What is network?

Connection two or more connected devices is called Network.

>>Network Types:
There are two types of network
1) LAN (Local Area Network)
2) WAN(Wide Area Network)
----------------------------------------
>>Network Devices:
1.Routers
2. Switches
3. Firewall
4. IDS/IPS
5. Proxy
6. Load Balancer
7. WAF (Web Application Firewall)
8. Email Gateway
----------------------------------------------------------------------
>>Difference between LAN & WAN

LAN WAN
Stands for Locan Area Network Stands for Wide Area Network
Small Area covered Large area covered
Usually getting low speed Usually getting a fast speed
Within a campus (With in organisation) One city to Another
Using Switches Using Routers.

----------------------------------------------------------------------

>> Firewall
Firewall is a network security device. with the help of firewall we can monitor incoming and
outgoing traffic. as well as it will protect from unauthorised users. Its works on rule based.
There is two types of firewall
1. Perimeter Firewall
2. Next Gen. Firewall (Traditional Firewall)

Top vendors of Firewall:

1. Palo alto Firewall
2. Cisco ASA Firewall
3. Fortigate Firewall
4. Sophos Firewall
5. Checkpoint Firewall

>>Difference between Perimeter Firewall and Next Gen Firewall:

Perimeter Firewall Next Gen Firewall
Its works on OSI Layer 4 Its works on OSI Layer 7 ( All layers)
Won't handle heavy traffic It will handle heavy traffic
It won't detect viruses It will detect viruses.
Firewall has UTM Feature.
----------------------------------------------------------------------
>>IDS/IPS
Its a network security devices. IDS stands for Intrusive Detection System and IPS stands for
Intusive Prevention System.
Its an inteligence device. It will Monitor traffic. as well as it will detect Deleted and prevent
network related malacious traffic.

IDS - IDS scan the traffic & detects malacious traffic & report it to the admin based on the
network signature.I
IPS - IPS scan the traffic & detects and can also block ( prevent) the malacious traffic based on
network signature.

Vendors:
Cisco FTD
----------------------------------------------------------------------
Proxy:
Its a network security device. It will protect and Block malacious websites.It will protect
internet related bad traffic.Protect from unauthorised and bad traffic.

Vendor
Zscaler
----------------------------------------------------------------------
Load Balancer:
Its a network security device. It will balance the traffic as well as distributed traffic.

Vendor:
Big IPF5
----------------------------------------------------------------------
WAF ( Web Application Firewall):
Its a network security device. it will protect company websites as well as applications.It will
protect from web related attacks.
ex. DoS Attack, DDoS Attack, SQL Injection, Cross site scripting Attack.

Top Vendors
Alkamai
Cloudflare
Imperva
----------------------------------------------------------------------

Email Gateway: Its a device to protect from malacious phishing emails.Email Gateway is
installed in server which is connected to core switch. Here we are using SMTP protocol.
-------------------------------------------------------------------------------------------------------
-------------------------------------

Antiviurs: Antivirus is the endpoint user device security purpose. we are using to protect and
prevent from viruses worms and trojans etc. In our laptop there is an antivirus agent which
are connected to
antivirus manager which is installed in server. Antivirus works on signature based.Av scan
only enternal files. To monitor malacious and suspecious activity.as well as we have to check
which user's
antivirus signature is up-to-date or not.

Top Vendors:
Symentech
MCcaffe
Defender
Norton

VIRUS : A computer program that can copy itself and infect a computer without permission or
knowledge of the user.A virus might corrupt or delete data on a computer,
use e-mail programs to spread itself to other computers, or even erase everything on a
hard disk. See malicious code

WORM : In this definition of computer worms, the worm virus exploits vulnerabilities in your
security software to steal sensitive information, install backdoors that can be used to access
the system, corrupt files,
and do other kinds of harm. Worms consume large volumes of memory, as well as
bandwidth.

vulnerabilities : A vulnerability in security refers to a weakness or opportunity in an

information system that cybercriminals can exploit and gain unauthorized access to a
computer system.
Vulnerabilities weaken systems and open the door to malicious attacks.

TROJANS : A Trojan Horse Virus is a type of malware that downloads onto a computer
disguised as a legitimate program.
The delivery method typically sees an attacker use social engineering to hide
malicious code within legitimate software to try and gain users' system access with their
software.

-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------
----
EDR ( End point Detection and Response)
- Its a device to protect our end point device
- its a next generation of Antivirus
- Its a Advance than Antivirus
- its detects file also
- EDR works on BEHAVIOUR based.

Difference between Antivirus and EDR

Antivirus EDR
Its a works on Signature based Its a works on Behaviour based.
It will detect in virus, worms, trojans It will detect virus, worms, trojan and Ransomware,
Files also
Antivirus dont have Roleback Its have Roleback plan
Antivirus dont have recovery, EDR have Recovery and Quarantine Option.
Quarantine option. We can remove the malware files remotly also.

-------------------------------------------------------------------------------------------------------
-------------------------------------

DLP (Data Loss Prevention)

- Its a cyber security solution protect from data breaches or sensitive information from the
organisation.
- To protect company's sensitive data.

Top Vendor :
Netscope
Forcepoint

-------------------------------------------------------------------------------------------------------
-------------------------------------

IP Address:
How to search our laptop IP Address?
Go to search bar- type cmd- in command prompt type ipconfig.

How to communicate others system?

In cmd type ping__________( IP ADDRESS)
IP Address types and Ranges:
CLASS A : 0-127 - 255.0.0.0 (SUBNET MASK)
CLASS B :128-191- 255.255.0.0
CLASS C : 192- 223 -255.255.255..

(CLASS A, B, C are used in LAN & WAN )

CLASS D : 224-239 -255.255.255.255 ( Reserved for Multicasting )

CLASS E : 240-255 (Reserved for Indian Government )

There are two version of IP

IP VERSION 4 ( 32 bit )
IP VERSION 6 ( 128 bit )

ISP (Internet Service Provider ) provides IP Address to the organisation.

There are two types of IP Address

Private IP Address
Public IP Address

Difference between Private IP Address and Public IP Address

Private IP Address Public IP Address

Its a free of cost Its a chargeble
Used in LAN Network Used in WAN Network
Assigned by Network engineersAssigned by ISP
Ex. 10.1.1.1 Ex.267.1.78.10

-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------

OSI Layers:
If we want build a new network then network engineers follows OSI Layers. There are 7 OSI
Layers

7 APPLCIATION - Services that are used with end user application

6 PRESENTATION- Format the data so that it can be viewed by the users.Encrypt and
Decrypt Ex. JPG, GIF, HTTPS, SSL, TLS

5 SESSION- Maintain connections and is responsible for controlling ports and session

4 TRANSPORT- Transmits data using transmition protocols including tcp and udp

3 NETWORK- Reads the IP Address form the packet. Ex. Routers, Layers, Switches

2 DATA LINK- Defines the format of data on the network.

1 PHYSICAL- Send the data on to the physical wire Ex. Hubs, Cables.

-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------

Protocols And Port Numbers:

Protocols : Set of rules is called Protocol.
Use of Protocol and Port Numbers to use accessing any kind of service in system

How many ports we have in Laptop: 65,536

1. TCP/UDP : 20/21
2. HTTP : 80
3. HTTPS : 443
4. DNS : 53
5. DHCP : 67/68
6. TELNET : 23
7.SSH : 22
8. FTP : 20
9. SMTP : 25
10 SNMP : 167/162
11. SMB : 445
12. RDP : 3389
13. LDAP : 389
14 SYSLOG :514

TCP/ UDP : 20/21

TCP - Stands for Transmittion control protocol
UDP - Stands for User DataGram protocol

Differnce between TCP/ UDP

TCP UDP
Secured Unsecured
Connection Oriented Connection Less
Slow Fast
Guranted Transmission No Gurantee
Ex. DNS, HTTPS, FTP Ex. DNS, DHCP, SNMP

-----------------------------------------------------------------------------
Differnce Between HTTP And HTTPS 80/443

HTTP HTTPS
Hyper Text Transfer Protocol Hyper Text Transfer Protocol Secure.
Its a Plain Text Protocol Its a Cypher Text Protocol
Less secured More Secured
Its works on Application Layers Its works on Transport Layer.
Port no. 80 Port no.443

(Using SSL certificates ) ( Secured socket layer )

-------------------------------------------------------------------------------

DNS ( Domain Name System) 53

Translating d0main into Ip address is called DNS.

Ex. End user want to access www.Facebook.com request will go to DNS Resolver. If DNS
Resolver does not have availabilty then its forwording request to DNS root,Again send to
name server
then Root 53 sending IP Address to DNS Resolver.

DNS Records:
Name server ( NS)
Mail Exchange (MX)
Address (A)
Canonical Name ( C NAME )
Text Record (TXT RECORD)
Time to live Record ( TTL)
Pointer Record (PTB)
-----------------------------------------------------------------------------

DHCP ( Dynamic Host Configuration Protocol ) 67/68

It will relesing the IP Address to the system.

DHCP DORA SYSTEM

D- DISCOVE
O- OFFER
R - REQUEST
A- ACKNOWLEDGE

Every company have DHCP server. Once your laptop connected to LAN. Laptop send request
to the DHCP Server for IP Address called Discover. DHCP server offer IP Address to laptop.
Then sending request for that IP address then DHCP server Acknoledge to system.

-----------------------------------------------------------------------------

TELNET/ SSH - 23/22

- Both are Remote Host Control Protocol
- Configure a device with a use of remote
- Putty tool we can use in it.

Difference between TELNET AND SSH

TELNET SSH
Plain Text Protocol Cypher Text Protocol
Less security Protocol More Security Protocol
Unencrypted Encrypted

-----------------------------------------------------------------------------

FTP (File Transfer Protocol) 20

- Sending data to destination FTP Protocol working in background

- Its connect to switches, Its a Plain Protocol.

SFTP ( Secured File Transfer Protocol)

- Its a cypher protocol
- its a more secured then FTP Protocol.

-----------------------------------------------------------------------------

SMTP ( Simple Mail Transfer Protocol ) 25

- With the help of SMTP protocol we can accessing the Emails.

X send to mail Y , Firstlly mail goes to the Authorised SMTP Server. It will check X's IP Address
as well as checking sender is genune or not , After confirmation if its legitimate then it
Forword to Y.

The Simple Mail Transfer Protocol (SMTP) is an application used by mail servers to send,
receive, and relay outgoing email between senders and receivers

-------------------------------------------------------------------------------------------------------
---------------------------------------------------

SNMP 167/162

In monitoring tool we are using SNMP PROTOCOL897

-----------------------------------------------------------------------------

SMB Protocol ( Server Message Block ) 445

-Its a network file sharing protocol
- Most of the organisation desabale in laptop caz of attacker can easily attack on system.

-----------------------------------------------------------------------------

RDP ( Remote Desktop Protocol) 3389

- To access the another system via Remote.
-----------------------------------------------------------------------------

LDAP ( Light Weight Directory Access Protocol ) 389

- With the use of LDAP we gives acces to anyone.
-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------
-------------------------

Corporate Network Architecture:

ISP - ROUTER- PERIMETER FIREWALL- INTERNAL ROUTER- IDS/IPS- NEXT GEN FIREWALL-
PROXY- LOAD BALANCER- WAF- CORE SWITCH ( Criticle server connected ) - ACCESS SWITCH
( End user )

ISP- ( Internet Service Provider)

Every organisation need internet , ISP gives internet connection to Router ( Edge Router)

NTLM : (New technology Lan Manager ) is a proprietary microsoft authentication protocol.

NTLM is also based on symmetric key cryptography technology and needs resources servers
to provide
authentication, integraty and confidentiality to users. NTLM does not support delegation of
authentication and two factor authentication. NTLM is usually iomplemented in earlier
windows versions such
as Windows 95, Windows 98, Windows ME, NT.

Ad
_______________________________________________________________________
_____________________________________________________________________
_______________________________________________________________________
_____________________________________________________________________

MODULE - 2
 SECURITY CONCEPT

Encryption: It is the process of using an algorithm to transfer plain text into cypher text.
Readable to unreadable format is called Encryption.
Example: AES, DES, 3 DES (ALL ARE ALGORITHEM) .

Decryption: The conversion of encrypted data into its original form is called Decryption.
Unreadable to readable format is called Decryption.
Example: RSA (Algorithm)

-----------------------------------------------------------------------------

Encryption Types :
There are two types of Encryption
1. Symmetric Encryption
2. Asymmetric Encryption

Symmetric : Symmetric encryption involves using a single key to encrypt and decrypt data.
Example: AES, DES, 3 DES (ALL ARE ALGORITHEM)

Asymmetric: Asymmetric encryption uses private key and public key to encrypt and decrypt
the data. It is more secured then symmetric.
Example: RSA (Algorithm)

-----------------------------------------------------------------------------

Hashing :
- Its a process to transferring any given key or string of character into another value.
- Its a fix length of character
- Once you convert the data into hashing value no one can modified it.

Ex.MD5, SHA-256 AND SHA-1 ( Exe file , PDF Files)

-----------------------------------------------------------------------------

CIA

C- CONFIDENTIALITY
I- INTEGRITY
A- AVAILIBILTY

C - CONFIDENTIALITY - Customer data or company internal data should be confidential.[ we

are using encruption here to protect the data]

Ex. AES, DES, 3DES

I - Integrity - Whatever we have the customer data that data should not be modified. [We are
using Hashing alogorithem.]

Ex. MD5, SHA-256 AND SH-1

A- AVAILIBILTY - Whatever the data is confidential that should be available 24*7 to

authorized person. [We are using Load Balancer]

-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------
-------------------------
Cyber Kill Chain Process:

Attackers will follow to cyber kill chain process to hack network. It 鈥檚 a process attacker
can trying to attack on organization attacker will follow the cyber kill chain process.
There are 7 phases in cyber kill chain process.
1. Reconnaissance: Gathering the information is called reconnaissance.
2. Weaponisation: To prepare the weapon or to prepare the payload.(Malicious link, viruses)
3. Delivery: Via phishing email to deliver the weapon on organization or specific user
4. Exploitation: Once delivered the weapon code is triggered exploiting vulnerabilities
application or system.
5. Installation: The weapon installs a backdoor on a target 鈥檚 system allowing persistent
access.
6. Command & Control: Outsider server communication with the weapons providing hands on
keyboard access inside the target network. Servers are communicating with attacker 鈥檚
laptop.
7. Action on objectives: Attacker can achieves his target is called Action on objectives.

-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------
-------------------------

Types of Attackk:
Web Attacks:-

1. DoS Attack (Denial of Service Attack): DoS attacks accomplish this is by flooding the target
with ICMP Traffic, or sending it information that triggers a crash.
In this attack attacker use single system only.
Attacker is using single system to attack web server with the help of ICMP Floods is called
DoS attack.

2. DDos Attack (Distributed Denial of Service Attack): Attacker is using multiple system to
attack on the server with the use of ICMP Flood traffic that is called DDoS Attack.

3. SQL Injection attack: In this attack, attacker can inject the malicious code on the script.
Then attacker gain the access to DB and steal the valuable data.
With the help of SQL Injection attacker can change the price of product also.

4. Cross site Scripting (XSS): Cross site scripting is an attack in which an attacker injects
malicious executable scripts into the code of a trusted application or website.
Attacker trying to attack on webpage, website. Even attacker can change information on page.
-----------------------------------------------------------------------------
Network Attacks

1. MITM Attack (Man In The Middle Attack): A man-in-the-middle attack is a type of cyber-
attack in which the attacker secretly intercepts and relays messages between two parties
who believe they are communicating directly with each other.

2. Ransomware Attack: It is designed to deny a user or organization access to files on their

companies. By encrypting these files and demanding a ransom payment for the decryption
key.

-----------------------------------------------------------------------------

OWASP TOP 10 Attack:

OWASP : The Open Wordlwide Application Security Project

 1. INJECTION
2. BROKEN AUTHENTICATION
3. SENSITIVE DATA EXPOSURE
4. XML EXTERNAL ENTITIES
5. BROKEN ACCESS CONTROL
6. SECURITYMISCONFIGURATION
7. CROSS-SITE-SCRIPTING
8. INSECURE DESERIALIZATION
9. USING COMPONENTS WITH KNOWN VULNERABLITIES
10. INSUFFICINT LOGGING AND MOINITORING

-----------------------------------------------------------------------------

Security Framework:

NIST Cyber Security Framework

ISO 27001 & ISO 27002
SCO 2
HIPPA
PCI DSS
GDPR

NIST: We need to follow NIST Guidlines, Its a powerfull tools to organize and improve your
Cybersecurity programm.

NIST have 4 steps

1 ) Identify : What proccess & Assets need protection.
2) Protect : Implement appropriate sageguards to ensure protection of the enterprises assets
3) Detect : Implement appropriate mechanism to identify the occurence of Cybersecurity
incidents.
4) Respond : Develop techniques to contain the impacts of cybersecurity events.

-----------------------------------------------------------------------------

ISO 27001 & ISO 27002

-These are cyber security auditors ( GRC Professionals)
-Improved Risk Management
- Identifying Risk

-----------------------------------------------------------------------------
HIPPA-
Its a framework which provides security provision & data privacy. In order to keep patients
medical inforamtion safe.

-----------------------------------------------------------------------------
PCI DSS-
In Payment card industry

-----------------------------------------------------------------------------
GDPR-
General Data Protection Regulation
We can use, process and store personal data
It is a European Union (EU) law.