Book Image

Network Protocols for Security Professionals

By : Yoram Orzach, Deepanshu Khanna
5 (1)
Book Image

Network Protocols for Security Professionals

5 (1)
By: Yoram Orzach, Deepanshu Khanna

Overview of this book

With the increased demand for computer systems and the ever-evolving internet, network security now plays an even bigger role in securing IT infrastructures against attacks. Equipped with the knowledge of how to find vulnerabilities and infiltrate organizations through their networks, you’ll be able to think like a hacker and safeguard your organization’s network and networking devices. Network Protocols for Security Professionals will show you how. This comprehensive guide gradually increases in complexity, taking you from the basics to advanced concepts. Starting with the structure of data network protocols, devices, and breaches, you’ll become familiar with attacking tools and scripts that take advantage of these breaches. Once you’ve covered the basics, you’ll learn about attacks that target networks and network devices. Your learning journey will get more exciting as you perform eavesdropping, learn data analysis, and use behavior analysis for network forensics. As you progress, you’ll develop a thorough understanding of network protocols and how to use methods and tools you learned in the previous parts to attack and protect these protocols. By the end of this network security book, you’ll be well versed in network protocol security and security countermeasures to protect network protocols.
Table of Contents (23 chapters)
Part 1: Protecting the Network – Technologies, Protocols, Vulnerabilities, and Tools
Part 2: Network, Network Devices, and Traffic Analysis-Based Attacks
Part 3: Network Protocols – How to Attack and How to Protect

The network perimeter

The network perimeter is the boundary between the private locally managed enterprise network and public networks such as the internet.

A network perimeter, as shown in the following diagram, includes firewalls, Intrusion Detection and Prevention Systems (IDPSes), application-aware software, and sandboxes to prevent malware from being forwarded to the internal network:

Figure 1.11 – The perimeter architecture

Figure 1.11 – The perimeter architecture

There are three zones on the perimeter that act as boundaries between the organization's private network and the internet:

  • Internal zone: This is the area that is used for organizing users and servers. It is also referred to as the trusted zone. This is the zone with the highest level of security. No access is allowed from the external zones to the internal zone and all access, if any, should be through the DMZ.
  • Demilitarized Zone (DMZ): This is the area that users from the internet can access, under restrictions. Here will be, for example, mail relays, which receive emails from external servers and forward them to the internal server on the Secured Zone (SZ), as well as websites and proxies, which act as mediation devices for controlling access to important servers, and others.
  • External zone: This is the connection to external networks, such as Internet Service Providers (ISPs) and other external connections.

Usually, the architecture is more complex; there can be several DMZs for several purposes, several SZs for different departments in the organization, and so on. The firewall's cluster may also be distributed when each firewall is in a different location, and there can be more than two firewalls.

In the Zero-Trust architecture, created by John Kindervag from Forrester Research, we talk about deeper segmentation of the network, which is when we identify a protected surface made from the network's critical Data, Assets, Applications, and Services (DAAS), and designing the firewall topology and defenses according to it. In this architecture, we talk about the trusted area, which is for users and servers, the untrusted area, which is for external connections such as the internet, and the public areas, which is for frontend devices and services that are being accessed from the external world.

Additional software can be implemented in the perimeter: intrusion detection and prevention systems, sandboxes that run suspicious software that's been downloaded from the internet, web and mail filters, and others. These can be implemented as software on the firewall or as external devices.

Attacks from the perimeter are common. There will be malicious websites, emails with malicious attachments, intrusion attempts, and many others.

Data networks attacks can focus on the network itself or network components. Now that we've talked about the network topology, let's learn how the network components are built.