NCS

Ms. Pranjali Bhoyar, Assistant Professor

Cyber Security
 Unit - 1

Types of Network & OSI Layers

Typess of Network
PAN (Personal Area Network)
LAN (Local Area Network)
MAN (Metropolitan Area Network)
WAN (Wide Area Network)
PAN (Personal Area Network)
A personal area network is a computer network for
interconnecting electronic devices within an individual
person's workspace.
A PAN provides data transmission among devices such as
computers, smartphones, tablets and personal digital
assistants.
LAN (Local Area Network)
A local area network is a computer network that
interconnects computers within a limited area such as a
residence, school, laboratory, university campus or office
building.
Metropolitan Area Network
A metropolitan area network is a computer network that
interconnects users with computer resources in a geographic
region of the size of a metropolitan area.
Wide Area Network
A wide area network is a telecommunications network that
extends over a large geographic area. Wide area networks
are often established with leased telecommunication circuits
IP address
IP stands for "Internet Protocol"
IP address is a unique address that identifies a device on the
internet or a local network.
IP address is a string of numbers separated by dot.
IP addresses are expressed as a set of four numbers
Each number in the set can range from 0 to 255.
IP addresses are not random. They are mathematically
produced and allocated by the Internet Assigned Numbers
Authority (IANA)
Ex.:- 192.158.1.38
There are two versions of IP address
IP version 4 (IPv4)
IP version 6 (IPv6)

IP version 4 (IPv4)
IPv4 has a 32-bit address length.
It Supports Manual and DHCP address configuration
It can generate 4.29×109 address space
The Security feature is dependent on application
Address representation of IPv4 is in decimal
In IPv4 Encryption and Authentication facility not provided
IPv4 has a header of 20-60 bytes
Ex:- 192.168.1.165
IP version 6 (IPv6)
IPv6 has a 128-bit address length
It supports Auto and renumbering address configuration
Address space of IPv6 is quite large it can produce 3.4
×1038 address space
IPSEC is an inbuilt security feature in the IPv6 protocol
Address Representation of IPv6 is in hexadecimal
In IPv6 Encryption and Authentication are provided
IPv6 has header of 40 bytes fixed
Ex:- 2001:0db8:0000:0000:0000:ff00:0042:7879
Class A Network
This IP address class is used when there are a large number of
hosts. In a Class A type of network, the first 8 bits (first octet)
identify the network, and the remaining have 24 bits for the
host into that network.
An example of a Class A address is 102.168.212.226. Here,
“102” helps you identify the network and 168.212.226
identify the host.
Address Range:- 1 to 126
Class B Network
In class B the first 16 bits (first two octets) help you identify
the network. The other remaining 16 bits indicate the host
within the network.
An example of Class B IP address is 168.212.226.204, where
*168 212* identifies the network and *226.204* helps you
identify the Hut network host.
Address Range:- 128 to 191
Class C Network
Class C is a type of IP address that is used for the small
network. In this class, three octets are used to indent the
network.
In this type of network addressing method, the first two bits
are set to be 1, and the third bit is set to 0, which makes the
first 24 bits of the address them and the remaining bit as the
host address. Mostly local area network used Class C IP
address to connect with the network.
Address Range:- 192 to 223
Class D Network
Class D addresses are only used for multicasting applications.
Class D is never used for regular networking operations. This
class addresses the first three bits set to “1” and their fourth
bit set to use for “0”. Class D addresses are 32-bit network
addresses. All the values within the range are used to identify
multicast groups uniquely.
Therefore, there is no requirement to extract the host
address from the IP address, so Class D does not have any
subnet mask.
Address Range:- 224 to 239
Class E Network
Class E IP address is defined by including the starting four
network address bits as 1, which allows you two to
incorporate addresses from 240.0.0.0 to 255.255.255.255.
E class is reserved for research and Development Purposes,
and its usage is never defined. Therefore, many network
implementations discard these addresses as undefined or
illegal.
Address Range:- 240 to 254
Network Address Translation(NAT)
NAT stands for network address translation.
Network Address Translation (NAT) is a process in which one
or more local IP address is translated into one or more Global
IP address and vice versa in order to provide Internet access
to the local hosts.
Network Address Translation working
The router which has one interface in the local (inside)
network and one interface in the global (outside) network.
When a packet traverse outside the local (inside) network,
then NAT converts that local (private) IP address to a global
(public) IP address. When a packet enters the local network,
the global (public) IP address is converted to a local (private)
IP address.
If NAT runs out of addresses, no address is left in the pool
configured then the packets will be dropped and an Internet
Control Message Protocol (ICMP) host unreachable packet to
the destination is sent.
Why mask port numbers?
Suppose, in a network, two hosts A and B are connected.
Now, both of them request for the same destination, on the
same port number, say 1000, on the host side, at the same
time.
If NAT does only translation of IP addresses, then when their
packets will arrive at the NAT, both of their IP addresses
would be masked by the public IP address of the network and
sent to the destination.
Destination will send replies to the public IP address of the
router.
Inside local address – An IP address that is assigned to a host
on the Inside (local) network. The address is probably not an
IP address assigned by the service provider i.e., these are
private IP addresses. This is the inside host seen from the
inside network.

Inside global address – IP address that represents one or

more inside local IP addresses to the outside world. This is
the inside host as seen from the outside network.
Outside local address – This is the actual IP address of the
destination host in the local network after translation.

Outside global address – This is the outside host as seen from

the outside network. It is the IP address of the outside
destination host before translation.
Advantages of NAT
NAT conserves legally registered IP addresses.
It provides privacy as the device’s IP address, sending and
receiving the traffic, will be hidden.
Eliminates address renumbering when a network evolves.
Disadvantage of NAT
Translation results in switching path delays.
Certain applications will not function while NAT is enabled.
Complicates tunneling protocols such as IPsec.
Also, the router being a network layer device, should not
tamper with port numbers(transport layer) but it has to do so
because of NAT.
IP subnets
In networking, an IP subnet, or simply subnet, is a logical
subdivision of an IP network. Subnetting is the process of
dividing a larger IP network into smaller, more manageable
sub-networks. This is done for various reasons, including
improving performance, enhancing security, and facilitating
efficient use of IP addresses.
Key concepts related to IP subnets:
IP Address:
An IP address is a numerical label assigned to each device
connected to a computer network that uses the Internet
Protocol for communication. IPv4 addresses are typically
written in the form of four sets of decimal numbers
separated by dots (e.g., 192.168.1.1).
Key concepts related to IP subnets:
Subnet Mask:
The subnet mask is a 32-bit number that divides an IP
address into network and host portions. It consists of a series
of contiguous '1' bits followed by a series of contiguous '0'
bits. For example, the subnet mask 255.255.255.0 (or /24 in
CIDR notation) means that the first 24 bits of the IP address
represent the network, and the remaining 8 bits represent
the host.
CIDR Notation:
CIDR (Classless Inter-Domain Routing) notation is a way to
represent IP addresses and their associated routing prefix. It
allows for a flexible and efficient allocation of IP addresses.
For example, instead of using traditional subnet masks, CIDR
notation might express a subnet as 192.168.1.0/24.
Subnetting:
Subnetting involves dividing an IP network into sub-networks
to improve performance and security. It allows for more
efficient use of IP addresses by allocating them to smaller
groups within the larger network. Subnetting is often used in
conjunction with CIDR notation.
Private and Public IP Addresses:
IP addresses are categorized as private or public. Private IP
addresses are reserved for use within a private network and
are not routable on the public Internet. Public IP addresses
are assigned by Internet authorities and are routable on the
Internet.
VLSM (Variable Length Subnet Masking):
VLSM is a technique that allows for using different subnet
masks within the same network address space. This enables
more efficient use of IP addresses by assigning larger subnets
to network segments with more hosts and smaller subnets to
segments with fewer hosts.
DHCP Server
Dynamic Host Configuration Protocol is an application layer
protocol
which is used to provide:
Subnet Mask (Option 1 – e.g., 255.255.255.0)
Router Address (Option 3 – e.g., 192.168.1.1)
DNS Address (Option 6 – e.g., 8.8.8.8)
Vendor Class Identifier (Option 43 – e.g., ‘unifi’ = 192.168.1.9
##where unifi = controller)
Subnet Mask
A subnet mask is a 32-bit number created by setting host bits
to all 0s and setting network bits to all 1s. In this way,
the subnet mask separates the IP ...
A subnet mask is used to divide an IP address into two parts.
One part identifies the host (computer), the other part
identifies the network to which it belongs.
Vendor Class Identifier
Using the vendor class identifier allows DHCP administrators
to assign vendor-specific DHCP options to devices without
running the risk of duplicating options within the DHCP
scope.
Advantages –
centralized management of IP addresses
Ease of adding new clients to a network
Reuse of IP addresses reducing the total number of IP
addresses that are required
Simple reconfiguration of the IP address space on the DHCP
server without needing to reconfigure each client
The DHCP protocol gives the network administrator a method
to configure the network from a centralized area.
With the help of DHCP, easy handling of new users and reuse
of IP address can be achieved.
Ports
A port is a virtual point where network connections start and
end.
Ports are software-based and managed by a computer's
operating system.
Each port is associated with a specific process or service.
A port is a virtual point where network connections start and
end. Ports are software-based and managed by a computer's
operating system.
Each port is associated with a specific process or service.
Ports allow computers to easily differentiate between
different kinds of traffic
Port number

Ports are standardized across all network-connected devices,

with each port assigned a number.
Most ports are reserved for certain protocols — for example,
all Hypertext Transfer Protocol (HTTP) messages go to port
80.
While IP addresses enable messages to go to and from
specific devices, port numbers allow targeting of specific
services or applications within those devices.
Ports are a transport layer (layer 4) concept.
Only a transport protocol such as the Transmission Control
Protocol (TCP) or User Datagram Protocol (UDP) can indicate
which port a packet should go to.
TCP and UDP headers have a section for indicating port
numbers.
Network layer protocols — for instance, the Internet Protocol
(IP) — are unaware of what port is in use in a given network
connection.
In a standard IP header, there is no place to indicate which
port the data packet should go to.
There are 65,535 possible port numbers, although not all are
in common use. Some of the most commonly used ports,
along with their associated networking protocol, are:

There are 65,535 possible port numbers, although not all are
in common use. Some of the most commonly used ports,
along with their associated networking protocol, are:
Ports 20 and 21: File Transfer Protocol (FTP). FTP is for
transferring files between a client and a server.
Port 22: Secure Shell (SSH). SSH is one of
many tunneling protocols that create secure network
connections.

Port 25: Simple Mail Transfer Protocol (SMTP). SMTP is used

for email.
Port 53: Domain Name System (DNS). DNS is an essential
process for the modern Internet; it matches
human-readable domain names to machine-readable IP
addresses, enabling users to load websites and applications
without memorizing a long list of IP addresses.

Port 80: Hypertext Transfer Protocol (HTTP). HTTP is the

protocol that makes the World Wide Web possible.

Port 123: Network Time Protocol (NTP). NTP allows computer

clocks to sync with each other.
Port 179: Border Gateway Protocol (BGP). BGP is essential for
establishing efficient routes between the large networks that
make up the Internet (these large networks are
called autonomous systems). Autonomous systems use BGP
to broadcast which IP addresses they control

Port 443: HTTP Secure (HTTPS). HTTPS is the secure and

encrypted version of HTTP. All HTTPS web traffic goes to port
443. Network services that use HTTPS for encryption, such
as DNS over HTTPS, also connect at this port.
Port Range Groups
0 to 1023 – Well known port numbers. Only special
companies like Apple QuickTime, MSN, SQL Services, Gopher
Services, and other prominent services have these port
numbers.

1024 to 49151 – Registered ports; meaning they can be

registered to specific protocols by software corporations.

49152 to 65536 – Dynamic or private ports; meaning that

they can be used by just about anybody.
DNS (Domain Name System)
DNS, or Domain Name System, is a critical component of
computer networks that translates human-readable domain
names into IP addresses. Instead of relying on users to
remember and use numerical IP addresses, DNS provides a
hierarchical and distributed system that allows users to use
easily memorable domain names to access resources on the
Internet.
Key aspects of DNS in networks:

Domain Names:
A domain name is a human-readable label assigned to an IP
address or a set of IP addresses. For example,
www.example.com is a domain name. Domain names are
organized hierarchically, with the top-level domain (TLD) at
the rightmost part (e.g., .com, .org, .net).
DNS Servers:
DNS operates in a distributed manner through a network of
DNS servers. These servers are categorized into several
types:
Root DNS Servers: These servers are at the top of the DNS
hierarchy and provide information about the authoritative
DNS servers for top-level domains.
Top-Level Domain (TLD) DNS Servers: These servers handle
requests for specific TLDs (e.g., .com, .org).
Authoritative DNS Servers: These servers store and provide
information about a specific domain. There are authoritative
servers for each domain.
Recursive DNS Servers: These servers perform the actual
work of translating domain names to IP addresses. They can
query other DNS servers to resolve a domain name.
DNS Resolution Process:
When a user types a domain name into a web browser, the
following steps occur:
The local device checks its local DNS cache to see if it already
has the IP address for the requested domain.
If not, the request is sent to a recursive DNS server (often
provided by the Internet Service Provider). This server may
have the information in its cache or may need to query other
DNS servers to resolve the domain.
The recursive server checks the root DNS servers to find the
TLD DNS servers responsible for the domain.
The TLD DNS server directs the recursive server to the
authoritative DNS server for the specific domain.
The authoritative DNS server provides the IP address for the
requested domain back to the recursive server.
The recursive server caches this information and returns the
IP address to the user's device, which can then access the
desired resource.
DNS Records:

DNS servers store various types of records associated with

domain names. Common DNS record types include:
A Record: Maps a domain name to an IPv4 address.
AAAA Record: Maps a domain name to an IPv6 address.
CNAME (Canonical Name) Record: Alias of one domain to
another.
MX (Mail Exchange) Record: Specifies mail servers
responsible for receiving email for the domain.
NS (Name Server) Record: Specifies authoritative DNS servers
for the domain.
Proxy Servers
The proxy server is a computer on the internet that accepts
the incoming requests from the client and forwards those
requests to the destination server.

It works as a gateway between the end-user and the

internet. It has its own IP address. It separates the client
system and web server from the global network.
Proxy Servers
we can say that the proxy server allows us to access any
websites with a different IP address. It plays an intermediary
role between users and targeted websites or servers.

It collects and provides information related to user requests.

The most important point about a proxy server is that it does
not encrypt traffic.
The proxy server accepts the request from the client and
produces a response based on the following conditions:
If the requested data or page already exists in the local
cache, the proxy server itself provides the required retrieval
to the client.

If the requested data or page does not exist in the local

cache, the proxy server forwards that request to the
destination server.
The proxy servers transfer the replies to the client and also
being cached to them.
Therefore, it can be said that the proxy server acts as a client
as well as the server.
Ports are a transport layer (layer 4) concept.
Only a transport protocol such as the Transmission Control
Protocol (TCP) or User Datagram Protocol (UDP) can indicate
which port a packet should go to.
TCP and UDP headers have a section for indicating port
numbers.
Network layer protocols — for instance, the Internet Protocol
(IP) — are unaware of what port is in use in a given network
connection.
In a standard IP header, there is no place to indicate which
port the data packet should go to.
DNS (Domain Name System) server
A DNS (Domain Name System) server is a critical component of the
internet infrastructure that translates human-readable domain names
into IP addresses. This process is essential for allowing users to access
websites, services, and other resources using easily memorable domain
names rather than numerical IP addresses.

DNS Resolution Process:

When a user enters a domain name (e.g., www.example.com) into a web
browser, the DNS resolution process begins. The DNS server is
responsible for translating the domain name into the corresponding IP
address.
The resolution process involves querying multiple DNS servers in a
hierarchical manner until the IP address for the domain is obtained.
Types of DNS Servers:
Root DNS Servers: These are the starting point for DNS
resolution. They provide information about the authoritative
DNS servers for top-level domains.
Top-Level Domain (TLD) DNS Servers: Responsible for specific
top-level domains (e.g., .com, .org).
Authoritative DNS Servers: Store and provide information
about a specific domain. Each domain has its authoritative
DNS servers.

Recursive DNS Servers: Perform the actual work of resolving

DNS queries. They may query other DNS servers to obtain the
necessary information.
DNS Records:

DNS servers store various types of records associated with

domain names. Common DNS record types include:
A Record: Maps a domain name to an IPv4 address.
AAAA Record: Maps a domain name to an IPv6 address.
CNAME (Canonical Name) Record: Alias of one domain to
another.
MX (Mail Exchange) Record: Specifies mail servers
responsible for receiving email for the domain.
NS (Name Server) Record: Specifies authoritative DNS servers
for the domain.
DNS Caching:
To improve performance and reduce latency, DNS servers
often cache the results of previous DNS queries. Cached
information can be reused for subsequent requests, reducing
the need to query authoritative DNS servers repeatedly.

Forwarders:
DNS servers can be configured to use forwarders, which are
other DNS servers that they forward queries to instead of
performing the full resolution process. This can be useful for
improving efficiency and reducing the load on root and TLD
servers.
DNS Security:
DNS is vulnerable to various attacks, such as DNS spoofing
and cache poisoning. DNS Security Extensions (DNSSEC) is a
set of extensions designed to add an extra layer of security by
signing DNS data cryptographically.

Primary and Secondary DNS Servers:

Organizations often have both primary and secondary DNS
servers for redundancy. The primary server is the
authoritative server for a domain, and the secondary server
replicates the DNS information from the primary server to
provide backup in case of failures.
Recursion:
DNS servers can operate in recursive or non-recursive modes.
Recursive DNS servers perform the entire DNS resolution
process on behalf of the client, while non-recursive servers
provide only the information they have cached.
OSI model and TCP/IP
The OSI (Open Systems Interconnection) model and the
TCP/IP (Transmission Control Protocol/Internet Protocol)
model are conceptual frameworks that standardize the
functions of a telecommunication or computing system into
layers. While the OSI model has seven layers, the TCP/IP
model has four layers. Each layer in both models has a
specific set of functions, and they work together to enable
communication over a network.
Attribute of OSI Model
Functions of the OSI Layers
Physical Layer
The main functionality of the physical layer is to transmit the
individual bits from one node to another node.
It is the lowest layer of the OSI model.

It establishes, maintains and deactivates the physical

connection.
It specifies the mechanical, electrical and procedural network
interface specifications.
Data-Link Layer
This layer is responsible for the error-free transfer of data
frames.
It defines the format of the data on the network.
It provides a reliable and efficient communication between
two or more devices.
It is mainly responsible for the unique identification of each
device that resides on a local network.
Network layer
Routers are the layer 3 devices, they are specified in this
layer and used to provide the routing services within an
internetwork(LAN).
The protocols used to route the network traffic are known as
Network layer protocols. Examples of protocols are IP and
Ipv6.
Transport layer
The Transport layer is a Layer 4 ensures that messages are
transmitted in the order in which they are sent and there is
no duplication of data.
The main responsibility of the transport layer is to transfer
the data completely.
It receives the data from the upper layer and converts them
into smaller units known as segments.
This layer can be termed as an end-to-end layer as it provides
a point-to-point connection between source and destination
to deliver the data reliably.
Session layer
It is a layer 5 in the OSI model.
The Session layer is used to establish, maintain and
synchronizes the interaction between communicating
devices.
Presentation layer
A Presentation layer is mainly concerned with the syntax and
semantics of the information exchanged between the two
systems.
It acts as a data translator for a network.
This layer is a part of the operating system that converts the
data from one presentation format to another format.
The Presentation layer is also known as the syntax layer.
Application layer
An application layer serves as a window for users and
application processes to access network service.
It handles issues such as network transparency, resource
allocation, etc.
An application layer is not an application, but it performs the
application layer functions.
This layer provides the network services to the end-users.
TCP/IP Model
The Internet protocol suite, commonly known as TCP/IP, is a
framework for organizing the set of communication
protocols used in the Internet and similar computer networks
according to functional criteria.
TCP/IP Model
The Internet protocol suite, commonly known as TCP/IP, is a
framework for organizing the set of communication
protocols used in the Internet and similar computer networks
according to functional criteria.
Link Layer (or Network Interface Layer):
Combines functionalities of the OSI Physical and Data Link
layers.
Concerned with the physical and data link aspects of network
communication.
Internet Layer
Corresponds to the OSI Network Layer.
Responsible for logical addressing (IP addresses) and routing.
Includes the IP (Internet Protocol) and ICMP (Internet Control
Message Protocol).
Transport Layer
Similar to the OSI Transport Layer.
Manages end-to-end communication, providing reliable or
unreliable delivery.
Includes TCP (Transmission Control Protocol) and UDP (User
Datagram Protocol).
Application Layer
Similar to the OSI Session, Presentation, and Application
layers.
Provides network services directly to end-users or
applications.
Includes a variety of application protocols such as HTTP, FTP,
and SMTP.