Network Security Threats and Countermeasures-Layers, Protocol and Ports

In this session, you will learn about:

• What is the Internet Layer, IP Header & IP Header fields?
• What is the Transport Layer, TCP Header and Transport Header Fields?
• Protocols versus Ports
• Client-Server Model 
• UDP Protocol and UDP Header fields 
• ICMP Protocol and ICMP Header fields 
• What is HTTP, DHCP, DNS and how does it work?
• Basics of SSL, TLS, FTP, Telnet, SSH and SMTP, IPSec and VPN

Internet Protocol (IP)

• Internet Protocol (IP)
• Used in the delivery of data from one computer to another over the internet
• E-mail
• Web pages 
• Used in conjunction with TCP
• TCP/IP
• Specifies 
• Format of packets
• Addressing scheme
• Connectionless protocol
• No continuing connection
• Between hosts communicating together
• Packets are treated as an independent unit of data 
• No relation to any other unit of data 
• Packets are assembled in the correct order because of the TCP protocol

IPv4

Fourth version of the Internet Protocol (IP)

▪ 32 bits (4 bytes)

– Support for 2^32 IP addresses

– Approximately 4 billion total addresses (becoming 

limited)

And then that is converted into what we call a decimal value, and we will see how all this is done later on.

• IPv4
• 32 bit binary address Eg.: 0001010.00000000.00101100.000000001
• 2 portions: NetworkID and HostID 
• Subnet Mask – differentiates NetworkID and HostID (Binary Anding) 11111111.111111111.00000000.00000000
• Reported in Dotted Decimal Notation 
• 10.0.46.1 255.255.0.0 or 10.0.46. 1/16 
• 10.0.46.1 255.255.255.0 or 10.0.46. 1/24

IPv6

• Sixth revision to the Internet Protocol
• Successor to IPv4 – 128-bit Internet addresses 
• Support up to 2^128 internet addresses 
• Approximately 340,282,366,920,938,000,000,000,000,000,000,000,000
• (3.4 x 1038, or 340 trillion, trillion, trillion) 

• So suppressing the zeros makes it a bit simpler.
• 128 bit binary address ▪ Eg: 0000101000000000.00101100000000001.00101100000000001.00101100000000 000.00101100000000001.00101100000000001.00101100000000001.001011000 00000001
• 2 portions: NetworkID and HostID ▪ 
• Prefix Notation- /64 Standard Fe80:0000:0000:0000:a299:0bff:fe1e:435d%en0 Full Length Fe80::a299:bff:fe1e:435d%en0 (shortened)
• Reported in Hexadecimal (A-F 1-9) 

IP Header Field Overview 

TCP Protocol 

TCP – or the Transmission Control Protocol – which establishes and maintains network communication for applications to exchange data. 

• Now one of the key characteristics of TCP is the fact that it is connection oriented.
• Total number of TCP Ports is 65,535 

When a packet is sent, it waits for the other side to acknowledge the receipt of that packet. At which point, the originating application will send another packet. And it will wait for an acknowledgement from the other side for that one.  

The layered structure allows developers to focus in on just their own little portion of an overall application or network protocol or piece of hardware.

The transport layer is responsible for moving packets from one place to another in terms of network communications. TCP resides in that layer.  

The TCP Protocols job is to just get the packets from point A to point B.

TCP Header

UDP Datagram Protocol (UDP)

• Alternative communications protocol to Transmission Control (TCP) 
• Primarily used for communications favouring: 
• Low-latency
• Tolerable data loss
• Runs on top of Internet Protocol (IP) 
• Similar to TCP 
• Total number of UDP Ports is 65,535  

UDP - Use Case

• Ideal protocol for network applications: 
•  – Gaming 
• – Video communication 
• – Voice communication 
• – Any data that can 
• Suffer some data loss without affecting overall quality 
• Rely on the application to be responsible for retransmitting lost packets and arranging received packets

UDP – Data Transmission Services 

UDP works in conjunction with higher-level protocols to manage certain data transmission services 

▪ Trivial File Transfer Protocol 

▪ Real Time Streaming Protocol (RTSP) 

▪ Simple Network Protocol (SNP) 

▪ Domain Name System (DNS) lookups 

Comparison between IP and TCP

Comparison between TCP and UDP

Internet Control Message Protocol

Internet Control Message Protocol 

▪ Error-reporting protocol 

▪ Generates error messages when there are problems delivering IP packets Creates and sends messages to source IP address indicating any issues with 

o Router 

o Host 

o Service 

▪ Any IP network device can send, receive, or process ICMP messages 

▪ One of the main protocols in the Internet Protocol suite 

▪ Not a transport protocol 

▪ Commonly used in diagnostics and troubleshooting 

o Ping 

o Traceroute 

ICMP Message

▪ Transmitted as datagrams 

▪ Two broad categories: 

o Error reporting 

o Query messages

Well Known TCP/UDP Ports

Ports identify the specific type of service being requested from the system 

 ▪ 20/21 

o File Transfer Protocol (FTP) 

▪ 22 

o Secure Shell (SSH) 

▪ 23 

o Telnet 

▪ 25 

o Simple Mail Transfer Protocol (SMTP)

▪ 53 

o Domain Name System (DNS) 

▪ 66/68 

o Dynamic Host Configuration Protocol (DHCP) 

▪ 69 

o Trivial File Transfer Protocol (TFTP) 

▪ 80 

 o Hypertext Transfer Protocol (HTTP)

▪ 110 

o Post Office Protocol (POP) 

▪ 123 

o Network Time Protocol (NTP) 

▪ 143 

o Interactive Mail Access Protocol (IMAP) 

▪ 161 

 o Simple Network Management Protocol (SNMP)

▪ 389 

o Lightweight Directory Access Protocol (LDAP) 

▪ 443 

o Hypertext Transfer Protocol Service (HTTPS) 

▪ 445 

o Server Message Block (SMB) 

▪ 636 

o Lightweight Directory Access Protocol over SSL (LDAPS) 

▪ 3389 

o Remote Desktop Protocol (RDP) 

▪ 5060/5061 

o Session Initiation Protocol (SIP)

Client-Server Security 

▪ Remains the most prevalent multi-tiered architectures deployed in enterprises 

▪ Security must be implemented in LAN< endpoints, OSes, databases, middleware, application code, and executables

▪ Understand all access points to resources (proxies, remote) 

▪ Auditor must analyse access controls, password policy, crypto mechanisms, configuration management and AUPs

▪ Discover any gaps in access to devices either logical or physical

Client Server Model and Security

How DNS works?

How Does DNS Route Traffic To Your Web Application? 

Dynamic Host Configuration Protocol

How DHCP works: 

DHCP works on DORA process 

▪ Discover 

▪ Offer 

▪ Request 

▪ Acknowledge

SSL and TLS

▪ Secured network connections

o Authentication of both parties 

o Encrypted transmissions

▪ PKI security certificate 

o Assigned to an IP -199.126.169.56

o Assigned to an FQDN – www.acmeapp.com

o Wildcard *.acmeapp.com

o Contains mathematically related public and private key pair 

▪ SSL stands for Secure Sockets Layer

▪ TLS stands for Transport Layer Security 

▪ For HTTP, the common port is TCP 443

▪ TLS supersedes SSL 

▪ SSL has known vulnerabilities 

▪ SSL should be disabled on web servers 

▪ TLS or SSL use has no impact on the PKI certificate

SSL and TLS Traffic Flow

The diagram illustrates a simplified version of the traffic flow between a client and a server

IPSEC and VPN

Virtual Private Networks provide secure connectivity across unsecure network domains such as the Internet through encryption 

IPSec

IPSec uses three main protocols to create a security framework: 

• Internet Key Exchange (IKE) 

o Provides framework for negotiations of security parameters

o Establishment of authenticated keys 

• Encapsulating Security Payload (ESP) 

o Provides framework for encrypting, authenticating and integrity of 

data

• Authentication Header (AH) 

o Provides framework for authenticating and integrity of data

▪ IPSec is an IETF standard that employs cryptography mechanisms on the 

network layer: 

o Authentication of every IP packet

o Verification of data integrity for each packet

o Confidentiality of packet payload

Knowledge Check