Introduction to Networks

A network is a collection of interconnected devices that can communicate - sending and receiving data, and also sharing resources with each other. some networking key concepts.

Concepts	Description
`Nodes`	Individual devices connected to a network.
`Links`	Communication pathways that connect nodes (wired or wireless).
`Data Sharing`	The primary purpose of a network is to enable data exchange.

Networks, particularly since the advent of the Internet, have radically transformed society, enabling a multitude of possibilities that are now essential to our lives. Below are just a few of the benefits afforded to us by this incredible technology.

Function	Description
`Resource Sharing`	Multiple devices can share hardware (like printers) and software resources.
`Communication`	Instant messaging, emails, and video calls rely on networks.
`Data Access`	Access files and databases from any connected device.
`Collaboration`	Work together in real-time, even when miles apart.

Networks vary in size and scope. The two primary types are Local Area Network (LAN) and Wide Area Network (WAN).

Local Area Network (LAN)

A Local Area Network (LAN) connects devices over a short distance, such as within a home, school, or small office building. Here are some of its key characteristics:

Characteristic	Description
`Geographical Scope`	Covers a small area.
`Ownership`	Typically owned and managed by a single person or organization.
`Speed`	High data transfer rates.
`Media`	Uses wired (Ethernet cables) or wireless (Wi-Fi) connections.

Wide Area Network (WAN)

A Wide Area Network (WAN) spans a large geographical area, connecting multiple LANs. Below are some of its key characteristics:

Characteristic	Description
`Geographical Scope`	Covers cities, countries, or continents.
`Ownership`	Often a collective or distributed ownership (e.g., internet service providers).
`Speed`	Slower data transfer rates compared to LANs due to long-distance data travel.
`Media`	Utilizes fiber optics, satellite links, and leased telecommunication lines.

Network Concepts

We will discuss the OSI and TCP/IP models, some common network protocols used as rules and standards for data exchange, and the various transmission methods that enable information to traverse efficiently and securely across the network.

OSI Model : The `Open Systems Interconnection (OSI) model` is a conceptual framework that standardizes the functions of a telecommunication or computing system into seven abstract layers.

Physical Layer (Layer 1)

The Physical Layer is the first and lowest layer of the OSI model.This layer deals with the physical connection between devices, including the hardware components like Ethernet cables, hubs, and repeaters.

Data Link Layer (Layer 2)

The Data Link Layer provides node-to-node data transfer - a direct link between two physically connected nodes. Devices such as switches and bridges operate at this layer, using MAC (Media Access Control) addresses to identify network devices.

Network Layer (Layer 3)

The Network Layer handles packet forwarding, including the routing of packets through different routers to reach the destination network. Routers operate at this layer, using IP (Internet Protocol) addresses to identify devices and determine the most efficient path for data transmission.

Transport Layer (Layer 4)

The Transport Layer provides end-to-end communication services for applications. It is responsible for the reliable (or unreliable) delivery of data, segmentation, reassembly of messages, flow control, and error checking. Protocols like TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) function at this layer. TCP offers reliable, connection-oriented transmission with error recovery, while UDP provides faster, connectionless communication without guaranteed delivery.

Session Layer (Layer 5)

The Session Layer manages sessions between applications. It establishes, maintains, and terminates connections, allowing devices to hold ongoing communications known as sessions. This layer is essential for session checkpointing and recovery, ensuring that data transfer can resume seamlessly after interruptions.

Presentation Layer (Layer 6)

The Presentation Layer acts as a translator between the application layer and the network format. It handles data representation, ensuring that information sent by the application layer of one system is readable by the application layer of another. Encryption protocols and data compression techniques operate at this layer to secure and optimize data transmission.

Application Layer (Layer 7)

It enables resource sharing, remote file access, and other network services. Common protocols operating at this layer include `HTTP (Hypertext Transfer Protocol)` for web browsing, `FTP (File Transfer Protocol)` for file transfers, `SMTP (Simple Mail Transfer Protocol)` for email transmission, and `DNS (Domain Name System)` for resolving domain names to IP addresses. This layer serves as the interface between the network and the application software.

TCP/IP Model: The `Transmission Control Protocol/Internet Protocol (TCP/IP) model` is a condensed version of the `OSI` model, tailored for practical implementation on the internet and other networks. Below we see the four layers of the `TCP/IP Model`.

Link Layer

This layer is responsible for handling the physical aspects of network hardware and media. It includes technologies such as Ethernet for wired connections and Wi-Fi for wireless connections.

Internet Layer

The Internet Layer manages the logical addressing of devices and the routing of packets across networks. Protocols like IP (Internet Protocol) and ICMP (Internet Control Message Protocol) operate at this layer, ensuring that data reaches its intended destination by determining logical paths for packet transmission.

Transport Layer

At the Transport Layer, the TCP/IP model provides end-to-end communication services that are essential for the functioning of the internet. This includes the use of TCP (Transmission Control Protocol) for reliable communication and UDP (User Datagram Protocol) for faster, connectionless services. This layer ensures that data packets are delivered in a sequential and error-free manner, corresponding to the Transport Layer of the OSI model.

Application Layer

The Application Layer of the TCP/IP model contains protocols that offer specific data communication services to applications. Protocols such as HTTP (Hypertext Transfer Protocol), FTP (File Transfer Protocol), and SMTP (Simple Mail Transfer Protocol) enable functionalities like web browsing, file transfers, and email services. This layer corresponds to the top three layers of the OSI model (Session, Presentation, and Application)

Common Network Protocols

Protocol	Description
`HTTP (Hypertext Transfer Protocol)`	Primarily used for transferring web pages. It operates at the Application Layer, allowing browsers and servers to communicate in the delivery of web content.
`FTP (File Transfer Protocol)`	Facilitates the transfer of files between systems, also functioning at the Application Layer. It provides a way for users to upload or download files to and from servers.
`SMTP (Simple Mail Transfer Protocol)`	Handles the transmission of email. Operating at the Application Layer, it is responsible for sending messages from one server to another, ensuring they reach their intended recipients.
`TCP (Transmission Control Protocol)`	Ensures reliable data transmission through error checking and recovery, operating at the Transport Layer. It establishes a connection between sender and receiver to guarantee the delivery of data in the correct order.
`UDP (User Datagram Protocol)`	Allows for fast, connectionless communication, which operates without error recovery. This makes it ideal for applications that require speed over reliability, such as streaming services. UDP operates at the Transport Layer.
`IP (Internet Protocol)`	Crucial for routing packets across network boundaries, functioning at the Internet Layer. It handles the addressing and routing of packets to ensure they travel from the source to the destination across diverse networks.

Network Communication

For a network to function and facilitate comunication properly, there are three crucial components: MAC addresses, IP addresses, and ports. A Media Access Control (MAC) address is a unique identifier assigned to the network interface card (NIC) of a device, allowing it to be recognized on a local network. An Internet Protocol (IP) address is a numerical label assigned to each device connected to a network that utilizes the Internet Protocol for communication. A port is a number assigned to specific processes or services on a network to help computers sort and direct network traffic correctly. Well-known ports, numbered from 0 to 1023, Registered ports, which range from 1024 to 49151, Dynamic or private ports, also known as ephemeral ports, range from 49152 to 65535.

Dynamic Host Configuration Protocol (DHCP) &NAT

In a computer network, every device needs a unique IP (Internet Protocol) address to communicate with other devices. Manually assigning IP addresses to each device can be time-consuming and cause errors, especially in large networks. To resolve this issue, networks can rely on the Dynamic Host Configuration Protocol (DHCP). DHCP is a network management protocol used to automate the process of configuring devices on IP networks. It allows devices to automatically receive an IP address and other network configuration parameters, such as subnet mask, default gateway, and DNS servers, without manual intervention.

NAT:

To better understand Network Address Translation (NAT), It's helpful to know that there are several types of Network Address Translation (NAT), each designed for specific networking needs. Below are the different types of NAT.

Type	Description
`Static NAT`	Involves a one-to-one mapping, where each private IP address corresponds directly to a public IP address.
`Dynamic NAT`	Assigns a public IP from a pool of available addresses to a private IP as needed, based on network demand.
`Port Address Translation (PAT)`	Also known as NAT Overload, is the most common form of NAT in home networks. Multiple private IP addresses share a single public IP address, differentiating connections by using unique port numbers. This method is widely used in home and small office networks, allowing multiple devices to share a single public IP address for internet access.

Internet Architecture

Internet Architecture describes how data is organized, transmitted, and managed across networks. Different architectural models serve different needs—some offer a straightforward client-server setup (like a website), while others rely on a more distributed approach (like file-sharing platforms). Understanding these models helps us see why networks are designed and operated the way they are. Different architectures solve different problems. Often, we see a combination of architectures creating hybrid models. Each model comes with its own set of trade-offs in terms of scalability, performance, security, and manageability. In the following paragraphs, we will describe the different architectures in more detail.

In a Peer-to-Peer (P2P) network, each node, whether it's a computer or any other device, acts as both a client and a server. This setup allows nodes to communicate directly with each other, sharing resources such as files, processing power, or bandwidth, without the need for a central server. P2P networks can be fully decentralized, with no central server involved, or partially centralized, where a central server may coordinate some tasks but does not host data.

The Client-Server model is one of the most widely used architectures on the Internet. In this setup, clients, which are user devices, send requests, such as a web browser asking for a webpage, and servers respond to these requests, like a web server hosting the webpage. This model typically involves centralized servers where data and applications reside, with multiple clients connecting to these servers to access services and resources.

Key Comparisons

Below is a comparison table that outlines key characteristics of different network architectures

`Architecture`	`Centralized`	`Scalability`	`Ease of Management`	`Typical Use Cases`
`P2P`	Decentralized (or partial)	High (as peers grow)	Complex (no central control)	File-sharing, blockchain
`Client-Server`	Centralized	Moderate	Easier (server-based)	Websites, email services
`Hybrid`	Partially central	Higher than C-S	More complex management	Messaging apps, video conferencing
`Cloud`	Centralized in provider’s infra	High	Easier (outsourced)	Cloud storage, SaaS, PaaS
`SDN`	Centralized control plane	High (policy-driven)	Moderate (needs specialized tools)	Datacenters, large enterprises

Network Security

In networking, the term security refers to the measures taken to protect data, applications, devices, and systems within this network from unauthorized access or damage. The goal is to uphold and maintain the CIA triad:

Principle	Description
`Confidentiality`	Only authorized users can view the data.
`Integrity`	The data remains accurate and unaltered.
`Availability`	Network resources are accessible when needed.

In the next paragraphs, we will discuss two critical components of network security: Firewalls and Intrusion Detection/Prevention Systems (IDS/IPS).

Firewalls

A Firewall is a network security device, either hardware, software, or a combination of both, that monitors incoming and outgoing network traffic. Firewalls enforce a set of rules (known as firewall policies or access control lists) to determine whether to allow or block specific traffic. We can imagine a firewall as a security guard at the entrance of a building, checking who is allowed in or out based on a list of rules. If a visitor doesn’t meet the criteria (e.g., not on the guest list), they are denied entry.

The open source router/firewall pfSense. It's large number of plugins (known as "Packages") give it a range of capabilities.

Intrusion Detection and Prevention Systems (IDS/IPS)

Intrusion Detection and Prevention Systems (IDS/IPS) are security solutions designed to monitor and respond to suspicious network or system activity. An Intrusion Detection System (IDS) observes traffic or system events to identify malicious behavior or policy violations, generating alerts but not blocking the suspicious traffic. In contrast, an Intrusion Prevention System (IPS) operates similarly to an IDS but takes an additional step by preventing or rejecting malicious traffic in real time. The key difference lies in their actions: an IDS detects and alerts, while an IPS detects and prevents.

The widely used Suricata software can function as both an IDS and an IPS. Here, we see the user enable a detection rule, then begin inline monitoring.

full tutorial here

Best Practices

Here are the best practices for enhancing network security, summarized in the following table:

Practice	Description
`Define Clear Policies`	Consistent firewall rules based on the principle of `least privilege` (only allow what is necessary).
`Regular Updates`	Keep firewall, IDS/IPS signatures, and operating systems up to date to defend against the latest threats.
`Monitor and Log Events`	Regularly review firewall logs, IDS/IPS alerts, and system logs to identify suspicious patterns early.
`Layered Security`	Use `defense in depth` (a strategy that leverages multiple security measures to slow down an attack) with multiple layers: Firewalls, IDS/IPS, antivirus, and endpoint protection to cover different attack vectors.
`Periodic Penetration Testing`	Test the effectiveness of the security policies and devices by simulating real attacks.