Important Networking Concepts for Cybersecurity

What is a Computer Network?

A computer network can be described as a set of computers connected together to communicate with each other and share resources. These computers can be connected either using wires or wirelessly using radio waves or infrared signals for communication. More specifically a computer network is made when two or more computers are connected, there are several network nodes attached to the network which can be classified as either Data Communication Equipment (DCE) such as a modem, bridge, switch, or hub. The other is Data Terminal Equipment (DTE) such as computers, printers, file servers, etc. The Data Terminal Equipment uses the Data Communication Equipment to carry out communication. The DTE doesn’t know what data is sent or received, that is being managed by DCE. The devices in a network may be arranged and connected in different ways, this arrangement is termed network topology. Based on the size of the computer network it can be further classified into (Personal Area Network) PAN, (Local Area Network) LAN, (Metropolitan Area Network) MAN, (Wide Area Network) WAN.

Networking Terms and Concepts

Some of the most commonly used networking terms are explained below:

IP Address - IP address is a unique address assigned in the Internet protocol. There are two types of Internet protocol that is IP version 4 (IPv4) and IP version 6 (IPv6). The IP address is a unique identifier of a device, that is no two devices in the network can have the same address. The IP address depends upon the internet protocol being used.

• IPv4 – IPv4 address has a fixed length of 32 bits. This address consists of two thing network ID which is used to identify the network and the host ID used to identify the network connection to the host. And based on the network ID and host ID these addresses are divided into various classes. Example: 192.182.10.154

• IPv6 – IPv6 addresses were made to resolve the exhausting IPv4 addresses. It is a 128-bit address that is assigned to the individual interface on the nodes and not to the node itself.
  Example: 1995:0rt7:65b4:0000:0000:3g6f:4302:9938

Nodes - A node is a physical electronic device attached to a network that is capable of information creation, reception, and transmission of information across the communication channel. In networking, the node can be either a redistribution point or a communication endpoint. Some examples include computers, printers, file servers, etc. Each node is assigned a different IP address to be able to communicate with the node directly.

Web Servers - This term web server is used for both software as well as hardware as well. As hardware, a web server is a specialized computer setup in the network which is used to host a website that is its CSS file, JavaScript file, HTML document, any other supporting media, etc.

As a Software, a web server is software that controls how web user access hosted files. It accepts requests via HTTP protocol. An HTTP request for a web page or other resource is made by a user agent, such as a web browser, to initiate a communication. The server then either fulfills the request or returns an error message. A web server can additionally accept and store resources delivered by the user agent.

Routers - A router is a networking device that operates at the third layer which is the network layer of the OSI model and is used to route packets according to their logical addresses. Two or more networks are connected through routers. A router consists of both hardware and software. A routing table is used by a router, which typically connects LANs and WANs to the Internet, to decide which path to take. In addition to connecting separate networks, routers may access data from the physical, data link, and network layers.

Determining the shortest route to a destination is a router's important function. A router forwards a packet by looking up the address in the routing table after checking the protocol address at the network layer and then sending the packet to the next hop. There are various types of routing algorithms such as Distance vector routing, Link State routing, and Path vector routing which are used by the routers to calculate the best path of a data packet through an internetwork.

Access Points - An access point is a networking device that is used to connect wireless devices to a wired network. An access point receives data from the wired network through ethernet and then converts the data into a radio signal of either 2.4 GHz or 5GHz depending upon the type and generation of Wi-Fi used and then these signals are used to send and receive traffic from nearby clients.

To communicate with the access points, the devices need to possess a Network Interface Card (NIC) which allows the device to communicate with radio signals. An access point can also be used as a repeater to extend the range of the wireless network.

Ports - Ports can be considered as a virtual entities used to uniquely identify a connection endpoint and direct data to a specific service. Each port is assigned a port number for identification and ranges from 0 to 65536 out of which 0-1023 are reserved for privileged services. For example, the HTTP port is assigned port 80, so the HTTP server communicates only through that particular port and the server waits for requests on this port only.

Some other examples of commonly used ports are 20,21 – File Transfer Protocol (FTP), 25 – Simple Mail Transfer Protocol (SMTP), 80 – Hypertext Transfer Protocol (HTTP), and 443 - Hypertext Transfer Protocol Secure (HTTPS). Also sometimes you must have observed that the port number is specified in the URL, it signifies that the browser should connect through that particular port instead of the default.

What is HTTP?

Hyper Text Transfer Protocol or HTTP is a standard web transfer protocol that consists of either a set of requests from browsers to web servers or it contains a set of responses from the web server back to the browser. HTTP was the foundation of data communication on the World Wide Web.

HTTP is a stateless protocol. HTTP is an application layer protocol that is designed within the frameworks of the Internet Protocol Suite. Transmission Control Protocol is used in HTTP, but other protocols such as UDP, and SSDP can also be used with HTTP.

There are various versions of HTTP that are HTTP/0.9, HTTP/1.0, HTTP/1.1, HTTP/2, and HTTP/3. Developed in the same order, with each upgrade the shortcomings of the previous one were addressed. HTTP/0.9 and HTTP/1.0 are no more in use now.

Types of HTTP Requests and Methods

HTTP messages are of two types that is either a Request or a Response. The HTTP specification includes methods for indicating the desired action to be taken with respect to a resource. In HTTP/1.0 only three methods were available that is the GET, HEAD, and POST methods, and in HTTP/1.1 five new methods were introduced that is PUT, DELETE, CONNECT, OPTIONS and TRACE.

Safe methods are designed to be read-only which include GET, HEAD, OPTIONS, and TRACE. They are safe as they don't have any impact on the server. If not used properly the other methods such as PUT, DELETE, POST, CONNECT and PATCH can modify the state of the server and cause unintended actions.

• GET - This method is used when the client wants to retrieve a document from the server. The server responds with the contents of the document or an error message specifying why it was unable to send the required content.
• HEAD - This method is used when the client wants some information from the document but not the document itself.
• POST - This method is used by the client to provide some information to the server. For example, any input form in HTML is submitted using the POST request.
• PUT - This method is used by the client to provide a new or replacement document to be stored on the server.
• DELETE - This method is used by the client to remove the target resource from the server.
• TRACE - This method is used to request the target resource to send the request in the response body so that the client can check if any changes have been made by the intermediaries.
• OPTIONS - This method is used to check the functionality of a web server by requesting ‘*’ instead of a specific resource.
• CONNECT - This method is used by the intermediary to establish a TCP/IP tunnel to the origin server.

The request line defines the request type, resource, and the HTTP version to be used. For example GET /vipin/scaler.png HTTP/1.1 // This request shows the first word “GET” which is the HTTP request type the next is the file path to be used after the URL and the last part is the HTTP version to be used.

To be noted here that the names are case sensitive, hence “GET” is a legal method but “Get” or “get” is not a legal method to be called.

What is a Web Application Firewall?

A Web Application Firewall also known as WAF helps us protect the web application by monitoring and filtering out HTTP traffic between a web application and the internet. It removes any sort of malicious requests and prevents various types of attacks such as SQL Injection, Cross Site Scripting, Cross-Site Request Forgery, etc. These are generally used to protect servers and are available in the form of an application, server plugin, or filter or they may be delivered as a service that may be customized based on the requirement of the server.

It operates on a set of pre-defined rules which are also known as policies. These policies filter out any malicious request. The web application firewall works on the logic of whitelisting that is allowing only expected traffic rather than blocking known threat vectors which makes WAF more useful in case of unknown attack vectors. Based on the implementation it can be classified as a network-based, host-based, or cloud-based web application firewall.