Experienced hackers understand how to exploit network operations through the
Transmission Control Protocol/Internet Protocol (TCP/IP)[1] stack.
They are also knowledgeable as to how a packet is constructed and routed. The goal of network and security administrators is to protect against hacker intrusions.
This requires extensive knowledge of the TCP/IP suite to properly program firewall filters. In this module, you will learn the critical aspects of each of the TCP/IP layers.
To properly program firewall filters, a comprehensive understanding of the TCP/IP suite is essential. Here are the key areas of knowledge required:
- Understanding of TCP/IP Model:
- Layers: Knowledge of the four layers of the TCP/IP model (Application, Transport, Internet, and Link) and how they interact.
- Protocols: Familiarity with common protocols in each layer (e.g., HTTP, FTP, SMTP in the Application layer; TCP, UDP in the Transport layer; IP in the Internet layer; Ethernet in the Link layer).
- IP Addressing and Subnetting:
- IPv4 and IPv6: Understanding the differences between IPv4 and IPv6, including address formats and notation.
- Subnetting: Ability to calculate subnets, understand CIDR notation, and work with subnet masks.
- Address Allocation: Knowledge of static vs. dynamic IP addressing and the use of DHCP.
- Transport Layer Protocols:
- TCP: Understanding of connection-oriented communication, the three-way handshake, and TCP flags (SYN, ACK, FIN, RST).
- UDP: Knowledge of connectionless communication and use cases where UDP is preferred.
- Ports: Familiarity with well-known port numbers and the concept of ephemeral ports.
- Packet Structure and Analysis:
- Packet Headers: Ability to interpret and analyze packet headers for IP, TCP, UDP, and ICMP.
- Wireshark/TCPdump: Proficiency in using network analysis tools to capture and examine packet data.
- Network Address Translation (NAT):
- Types of NAT: Understanding different types of NAT (static, dynamic, PAT) and their purposes.
- NAT Configuration: Ability to configure NAT rules and understand their impact on network traffic.
- Firewall Technologies:
- Types of Firewalls: Knowledge of different types of firewalls (packet filtering, stateful inspection, proxy-based, next-generation firewalls).
- Rule Syntax: Familiarity with the syntax and configuration of firewall rules for different firewall platforms (e.g., iptables, pf, firewalld, Cisco ACLs).
- Security Principles:
- Access Control: Understanding of access control principles, including whitelisting, blacklisting, and the principle of least privilege.
- Threats and Attacks: Awareness of common network threats and attacks (e.g., DoS/DDoS attacks, IP spoofing, port scanning) and how to mitigate them.
- VPNs and Tunneling Protocols:
- VPN Basics: Understanding the basics of VPNs, including the use of IPsec, SSL/TLS, and GRE tunneling.
- Secure Communication: Knowledge of how to secure communications through encrypted tunnels.
Practical Skills
- Configuration and Testing: Ability to configure firewall rules and test their effectiveness.
- Troubleshooting: Skills to troubleshoot and resolve issues related to firewall configurations and network connectivity.
Continuous Learning
- Updates and Patches: Staying informed about the latest security updates, patches, and best practices for firewall management.
- Emerging Technologies: Keeping up with emerging network technologies and how they impact firewall configurations and network security.
By mastering these areas, a developer or network administrator can effectively program and manage firewall filters to protect network resources and ensure secure communications.
Defense Organizations.
There is a growing popularity of Linux as network OS in defense organizations with increasing military adoption of Linux IP security with some modifi cations for secured military network transactions.
When you have completed this module, you should be able to
- Describe how network security is affected at the Transmission Control Protocol/Internet Protocol (TCP/IP) levels
- Describe the physical and data link layers of a network
- Identify the Internet layer and its weaknesses
- Identify the transport layer (TCP/UDP)and its weaknesses
- Identify the application layer and its weaknesses
- Discuss the security implications of commonly used applications
- Describe theOpen Systems Interconnect (OSI)[2] model and how packets are sent across the Internet
[1]Transmission Control Protocol/Internet Protocol (TCP/IP): A suite of protocols that turns information into blocks of information called packets. These are then sent across networks such as the Internet.
[2]Open Systems Interconnect (OSI): A model for for network communications standardized by ISO, containing seven primary layers; the physical, data link, network, transport, session, presentation and applications.