Introduction To Networks

  1. Reference Models:

            1.1.  OSI:
    Open System Interconnects developed by ISO(International Standard Organization).
    There are different types of vendors of hardware devices. So devices of different vendors could not communicate with each other so, we need a model that helps us to configure devices of different vendors with each other. Then comes the OSI reference model's layers are used to allow the different devices to communicate with one another. There are different types of functions operated on the devices. Protocols are main components which help us to clearly define the purpose of function at each layer. It is not practically implemented but it was used as a reference model to elaborate the communication between the different devices. There are seven layers of OSI model that are described below. 

    Physical layer:
    Physical layer is responsible for the transmission of data. It could be any physical medium. It connects the different devices with one another in the network.

    Data link layer
    Data link layer is responsible for hope-to-hope/Node-to-Node delivery. It means the next node which comes in communication. It also controls the flow of next hope. It uses the physical address to transfer data to the receiver which is the MAC address. MAC address is 48 bit long address which helps to identify the actual device.

    Network layer:
    It is responsible for host-to-host/machine-to-machine/source-to-destination delivery. It helps to communicate with different network. It also helps in routing because there are many ways to perform routing using protocols RIP and OSPF. It uses the logical address to communicate with other machines which are known as IP. It is a 32 bit address. 

    Transport layer:
    It is responsible for end-to-end/port-to-port delivery. It is also responsible for error control so that data is received intact. Segmentation is also the responsibility of transport layer. There are two protocols used on transport layer that are TCP(connection oriented) and UDP( connection less).

    Session layer:
    It is responsible for creating sessions between two devices. Manage the session information and a long session should be established.

    Presentation layer:
    It is responsible for code conversion. Encryption and decryption is also the responsibility of this layer. It converts the data in the form that is understandable by the application.

    Application layer:
    Last layer is an application layer which helps in visibility like browser, skype and other applications which makes the user easily interact and do their required tasks.

    1.2.  TCP/IP Model:

    It is also known as DoD model because it is developed by the United States Department of defense. It is a more practical model that is used now a days. It has four layers that are listed below.

  1. Network access layer
  2. Internet layer
  3. Transport layer
  4. Application layer.
    5. The functionality of these layers are understandable by the below figure that describes the OSI and TCP/IP model

  1. Port and Protocols:

Protocol

Purpose

TCP

UDP

FTP

File Transfer Protocol: File transfer with remote host

20,21


SSH

Secure shell:

Securely connect to the remote host.

22


SFTP

Secure FTP:

Transfer file using ssh

22


SCP

Secure Copy: Allow to transfer file over ssh with the original information of file like date and time.



Telnet

Used to connect to the remote host but it is insecure protocol.

23


SMTP

Simple Mail Transfer Protocol:

Used for sending email

25


DNS

Domain Name System:

Resolve domain name to the respective IP

53

53

TFTP

Trivial Transfer Protocol:

Used to transfer small files


69

DHCP

Dynamic Host Configuration Protocol: To provide ip address dynamically using DORA.


67

HTTP

Hyper Text Transfer Protocol:

Retrieve Content from the web-servers

80


POP3

Post office Protocol version 3:

Retrieve email from the email server.

110


NTP

Network Time Protocol:

Used by the network devices to synchronize the time with time server.


123

IMAP4

Internet Messaging Access Protocol:

Retrieving email from email server allow multiple clients simultaneously to access. 

143


SNMP

Simple Network Manager Protocol:

To manage devices like routers,switches

161,162

161,162

LDAP

Lightweight Directory Access Protocol:

Used to store username, password in single repository

389


HTTPS

Secure version of HTTP

443


SMB

Server message block:

Sharing the resources in the network


445

rsh

Remote Shell:

Allow to execute commands remotely

514


RDP

Remote Desktop Protocol:

Allow the remotely control the desktop

3389


SIP

Session Initiation Protocol:

Used to setup,monitor and manage multi-media calls.

5060(for unencrypted),5061(for encrypted)

5060,5061



Comments

Post a Comment

Popular posts from this blog

Cyber Threat Intel

Image
What is Cyber Threat Intel? Threat intel is the information about the threats. Cyber threat intel is used to better understand, predict and adopt to the behavior of malicious actors. It plays an important role in preventing the zero-day attacks. " Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes " (NIST). Threat Intel life Cycle: Intelligence lifecycle is the process of developing raw information into finished intelligence for policymaker to use in decision making and action. CTI Life Cycle Planning and Direction Planning and direction helps in setting up the goals for the threat intel program. Priorities and requirements are defined in this phase. Collection: Collection means gathering of data to produce the finished intelligence. Data includes logs(Firewall, IPS/IDS, Endpoints), threat feeds and OSINT(reports, social media, public forums). Collection Types of Collectio...
Read more

Analyzing Spear Phishing Email

Image
Phishing is the technique of fraudulent attempt by the attacker to obtain sensitive and confidential information i.e. Credentials, PII information, credit card, bank details. It can also be targeted attack to focus on the specific organization of individual. The attacker often tailors an email to speak directory to targeted user. There are many types of phishing as follow. I wouldn't explain the types. You can read Here . In this article you'll learn how to analyze the sophisticated phishing email. So, Let's start the case study to explain.  Spearphising :  Spearphising is the technique in which attacker aims at one person and lures him/her into providing confidential data. Attacker compile the email according to the specific user. The email would consist some of the target's email, username, designation.  Case Study: User receive the spearphising email containing the PDF attachment with double extension. Email body contains the unprofessional statement "Kindly m...
Read more

Practical Malware Analysis (Introductory)

Hi folks, just started the series on PMA (Practical Malware Analysis) . Being an analyst i would recommend to gain expertise on "Malware Analysis". This blog help us to quick recap the concepts of malware as well as from analysis perspective. We'll start from basic and proceed towards advance level. Introduction: Malware refers to "Malicious Binary" which is instructive by the threat actors (called as "Hackers" ) to achieve their motives. Motives can be vary like it could be data stealing, damage/destroy organization systems. Viruses Worms Trojan Spyware Adware Ransomware Aforementioned names are the malware types which is collectively called "Malware". Let's jump into the main topic of this blog without going into the details. Malware Analysis: Malware analysis is the process of understanding the working flow/behavior/malicious activity of malware. The results of the malware analysis help the analysts to detect and prevent the threats. ...
Read more