National P.G College, Nandyal�Department Of Computer Science
SUBJECT: CYBER SECURITY AND MALWARE ANALYSIS
CONCEPT: COMPUTER NETWORKS BASICS,
NETWORKS TYPES , OSI REFERENCE MODEL
INSTRUCTOR BY : M IMDAD ALI BCA,MCA,
APSET, NTA UGC NET
Computer Network Basics
A computer network consists of two or more computers that are interconnected with each other and share resources such as printers, servers, and hardware and exchange the data in the form of files, facilitating electronic communication. Computers on a network can be connected through twisted pair cables, telephone lines, radio waves, satellites or optical fiber cables. The first computer network designed was the ‘Advanced Research Projects Agency Network (ARPANET)’ by the United States Department of Defense.
Computer Networks Types
Computer networks are classified into three types :
Computer Networks Based on Layout
Bus topology is the kind of network topology where every node, i.e. every device on the network, is connected to a main cable line. Data is transmitted in a single route, from one point to the other. We cannot transmit data in both ways. When this topology has precisely two endpoints, it is known as Linear Bus Topology. It is mostly used for small networks.
Computer Networks Based on Layout
Benefits of Bus Topology
Drawbacks of Bus Topology
�
Computer Networks Based on Layout
2. Ring Topology
Ring Topology is a topology type in which every computer is connected to another computer on each side. The last computer is connected to the first, thus forming a ring shape. This topology allows for each computer to have exactly two neighboring computers.
In this topology, the main computer is known as the monitor station, which is responsible for all the operations. Data transmission amongst devices is done with the help of tokens. For transmitting data, the computer station has to hold the token. The token is released only when the transmission is complete, following which other computer stations can use the token to transmit data.
Data transmission is done in a sequential method, i.e. bit by bit. Therefore, data has to route its way through each node in the network to reach the destination node. We use repeaters in a Ring topology to prevent loss of data during transmission. These repeaters are especially helpful when the topology has a vast number of nodes, and the data is to reach the very last node in the network.
Computer Networks Based on Layout
The data transmission is unidirectional in a Ring topology, but it can be created to be bidirectional by connecting each node with two neighbors. This is known as Dual Ring Topology.
Computer Networks Based on Layout
The data transmission is unidirectional in a Ring topology, but it can be created to be bidirectional by connecting each node with two neighbors. This is known as Dual Ring Topology.
Computer Networks Based on Layout
Benefits of Ring Topology
Drawbacks of Ring Topology
Computer Networks Based on Layout
3. Star Topology
Star Topology is the kind of network topology in which all the nodes are connected via cables to a single node called a hub, which is the central node. The hub can be active or passive in nature. Active hubs contain repeaters, while passive hubs are considered non-intelligent nodes. Each node contains a reserved connection to the central node, which the central node acts as a repeater during data transmission.
Computer Networks Based on Layout
Benefits of Star Topology
Drawbacks of Star Topology
Computer Networks Based on Layout
4. Mesh Topology
Mesh topology is the kind of topology in which all the nodes are connected with all the other nodes via a network channel. Mesh topology is a point-to-point connection. It has n(n-1)/2 network channels to connect n nodes.
Mesh topology has two techniques for transmission of data, i.e. routing and flooding. In the routing technique, the nodes possess a routing logic, like the logic for the shortest distance to the destination node. In the flooding technique, all the network nodes receive the same data. This leaves us no need for routing logic. This technique makes the unwanted load on the network
Computer Networks Based on Layout
4. Mesh Topology
Mesh topology is the kind of topology in which all the nodes are connected with all the other nodes via a network channel. Mesh topology is a point-to-point connection. It has n(n-1)/2 network channels to connect n nodes.
Mesh topology has two techniques for transmission of data, i.e. routing and flooding. In the routing technique, the nodes possess a routing logic, like the logic for the shortest distance to the destination node. In the flooding technique, all the network nodes receive the same data. This leaves us no need for routing logic. This technique makes the unwanted load on the network
Computer Networks Based on Layout
Benefits of Mesh Topology
Drawbacks of Mesh Topology
Computer Networks Based on Layout
5. Tree Topology
Tree topology is the topology in which the nodes are connected hierarchically, with all the nodes connected to the topmost node or root node. Hence, it is also known as hierarchical topology. Tree topology has at least three levels of hierarchy.
Tree topology is applied in Wide Area Network. It is an extension of Bus topology and Star topology. It is best if the workstations are situated in groups, for easy working and managing.
Computer Networks Based on Layout
Benefits of Tree Topology
Drawbacks of Tree Topology
Networks Based Area
S.N | LAN | MAN | WAN |
1. | LAN is defined as a computer network that links the local areas like schools, universities, organizations, etc. | On the other hand, MAN is defined as a computer network that links the metropolitan areas. | On the other hand, WAN is defined as the telecommunications network that covers a large geographical area. |
2. | The full form of the LAN is Local Area Network. | The full form of MAN is Metropolitan Area Network. | The full form of WAN is a Wide Area Network. |
3. | LAN is a wired network, i.e., all the computers and printers are connected through wires. | The connections in MAN are connected through modem or cables/ wires. | The network of WAN is connected through broadband services, 3G or 4G internet services, etc. |
4. | The ownership of LAN is private. | The ownership of MAN might be public or private. | The ownership of WAN might be private or public. |
5. | The internet speed of LAN is very high, i.e., 1000 Mbps. | The sped of MAN is moderate, i.e., 44-155 Mbps. | The speed of WAN is relatively less than MAN and LAN, i.e., 150 Mbps. |
6. | The maintenance cost of LAN is easy. | The maintenance cost of MAN is difficult. | The maintenance cost of WAN is difficult. |
7. | The bandwidth of LAN is high. | The bandwidth of MAN is less. | The bandwidth of WAN is relatively low. |
8. |
|
|
|
�
Network Based Connection Service
�
Data communication is a telecommunication network to send and receive data between two or more computers over the same or different network. There are two ways to establish a connection before sending data from one device to another, that are Connection-Oriented and Connectionless Service. Connection-oriented service involves the creation and termination of the connection for sending the data between two or more devices. In contrast, connectionless service does not require establishing any connection and termination process for transferring the data over a network.
Connection-Oriented Service
A connection-oriented service is a network service that was designed and developed after the telephone system. A connection-oriented service is used to create an end to end connection between the sender and the receiver before transmitting the data over the same or different networks. In connection-oriented service, packets are transmitted to the receiver in the same order the sender has sent them. It uses a handshake method that creates a connection between the user and sender for transmitting the data over the network. Hence it is also known as a reliable network service.
Network Based Connection Service
�
Network Based Connection Service
�
Connectionless Service
A connection is similar to a postal system, in which each letter takes along different route paths from the source to the destination address. Connectionless service is used in the network system to transfer data from one end to another end without creating any connection. So it does not require establishing a connection before sending the data from the sender to the receiver. It is not a reliable network service because it does not guarantee the transfer of data packets to the receiver, and data packets can be received in any order to the receiver. Therefore we can say that the data packet does not follow a defined path. In connectionless service, the transmitted data packet is not received by the receiver due to network congestion, and the data may be lost.
OSI Reference Model
�
Application Protocol Data Unit (APDU)
physical layer protocol data unit (PPDU)
Session Protocol Data Unit (SPDU)
Transport Protocol Data Unit (TPDU)
OSI Reference Model
�
The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to communicate over a network. It was the first standard model for network communications, adopted by all major computer and telecommunication companies in the early 1980s
The modern Internet is not based on OSI, but on the simpler TCP/IP model. However, the OSI 7-layer model is still widely used, as it helps visualize and communicate how networks operate, and helps isolate and troubleshoot networking problems.
OSI was introduced in 1983 by representatives of the major computer and telecom companies, and was adopted by ISO as an international standard in 1984.
OSI Reference Model
�
Layer | Name | Protocols |
Layer 7 | Application | SMTP, HTTP, FTP, POP3, SNMP |
Layer 6 | Presentation | MPEG, SSL, TLS |
Layer 5 | Session | NetBIOS, SAP |
Layer 4 | Transport | TCP, UDP |
Layer 3 | Network | IPV4, IPV6, ICMP, ARP |
Layer 2 | Data Link | PPP, Frame Relay, ATM, Fiber Cable, etc. |
Layer 1 | Physical | RS232, 100BaseTX, ISDN |
Network Protocols are a set of rules governing exchange of information in an easy, reliable and secure way.
SMTP- Simple Mail Transfer Protocol
HTTP – Hyper Text Transfer Protocol
FTP - File Transfer Protocol
POP3 – Post Office Protocol
SNMP - Simple Network Management Protocol
MPEG – Moving Picture Export Group
SSL – Secure Socket Layer
TLS – Transport Layer Security
SAP –Service Access Protocol
TCP - Transmission Control Protocol
UDP - User Datagram Protocol
NetBIOS – Network Basic Input / Output System
ICMP - Internet Control Message Protocol
IPV4 - Internet Protocol Version 4
IPV6 - Internet Protocol Version 6
ARP - Address Resolution Protocol
PPP – Point to Point Protocol
ATM – Asynchronous Transfer Mode
RS232 – Recommended Standard
ISDN – Integrated Services Digital Network
OSI Reference Model
�
Physical Layer
The physical layer helps you to define the electrical and physical specifications of the data connection. This level establishes the relationship between a device and a physical transmission medium. The physical layer is not concerned with protocols or other such higher-layer items.
Examples of hardware in the physical layer are network adapters, ethernet, repeaters, networking hubs, etc.�Data Link Layer:
Data link layer corrects errors which can occur at the physical layer. The layer allows you to define the protocol to establish and terminates a connection between two connected network devices.
It is IP address understandable layer, which helps you to define logical addressing so that any endpoint should be identified.
The layer also helps you implement routing of packets through a network. It helps you to define the best path, which allows you to take data from the source to the destination.
OSI Reference Model
�
Transport Layer:
The transport layer builds on the network layer to provide data transport from a process on a source machine to a process on a destination machine. It is hosted using single or multiple networks, and also maintains the quality of service functions.
It determines how much data should be sent where and at what rate. This layer builds on the message which are received from the application layer. It helps ensure that data units are delivered error-free and in sequence.
Transport layer helps you to control the reliability of a link through flow control, error control, and segmentation or desegmentation.
The transport layer also offers an acknowledgment of the successful data transmission and sends the next data in case no errors occurred. TCP is the best-known example of the transport layer.
OSI Reference Model
�
Network Layer:
The network layer provides the functional and procedural means of transferring variable length data sequences from one node to another connected in “different networks”.
Message delivery at the network layer does not give any guaranteed to be reliable network layer protocol.
Layer-management protocols that belong to the network layer are:
routing protocols
multicast group management
network-layer address assignment.
Session Layer
Session Layer controls the dialogues between computers. It helps you to establish starting and terminating the connections between the local and remote application.
This layer request for a logical connection which should be established on end user’s requirement. This layer handles all the important log-on or password validation. Session layer offers services like dialog discipline, which can be duplex or half-duplex. It is mostly implemented in application environments that use remote procedure calls.
OSI Reference Model
�
Presentation Layer
Presentation layer allows you to define the form in which the data is to exchange between the two communicating entities. It also helps you to handles data compression and data encryption.
This layer transforms data into the form which is accepted by the application. It also formats and encrypts data which should be sent across all the networks. This layer is also known as a syntax layer.
Application Layer
Application layer interacts with an application program, which is the highest level of OSI model. The application layer is the OSI layer, which is closest to the end-user. It means OSI application layer allows users to interact with other software application.
Application layer interacts with software applications to implement a communicating component. The interpretation of data by the application program is always outside the scope of the OSI model. Example of the application layer is an application such as file transfer, email, remote login, etc.
TCP/IP Protocol Suite
�
HTTP - HyperText Transfer Protocol
NFS - Networking File System
DNS - Domain Name System
Telnet - Teletype Network
FTP - File Transfer Protocol
TFTP - Triavial File Transfer Protocol
SNMP - Simple Network Management Protocol
TCP - Transmission Control Protocol
UDP - User Datagram Protocol
IPV4 - Internet Protocol Version 4
IPV6 - Internet Protocol Version 6
ARP - Address Resolution Protocol
RPC - Remote Procedure Call
RARP - Reverse Address Resolution
ICMP - Internet Control Message Protocol
IGMP - Internet Group Management Protocol
FDDI - Fiber Distributed Data Protocol
Difference between OSI and TCP/IP Protocol Suite
�
OSI Model | TCP/IP Model |
It stands for Open System Interconnection. | It stands for Transmission Control Protocol. |
OSI model has been developed by ISO (International Standard Organization). | It was developed by ARPANET (Advanced Research Project Agency Network). |
It is an independent standard and generic protocol used as a communication gateway between the network and the end user. | It consists of standard protocols that lead to the development of an internet. It is a communication protocol that provides the connection among the hosts. |
In the OSI model, the transport layer provides a guarantee for the delivery of the packets. | The transport layer does not provide the surety for the delivery of packets. But still, we can say that it is a reliable model. |
This model is based on a vertical approach. | This model is based on a horizontal approach. |
In this model, the session and presentation layers are separated, i.e., both the layers are different. | In this model, the session and presentation layer are not different layers. Both layers are included in the application layer. |
It is also known as a reference model through which various networks are built. For example, the TCP/IP model is built from the OSI model. It is also referred to as a guidance tool. | It is an implemented model of an OSI model. |
In this model, the network layer provides both connection-oriented and connectionless service. | The network layer provides only connectionless service. |
Protocols in the OSI model are hidden and can be easily replaced when the technology changes. | In this model, the protocol cannot be easily replaced. |
It consists of 7 layers. | It consists of 4 layers. |
OSI model defines the services, protocols, and interfaces as well as provides a proper distinction between them. It is protocol independent. | In the TCP/IP model, services, protocols, and interfaces are not properly separated. It is protocol dependent. |
The usage of this model is very low. | This model is highly used. |
It provides standardization to the devices like router, motherboard, switches, and other hardware devices. | It does not provide the standardization to the devices. It provides a connection between various computers. |
�
Cyber , Cyber Crime and Cyber Security
�
�
Cyber :
The term 'cyber' is an adjective or prefix which means relating to or characteristic of information technology, virtual reality, and computers. If I say that today we live in a 'cyber age,' I mean an age of computers, virtual reality, or information technology.
Cyber Origin
In the late 1940s, the term cybernetics was coined by mathematician Norbert Wiener. It’s defined as the study of control systems and communication between people and machines. Weiner used the ancient Greek word cyber, which is related to the idea of governing. In Weiner’s book, Cybernetics, he describes a computer system that ran on feedback essentially a self-governing system. This idea was groundbreaking for the 1940s.
Cyber , Cyber Crime and Cyber Security
�
�
COMMON CYBER WORDS
Cyber is typically used as the prefix of a compound word. Like many compound nouns, those featuring cyber can be written as one word (cyberspace), as two words (cyber space) or as a hyphenated word (cyber-space). For consistency, all examples will be one word. Commonly used cyber terms include:
Cyberspace: A metaphor for describing the non-physical terrain created by computer systems.
Cybersecurity: The technologies and processes designed to protect computers, networks, and data from unauthorized access, vulnerabilities, and attacks delivered via the internet by cybercriminals.
Cybercrime: Any crime carried out using IT or which targets IT.
Cyberattack: The unauthorized access of private or confidential information contained on a computer system or network.
Cyberbullying: Any form of online harassment.
Cyberforensics: The application of scientifically proven methods to gather, process, interpret, and use digital evidence to provide a conclusive description of cybercrime activities.
Cybernetics: The science of communications and automatic control systems in both machines and living things.
Cyber , Cyber Crime and Cyber Security
�
�
Cyber , Cyber Crime and Cyber Security
�
�
Why are Cybercrimes Increasing?
Cyber , Cyber Crime and Cyber Security
�
�
Most Common Cyber Crimes
Now that you understand what cybercrimes are, let’s discuss some common cybercrimes.
1. Phishing and Scam:
Phishing is a type of social engineering attack that targets the user and tricks them by sending fake messages and emails to get sensitive information about the user or trying to download malicious software and exploit it on the target system.
2. Identity Theft
Identity theft occurs when a cybercriminal uses another person’s personal data like credit card numbers or personal pictures without their permission to commit a fraud or a crime.
3. Ransomware Attack
Ransomware attacks are a very common type of cybercrime. It is a type of malware that has the capability to prevent users from accessing all of their personal data on the system by encrypting them and then asking for a ransom in order to give access to the encrypted data.
4. Hacking/Misusing Computer Networks
This term refers to the crime of unauthorized access to private computers or networks and misuse of it either by shutting it down or tampering with the data stored or other illegal approaches.
Cyber , Cyber Crime and Cyber Security
�
�
5. Internet Fraud
Internet fraud is a type of cybercrimes that makes use of the internet and it can be considered a general term that groups all of the crimes that happen over the internet like spam, banking frauds, theft of service, etc.
6. Cyber Bullying
It is also known as online or internet bullying. It includes sending or sharing harmful and humiliating(making someone feel ashamed and foolish by injuring their dignity and pride) content about someone else which causes embarrassment and can be a reason for the occurrence of psychological problems. It became very common lately, especially among teenagers.
7. cyber-stalking
The repeated use of electronic communications to harass or frighten someone, for example by sending threatening emails.
8. Software Piracy
Software piracy is the illegal use or copy of paid software with violation of copyrights or license restrictions.
Cyber , Cyber Crime and Cyber Security
�
�
9. Online Drug Trafficking
With the big rise of cryptocurrency technology, it became easy to transfer money in a secured private way and complete drug deals without drawing the attention of law enforcement. This led to a rise in drug marketing on the internet.
10. Electronic Money Laundering
Also known as transaction laundering. It is based on unknown companies or online business that makes approvable payment methods and credit card transactions but with incomplete or inconsistent payment information for buying unknown products.
It is by far one of the most common and easy money laundering methods.
11 Cyber Extortion
Cyber extortion is the demand for money by cybercriminals to give back some important data they've stolen or stop doing malicious activities such as denial of service attacks.
�
Cyber , Cyber Crime and Cyber Security
�
�
12. Intellectual-property Infringements
It is the violation or breach of any protected intellectual-property rights such as copyrights and industrial design.
13. Online Recruitment Fraud
One of the less common cybercrimes that are also growing to become more popular is the fake job opportunities released by fake companies for the purpose of obtaining a financial benefit from applicants or even making use of their personal data.
Cyber , Cyber Crime and Cyber Security
�
�
Cyber Security:
Cyber security is the protection to defend internet-connected devices and services from malicious attacks by hackers, spammers, and cyber criminals. The practice is used by companies to protect against phishing schemes, ransomware attacks, identity theft, data breeches(stolen), and financial losses.
�
Cyber , Cyber Crime and Cyber Security
�
�
All Layer Wise Attacks
�
�
1.A SYN flood, also known as a TCP SYN flood, is a type of denial-of-service (DoS) or distributed denial-of-service (DDoS) attack that sends massive numbers of SYN requests to a server to overwhelm it with open connections.
2.MAC Floodding In this attack the network is flooded with the fake MAC addresses. The hacker uses this attack to steal sensitive data that is being transferred in the network.
Networking devices: Router
�
�
Networking devices: Router
�
�
Router
The router is a physical or virtual internetworking device that is designed to receive, analyze, and forward data packets between computer networks. A router examines a destination IP address of a given data packet, and it uses the headers and forwarding tables to decide the best way to transfer the packets. There are some popular companies that develop routers; such are Cisco, 3Com, HP, Juniper, D-Link, Nortel, etc. Some important points of routers are given below:
Networking devices: Router
�
�
A router works on the third layer of the OSI model, and it is based on the IP address of a computer. It uses protocols such as ICMP to communicate between two or more networks. It is also known as an intelligent device as it can calculate the best route to pass the network packets from source to the destination automatically.
A router is more capable as compared to other network devices, such as a hub, switch, etc., as these devices are only able to execute the basic functions of the network. For example, a hub is a basic networking device that is mainly used to forward the data between connected devices, but it cannot analyze or change anything with the transferring data. On the other hand, the router has the capability to analyze and modify the data while transferring it over a network, and it can send it to another network. For example, generally, routers allow sharing a single network connection between multiple devices.
Networking devices: Bridge
�
�
Networking devices: Bridge
�
�
The bridge is a networking device in a computer network that is used to connect multiple LANs to a larger LAN. In computer networks, we have multiple networking devices such as bridges, hubs, routers, switches, etc, each device has its own specification and is used for a particular purpose. The bridge is a networking device that connects the larger LAN networks with the group of smaller LAN networks.
The bridge is a physical or hardware device but operates at the OSI model’s data link layer and is also known as a layer of two switches.
Types of Bridges:
There are three types of bridges in computer networks, which are as follows:
Networking devices: Switch
�
�
Networking devices: Switch
�
�
Switches are networking devices operating at layer 2 or a data link layer of the OSI model. They connect devices in a network and use packet switching to send, receive or forward data packets or data frames over the network.
A switch has many ports, to which computers are plugged in. When a data frame arrives at any port of a network switch, it examines the destination address, performs necessary checks and sends the frame to the corresponding device(s).It supports unicast, multicast as well as broadcast communications.
Features of Switches
Switch
�
�
�
Networking devices: Server
�
�
A server is a computer program or device that provides a service to another computer program and its user, also known as the client. In a data center, the physical computer that a server program runs on is also frequently referred to as a server. That machine might be a dedicated server or it might be used for other purposes.
In the client/server programming model, a server program awaits and fulfills requests from client programs, which might be running in the same, or other computers. A given application in a computer might function as a client with requests for services from other programs and as a server of requests from other programs.
Firewall
�
�
A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. A firewall’s main purpose is to allow non-threatening traffic in and to keep dangerous traffic out.
�
IP Scanner
�
�
An IP address represents a unique address that distinguishes any device on the internet or any network from another. � The IP Scanner is, as its name indicates, a scanner that scans for IP addresses and various other information of the devices on your network. So, in short, the IP scanner scans your network for devices and information relevant to them.
Why Use an IP Scanner?
Security: The first and a very important reason to use IP scanner is for the security purposes. You can check and see the devices that are connected to your network. You will also get detailed information about the devices on your network. This can help in keeping an eye on the devices and help you look out for unknown or suspicious devices on the network.
IP Scanner
�
�
Network Scan: As mentioned earlier, IP scanner can help you get the devices and their relevant information within a very short amount of time. You can use IP scanner to get the number of devices connected to your network. This information is useful for security as well as for mapping the network and your IT infrastructure.
Missing Devices and IP Addresses: If a device is missing from the network or you want to know the exact IP address of a specific device, which is required for troubleshooting and various other things, IP scanner can do the job within no time.
IP Scanner
�
�
Details Provided By IP Scanner
Now, you must be wondering what the details that the IP scanner provides are. Well, there is a lot of information that can be extracted with the help of IP scanner.
The information provided by IP Scanner is listed below
How the IP Scanner Works?
The IP Scanner scans the devices in accordance to the selected IP address range. You can set the range of the IP address that you want to scan on the network and get a list back from the IP scanner. The list will contain all the information (given above) related to the devices on the network. You can then sort the list or apply filters or just export to CSV.
IP Scanner
�
�
Let's take a look at the top IP scanner tools used by system administrators, network engineers and penetration testers.
IP Scanner
�
�
IP Scanner
�
�
Green: The IP address is active, and the device on this address is responding to the requests made by the Angry IP Scanner.
Blue: The IP address is either active or busy and not responding to the requests made by the Angry IP Scanner.
Red: The IP address is active
Port Scanner
�
�
Port Scanner
�
�
Port Scanner
�
�
A port scanner is a computer program that checks network ports for one of three possible statuses – open, closed, or filtered.
Port scanners are valuable tools in diagnosing network and connectivity issues. However, attackers use port scanners to detect possible access points for infiltration and to identify what kinds of devices you are running on the network, like firewalls, proxy servers Port scanners are valuable tools in diagnosing network and connectivity issues. However, attackers use port scanners to detect possible access points for infiltration and to identify what kinds of devices you are running on the network, like firewalls, proxy servers or VPN servers.
A port scanner sends a network request to connect to a specific TCP or UDP port on a computer and records the response. So what a port scanner does is send a packet of network data to a port to check the current status. If you wanted to check to see if your web server was operating correctly, you would check the status of port 80 on that server to make sure it was open and listening.
The status helps network engineers diagnose network issues or application connectivity issues, or helps attackers find possible ports to use for infiltration into your network.
Port Scanner
�
�
Port Scanning Basics
A port scanner sends a TCP or UDP network packet and asks the port about their current status. The three types of responses are below:
Open, Accepted: The computer responds and asks if there is anything it can do for you.
Closed, Not Listening: The computer responds that “This port is currently in use and unavailable at this time.”
Filtered, Dropped, Blocked: The computer doesn’t even bother to respond.
Port Scanner
�
�
Port Scanner Tools
Port Scanner
�
�
�Vulnerability Scanner
�
�
Vulnerability scanning is the process of discovering, analyzing, and reporting on security flaws and vulnerabilities. Vulnerability scans are conducted via automated vulnerability scanning tools to identify potential risk exposures and attack vectors across an organization’s networks, hardware, software, and systems.
Once vulnerabilities have been identified through scanning and assessed, an organization can pursue a remediation path, such as patching vulnerabilities, closing risky ports, fixing misconfigurations, and even changing default passwords, such as on internet of things (IoT) and other devices.
Vulnerability scanning tools use a systematic, automated assessment process that streamlines the ability to scan for:
�Vulnerability Scanner
�
�
The Benefits of Vulnerability Scanning
Vulnerability scanning is a vital part of your security team’s overall IT risk management approach for several reasons
�
�Vulnerability Scanner
�
�
Vulnerability Scanning that scans may be categorized
1. External Vulnerability Scans: These scans target the areas of your IT ecosystem that are exposed to the internet, or are otherwise not restricted to your internal users or systems. They can include websites, ports, services, networks, systems, and applications that need to be accessed by external users or customers.
2. Internal Vulnerability Scans: These scan and target your internal corporate network. They can identify vulnerabilities that leave you susceptible to damage once a cyberattacker or piece of malware makes it to the inside. These scans allow you to harden and protect applications and systems that are not typically exposed by external scans.
3. Environmental Scans: These scans are based on the environment that your technology operates in. Specialized scans are available for multiple different technology deployments, including cloud-based, IoT devices, mobile devices, websites, and more.
4. Intrusive Versus Non-Intrusive Scans: Non-intrusive scans simply identify a vulnerability and report on it so you can fix it. Intrusive scans attempt to exploit a vulnerability when it is found.
�Vulnerability Scanner
�
�
List of Vulnerability Scanner tools
�Vulnerability Scanner
�
�
�Netstat Command (network statistics)
�
�
Displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used without parameters, this command displays active TCP connections.
Syntax:
netstat [-a] [-b] [-e] [-n] [-o] [-p <Protocol>] [-r] [-s]
�
�Netstat Command (network statistics)
�
�
Parameter | Description |
-a | Displays all active TCP connections and the TCP and UDP ports on which the computer is listening. |
-b | Displays the executable involved in creating each connection or listening port. |
-e | Displays Ethernet statistics, such as the number of bytes and packets sent and received. |
-n | Displays active TCP connections, however, addresses and port numbers are expressed numerically and no attempt is made to determine names. |
-o | Displays active TCP connections and includes the process ID (PID) for each connection. You can find the application based on the PID on the Processes tab in Windows Task Manager. |
-p <Protocol> | Shows connections for the protocol specified by Protocol. In this case, the Protocol can be tcp, udp, tcpv6, or udpv6. |
-r | Displays the contents of the IP routing table. This is equivalent to the route print command. |
/? | Displays help at the command prompt. |
�Netstat Command (network statistics)
�
�
Parameter | Description |
Proto | The name of the protocol (TCP or UDP). |
Local address | The IP address of the local computer and the port number being used. The name of the local computer that corresponds to the IP address and the name of the port is shown |
Foreign address | The IP address and port number of the remote computer to which the socket is connected. |
State |
|
The netstat command provides statistics for the following:
�Traceroute
�
�
�Traceroute
�
�
Traceroute is a utility that records the route (the specific gateway computers at each hop) through the Internet between your computer and a specified destination computer. It also calculates and displays the amount of time each hop took.
What are 3 values in traceroute?
�
�Traceroute
�
�
�nslookup (Name Server Lookup)
�
�
Why nslookup is used for?
Nslookup (Name Server Lookup) is the name of a program that lets an Internet server administrator or any computer user enter a host name (for example, "whatis.com") and find out the corresponding IP address or domain name system (DNS) record.
�nslookup (Name Server Lookup)
�
�
�tcpview command
�
�
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
�tcpview command
�
�