demystifying the network
play

Demystifying the Network Networking 101 for Security Peeps RVASec - PowerPoint PPT Presentation

Sep 12, 2023 •33 likes •433 views

Bits, Frames and Packets Demystifying the Network Networking 101 for Security Peeps RVASec 2019 Rick Lull Agenda Intro Why this Talk What this Talk isnt Networking what, where, why, how Securing networks Network Security

  1. Bits, Frames and Packets – Demystifying the Network Networking 101 for Security Peeps RVASec 2019 Rick Lull

  2. Agenda Intro Why this Talk What this Talk isn’t Networking – what, where, why, how Securing networks Network Security – what, why, where, how Closing – Questions and Answers

  3. Introduction – Rick Lull Rick Lull • Lead Security Consultant at SyCom Technologies • Over 20 years in IT Industry • 15 years in network and network security operations • Many certifications, past and present • Small warning: Dad was a sailor; I picked up some of his habits.

  4. Why this talk? • Networking is a fundamental and foundational service that security practitioners should understand • Unfortunately, many don’t  • Or they have certain misconceptions or misassumptions about how it works • Due to that, decisions get made that end up causing friction between the network and security teams • Defensive security is hard – let’s not make it ANY harder than we have to

  5. What this talk isn’t • A network architecture or engineering or operations course • A network security course • In other words, just listening to me for 50 minutes will NOT make you pass Network+ or CCNA-Security or whatever

  6. Network – What, Why and Where? • What is a network? • Why do we have them? • Where are they? • EVERYWHERE!

  7. Networking – How? • With equipment, of course! • Routers, switches, firewalls, bridges, access points, proxies, VPNs, etc • Before we dive in to all that fun tech stuff, let’s talk about some theoretical models about how we might expect this thought exercise network to work

  8. Networking – How? • OSI Model • A layered model – from the wire to the application

  9. Networking – OSI Model • Layer 1 – Physical • Layer 2 – Data Link • Layer 3 – Network • Layer 4 – Transport • Layer 5 – Session • Layer 6 – Presentation • Layer 7 – Application

  10. How? OSI Model -> Real World Examples Layer Data Unit Example Layer 1 – Physical Bits Electrical signals on wire, light pulses on fiber, radio waves on wireless Layer 2 – Data Link Frames Ethernet, TDM, Fiberchannel, AppleTalk, TokenRing, ARCNET Layer 3 – Network Packets IP, IPX/SPX Layer 4 – Transport Datagram TCP, UDP, ESP, AH, SAP Layer 5 – Session Data Sockets/Ports Layer 6 – Presentation Data TLS/SSL/MIME Layer 7 – Application Data HTTP

  11. How? OSI Model -> Real World Examples Layer Data Unit Equipment Layer 1 – Physical Bits Cat5, Cat6 and other twisted pair; multimode fiber; single mode fiber; etc Layer 2 – Data Link Frames Switches, bridges, access points, hubs Layer 3 – Network Packets Multilayer switches, routers, firewalls Layer 4 – Transport Datagram Routers, firewalls Layer 5 – Session Data Firewalls, load balancers Layer 6 – Presentation Data Firewalls, load balancers Layer 7 – Application Data PCs, tablets, servers, etc (stuff that talks over the network)

  12. Equipment Hub: Forwards frames out of every physical connection… Switch: It learns layer 2 addresses and only sends frames to where they need to go Router: It learns layer 3 addresses and only send packets to where they need to go Firewall: It is told to allow only certain layer 4 or 5 traffic (ports and protocols)

  13. Pathing Help Spanning Tree Routing protocols

  14. Addressing: Ethernet and IP Layer 2 : MAC Addresses MAC address is a 48 bit number, encoded base 16, so it’s 0 -9 A-F Represented like 00:00:00:00:00:00 or 0000.0000.0000 or 00-00-00- 00-00-00 Layer 3 : IP Address (IPv4) IP address is a 32 bit number; normally shown as base 10 number Represented in “Dotted decimal” in the familiar 192.168.1.1

  15. Addressing: Ethernet and IP, continued Layer 3 : IP Address (IPv6) IP address is a 128 bit number; eight groups of four hexadecimal digits with the groups being separated by colons 2001:0db8:0000:0042:0000:8a2e:0370:7334

  16. Why do we care about addressing? • To communicate with other hosts, of course • Let’s talk about how it talks • We are going to assume an IPv4 on Ethernet network to make this as simple as possible

  17. Communication I am 192.168.1.10. I want to talk to 192.168.1.20. 1. I check my network/subnet mask; it’s 255.255.255.0, so good news, this is a local address 2. I use ARP to find the MAC address of the IP address that I have, to send frames to, from me 3. I send frames, sourced from my MAC to the MAC of the destination 4. Profit!

  18. Switching • What just happened was forwarding done at Layer 2. • This is switching functionality, as we are forwarding based on data link information, across the best path the switch knows about • Based on our forwarding information base that we build by learning.

  19. Communication I am 192.168.1.10. I want to talk to 8.8.8.8. 1. I check my network, it’s not the same, so this is a remote address. 2. I check my routing table, what route do I use? 3. I need to send my traffic to the gateway for that route 4. I use ARP to find the MAC address of the IP address for the gateway, as it will send these frames on, for me 5. I send frames, sourced from my MAC to the MAC of the gateway 6. The gateway runs through steps 1 – 5 and forwards the traffic on 7. Additional gateways (aka routers) do it until… 8. Profit!

  20. Routing • What just happened is forwarding done at Layer 3. • Routing is the process of forwarding traffic across the best path, based on destination network (Usually…) • Our routing device (a layer 3 object) builds a routing table • A routing table is a list of the known networks and their paths

  21. Agenda Intro Why This Talk Networking – what, where, why, how Securing networks Network Security – what, why, where, how Closing and QA

  22. Forwarding Safely • As you can hopefully imagine, security processes exist to help keep this forwarding ability functioning • At layer 2, we have spanning tree protocol • Spanning Tree is an algorithm whose sole reason for being is to build a “loop free topology” • Spanning tree sends BPDUs out the configured links, testing to see if they come back. • If they come back – there is a loop and it must be stopped! • If somebody else’s BPDUs show up, depending on some factors, I might forward, or I might block

  23. Forwarding Safely • Multiple modes of spanning tree exist • Spanning Tree (STP aka basic spanning tree) • Rapid Spanning Tree • Per-VLAN • Rapid Per-VLAN • Multiple Spanning Tree (MST)

  24. Forwarding Safely • BPDU (bridge protocol data unit) • Sent out configured ports • Used to detect loops and neighbor switches • Protections: • BPDUGuard • Disable ports when received • Sane configurations and architectures • Physical security of equipment, MDF/IDFs

  25. Forwarding Safely • At layer 3, we have rout ing protocols • RIP, OSPF, BGP, IS-IS (industry standard) • EIGRP (proprietary) • Generally, routing protocols are broken down into 3 categories: • Distance vector • Path vector • Link states • And two types: • Interior gateway protocols • Exterior gateway protocols

  26. Forwarding Safely • Each routing protocol has it’s own way that it establishes neighbor relationships and exchange routing information • Neighbor relationships are often NOT authenticated and/or encrypted • Some routing protocols broadcast information out • Can be easily picked up so it’s a great information gathering step for attackers

  27. Forwarding Safely, continued • Minimize your broadcasts from routing protocols • Eliminating them is great, if possible • Authenticate your routing peers • Encrypt routing links that traverse non-trusted transit • Consider BCP38 & 84 and other guidelines to protect against spoofed traffic and invalid reverse paths • Consider likely attack vectors AND failure scenarios

  28. Forwarding Safely – Hardening the network • Standard practices apply, of course: • Minimize services running on each box • Control and audit admin access • Via a centralized system, of course • You do capture syslog, right? • Determine what changes/states you alert on • Follow the manufacturer’s hardening guide, if applicable • Sometimes all there is, is a general guideline • Patch/upgrade device code • For $Deity's sake, don’t filter ping internally…

  29. Agenda Intro Why This Talk Networking – what, where, why, how Securing networks Network Security – why, what, where, how Closing and QA

  30. Network Security - Why • The network is the underpinning of information systems • It is a common touchpoint across different users, devices, departments, services, etc • When you can’t do anything to the endpoint itself, it become a key player in your strategy • Key building block for defense in depth

  31. Network Security - What • Categories of network security • Visibility and surveillance • Network access and segmentation • Enforcement

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Demystifying DNA Demystifying DNA What is it? How do I get it? What is it? How do I

Demystifying DNA Demystifying DNA What is it? How do I get it? What is it? How do I

Demystifying DNA Demystifying DNA What is it? How do I get it? What is it? How do I get it? How do I get rid of it? How do I get rid of it? Alissa Bjerkhoel Litigation Coordinator, California Innocence Project Panel Attorney,

1.61k views • 124 slides
Demystifying SEO for Government Agencies Demystifying SEO for Government Agencies Why should you

Demystifying SEO for Government Agencies Demystifying SEO for Government Agencies Why should you

Drupal GovCon 2018 Demystifying SEO for Government Agencies Demystifying SEO for Government Agencies Why should you listen me? Jason Hamrick Senior Strategist Phase2 jhamrick@phase2technology.com Demystifying SEO for Government Agencies 2

418 views • 26 slides
Demystifying Benchmarks How to Use Them to Better Evaluate Databases Peter Friedenbach,

Demystifying Benchmarks How to Use Them to Better Evaluate Databases Peter Friedenbach,

Flexible transactional scale for the connected world. Demystifying Benchmarks How to Use Them to Better Evaluate Databases Peter Friedenbach, Performance Architect | Clustrix Demystifying Benchmarks Outline A Brief History of Database

591 views • 20 slides
DEMYSTIFYING IT CREDENTIALS: WHAT DOES THE DATA SAY? Charlotte Cahill Jobs for the Future |

DEMYSTIFYING IT CREDENTIALS: WHAT DOES THE DATA SAY? Charlotte Cahill Jobs for the Future |

DEMYSTIFYING IT CREDENTIALS: WHAT DOES THE DATA SAY? Charlotte Cahill Jobs for the Future | Pathways to Prosperity Network June 27, 2016 Plentiful IT career opportunities Employers advertised more than 3.1 million jobs in IT from June 2015 to

292 views • 8 slides
Demystifying the Finance Audit Committee DEMYSTIFYING THE FINANCE AND AUDIT COMMITTEE

Demystifying the Finance Audit Committee DEMYSTIFYING THE FINANCE AND AUDIT COMMITTEE

DEMYSTIFYING THE FINANCE AND AUDIT COMMITTEE Demystifying the Finance Audit Committee DEMYSTIFYING THE FINANCE AND AUDIT COMMITTEE Agenda 1. How to set-up the Finance and Audit Committee 2. Terms of Reference 3. Recruitment 4.

503 views • 33 slides
Demystifying The Edge for the IIoT Deployment: Supporting the new Industrial Landscape

Demystifying The Edge for the IIoT Deployment: Supporting the new Industrial Landscape

Demystifying The Edge for the IIoT Deployment: Supporting the new Industrial Landscape Department/Name/Date 1 Demystifying The Edge for IIoT I. Review the applications and services driving IIoT Edge deployments II. Discuss proper planning

689 views • 41 slides
Demystifying 60GHz Outdoor Picocells Yibo Zhu , Zengbin Zhang, Zhinus Marzi, Chris Nelson,

Demystifying 60GHz Outdoor Picocells Yibo Zhu , Zengbin Zhang, Zhinus Marzi, Chris Nelson,

Demystifying 60GHz Outdoor Picocells Yibo Zhu , Zengbin Zhang, Zhinus Marzi, Chris Nelson, Upamanyu Madhow, Ben Y. Zhao and Haitao Zheng University of California, Santa Barbara yibo@cs.ucsb.edu 1 Cellular Network Capacity Crisis By 2020,

502 views • 20 slides
Demystifying Relational Latent Representations Sebastijan Dumani, Hendrik Blockeel DTAI, KU

Demystifying Relational Latent Representations Sebastijan Dumani, Hendrik Blockeel DTAI, KU

Demystifying Relational Latent Representations Sebastijan Dumani, Hendrik Blockeel DTAI, KU Leuven September 6, ILP 2017 1 Outline 2/24 1 Introduction 2 Understanding latent features 3 Properties of latent spaces Demystifying

281 views • 24 slides
Demystifying the Role of AI in Privacy Management Darren Abernethy TrustArc Maggie Gloeckle

Demystifying the Role of AI in Privacy Management Darren Abernethy TrustArc Maggie Gloeckle

October 16, 2019 Demystifying the Role of AI in Privacy Management Darren Abernethy TrustArc Maggie Gloeckle A+E Networks Hilary Lane Ravi Pather CryptoNumerics Introduction Demystifying the Role of AI in Privacy Management Agenda

324 views • 31 slides
Demystifying Modern Windows Rootkits Bill Demirkapi Independent Security Researcher

Demystifying Modern Windows Rootkits Bill Demirkapi Independent Security Researcher

Demystifying Modern Windows Rootkits Bill Demirkapi Independent Security Researcher Demystifying Modern Windows Rootkits Black Hat USA 2020 1 Who Am I? 18 years old Sophomore at the Rochester Institute of Technology Windows

847 views • 73 slides
Demystifying Appointments, Reappointments, and Promotions School of

Demystifying Appointments, Reappointments, and Promotions School of

Demystifying Appointments, Reappointments, and Promotions School of Medicine 2016 Within Youll Find Positions and tracks The process and timelines The Dossier Commonly

950 views • 52 slides
Demystifying Accreditation Under 5th Edition Standards January 2020 Magali De Castro Clinical

Demystifying Accreditation Under 5th Edition Standards January 2020 Magali De Castro Clinical

Demystifying Accreditation Under 5th Edition Standards January 2020 Magali De Castro Clinical Director, HotDoc Demystifying Accreditation Under 5th Edition Standards This session will cover: Overview and purpose of the accreditation

593 views • 44 slides
Demystifying Python Metaclasses Demystifying Python Metaclasses Eric D. Wills, Ph.D. Instructor,

Demystifying Python Metaclasses Demystifying Python Metaclasses Eric D. Wills, Ph.D. Instructor,

Demystifying Python Metaclasses Demystifying Python Metaclasses Eric D. Wills, Ph.D. Instructor, University of Oregon Instructor, University of Oregon Director of R&D, Vizme Inc What is a metaclass? What is a metaclass? A metaclass

916 views • 64 slides
Demystifying Depreciation and How to Make Use of It December 1, 2016 This program is made

Demystifying Depreciation and How to Make Use of It December 1, 2016 This program is made

Demystifying Depreciation and How to Make Use of It December 1, 2016 This program is made possible under a cooperative agreement with EPA. www.efcnetwork.org At the top right corner of your screen: Show your control panel to submit questions

626 views • 52 slides
Demystifying the Real-Time Linux Scheduling Latency Daniel Bristot de Oliveira , Daniel Casini,

Demystifying the Real-Time Linux Scheduling Latency Daniel Bristot de Oliveira , Daniel Casini,

Demystifying the Real-Time Linux Scheduling Latency Daniel Bristot de Oliveira , Daniel Casini, Rmulo Silva de Oliveira and Tommaso Cucinotta Principal Software Engineer 1 Demystifying The Real-Time Linux Scheduling Latency - 32 nd Euromicro

461 views • 31 slides
Demystifying the role and meaning of humanitarianism in the eyes of survivors of the Rwandan

Demystifying the role and meaning of humanitarianism in the eyes of survivors of the Rwandan

Demystifying the role and meaning of humanitarianism in the eyes of survivors of the Rwandan Genocide How have the most well-informed and intelligent people got it so wrong? In recent years, there has been a glut of organisations set up to

57 views • 3 slides
IETF Routing Area Update A Report after IETF 96 (Berlin) Alvaro Retana (aretana@cisco.com)

IETF Routing Area Update A Report after IETF 96 (Berlin) Alvaro Retana (aretana@cisco.com)

IETF Routing Area Update A Report after IETF 96 (Berlin) Alvaro Retana (aretana@cisco.com) Distinguished Engineer, Cisco Services Routing Area Director, IETF No one is in charge, anyone can contribute and everyone can benefit. IETF

564 views • 31 slides
Routing Introduction Direct vs. Indirect Delivery Static vs. Dynamic Routing Distance Vector vs.

Routing Introduction Direct vs. Indirect Delivery Static vs. Dynamic Routing Distance Vector vs.

Routing Introduction Direct vs. Indirect Delivery Static vs. Dynamic Routing Distance Vector vs. Link State (C) Herbert Haas 2005/03/11 IP Datagram Service IP Host IP Router Destination Next Hop A R1 B R4 C R3 R1 R2 R3 .....

529 views • 37 slides
r2#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO,

r2#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO,

r2#debug eigrp packets EIGRP Packets debugging is on (UPDATE, REQUEST, QUERY, REPLY, HELLO, PROBE, ACK, STUB, SIAQUERY, SIAREPLY) *Apr 28 18:45:18.863 KRSK: EIGRP: Received HELLO on Serial0/0/0 nbr 10.16.0.1 *Apr 28 18:45:18.863 KRSK: AS 200,

531 views • 5 slides
CCNP-RS ROUTE v2.0 Ali Aydemir CCNP-RS ROUTE Timetable Day AM Lunch PM 1 EIGRP -- IGP

CCNP-RS ROUTE v2.0 Ali Aydemir CCNP-RS ROUTE Timetable Day AM Lunch PM 1 EIGRP -- IGP

CCNP-RS ROUTE v2.0 Ali Aydemir CCNP-RS ROUTE Timetable Day AM Lunch PM 1 EIGRP -- IGP EIGRP Lab 2 OSPF -- IGP OSPF Lab 3 Redistribution & Path Control -- IGP Redistribution Lab 4 BGP -- BGP Lab 5 IPv6 Routing -- IGP

747 views • 40 slides
Introduction Problem: Reliable routing on wireless sensor networks Focus on lossy, dynamic

Introduction Problem: Reliable routing on wireless sensor networks Focus on lossy, dynamic

Introduction Problem: Reliable routing on wireless sensor networks Focus on lossy, dynamic nature of wireless networks Consider constraints on memory and power Taming the Underlying Challenges of Proposed approach Reliable Multihop

546 views • 6 slides
Routing in Switched Data Networks Protocols ITS323: Introduction to Data Communications

Routing in Switched Data Networks Protocols ITS323: Introduction to Data Communications

ITS323 Routing Design Strategies Routing in Switched Data Networks Protocols ITS323: Introduction to Data Communications Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 24 October 2014

782 views • 32 slides
Network Routing CS 118 Computer Network Fundamentals Peter Reiher Lecture 14 CS 118 Page 1

Network Routing CS 118 Computer Network Fundamentals Peter Reiher Lecture 14 CS 118 Page 1

Network Routing CS 118 Computer Network Fundamentals Peter Reiher Lecture 14 CS 118 Page 1 Winter 2016 Routing Outline Background Key algorithms Lecture 14 CS 118 Page 2 Winter 2016 Background What were doing

1.13k views • 99 slides
Routing with BGP Dr. Nils Kammenhuber Chair for Network Architectures and Services Institut fr

Routing with BGP Dr. Nils Kammenhuber Chair for Network Architectures and Services Institut fr

Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU Mnchen Routing with BGP Dr. Nils Kammenhuber Chair for Network Architectures and Services Institut fr Informatik Technische Universitt

1.11k views • 78 slides

More recommend