A computer network is a set of computers sharing resources located on or provided by network nodes.
Computers use common communication protocols over digital interconnections to communicate with each other.
These interconnections are made up of telecommunication network technologies based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies.
The Open Systems Interconnection model is a conceptual model from the International Organization for Standardization that provides a common basis for the coordination of standards development for the purpose of systems interconnection.
It made of 7 layers:
Data transfer is between a device and a physical transmission medium.
PDU (Protocol Data Unit) - Bits.
Device - Hub - Sends to all network the data.
Data transfer is between directly connected nodes in a network.
PDU (Protocol Data Unit) - Frames.
It uses Media Access Control Address (MAC address) to identify machines. Made of 48 bits
Device - Switch - Links between nodes in a network.
Data transfer is between networks.
PDU- Packet
Device - Router
It identify networks using:
Rules for shortening IPv6 address are leading zeros may be omitted in a field, and successive fields of zeroes may be represented by a double colon but only once.
For example, 2002:0000:0000:000A:0000:0000:0000:012B address will be 2002::A:0:0:0:12B.
A good protocol is OSPF (Open shortest path first) that used between routers for fast data transfer.
provides the functional and procedural means of transferring variable-length data sequences from a source to a destination host, while maintaining the quality of service functions.
PDU - Segment.
Segment - [Dest IP, Src IP, Dst Port, Src Port, Data, FCS (CRC)].
Port Ranges:
TCP (Transmission Control Protocol) provides reliable, ordered, and error-checked delivery of a stream of bytes between applications running on hosts communicating via an IP network.
UDP (User Datagram Protocol) provides a connection-less datagram service that emphasizes reduced latency over reliability.
Controls the dialogues (connections) between computers.
It establishes, manages and terminates the connections between the local and remote application.
The presentation layer establishes context between application-layer entities, in which the application-layer entities may use different syntax and semantics if the presentation service provides a mapping between them. For example, encrypting.
This layer is closest to the end user, which means both the OSI application layer and the user interact directly with the software application.
Network protocols are formal standards and policies comprised of rules, procedures and formats that define communication between two or more devices over a network. Network protocols govern the end-to-end processes of timely, secure and managed data or network communication.
Allows for remote command-line login and remote execution.
TCP, port - 23
SSH (Secure Shell) protocol allows for remote command-line login and remote execution with security.
TCP, port - 22
Cryptographic protocol that provides secure communication over the internet. It ensures that data transmitted between a server and a client remains encrypted and protected from unauthorized access.
See section SSL for more.
Links:
Allows the transfer of HyperText Markup Language (HTML) and other related scripting languages (like CSS) to travel from servers to browsers.
TCP, port - 80.
HTTPS (Hypertext Transfer Protocol Secure) protocol is secure version of HTTP. It is layer on top of HTTP using SSL.
TCP, port - 443.
Used to transfer files from one host (machine/ operating system) to another host.
TCP, port - 20/21
Secured version of FTP are:
SFTP (FTP over SSH) and FTPS (FTP over SSL. port - 989/990)ץ
You can also use SCP protocol for secure file transfer.
The protocol for Internet email. It transfers email amongst computers.
TCP, port - 25
Links:
Network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks
UDP, Port - 67/68
Translates names to IP addresses.
TCP/UDP, Port - 53
translates IP addresses to link layer addresses like MAC address.
Used to send error messages and operational information.
For example, pinging a host to check if it is valid.
No port for ICMP. It uses types and codes.
Used for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.
TCP/UDP, Port - 161/162
Networks use subnet mask - 32-bit number that masks an IP address, and divides the IP address into network address and host address. It can tell what is the maximum amount of hosts that can be in a network.
There are multiple types of networks:
A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer. In this context, virtual, refers to a physical object recreated and altered by additional logic, within the local area network.
A cryptographic protocol that provides secure communication over the internet. It ensures that data transmitted between a server and a client remains encrypted and protected from unauthorized access.
Here are the key concepts related to SSL:
A web server is a software application that handles incoming requests from web browsers or clients and delivers web content to them over the internet. It plays a crucial role in serving web pages, applications, or any other files to users who access websites.
Here are the key points to understand about web servers:
There are several popular web server software options available, including:
To summarize, web servers are fundamental components of the internet infrastructure, responsible for delivering web content efficiently and securely to users worldwide.
Additionally, JWT (JSON Web Token) is internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.
For example, a server can generate a token with a claim "logged in as administrator" and provide it to a client. Then, the client can use this token to prove that he is logged in as admin and access resources in the website.
You can use this website to see information about specific jwts.
Rerouting services are used to change the default routing of data from host to another host.
It can be used to protect privacy of the host.
Proxy server is an intermediary server between client and the internet. Proxy servers offers the following basic functionalities:
Proxy servers allow us to do several kind of filtering such as:
It is “Virtual Private Network” and describes the opportunity to establish a protected network connection when using public networks.
VPNs encrypt your internet traffic and disguise your online identity. This makes it more difficult for third parties to track your activities online and steal data.
A proxy works only with a single app or service, while a VPN secures all your internet traffic and encrypts it for extra security and privacy.
Security is paramount in today's digital landscape, and understanding the principles and best practices is crucial to protecting your applications and data. In the next step, we explore the world of cybersecurity, covering topics such as encryption and secure coding practices. You'll learn how to mitigate common security vulnerabilities and protect your applications from malicious attacks. By prioritizing security, you can ensure the integrity, confidentiality, and availability of your systems.