Required Cybersecurity Skill: Understanding Basic Networking Concepts

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
i get asked all the time how do i get started in cyber security and there's a lot of different paths for folks and a lot of different entry points where people are coming from but one axiomatic fact that everybody that gets into cyber security should have some understanding of is basic networking it doesn't matter what you're going to do in cyber defense offense audit anything you need to understand how networking works and in today's episode i'm going to do a crash course on networking and i'm only going to be talking about the things that you need to know in order to be successful at cyber security and obviously you know 15 minutes 20 minutes isn't enough to give you the foundation that you need to fully execute but i'm going to give you the terms and the concepts that are absolutely required to understand and then be able to go forward and learn what you need to be able to execute the job you want coming up [Music] hey everybody welcome to simply cyber a youtube channel designed for helping you make and take a cyber security career further faster i'd like to give a special thank you to our sponsor coastal information security group and if this is your first time here i hope you enjoyed the video and if you like it you may want to check out other videos on the channel because it's all about helping people better their cyber security understanding so today we're talking about networking and really understanding how networks operate in certain key elements is absolutely critical for the success of of your cyber security career if you don't understand how a network works and i'm not talking about getting into the nuances of you know packet headers and you know flags in the tcp and stuff like that what i'm talking about is the osi stack and how packets travel from your computer to other computers so you know the question that you hear sometimes in interviews is when i type in google.com in a web browser and hit enter tell me what happens and this is really to test the candidates understanding um at whatever level they might have of the osi stack of protocols of dns of network uh package reversal routers you know arp those type of things so today let's just drill down to the things that you need to know for cyber security so i when i got my computer science undergrad i did an entire semester just on networks right so a 15-minute youtube video is not going to cover the entire gambit you're not going to leave this video a network engineer what you are going to leave is with the knowledge that you need to be able to apply the concepts that you'll be learning in cyber security i tell my students you know once you understand the way the network is supposed to work then you can begin to understand how people take advantage and compromise it or how you yourself might find a workaround um and attack a way that it wasn't expected to work but if you don't understand the standard process of how it works then how can you understand when it's not working right so the very first thing that we're going to look at is this osi model and by the way you know if you're a fan of the show or if you've been a long time subscriber i i just didn't have the capability today to set up the whole studio and prep stuff i've got some personal things going on but i i feel like this is gonna be able to deliver just as well so the osi model so the osi model is basically how a network stack works on your computer so if you think for a minute about your wireless network card when you get on your wireless network whether you're at starbucks or your house or something like that and you establish that connection with the wireless access point you're good to go and once you start communicating with google.com or amazon.com the way that the information goes from your web browser and gets communicated to the server at amazon at google at bing whatever the osi model is how it happens you may have heard the term tcpip and that's going to happen inside this osi model so let's go through it really quick and i'll give you my take and what you really need to know so it goes from top down the these green uh you know darker green is kind of the application layer there is three levels i will tell you from my experience and for what you need to know kind of treat all three of these as one just kind of treat this as the web browser if you will so you know when you're typing in google.com and hitting return it's it's communicating this down to the network stack okay segments this is where it's going to get interesting this is the transport layer layer 4 okay so transport layer this is where tcp and udp happen and those are the two that you need to know tcp is transport control protocol and udp is user datagram protocol now what do you really need to know about that you don't even have to remember the acronyms because everybody calls them tcp udp what you need to remember is that tcp is connection full or connection oriented and i'll explain that in a second and udp is connectionless so let's just take about talk about udp for a second because it's way easier udp sends traffic and it doesn't care if the other end receives it or not right so this is useful for streaming services because you're not going to resend the the data packet because if you're streaming a movie or something you're already on to like the next second or whatever of the movie and it doesn't matter about the data that you just sent so when you see a streaming video that's like pixelated and kind of chunky and you're you know it's because it'll say like buffering or poor network bandwidth or something like that this is what's happening udp is spraying the data but it's not all getting there and it's not trying to resend it so that's that's what udp is it doesn't care if there's if the receiver gets it tcp is way more common tcp is connection full and the way that that works is it's called the tcp handshake and this is what you need to know before when you hit google.com and hit enter before it even sends your query to google server first it establishes a you know a solid connection it's called the cynic hand or the tcp handshake first it sends a packet over one packet to google with a sin flag it doesn't matter it just sends over a flag called sin says hey google google comes back with a syn ack pack and says yeah i got your sin pack and i'm here and then we send an ak pack and say good to go let's go so we establish that connection and that we're going to be communicating and then we start pushing data through let me see really quick if i do a tcp handshake if we get like a nice little graphic of what i was just saying yeah so you can see here the syn the synack and ack and once they do that you've established the connection and and tcp does things like you know it unlike udp it sends the data over and as the server in this case is reassembling those packets sometimes the packets don't come in sequential order right so you might think i send packet one i send packet two i send packet three server receives packet one packet two packet three well that's not the case because if you think about the internet right i mean the packets could travel any which way but loose right so some or a packet gets interrupted or corrupted in route so it's possible the server collects packet one then packet three then packet two so what the server needs to do is when it receives packet 3 it tells the client i didn't get packet 2 send it again and it sends it again so you can see there's this this like extra level of management and communication and that's why it's not good for streaming services because if you added that layer of management it would just be additional network congestion and your um your feed would be even poorer you know maybe one day when um internet is like fiber everywhere and you know whatever like 100 gig pipes everywhere maybe we'll do tcp streaming but that's not the point the point is this is what you need to know and this is what tcp does for like web servers ftp sites really many things are done with tcp connections so that's that's what you need to know about that and that's at the transport layer so first you're saying google's going to come down then at the transport layer you're saying okay what port are we going to be doing it on so you establish that connection but you do it on a port now a port is a a listening a number um that's unique on the server that it's listening to and it can between 1 and 65 535 i think it doesn't matter what you need to know is like port 80 is web server port 443 is uh encrypted web server uh 22 is secure shell so like many like the first thousand or so ports kind of have predefined uh purposes and everybody knows about them right and and you can google it like you don't need to memorize them some of them you use so often that it doesn't matter but like any time you go to a website um like for example let's go to um i don't know let's do bing.com just give microsoft some love so when we went to bing right it's on encrypted https so this connection the bing server was sitting there listening on port 443 waiting for connection when i typed in bing.com and hit enter it my application my web browser went down that stack reached out on port 443 to see if the server was listening it is and then established that handshake and then started saying hey i want to use your server and bing sent back this search page and now we're done so that's how the transport layer works continuing to go down the um the stack here this is the network layer and this is where ip is so like this is why you often hear tcp ip because they're they're stacked together and when you are you know doing network troubleshooting or trying to figure something out you're often looking at the ip level sometimes the transport level in that case so the network level this is where your ip address is and there's ipv4 which is what you're probably most comfortable with or familiar with and then there's ipv6 now i'll just spend a minute on this because this is what you need to know about it ipv4 um let's get a graphic to talk to uh ipv4 uh format i guess might be the the perfect thing to see here oh yeah ipv4 format okay so this is probably fine okay so ipv4 has these four octets right so if you've ever seen if you can open a either if you're on a windows machine go to the start button and type in um you can go to powershell or if you're on a linux machine or a mac os you can hit um the command button in space bar and then type in terminal and hit enter and you'll get a um here i was doing something earlier but you'll get a command prompt right now if you're on a windows box type in ipconfig slash all and hit enter and like look at that information you got there and if you're on a windows box or a linux box you can type in ifn config i'm gonna well let's do it this way and these are your network interfaces okay so you can see this inet is my ip address for this linux machine that i'm working on and my ipv6 is here let's not worry about ipv6 so ipv4 you'll notice it's always these four octets and if you're looking at your machine right now you probably have something like 192 or 172 or 10 dot something and we'll talk about why that is in a second but what you need to know is there's four octanes there's always four octaves in ipv4 and they're always going to be a number each octane will be a number between 0 and 255. and that that has to do with each each octet is basically composed of eight bits um and that's a you know a a a binary number and eight bits you can get up to 256 combinations of those eight bits you don't need to understand all that this is where i'm saying you don't need to understand you just need to know it goes from zero to 255 and basically each one of those whatever the combination is is unique on your network right so this is my machine's ip address right here 172 31 46 57 and you know there's there's a whole bunch of other things that are a little bit more advanced that you could learn about like subnetting and stuff like that but you don't need to know that now all you need to know is this is your ip address in ipv4 format and it's important to note a service called dns at this point so dns stands for domain name services and it's a protocol and basically it translates host names like google.com bing.com amazon.com bmw.de i was doing some work here earlier it translates all of those into ip addresses because the internet works on ip addresses the internet is technology it doesn't deal with uh you know you know easy to remember names that humans remember machines don't work that way so dns is that service that allows us to have fancy names and not worry about ip addresses but they all have it so if you're on your machine again still in the terminal there's a command called nslookup n-s-l-o-o-k-u-p and this is name service lookup and anytime you type in um coastal infosec.com right and hit enter your web browser actually does that domain name service lookup before it does anything else and then it goes to the website right so let's do nslookup on coastalinfosec.com you can see the ip address again there's four octets zero to 255 for each of them this is the address for that web server that we just pulled up okay so now you understand what dns is what ip addresses are i will take a minute just tell you ipv6 um in case you haven't figured it out yet there's only so many combinations like 4 billion combinations of 255 255 255 255 right um and there's way more devices on the planet than there are ip addresses um so two things happen one ipv6 was created and ipv6 actually has way more uh combinations of potential addresses and this was basically used to solve this idea of running out of ipv4 so this is what ipv6 looks like ipv6 is in practice you can see here on my cali box there is a ipv6 address it's 2020 right now in uh late august i'll just tell you right now in all of my experience i have not had to work with ipv6 and i've been working in the field for a while i'm not saying that it's irrelevant i'm just saying you can be pretty successful without understanding ipv6 at this point there's probably a huge area of opportunity for security research in that area since very few people are using it or fully understand it but ipv4 is what you need to understand at this point in your career okay so we've done ipv6 ipv4 we're continuing down the stack and remember when you when you're going down basically the data gets put in an envelope and then handed to the transport layer the transport layer then says you know whatever port 80 which is web server port remember and then that goes in an envelope and pass to the network layer the network layer says what's the ip address of the web server at bing.com and we use name service lookup to get it right and then it writes it on the envelope and sticks it or sticks in an envelope and writes the ip address then hands it to the data link layer this is the next layer and this is the actual mac address so this is the network card this is the wireless network card in your computer this is the network card that you plug your uh cat5 cable into the little you know the blue cable it looks like a big fat um telephone cable if you if you're old enough to remember what a telephone is that had wires um so that's what this mac address is now what you need to know about this is that mac addresses are burned into the network card and they are unique to each device there are no duplicates of mac addresses so ip addresses you can have you know someone else could have this ip address somewhere else in the world but it on a different network and uh we didn't talk about uh rfc 1918 so i'll talk about that in a second but mac addresses are unique so you can spoof them in software which means to like change your mac address but but for the for where you are right now um just know that mac addresses are unique so when you do ipv ipconfig all on your windows machine or ifconfig on your linux based or mac machine you'll see the um i think it specifically says physical address or mac address on windows but on linux it'll say ether and then i'll have this basically it is six out six octets of hexadecimal values um and that's the mac address now what's really interesting here is in addition them all being unique the first three octets those are um those actually define the vendor or you know whoever produced those so those are actually assigned so like i don't know what 06 6c9e who that belongs to this is a virtualized cali box in aws so let's take a look you can use this um there's a bunch of lookup sites but i like to use wireshark's oui again we just went down the stack up the stack and got um google uh did network communication with google so wireshark let's here look we got our o66c9e same as right here let's look it up no matches hmm i guess maybe because it's make believe because it's all virtualized let's do this i'm on a mac os 10 box let's do this so you can see right here the ethernet address of my wireless card on my mac os 10 box is 28f076 so let's take a look at that and there you can see it's apple okay so it's just it's just a little useful information that way if you you pick up a mac address on something uh if you're doing forensics or whatever it might help you uh indicate that you're looking for a dell or something so it's just a fun fact anyways the point is when it's going down the stack it's going to say okay i want this mac address to send it to send it to that on the network and if it's not on the network it'll query the router um for that mac address somewhere and it'll begin looking for it we won't get too much into routing or anything like that in this little segment because it's not critical for cyber security at this time you but understanding the network layer and then the physical layer this is literally the wire or the wireless network and this is just the data going out the pulses of energy bits and bytes um you don't really have to know much about this other than if it's not plugged in it's not going to work right like so if wireless decide if it's a wired network connection and you unplug it obviously it's going to break but that's why this is part of the stack okay and then when it gets to the server at the other end it basically goes right up the stack and they're opening that envelope each layer right so the bits come in on the receiving end of the server which is identified by that mac address that network uh or the network interface card mac address then it goes okay we're on the right server let's send it up to the right ip address because sometimes much like you know some of these hosted systems one ip address could be hosting several or one mac address could have several kind of ips assigned to it so it goes to the right ip then one server could be running multiple things like a simple example is running port 80 and port 443 so it'll accept unencrypted wireless unencrypted web traffic and encrypted web web traffic so it tells it what port to go to so it's going to go to port 443 so it gets picked up and sent in and then at that point the browser in this case is going to take the data and start unpacking it and rendering it onto your web browser okay so that's the osi model and kind of a little illustration of where you would see it and how you would see it now i do want to tell you one thing that i missed that's very important and that's rfc 1918 you don't need to remember rfc 1918 but what you do need to remember is if you recall i said ipv4 was going to run out of ips and it did a while ago but what rfc 1918 did was it actually allocated these non-routable ip addresses or ip ranges so what does that mean so right now if you were following along and you opened a bro terminal and you typed in ipconfig or you typed in ifconfigure if you're on a linux machine you very likely had an ip address that started with one of these three things 10 172 or 192. now the reason it is because those are non-routable you could not have a public um a public ip address there's no web server in the world that's externally accessible that will have one of these ips and that's why most home networks most business networks will use this because it allows you to a control your ip range and um and use it in any way you want and you don't have to purchase ips and stuff like that it's like it's like play ips for organizations so you'll note that the 10 dot has a slash 8 which you don't need to know about that for cider but but it the the 10 dot gives you the most number of ip addresses that you can use in your organization this is where subnetting comes in where you can kind of break it up in into different little network segments but most large organizations so if you're trying to pen test a large organization or something you'll you'll see that they have a 10 dot something range the 172 16 through 31 so that could be 172.17.18.19 etc those give you um a bit more ips um or it gives you less hosts less ip addresses to assign within the 10 dot range and then the 192 168 gives you even fewer and that'll give you um 16 so it's like whatever 255 times 255 i believe um but but the point here is that a lot of home networks will have 192.168. so if you're on your home network it's probably the case um you can see here in my cali box up in aws i was given a 172 um ip address uh 31 46 57 so you can see 172 31 46 57 was mine is beneath 255 right obviously so you you get the idea of um what this is uh hopefully hopefully just remember that 10.0 172 um 16 to 31 just remember 172 and then 192 168 are the non-routable ip addresses okay so one last ip that i want you to be aware of is the local host it's sometimes called or 127.0.0.1 so it's called localhost loopback or 127.1.1 and you can see like why would you do this so this ip is reserved for your machine it loops back on its own network interface and the reason that you would want to do that is if you're hosting something on your own machine and you want to access it through the port so think of it as like going down the osi stack and then back up the osi stack but like on the same network interface right so it just goes down and goes up but when it gets to the transport layer remember because the ip is not going to change and the mac address isn't going to change when it gets to the transport layer it splinters off and goes to where it's going to go so you could see i hadn't planned this in advance but you could see like on my mac machine that we're playing right now with i have a elastic cabana which is like uh kind of used for like sim type stuff or audit log review i have that running on port 5601 and then this is another tool called intel owl that i was playing with that runs on port 9200 so you can have multiple things listening and running on your own machine and localhost i could have typed localhost i could have typed 127.0.0.1 and they both would have worked and those are um just a few of the reserved ip addresses and and really again this is what you need to know uh you don't need to understand subnetting or how the ips are allocated or um any of that business um or how dns works with mx records and nx i mean um excuse me in name servers and um a record c names like those are important but just to get you out of the gate and get you going the osi stack is what you need to know and these few few little points that i'm pointing out that is the osi model one other thing that i will tell you or suggest to you or recommend to you so you can kind of play with it it's a tool called wireshark it's free it's an excellent tool wireshark listens to your network stack so when you hit google.com this example that i keep using you type in google.com and hit enter and then it comes back and your web browser renders the google home page everything that happens between when you hit enter and when that web page renders goes through the osi stack right well wireshark listens on that interface and copies all of that data as it passes over the stack and then you can look at it so you can actually visualize what is going on with this stack when you launch wireshark you'll be presented with all of the network interfaces that you currently have you could see the ones that are actually getting traffic right you see the little kind of histogram running so none of these other interfaces are actually doing anything right now so for your um work it should be pretty obvious which interface there is so i'm going to select my en1 interface right and it's already capturing traffic so let's go to um let's go to pandora okay add blockers on big surprise there okay so let's stop so now let's first of all type in dns so let's go to dns right you can see right here uh webcdn pandora like i've got some other stuff because i got a lot running on right here but here is the initial request for pandora in order to get from dns to get that um ip address right so let's just do an nslookup on pandora.com 208 85 40 20. so now pandora is rather large they probably have multiple um ips or that's just a front end uh i like to a load balancer that then divvies it up to different web servers but let's just take a look all this dns good stuff here let's look it right there here is the response from the dns server giving us that ip so what's pandora.com pandoria.com is 208 85 4020 and you can see it down here right so that's dns working so now that the machine has figured out what the ip is let's let's move on to um like actually going down the stack right because this is what's happening so i just had to take a minute to really look through this log because i was doing this in real time so pandora gets its ip address uh translated and then it looks like dns provides the ipv6 which this is funny because i mentioned earlier how ipv6 isn't really used all that often but this is going to shoot me in the foot so it gets its ipv6 interface um or you know ip address and then it begins to communicate over the ipv6 format now i'm assuming that this is my ipv6 so let's take another look here um ipv6 um 2600 1746 e zero is it 1090 it is b0 45 a4 yeah so it's it's it's actually interfacing over this ipv6 um network ip which is part of the reason i didn't find it at first it doesn't matter because remember the network stack is its own layer and then the transport layer the tcp is above that and that format doesn't change so you can see the handshake here here's the sin then here is the syn ack back from the server to our machine and then here's our ack so now we've established that tcp um connection and then immediately because it's um encrypted it then it then begins to negotiate the encryption so that's that's one thing that you should know like when you do https yes the data is encrypted but the the destination that you went to the uh maybe illegal website or whatever like that isn't clear text because dns has to resolve that host name into an ip address anyways you can see the address here is translated they i believe the tls encryption handshake is like a six step process again you don't need to know that all you need to know is that an encrypted connection is being built and then once it's done um then data starts getting sent over this encrypted tls v12 tunnel and there you go and as you can imagine um the pandora oh i closed pandora but as you can imagine uh pandora is https see there's a little encryption so and i wonder yep startup pandora details i mean you could you could find this stuff in the um in the um wireshark tunnel in the wireshark feed anyways so the point is this is the deal now um you can look through here you can see stuff um that that's kind of a long way of a explaining to you the theory of how the network osi model works what you need to know about it and then how you can actually kind of visualize it using wireshark so very very good stuff it's it's a lot more hands-on a lot more into the into the gears episode of simply cyber this week but really i get asked all the time about where to start and you know i can't emphasize enough understanding even just what we covered today is instrumental in being good at cyber security okay now i didn't tease it at the beginning uh but it's time for my one cool thing so my one cool thing this week is actually a new um podcast so there's the ciso series podcast that has been around for a little while and they just released a new um a new one like a you know they have like three or four different kinds but cyber security headlines is the new one and i have been listening to it and it's fantastic okay so these other ones uh defense and depth i also enjoy quite a bit but these other ones are like long form interview based stuff this one is like five minutes maybe 10 minutes and it's just like it's like getting your morning news if all you cared about was cyber security and you know if you're aspiring to get into the field or you're in the field um this will work for you regardless of of what your status is because staying abreast of current events is absolutely important and then understanding how those events are happening will equip you better to defend your own organization and infrastructure or when you go into an interview you know you're talking about the most recent attack or something like that so like you know if you were going to go into an interview today and they were like yadda yadda social engineering or yada yada yada multifactor authentication you could be like oh yeah like you know that that massive twitter attack recently multi-factor authentication didn't even defend against that because the attackers had socially engineered the staff at twitter to give them access to their credentials like you know like that's awesome that's awesome if i was interviewing someone and they knew a what to say about that and then b knowing about a current event it tells me that they're plugged into the industry and they're engaged that's a great okay so i wanted to share this with you check it out um yeah so thanks um uh hopefully you know you got something out of this if you did hit the thumbs up button um hit the subscribe button if you want more information like this this this episode's a little bit of an anomaly uh i do go into tools and techniques and stuff often but i also talk about the industry in general so leave a comment below please it helps me with the algorithm thumbs up subscribe bell for notification really appreciate it uh this this community has been growing and continues to grow and i love it and i'm so grateful to you for taking the time to watch the videos so until next time thanks and stay secure you
Info
Channel: Gerald Auger - Simply Cyber
Views: 9,326
Rating: 4.9933224 out of 5
Keywords: cybersecurity, information security, career, cyber, security, cyber security, career growth, get a job, cyber for beginners, blue team, red team, career development, college graduate, transitioning veteran, cyber job, cybersecurity jobs, entry level cybersecurity, entry level, no degree, cyber careers, simplycyber, simply cyber, cyber security for beginners, get into cyber security, how to start a career in cybersecurity, careers in cybersecurity, cybersecurity for beginners
Id: XgOF6GhiMuM
Channel Id: undefined
Length: 37min 12sec (2232 seconds)
Published: Mon Aug 31 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.