Hey, what’s up peeps? It’s your boy Ryaan here, and I’ve got some sick knowledge to drop on y’all about network security. If you’re anything like me, you’re all about that online hustle and staying connected with your squad, but you also gotta watch your back in these streets.
That’s where network security comes in, my homies. Think of it like a fortress protecting your precious data and personal info from those sneaky hackers and cybercriminals. You wanna make sure your network is locked down and that’s what we’re gonna be talking about in this article.
We’ll be getting into all the nitty-gritty details of firewalls, encryption, and other tools you can use to keep your network on lock, and at the end of this blog, you’ll be able to secure your home network and an organization network (small). So buckle up, fam, ’cause we’re about to dive deep into the world of network security. Trust me, you don’t wanna miss this ride!
Now Network security is a broad topic but we’ll cover pretty much all the basics you need to know in order to secure you home’s network and small organizations plus we’ll move forword with article part II of network security in which you’l get more info on how to secure a proper organization, as I have said earlier you don’t need to worry about your previous knowledge so we’ll start with the what is actually a network, it is very simple right now you’re able to view this website cause you’re connected to a network (which have internet access) so, a computer network is nothing but a number of devices connected into a network in order to share information and they can be connected using different means like through cables, telephone lines, radio waves, satellites, infrared light beams, etc.
Now in this modern world, we mostly use a wireless network, any computer within range of a wireless card can pull the signal from the air across the internet. If you don’t secure a wireless network, strangers could use it and gain access to your computer
Now taking a seek into network security I’ll like to introduce to Information Assurace (IA), it is the most basic measure, it consists of three pillars that are needed to be checked before making any protocol, network devices, programs, etc. The first one is confidentiality which is pretty self-explanatory it ensures information is not disclosed to unauthorized parties, confidentiality has to do with keeping private. This often means that only authorized users and processes should be able to access or modify data, confidentiality ensures that secret information is protected from unauthorized disclosure. The second pillar is integrity which ensures that information is not modified or accessed by unauthorized parties. Data must not be changed in transit and precautionary steps must be taken to ensure that data cannot be altered by unauthorized people. In information assurance, integrity means making sure that your important data and information stay accurate and unaltered.
Just like you wouldn’t want your secret crush’s name to get mixed up, you wouldn’t want your bank account balance or medical records to be incorrect or changed without your knowledge. So, just like checking in with the last person in the game of the telephone, you can use tools like encryption and checksums to make sure your information stays safe and secure.
And the third one is availability which is again pretty self-explanatory, but to make it easier let’s understand it by using an example, imagine you’re a hacker trying to get into a computer system. You wanna get in and get access to all that juicy information, right? But what if the system is down and you can’t even get in? That’s when you’d be like, “Man, this system ain’t even available!”. In information assurance, availability means making sure that your systems and data are up and running when you need them. Hackers might try to mess with your system and knock it offline, so it’s important to make sure your system is available 24/7. You can do this by using firewalls and other security measures to keep out unwanted intruders which we’ll talk about in a bit.
Fundamentals
What is cryptography?
Cryptography is a technique for securing communication and protecting sensitive information by converting it into an unreadable format. It’s like you wrote a text and you have encrypted it so only the person who has a key would be able to understand it other would see some really weird shit.
It uses mathematical algorithms to scramble the information, making it impossible for unauthorized parties to understand or access it without a special key to decode it.
Encryption is when you take your regular message, like “meet me at the mall,” and scramble it up in a special way that only you and the person you’re sending it to can understand. It’s like taking your message and putting it through a blender, so it comes out looking like gibberish to anyone who tries to read it. There are several types of encryption, including symmetric-key encryption and public-key encryption. In symmetric-key encryption, the same key is used for both encryption and decryption. In public-key encryption, two different keys are used: one key is used for encryption, and a separate key is used for decryption. Decryption, on the other hand, is when you take that scrambled-up the message and unblend it back into the original message. It’s like taking that smoothie you made earlier and pouring it back into a cup so you can drink it.
Virtual Private Network (VPN)
Alright, let me give you the lowdown on VPNs in a way that’ll make you giggle.Imagine you’re hanging out at a coffee shop, sipping on your latte, and trying to get some work done on your laptop. But there are a bunch of nosy people around, trying to peek over your shoulder and see what you’re working on (yea! I know you could simply put your earphones :). That’s kinda like the internet, where there are all sorts of creepy crawly hackers and snoops trying to get a peek at your online activities. That’s where VPN comes into play. It’s like putting up a big invisible force field around your internet connection, so no one can see what you’re up to. It’s like having your own little private internet bubble, where you can browse and stream and shop to your heart’s content without anyone knowing what you’re doing.
Plus, a VPN can let you access all sorts of cool stuff that might be blocked in your region, like international Netflix shows or websites that are restricted in your country. It’s like having a secret tunnel that takes you to a whole new world of online goodness. In fact, I would highly suggest you use VPN every time you’re connected to open wifi, though it is very dangerous if you’re connected to an open wifi people (hackers) can perform various kinds of attacks by intercepting your network traffic and potentially gain access to your sensitive information.
Firewall
Now I do hope everyone know a biscs of what is a firewall? but today, let’s get more nerdy. A firewall is a network security device that acts as a gatekeeper, filtering traffic based on predetermined rules. It’s like the security guard of your network, monitoring all incoming and outgoing traffic to make sure only the authorized traffic gets through. Think of it like this: your network is like a fortress, and the firewall is the first line of defense, standing guard at the drawbridge. It inspects all traffic passing through the drawbridge, checking to make sure that only traffic that meets certain criteria gets access to the castle. And just like how a castle might have different levels of security, with the outer walls being less secure and the inner keep being heavily fortified, a firewall can be configured with different levels of security.
It can block traffic based on source IP addresses, destination IP addresses, ports, or even specific protocols.Plus, firewalls can be configured with all kinds of geeky features, like stateful inspection, intrusion detection and prevention, and VPN connectivity. It’s like having a super-smart security guard who not only checks IDs but can also detect when someone is trying to break in and stop them in their tracks. So there you have it, a firewall is like a security guard for your network, checking all incoming and outgoing traffic to make sure only the authorized traffic gets through. It’s an essential geeky tool for protecting your network from cyber threats
Network Segementation
Network segmentation is like partitioning your network into different zones, each with its own security policies and rules. It’s like creating different neighborhoods in your city, each with its own laws and regulations. Think of it like this: your network is like a wild, wild west town with different districts – the saloon, the bank, the general store, you name it. Each district has its own sheriff who keeps the peace and makes sure no one messes with their turf. Similarly, with network segmentation, you divide your network into different zones or subnets, each with its own sheriff – aka a firewall or other security device. These sheriffs keep the peace in their zone, making sure no unauthorized traffic or bad actors get in
. And just like how different neighborhoods in a city might have different security measures, like gated communities or security cameras, different network segments can have different security measures, like access controls or intrusion detection systems. Plus, with network segmentation, you can also control traffic flow between different zones. It’s like having checkpoints at the borders of different neighborhoods, where you can check IDs and make sure only authorized people get in. It’s like putting up walls between the different buildings on campus. Each building has its own security measures and rules, so if something bad goes down in one building, it won’t affect the other buildings.
Network Security Protocols
Secure Socket Layer (SSL)
So, network security protocols are like the bouncers of your computer network party, making sure only the invited guests get in and the troublemakers stay out. There’re many network security protocols but today we’re going to discuss the main and the most effective protocols. First up, we have the Secure Socket Layer (SSL) protocol. SSL is like a VIP section at the party, reserved for those with a special invitation. It encrypts your data and makes sure nobody can sneak in and steal your private info. SSL provides security to the data that is transformed between the web server and a browser which ensures that all data passed between them remain private and free from attack.
SSL is like a bouncer at the door of the website you’re visiting. It checks if the website is legit and ain’t a scammer trying to rip you off. If it’s all good, SSL gives you the green light to enter the party. But wait, there’s more! SSL also sets up a secret code between you and the website, so nobody else can eavesdrop on your convo. It’s like a secret handshake, except way cooler and more secure.
Transport Layer Security (TLS)
SSL even has a bestie called Transport Layer Security (TLS). TLS takes things to the next level, like a personal tech bodyguard. It double-checks that the code SSL set up is totally legit and not some fake code some shady hacker is trying to steal. TLS is a widely adopted security protocol designed to facilitate privacy and data security protocol for communication over the internet. Okay, now you might ask what’s the relation between TLS and SSL. TLS and SSL are like two peas in a pod In fact, TLS is basically an upgraded version of SSL. TLS, or Transport Layer Security, is like the newer, cooler version of SSL. It does pretty much the same thing – sets up a secret code between you and the website, making sure nobody else can snoop in on your online activity.
But TLS is more advanced than SSL and has better encryption technology, which makes it even harder for hackers to crack the code.
Kerberos
So let’s say you’re trying to access some super secret files on a company’s server. Kerberos is the dude who checks your ID to make sure you’re legit. But here’s the cool part Kerberos doesn’t just check your ID once. This dude keeps checking your ID every step of the way, making sure nobody’s tryna pull a fast one on you. Kerberos also sets up secret codes between you and the server, like a secret handshake that only you and the server know. This code is super encrypted and keeps all your online activity totally safe and secure. It basically ensures that only authorized users can access a computer network. The Kerberos protocol uses encryption to protect your credentials and prevent unauthorized access. It also uses a system of timestamps to prevent “replay attacks” where someone tries to use an old ticket to gain access.
Here’s how it works:-
- A user sends his/her credentials to an authentication server (AS)
- The AS hashes the password of the user and verifies their credentials in the active directory database. If the credential matches, then AS sends back the TSG session key and ticket-granting tacket (TGT) to the user to create a session.
- Once users are authenticated, they send TGT to request a service ticket to the server or TGT for accessing the services
- The TGT authenticates the TGT and grants a service ticket to the user. The service ticket consists of the ticket and a session key.
- The client sends the ticket to the server. The server uses its key to decrypt the information from the TGS and the client is authenticated to the service.
Network Mapper (Nmap)
Pretty Good Privacy (PGP)
PGP is a type of encryption software that helps you protect your emails and other digital communications from unauthorized access. It’s like a secret code that only you and the person you’re communicating with can understand. It provides cryptographic encryption if you have no idea what is cryptography then wait a bit that next topic is about cryptography. Back the PGP again, it is like a secret code language that keeps your emails and messages on lock. It’s like having a super secret handshake with your BFF, so nobody else can understand what you’re talking about. Here’s how it works, you and your friend both have your own secret keys that nobody else knows about. When you wanna send a message, you use your friend’s public key to encrypt it, so only they can read it.
And when your homie gets the message, they use their own secret key to decrypt it, so nobody else can get all up in your business. PGP also adds a digital signature to your messages, so your friend knows for sure that it really came from you and nobody else. It’s like putting your own personal stamp of approval on your messages. PGP works for all kinds of messages – email, text, you name it. So next time you wanna keep your messages on the down-low, just remember PGP is your go-to for some serious encryption action. Peace out.
Internet Protocol Security (IPsec)
IPSec (Internet Protocol Security) is like a ninja bodyguard for your internet traffic. It’s a set of protocols that helps secure your data as it travels across the internet, protecting you from cyber attackers who want to steal your sensitive information. IPsec provides a way to encrypt and authenticate internet traffic between two devices, such as a computer and a server. This makes it more difficult for unauthorized parties to intercept or manipulate the traffic. It works by creating a secure “tunnel” between the two devices, where all traffic is encrypted and protected. It also provides authentication, so both devices can verify each other’s identity and ensure that the traffic is not being intercepted by a third party. IPsec is often used to create Virtual Private Networks (VPNs), which allow remote workers to securely access company resources from outside the office.
Now you might ask the question what is the difference between IPsec and TLS/SSL So, at first IPsec is implemented in the operating system or network hardware, while SSL/TLS is implemented in web servers and clients. This means that IPsec can secure all traffic on a network, regardless of the application, while SSL/TLS is limited to securing web traffic as IPsec is implemented in the OS it is more faster than SSL/TLS, due to its implementation in network hardware and operating systems, which can offload encryption and authentication processing.
Access Control
Access control is the selective restriction of access to an asset or a system/network resource. It protects the information assets by determining who can access what. Access control in network security is the practice of limiting access to digital resources, such as files, folders, applications, and networks, to authorized users or processes. Basically, access control is like a digital velvet rope. It’s there to keep out all the haters and wannabes who ain’t got no business in your digital space. It’s like saying, “Sorry bro, you ain’t on the list, you can’t come in.”
Access Control Principles
Separation of Duties (SoD)
SoD is like when your mom makes you and your little brother share a cookie. You can’t just hog the whole thing, bro! You gotta split it up so everyone gets a fair piece. In the same way, SoD is about splitting up the responsibilities and access rights among different users or roles in a digital system. Nobody should have all the power or access, that’s just asking for trouble! Instead, we gotta share the love and divide up the duties so nobody can make unauthorized changes or access data they’re not supposed to. In network security, SoD is typically implemented through the use of access controls and other security mechanisms, such as firewalls, intrusion detection systems, and encryption.
For example, by granting of web-server administrator rights to only configure a web server administrator rights to only configure a web server, without granting administrative rights to other servers, another user may be granted the ability to modify or delete the resource, but not to access or view sensitive information within it.
Need-to-know (NTK)
Under the Need-to-know access control principle, access is provided only to the information that is required for performing a specific task. In other words, not everyone in an organization needs access to all information. Access is granted only to the minimum necessary information required for a person to perform their job function. This helps to prevent unauthorized access, misuse, or exposure of sensitive information. Let’s say you’re working for a company that has some top-secret info. Not everyone needs to know all the details, right? You’re gonna keep that under wraps and only give access to those who need it for their job. By following the “Need-to-know” principle, we can keep our digital systems on lock and key, and minimize the risk of hackers, fraudsters, or other shady characters getting their hands on sensitive info.
Principle of least privilege (POLP)
The Principle of least privilege (POLP) extends the need-to-know principle in providing access to a system. In other words, POPLP entails providing employees exactly the need-to-know the level of access, i.e, not more not less. . This helps to prevent accidental or intentional misuse of sensitive information or critical systems by limiting the potential impact of any security incidents or errors. For example, let’s say you’re at a friend’s house and they offer to let you use their computer to check your email.
However, when you sit down at the computer, you notice that their email is already open and there are a bunch of private messages from their friends and family. Now, your friend might trust you not to snoop around and read their private messages, but you don’t need access to that information to check your own email. So the Principle of Least Privilege (POLP) would suggest that you only access your email and nothing else. Now the difference between POLP and NTK is that POLP is focused on limiting user access rights, while NTK is focused on limiting access to sensitive information.
Okay I hope now, you have a pretty good idea about network security but that’s all conceptual though! and we’re digital crew! so it’s obvious we would need real-life (practical) scenarios and it would be not misleading to say that it’s the main or the most interesting part of the article.
Network Mapper (Nmap)
So at first we’re gonna be performing some network scans using nmap if you don’t know what nmap is let me give you a seek into it, nmap is basically a tool that lets you scan a network to find out what’s connected to it. It’s like being a spy, but instead of sneaking around in a trench coat and fedora, you’re using your computer to peek into other computers and see what’s up. With nmap, you can find out things like what operating systems the computers are running, what ports are open, and what services are running on those ports. It’s like being a detective, but instead of interrogating suspects, you’re interrogating computers.
And nmap is totally legal free and open source so you can download in your windows, mac, or Linux (…) systems of course you can even download it on your mobile systems (android, ios, etc) but if you have a computer system that would be my go-to option. Once you have downloaded nmap you are ready to ROCK!
I’m using Linux (Kali Linux) for the demonstration if you’re using windows or mac the commands should be the same for you too, In windows click on the start menu type “cmd” and open the application, now let me introduce you to cmd. It is the big bad wolf of Windows? The boss of the command line. So, CMD is basically the ultimate boss of Windows. It’s like the Bruce Wayne of your computer – sleek, powerful, and always in control. With CMD, you can talk directly to your computer and give it commands like a boss.
You can do all sorts of cool things with CMD, like navigating your file system, running programs, and manipulating files and directories like a ninja. It’s like having a secret weapon that lets you take control of your computer and do things that mere mortals can only dream of. But beware, my friend, for with great power comes great responsibility. If you don’t know what you’re doing, CMD can be a dangerous beast to tame. One wrong move and you could delete your entire hard drive or bring your system crashing down.
On cmd type nmap, if you have installed name in your system your screen should be something like this:-
Well, well, well, look who’s got their geek on! You’re using Linux, huh? You must be one of those tech wizards who like to live on the edge and go command-line crazy. I mean, who needs a fancy GUI when you’ve got a terminal and a keyboard, am I right? But hey, if you’re not a Linux fanboy, that’s cool too. We can save the debate for another day when we can break out the popcorn and settle in for a long night of arguing about the superiority of different operating systems.
Or we can just agree to disagree and move on to more important things, like figuring out how to secure our networks and protect ourselves from cyber-attacks. Either way, it’s all good, my friend. So whether you’re a Linux ninja or a Windows warrior, let’s get down to business and make sure our digital fortresses are locked down tight.
For Linux users open your terminal and type nmap your screen should look something like this:-
Now We’re not gonna cover all the parts (flags) of nmap we’ll cover the essentials which you would need to secure you homes network but if you have any doubts regarding how to use the flags or which flag does what, on your terminal type nmap –help this will provide you all the flags with their usage, but if you want to know more about just type man nmap that will provide a description about the application examples, flags and how to use and more.
- Type this command nmap -sS -sV <IP ADDRESS>
Here my IP address is 128.199.23.100 then I used -sS, so to explain imagine you’re trying to sneak into a party without getting caught by the bouncer. You can’t just waltz in the front door, because the bouncer will see you and kick you out. So instead, you decide to use a secret back entrance. In Nmap, the “-sS” option is like your secret back entrance. It’s a stealthy way to scan for open ports on a target system without getting caught by any security defenses that might be in place.
Here’s how it works: when you use the “-sS” option in an Nmap scan, it sends a special type of packet called a SYN packet to each port on the target system. If the port is open and ready to accept connections, the target system will respond with a SYN-ACK packet, which is like a secret handshake that lets you know the port is open. But if the port is closed, the target system will send a different type of packet called a RST packet, which is like a firm “no” that tells you the port is not open. The great thing about the “-sS” option is that it’s stealthy, just like your secret back entrance. It doesn’t complete the full three-way handshake required to establish a connection, so it can avoid some intrusion detection and prevention systems that might be looking for suspicious network activity.
Then I have used the -sV flag to the version of services -sV stands for service version detection. It tells Nmap to try to figure out what version of each service it finds on a device is running. But why is knowing the version of the service important? Well, different versions of services can have different vulnerabilities. If a hacker knows that a device is running a certain version of a service with a known vulnerability, they could exploit that vulnerability to gain access to the device or its data.
Let’s say for example someone is using an old ftp server that is vulnerable then you can shut the service (port) down or you can upgrade the version of the particular service.
Let’s run the default scan of nmap
Ah, the good old default mode of Nmap. Nmap starts by sending out a series of “ping” probes to the IP address you provided. It does this to determine if the device is even online and responding. If the device doesn’t respond to any of the ping probes, Nmap will assume that the device is down and move on to the next IP address. If the device does respond to the ping probes, Nmap will then move on to what is called a “TCP SYN scan.” This is a type of port scan that sends a SYN packet to every port on the device. If a port responds with a SYN-ACK packet, Nmap knows that the port is open and can move on to the next port. If a port responds with a RST packet, Nmap knows that the port is closed.
Once Nmap has finished scanning all the ports on the device, it will then attempt to identify the services that are running on those ports. This is done by sending out what are called “service detection probes.” Nmap will try to figure out what type of service is running on each port, whether it’s an HTTP server, an FTP server, or something else.
Pluse there are a number of flags you can use in your scans to make it more effective for you you can see it on man nmap of nmap –help.
Hi just wanted to give you a brief heads up and let you know a few of the pictures aren’t loading correctly. I’m not sure why but I think its a linking issue. I’ve tried it in two different internet browsers and both show the same results.
It’s up and working now, thanks.
Good blog you have here.. It’s hard to find good quality writing like yours nowadays.I truly appreciate individuals like you! Takecare!!
Thank you. we really appreciate it.
Google’s # 1 result – Google PageRank 8. (/ products/acrobat/)Links to this web page: according to Google (31); according to Yahoo (virtually 12 million);according to MSN (6,400).