going to be receiving the data. So you would tell the server like, I want to connect to FTP, and it's going to ask you for the data, a login. And then it will go to specifically that port on that server and it will try to communicate. So that's how the delivery system works with the port. And so when you want to connect to a port in TCP, it will... and see if the port is open before it even tries to connect. Where do the packets go? That is supposed to be... Where do the packets go? I have a typo. The packets are sent to their specific ports on the network. Each port has its own assigned function. Ports are not always the same and can be assigned. So each of the ports, you don't want to be trying to send an HTTP request to port 22 because it's just not going to work. So you... actually when you send out the request, it goes to the specific port, which is running specific programs to interpret the data the way that it is supposed to be sent. And so each port has a specific function. In this scan, we have the most common ports that are labeled, but you can actually assign like HTTP to port 8081 or 8080 or other ports. You'll see HTTP running on random ports sometimes when you run an in-map scan. You'll also see things like SSH on port 2222. So you can assign SSH to different ports. They don't always have to be these specific ports. And you will see that in the future. And so when you, we already talked about the mail address a little bit earlier. So we're going to skip that. The SSL, secure sockets layer. SSL is an encrypted connection used between web servers and browsers to protect data privacy. So it tells us exactly how this works. We have this secure socket layer. You're going to see this again. It's going to come up specifically when you encounter a job interview or something of that nature. So this image tells you kind of what happens. The client sends out a request to the server. The server acknowledges it, and then it sends out a session key, and then it encrypts the data as it transfers it back and forth. The OSI model, the open system. Interconnection model. This is something you are going to need to know especially when you're going to be going through a job interview. This is definitely going to come up. This is something you'll need to know in order to communicate with Blue Teamers or the client you've just done a penetration test for. So you have starting at layer one the physical and then two and is data, three is network, four is transport, five is session, and six is the presentation. And seven is the application. So these are the layers and you will need to know these layers. I actually pulled up a Wireshark scan here. If you look down where it says frame 205 with that little arrow, that is going to be your layer one because it actually tells you what's being sent and it's being sent this many bytes. I think it's 1484 bytes and it's being sent on a wire. So that is the physical. Layer on this wireshark packet and then the second is the second layer You can see the MAC addresses there on the ethernet to you see both the MAC addresses So that would be layer two and then the internet protocol that is being used You have the IPs there where the packets are going to be sent with and so that's the network layer And then you have four which is the transmission control protocol and you have that you can see the port that is being sent on And then you have the bottom secure sockets layer, which is going to be layers 5, 6, and 7 all wrapped up together in that one. So when you look at Wireshark, you're going to be able to see exactly how this works. And so if you find a networking problem, you can say, hey, it's on layer 3. And so you'll need to know these layers of the OSI model. So this is something you'll want to commit to memory. So the ARP or the ARP. table. You'll see this a lot. You're going to need to know this when you're going through your certification process, the address resolution protocol. So we see it maps an IP address. I have another typo. You can see if it maps an IP address to a physical machine that is on a local network. ARP-A is one that you're going to use when you have access to the Windows machine that you have remote code execution on, and you'll be able to see the... Arp table, and you'll be able to see what other machines are running on the specific network and where you can attack next. VLAN, it creates a secure tunnel on a local network to send and receive data. So what is a VLAN? It is a virtual local area network. And so when you see these or hear about a VLAN, it's going to be one specific area of a network where they can communicate different. client machines or different machines can communicate to one another and you can have multiple VLANs on a single switch. So that's kind of what these pictures are indicating and I pulled up one where you have a VLAN 1 and VLAN 2 on a specific switch where VLAN 1 would communicate specifically to VLAN 1 and VLAN 2 would be within itself. So this is what you're going to need to know on the networking side. There's more to this like if you want to know common ports. Commit the common ports to memory so that way when you are attacking a network, you don't have to look around and see what exactly is going on. You'll just automatically know what ports are coming. Those are the only things I think you'll need to know when you come into an interview on getting a job in cybersecurity, specifically in the area of networking for cybersecurity.

But more specifically, what it is you need to know when you're looking for a job or what you would need to know for a job interview. So with that, the first slide we are covering is networking for cyber security. That is the question.

That's what we want to know. TCP versus UDP, both get packaged up. TCP checks for incoming packets. UDP says ready or not. Here they come.

They just send the packets. And why should you care? So this is what we're covering in this slide.

The first one, TCP. When you think of a TCP connection, you're going to hear TCP IP all the time. And you're going to see the question, what is TCP IP?

You're probably going to get asked in an interview question, what is TCP IP? And so TCP is the TCP is the transmission control protocol. And so TCP IP. is going to send out a synchronization packet to the server from the client and then the server will send back a send act so it sends back the synchronization as long as well as an acknowledgement and then the client will send back an acknowledgement and then the communication will begin to flow between the client and the server and you're going to see this in the future and you're going to hear it you're going to have have this question come up what is tcpip and so now you know it's the send the synac it's the send the synac and the ac so it's called the three-way handshake and you will hear this again so the udp it just has a request it sends out the request and it just sends out the response so what the udp does is it has information it wants to send it packages it up and it just sends it some of the packets can get lost it doesn't really care what the server or the recipient of the information is has going on it just sends the information so you're going to see tcp quite often the next slide tcp we already talked a little bit about the transmission control protocol what it is the it's it's viewed typically as the reliable delivery when tcp sends data it always receives the acknowledgement that the data was indeed received so if some packets get lost the sender will actually know okay some packets was lost TCP can also handle getting data out of order, and so it can organize the boxes as they show up. I put the picture in here of a mail truck with the packaged up boxes because this is what it's like when data gets packaged up, and then it goes through the network to the recipient, and then the boxes are unboxed, and it can handle getting the boxes out of order.

So UDP, we talked about this. It's connectionless. It sends data and it sends it as it's available, not relying on the receiving end. It just sends the data. If there's lost data, then it is lost data.

The delivery, the IP delivery sends the data from one IP to another IP. So as you think about the common analogy for this is a house. Like you have a house and you have different rooms and you tell one of your children, hey, can you go to this room? and get my watch.

They have the data, get the watch, and then they have the location, which is the room, and then they go to the room, they get the watch. So when you think of it in the world of cybersecurity, you can think of ports. So we have an image of ports here. The ports are the rooms that are going to be receiving the data. So you would tell the server like, I want to connect to FTP, and it's going to ask you for the data, a login.

And then it will go to specifically that port on that server and it will try to communicate. So that's how the delivery system works with the port. And so when you want to connect to a port in TCP, it will... and see if the port is open before it even tries to connect.

Where do the packets go? That is supposed to be... Where do the packets go? I have a typo.

The packets are sent to their specific ports on the network. Each port has its own assigned function. Ports are not always the same and can be assigned. So each of the ports, you don't want to be trying to send an HTTP request to port 22 because it's just not going to work. So you...

actually when you send out the request, it goes to the specific port, which is running specific programs to interpret the data the way that it is supposed to be sent. And so each port has a specific function. In this scan, we have the most common ports that are labeled, but you can actually assign like HTTP to port 8081 or 8080 or other ports.

You'll see HTTP running on random ports sometimes when you run an in-map scan. You'll also see things like SSH on port 2222. So you can assign SSH to different ports. They don't always have to be these specific ports.

And you will see that in the future. And so when you, we already talked about the mail address a little bit earlier. So we're going to skip that. The SSL, secure sockets layer.

SSL is an encrypted connection used between web servers and browsers to protect data privacy. So it tells us exactly how this works. We have this secure socket layer. You're going to see this again.

It's going to come up specifically when you encounter a job interview or something of that nature. So this image tells you kind of what happens. The client sends out a request to the server.

The server acknowledges it, and then it sends out a session key, and then it encrypts the data as it transfers it back and forth. The OSI model, the open system. Interconnection model. This is something you are going to need to know especially when you're going to be going through a job interview.

This is definitely going to come up. This is something you'll need to know in order to communicate with Blue Teamers or the client you've just done a penetration test for. So you have starting at layer one the physical and then two and is data, three is network, four is transport, five is session, and six is the presentation. And seven is the application. So these are the layers and you will need to know these layers.

I actually pulled up a Wireshark scan here. If you look down where it says frame 205 with that little arrow, that is going to be your layer one because it actually tells you what's being sent and it's being sent this many bytes. I think it's 1484 bytes and it's being sent on a wire. So that is the physical. Layer on this wireshark packet and then the second is the second layer You can see the MAC addresses there on the ethernet to you see both the MAC addresses So that would be layer two and then the internet protocol that is being used You have the IPs there where the packets are going to be sent with and so that's the network layer And then you have four which is the transmission control protocol and you have that you can see the port that is being sent on And then you have the bottom secure sockets layer, which is going to be layers 5, 6, and 7 all wrapped up together in that one.

So when you look at Wireshark, you're going to be able to see exactly how this works. And so if you find a networking problem, you can say, hey, it's on layer 3. And so you'll need to know these layers of the OSI model. So this is something you'll want to commit to memory.

So the ARP or the ARP. table. You'll see this a lot.

You're going to need to know this when you're going through your certification process, the address resolution protocol. So we see it maps an IP address. I have another typo.

You can see if it maps an IP address to a physical machine that is on a local network. ARP-A is one that you're going to use when you have access to the Windows machine that you have remote code execution on, and you'll be able to see the... Arp table, and you'll be able to see what other machines are running on the specific network and where you can attack next. VLAN, it creates a secure tunnel on a local network to send and receive data. So what is a VLAN?

It is a virtual local area network. And so when you see these or hear about a VLAN, it's going to be one specific area of a network where they can communicate different. client machines or different machines can communicate to one another and you can have multiple VLANs on a single switch.

So that's kind of what these pictures are indicating and I pulled up one where you have a VLAN 1 and VLAN 2 on a specific switch where VLAN 1 would communicate specifically to VLAN 1 and VLAN 2 would be within itself. So this is what you're going to need to know on the networking side. There's more to this like if you want to know common ports. Commit the common ports to memory so that way when you are attacking a network, you don't have to look around and see what exactly is going on.

You'll just automatically know what ports are coming. Those are the only things I think you'll need to know when you come into an interview on getting a job in cybersecurity, specifically in the area of networking for cybersecurity.

Transcript for:Essential Networking Concepts for Cybersecurity

Transcript for:
Essential Networking Concepts for Cybersecurity