In this post I am going to share some networking and security basics that are important to know. Being aware of these key items will allow you to be better versed on the kinds of interactions taking place on your systems and may help you to protect your information!
What is an IP Address?
Definition: An IP (Internet Protocol) address is a unique identifier assigned to each device connected to a network, allowing it to communicate with other devices.
Explanation: Every device on the internet or a local network requires an IP address to send and receive data. It works like a digital mailing address, directing data packets to the correct destination.
Usage: IP addresses are used in both internal networks and across the internet. When you visit a website, your browser sends a request to the server using its IP address.
Top Providers: Internet Service Providers (ISPs) like AT&T, Verizon, and Comcast assign public IP addresses.
What is a MAC Address?
Definition: A MAC (Media Access Control) address is a hardware identifier that uniquely identifies each device on a network at the physical level.
Explanation: Unlike IP addresses, which can change, MAC addresses are hardcoded into devices like network interface cards (NICs). These addresses ensure that devices on a local network can communicate with each other.
Usage: MAC addresses are used in local networks, often for tracking devices, enforcing security policies, or filtering access.
Top Providers: Network equipment manufacturers like Cisco, Netgear, and TP-Link embed MAC addresses in their devices.
What is a Public/Private Address?
Definition: Public addresses are IP addresses that are routable over the internet, while private addresses are restricted to local networks.
Explanation:
- Public IP Address: Assigned by ISPs, allowing devices to connect to the internet.
- Private IP Address: Reserved for internal use in local networks (like your home Wi-Fi) and not routable over the internet.
Usage: Private addresses use ranges defined by standards (e.g., 192.168.x.x). Devices in private networks access the internet through NAT (Network Address Translation).
Top Providers: ISPs like Spectrum, AT&T, and Comcast provide public IP addresses, while private IP addresses are set by routers and local network administrators.
What is IPv4 and IPv6?
Definition:
- IPv4: The fourth version of the Internet Protocol, which uses 32-bit addresses.
- IPv6: The newer version, which uses 128-bit addresses.
Explanation:
- IPv4: Can handle about 4.3 billion unique addresses, but the internet has outgrown this number.
- IPv6: Expands the address space significantly, supporting a virtually limitless number of devices.
Usage: IPv4 is still the most widely used protocol, but IPv6 adoption is growing due to the shortage of IPv4 addresses.
Top Providers: Cloudflare, Google Cloud, and AWS offer IPv6 support along with IPv4.
What is DHCP?
Definition: DHCP (Dynamic Host Configuration Protocol) is a protocol used to automatically assign IP addresses to devices on a network.
Explanation: DHCP eliminates the need to manually configure IP addresses for every device. When a device connects to a network, it requests an IP address from a DHCP server.
Usage: Most routers and networks use DHCP to ensure that devices can connect without requiring manual network configuration.
Top Providers: Cisco, Microsoft, and VMware offer DHCP server solutions.
What is NAT?
Definition: NAT (Network Address Translation) is a method used to map private addresses to a public address when devices access the internet.
Explanation: NAT allows multiple devices on a local network to share a single public IP address. This conserves public IP addresses and adds a layer of security by hiding internal addresses.
Usage: NAT is used in home routers and enterprise networks to connect private networks to the internet.
Top Providers: Companies like Cisco, Juniper Networks, and Netgear offer NAT solutions in their networking devices.
What is UDP Used For?
Definition: UDP (User Datagram Protocol) is a lightweight, connectionless protocol used to send data without establishing a connection.
Explanation: Unlike TCP, UDP does not guarantee delivery, ordering, or error-checking, making it faster but less reliable. It is often used for real-time applications where speed is crucial, such as video streaming, online gaming, and DNS lookups.
Usage: UDP is used in situations where quick data transmission is more important than data reliability.
Top Providers: UDP is implemented in operating systems like Linux, Windows, and macOS.
TCP and UDP Client/Server Python Program
Here’s a simple Python implementation of TCP and UDP client/server communication.
TCP Server:
import socket
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.bind(('localhost', 8080))
server_socket.listen(1)
print('TCP server listening...')
connection, address = server_socket.accept()
data = connection.recv(1024)
print(f"Received from TCP client: {data.decode()}")
connection.sendall(b'Hello TCP Client')
connection.close()TCP Client:
import socket
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect(('localhost', 8080))
client_socket.sendall(b'Hello TCP Server')
data = client_socket.recv(1024)
print(f"Received from TCP server: {data.decode()}")
client_socket.close()UDP Server:
import socket
udp_server_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp_server_socket.bind(('localhost', 8081))
print('UDP server listening...')
data, address = udp_server_socket.recvfrom(1024)
print(f"Received from UDP client: {data.decode()}")
udp_server_socket.sendto(b'Hello UDP Client', address)UDP Client:
import socket
udp_client_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp_client_socket.sendto(b'Hello UDP Server', ('localhost', 8081))
data, server = udp_client_socket.recvfrom(1024)
print(f"Received from UDP server: {data.decode()}")Security Concepts
What is an IP Packet?
Definition: An IP packet is a unit of data that is routed between an origin and a destination on the internet or other IP networks.
Explanation: Packets contain both the data being sent and the headers, which include information like source and destination IP addresses. Packets are the fundamental building blocks of communication on the internet.
What is EDR?
Definition: EDR (Endpoint Detection and Response) is a security solution that monitors and detects suspicious activities on endpoint devices.
Explanation: EDR systems analyze data from endpoint devices in real time and respond to security threats. They offer deep visibility into devices like laptops and desktops, detecting malware, ransomware, and unauthorized access.
Top Providers: CrowdStrike, Symantec, and McAfee are top EDR providers.
What is NDR?
Definition: NDR (Network Detection and Response) is a cybersecurity solution that monitors network traffic to detect and respond to threats.
Explanation: NDR tools focus on identifying anomalies in network activity, often using machine learning to detect unusual patterns that indicate a threat.
Top Providers: Vectra AI, Darktrace, and Cisco offer NDR solutions.
What is an IOC?
Definition: IOC (Indicator of Compromise) refers to evidence that suggests a security breach has occurred.
Explanation: IOCs are artifacts such as unusual network traffic, changes to file hashes, or malicious IP addresses that signal the presence of a security threat. They are used in threat detection to identify and analyze attacks.
What is SIEM?
Definition: SIEM (Security Information and Event Management) is a system that collects, analyzes, and reports on security events from across an organization’s IT infrastructure.
Explanation: SIEM systems aggregate logs from various devices and applications to detect potential security threats in real time.
Top Providers: Splunk, IBM QRadar, and ArcSight are top SIEM providers.
What is SOAR?
Definition: SOAR (Security Orchestration, Automation, and Response) refers to a suite of software tools that automate and streamline security operations.
Explanation: SOAR platforms help security teams respond to incidents faster by automating workflows, managing alerts, and facilitating collaboration.
Top Providers: Palo Alto Networks, IBM, and Splunk are leaders in SOAR.
What is XDR?
Definition: XDR (Extended Detection and Response) is a security solution that integrates and correlates data from various security layers such as network, endpoint, and cloud.
Explanation: XDR improves detection and response by offering a holistic view of security events across an organization’s entire infrastructure.
Top Providers: Microsoft, Palo Alto Networks, and Trend Micro offer XDR solutions.
Nathan Jayanthan's Tech Blog 