all right open and you got to right click onto where you wanted to paste and then cck the clipboard okay so we'll go ahead and get started I think we're like less than a minute in so this week we're going to go over Network Technologies this is the foundation for security right um outside the class I recommend that you take a networking class or multiple uh 4A is part of the technician series um while it's not required in the cyber security specialist or the analyst certificate I do highly recom
mend that you have strong networking skills because that's where you're going to see a Tas that's where you're going to be able to monitor um if you are an arc student you can take the 26 series which is Cisco oriented um 26 a 26b 26 C and goes all the way till the e or the f um in orino Valley we offer 40a as the network plus class and then you can take the 40b which is the routing and switching class um I personally feel like those two courses play a big role or the content the concept of that
play a big role in the security career and also my career so and the network plus is always good to have that certification because it's useful when you troubleshoot Network or you work with network administrator you need to have the knowledge okay so let's start off with talking about attack and we're going to come back in the next couple of weeks we're going to spend a little bit more time in in like different areas of threats and also looking at risk um kind of similar to some part in ethica
l hacking um but for this class is going to be the introductory so I'm not going to get in depth in a lot of things I'm pretty sure some of you probably seen my video on group forcing so we might do that and we might use um a little bit more close toate technology um because I've previously shown students how to use cane um to do gr Force so we'll come back to the attacks but first we're going to talk about sniffing attack um my ethical hacking class just went through a lecture on snipping attac
k and they're looking at Network and we're going to touch a little bit on that today so everything in the network can be seen as packings um as you know like how we ship things to people right we put it in a box we put a label on it we drop it off at the shipping place um in the network environment your data is broken into two pieces okay so um if for example I can ship a bicycle to my friend and that bicycle is broken up into several boxes uh a box would be a handlebar another box will be the p
edal um the third box will be the wheels and your data is treated that way um it's broken into various sizes and packets and it sent it streams through the network and then it would go through multiple networks until it gets to the destination and very much like the label your data pass headers that would contain who it's coming from and where it's going to so in a sniffing attack what happens is the attacker would look at your network traffic for example I can connect to your wireless network a
nd I can see all the activities that are happening on your wireless network let's say that you're uploading a photo or a video I would be able to see that I would see that that system is sending some kind of information that's media related to the server that's storing that video or that image right so ultimately it's really sniffing out the header for what is being sent and then on that it would have some kind of protocol and whenever we say protocols those are rules that the system agree on to
how it's going to communicate so for example if I'm connecting to a web server to access a web it would use HTTP or HTTP as protocol right that's the type of protocol that the system agreed on to communicate to negotiate oh the server is going to give me the website right P that's what I'm going to see on the screen that's going to be presented to you so hence what's going to happen is when they're sniffing the traffic they're going to be able to see what is being communicated across the networ
k and so with that they can capture the data and data is essential for the attractor because they're able to obtain information like a section I your system when it communicates with another system it it's securely communicated it establish a section right and it uses the section ID to nego that so I can the the attacker can step in and say hey I'm going to impersonate this system a that was communicating with the system B I'm going to pretend to the a now and I'm going to be able to to obtain t
he data that was intended for the system a so sniffing can go a long way and you can also get things like password uh sometime if it's not sent with secure protocol you can see that in plain text plain text that's what we read right now right plain English um that what that's what we can see so things like you know sensitive data can also sometime be seen in plain text so in the first question it asks you how can I perform a snipping attack well that's pretty easy most of the time you're going t
o see that there are network scanners that we use to moniter the network so that means that I can run wire sharp which is what you will be doing later I would be able to see all the activities that are happening on the network right so I can see what CET is being sent back and forth um I can also see you know which systems are communicating but before leaving the network I have to be able to go from you know my my system to the main the main backbone of the network which are the the switches the
routers the servers so you could see multiple type of communication back and forth so they would use Network protocol analyzer um or what we call a scanner so I'm going to add in a a word because scanner can be many types of scanner we can say Network protocol analyzer or scanner and if you just simply search Google and say what is the network protocol analyzer right it's going to give you some definition and also simply what we see well I just talked about and it would give you some of the com
mon so in the industry you would often see things like wi shark right so wi shark is more of a passive scanner what it does is like listening in the background right all I have to do is I just need to connect to a network that my target um and then I would run that particular software remember why I said this particular type of dog that going to be doing is just knowing how to utilize the proper tool right at a certain time and you be able to interpret the outcome from that tool so now some scan
ners are active scanners that means that it's going to try to send packets right so wire shark hi wire shark is kind of like you are standing in the background it's the wall flower right it's looking at what's passing by as traffic but there are other scanners that it's going to also intervene right it's going to step in and it's going to say I'm going to just send out packets to see which systems are responding to me and if those systems are responding to me then I can get it information so tho
se are active scanner okay so some of the applications that you can use um for scanning wi shark we mentioned that you can also find Eder cap that's just another software for Network protocol analyzer that's just like a different type of of software that you can get so there are variations there are many um you can also use snort snort been around for a long time right they are uh the people who created snor they own security companies now um so there are technologies that been integrated for a
long time and then improved over time so those are just a few that you can find any question so here I listed some of these but you got to know that some of these are these are just attack tool some of them are active and some of them are passive so if you are let's say that you're an ethical hacker and you want to be more stealth right you've got to know the tools that you going to use that are more stealth but sometimes the stealthy tools are not going to get us what we want so we have to use
more active tools and in that case when you use active tool all the all the detecting system like detection system right those are the alarm system it's going to sound okay so you have to know what kind of tools that you need to use in way okay so normally an attacker and an ethical hacker they would start with a stealthy tool then they're going to get some information and if they need to get more information that requires the active tool then they're going to use those scanners okay all right s
o um now TCB dump very popular you can use that in in Linux there's kissm cane enable um it doesn't Kane been around since the 80s they this tool is a lot of time known for password um or Keys brute forcing it is an old tool there are other tools but you can find Kane uh has the capability to do networking but when you download cane onto your windows your antivirus software will try to lock it away it sees it as a threat just so normally I recommend so I got a comment on YouTube they're asking m
e like oh shoot I can't run cane on my regular PC and I said well if you disable your antiv virus you might but I don't recommend using a lot of the security tools outside of the virtual machine even though we know that there are attacks from virtual machine to regular but it is more contained and you can always delete and remove it and zero out the dis okay so there's DNS niff that's mostly for DNS which is domain name system right so there are others we'll come back to a a section where we wou
ld do so Deni of service is to the system so it can't respond a lot of time the easiest attack is going to be to the web servers because there are what more than 9 million web servers around the world so to connect to a company sometime you would need to connect to its website um so you know web servers can sometimes it is they are connected to the network but a lot of the times they are on the demilitarized zone it's kind of like an area before the private Network and we would secure that with
a lot of different type of firewall we'll talk about design ly okay and then you can do poisoning attack so let's talk about the protocol um I'm going to put the answers up as I go through these so for question three it says what protocols are often used in denial of service attack and often that you would see UDP it stands for user datagram protocol right and the user datagram protocol is it's different than the transmission control protocol in that um maybe I need to zoom in 200 sorry to make
it bigger for some of you and I will close this so the user datagram protocol it sends it doesn't need any kind of confirmation okay so PCP requires that there is now admit that it's ready to so if let's say that I'm using CT and I'm sending my data to Gabel I got to make sure that g acknowledge that he's ready to receive data so CCP is is going to take a lot longer to establish that connection compared to you not a lot longer but longer right and the analogy for this is when you send UDP it's k
ind of like you just ship a box and you don't care whether it gets there in five days or 30 days or the next day you just send right when it gets there it gets there right sometime you just don't want to pay for the extra shipping fees with TCP is like sending up a certified mail right or a box that you want that signature verifying that they are to receive and then before that you will pick up the phone and you would call that person and say hey I'm sending you a package and they say okay I'm r
eady that's how TCP works right so it needs to acknowledge that the the receiving system is going to be ready to receive and then it sends okay compared to UDP so this is why it's preferred as a form of traffic is because they can send massive amount to to that system right so let's say that I'm asking you 50,000 question at the same time and you're too busy to respond to to me right or I can use a lot of bots to send you 50 million questions at the same time and the server just got so so occupi
ed that it wouldn't know what to do and that's how they basically perform either theal service or distributed deny of service distributed just means that they're using many system to attack that Target whereas deny of service is system to system but requesting many times until it it become it comes forward right it's just not able to respond so the delivery Assurance remember that signature that sign on the package is TCP transmission control protocol so with that when you see the the network tr
affic if you see synac right that's usually TCP suite and then UDP we would do that for fast thing so when you're watching videos right when you're listening to podcast a lot lot of times you would see that UDP traffic is being used for those type of packets okay audio media base and so on because they need to stream fast and so with that you would see that the header for UDP is less with content so when you look at that label for UDP right the header it would show less information because it do
esn't have to have you know the uh some additional thing with acknowledgement and Assurance any question so we must to be good in security we must know networking and we must know protocols and port numbers I'm not kidding okay because ports are like doors to the system okay how many doors do they have have open it's like if you want to enter someone's house you want to check out oh is their front door open is their side door open right so that's what the attacker does they scope out the area an
d the environment by listening by scaning okay another protocol that's important is address resolution protocol your ARP basically it ties the network address to the physical access it's kind of like this ARP works like this it translates a legal name to a let's say that you have a legal name outside everybody the world known to the legal name right that's IP access to the system the system is known to the world with this IP access and then inside your house you have a nickname everybody calls y
ou that right only in your house that you have that name so ARB takes that legal name and ties it to the niame so that way it can the the when the traffic comes in it would know from the network address to where that system physically exists right because the router brings the traffic to the network right the switch is an appliance that take that traffic and take it to the right area like the router takes you to the exit from the freeway okay after that the switch is going to take that traffic a
nd it's going to go down it's going to navigate it to which street or which neighborhood your houses so that's how the that's how the network connection really you know that's how the traffic gets you to the system so that means that we have to have a a a set of rules where the system the switch would have a table where it says that oh this Mac address belong to system a and it is at this segment like it's on the street okay so the switch is going to say oh it's intended for that system a so I'm
going to send it to another switch that's managing that segment and that's how it gets that system okay all right I'm going to come back to the notes okay so here um now IP is basically for addressing right Internet Protocol it's used for addressing there's two versions IP V4 is version four so all you know when whenever that we use the octet like this 10.0.0 do. one you see the three period like this those are called the version four address and each of these are octets they're eight bits each
okay and then with that they would have they would have what you would see so this think of this like your your house address that's registered with the city right and then your house would have a a zip code so the router it doesn't care the specific it only cares about the zip code area okay okay it's like you know it just needs to navigate you to that exit right that area that region and then the switch is going to come in and say oh that IP is correlated with this actual physical system so A
R is when it it's going to do that the version six it uses hexad decimal so you would see a string of addresses and you would see colon so I'm going to do this real quick so if you want to see your address open up command prompt by doing CMD right in Linux you just use IP space address in Windows you do ip config and you know simply that is going to give you the summary okay so this pops up and you got to pay attention to your adapter right your adapter is different than mine because I'm on wire
less on my laptop and it tells me this is my version four right the subnet Mass remember what I said earlier that's the ZIP code that we're talking about right um and then the default gateway that's your router IP so at home when you do this you would see 192.168.0 dox like seven 10 whatever right it depends on when you join that oress network but the router the default is 192.168.0.1 because admin ministrator the way that we design it's one is the first system that you see from the outside righ
t that's the gate to your house okay and then dot two would be the next one maybe a firewall or the internal firewall The Edge firewall and so on any question okay now another um we'll do a little bit of command if you do all you're going to see everything else so it's a little bit more detail so what I what command did I use ip config space SL all that's in Windows that's what we use ip config space SL all and this will give me more information when did that system obtain an IP address it's a t
emporary address for a certain period of time the this is the way that we can recycle IP address in a large Network like this because you know you might shut down your system this computer for two weeks we can give the IP back to another system so it can use so that way we can recycle some the IP address because we did run out of version four public addresses now I think most of the time we you know if they have IP version fors because they had reserved it still uh with the amount of internet of
things and all the Smart Systems out there right we have to use version six so with the version so there there is DHCP here so as you notice right my physical address is What's called the MAC address media access right so this address is associated with my IP address the preferred address using AR so AR normally is just a table our table would contain ip2 Max okay any question all right so now you know how to find your IP address using command line now icmp is Ping so when do you use this you u
se it to test to see if system is alive connected right so I'm going to show you how you can ping so in your command prompt you can do a ping space and then you can do 127.0.0.1 so you're using a loop back address that means that you're are peeing yourself so if that system is connected it's going to reply four times in Windows it's only sending four packets so think of it this way like you knock four times and if someone is home they're going to say say I'm here I'm here I'm here I'm here four
times right now not all Network they enable this because you can ping someone to death right that's a Smurf attack so in Linux if you type ping in the address it's just going to keep pinging until you tell it to stop okay but in Windows the way the OS is designed the command line it's only going to send four packets now if you see no reply it's going to tell you that right here so when I'm using a loop back address I'm basically knocking on my own door right I'm I'm checking to see if my own sys
tem is connected now I can ping another address so let's ping uh their DNS server real quick see if they turn it off of course not because it's it's working right otherwise I can't join the domain I cannot connect to their Network so that's how you can see if system is talking or not right by pinging it and that uses icmp this one internet control message protocol so whenever you see icmp and there's version six and version four right so you can set your firewall to block ping and that's normal
okay NDP this is used to disc Discovery discover nearby system often you would see network devices like the routers or level four or three switches will do that where it acts as a router so it's kind of like oh who's nearby so I can pass the traffic to you right um it's kind of like you know running a marathon but not your teammate but whoever that's run that's nearby you just pass the Paton right so the way that this works is is just detecting and you can have it autoc configur for different ve
rsion of addresses realtime transport protocol this is used for audio and video purposes um including push a talk um this was popular back in the 90s and early 2000 right where you press a button you talk into it and then it sends uh video conferencing like Zoom very popular streaming media Voiceover IP your phone uses IP I think all of us are using Voiceover IP now secure real time transport protocol this is for using encryption and it encrypt the message through our um when it sends through RT
P so you do have more security because it's using encryption for integrity in data transmission so if they're trying to do man in the middle um and then trying to capture your data modify your data um it will be a hard to do that for replay attack today we're going to use file transfer protocol this is used to distribute files upload and download okay so FTP servers are still around mozila runs one of the larger FTP servers um but if you are planning to offer FTP Service I recommend you use secu
re FTP which you know has encryption but the default for the TCP you would see that's Port 20 and then you can also use port 21 to control signal now if you want to use UDP at Port 69 you can use the trivial file transfer protocol it is a variation of file file transfer protocol okay uh um and you can chunk that into smaller data SSH is very popular right all my networking students they go through and they configure things using SSH so I can remote into the switches in the router using SSH it's
called secure shell it's a way that we can connect system to system directly without and and in the transfer it use this encryption key so your text is not transparent right you want to protect the data that's transmitted TLS is supported with your https so whenever that you log in to pay your bill to fill out your financial aid when you see https right now the integration with that is it's using transport layer security so before they were using SSL but SSL has issues even with the later versio
n um you rarely see websites now that that supports SSL only right you would see SSL with TLS or TLS version three or or more so when you do assessment for web application or web development you often would look at this area and then IPC is how you can create a virtual private Network that basically a protected Network where you can access and so it uses encryption uh for the traffic and I snip a little bit of the header so you can see it is very different than your regular non-encrypted traffic
where you know how your headers so it creates um it adds in some additional field and that's used for encryption purposes okay so for seven it ask or for six it asks you what protocol is used to stream video over the Internet we learned that it is real time transport protocol your RTP you see this is supportting Windows environment a lot and a lot so a lot of like the media stream based application it requires this particular set of protocols the rules on how the system is used so whenever you
see protocol it tipes to a service okay some some type of service for a certain task and then um what protocol is used to encrypt authenticate and provide data Integrity for RTP so we want to use secure RTP srtp and then for autoc configuration with device version IPv6 addresses to discover its neighbor right such as address of router that's going to be your NDP name we discover protol now depending on the routers to sub router support specific protocol like if using Cisco router they have propr
ietary protocol for that particular company right they create a set of of protocols that only Cal devices use and then they also integrate Universal protocol common protocol that the industry uses so that way it can talk to other system that is not sy so um and so CIS 40b addresses that IT addresses like you know different routing and switching technology but most people teaches with Cisco technology but you have variations with all different technology now you know you're not required to just o
nly use Cisco you can use yeah I pick out the quotation all right now for FTP we know that it is Port 20 so today when you scanning with nmap which is an active standard right um then you're going to see you're going to see p 20 and if you enable 21 it's going to pop up I don't think we you mask it but you're going to see 21 and 20 popping up for FTP so to secure HTTP traffic for https you would integrate Port 443 for https and with that we have to integrate secure socket layer personally I pref
er to integrate TLS which is the replacement of that right the the common attack that you heard this is maybe a decade ago it's the heart B so for the websites that only uses SSL the older version um they are they would suffer from heartly Attack basically it's a flaw in the way that they wrote the protocol that someone can can uh access the website it's through the what happened I did it's not did you delete the P part cancel did you make B part okay add part again Techni if it's not there go c
ancel and then go to your used folder and look when you if you created the account any question question okay so when we use port 22 we can enable security for FTP that's SFTP and commonly you also see SSH also uses p 22 okay so a way that we can integrate FTP securely is to couple it with SSH hence the SFTP so Port 22 so on Security Plus right they are going to ask you ports and protocols on if you are planning to take Network plus which is also a difficult task um you will be ask protocols Net
work protocols okay so what about the mail servers then right we have different type we we talked about the DNS Dom service that's the server system that would take the IP the public IP and translate into the URL so as humans we go around telling people oh visit this website google.com right we don't go around saying visit 8.8.8.8 that's just harder for us to say all the numerical values right so so they integrated a domain name system where it would take that the public IP and tie it to the do
the registered domain name like nike.com right microsoft.com and Etc um so it's like registering your home address with the city right so the DNS keeps track of that so for the mail and the web mail protocol so simple mail transfer protocol basically it's transferring email between your server and your client you guys use that every day you check your rccd email that's it right they integrate uh an exchange server that's allowing it to be able to manage accounts that have inbox and outbox and so
on right and even when you're looking at you're looking at web mail it uses also mail services system where it would be able to tie to the account but a lot of times mail servers is tied to authentication server because number one they need to make sure that that's the proper account otherwise everybody receives other people's mail right so when you see SMTP that's Port 25 by default your wireless router turns this off right it it's turn off so if you enable that basically you turn on that serv
ice but we don't enable things unless we use it okay unofficial Port you can also use it with TLS and and um which H https like Gmail and so on there's pop three basically post office protocol version three it is a way that we can get also the mail to the server but you know that server like when you're using Gmail or outlook.com there's not just one server right you would have many different forwarding and different type of servers that's in between um so in forensic whenever we look at this wh
en we look at Exchange Server we have to look at the mail header it would tell us like which server obers that that email actually pass because sometime you have to track a piece of email right for example someone committed fraud they sent an email at this time and you have to track like where it went because we have sometime we have to go to Google we have to go to Microsoft and subpena you know we have court subpena material that we have to pull the email from the server because they back it u
p to get the evidence right so um it really track like the type of servers and so with these type of of services you would see that it's using a certain door to be able to pass right your port number and then different type of servers for different specific like if I'm if I host the The Exchange Server compared to using Google Gmail host or Microsoft Outlook and so on and then for mime this is multi-purpose internet mail extension this is a standard that extends your your message so that way you
can see pictures and things HTTP uh you know uh HTML you can attach a an image you can add file you can add you know audio media stuff to it and so with that it needs to integrate that into the header so I tell my forensic student that when you look at the header you can tell what kind of mail it is already like where it's coming from where it's going to who it passes to and what kind of attachment you have with that thing right and then when we pull it sometime you know if they delete it right
you can go to the server and find it and sometime that takes a long time but all your data sometime when it puts to the temp it puts it on RAM right if you guys ever open your application like Microsoft Word if you don't don't save it eventually that space is given back to the system right so your software application requires a certain amount of ram so it's it puts it there and so if your system is alive sometime we can pull stuff from RAM and we will be able to see it okay or even temporary s
torage on the drive okay so we talked about https which is Port 443 sometime you see this as 444 but 443 um and then your regular HTTP which is likely very few websites left that uses only HTTP which is p80 okay nowadays so let me move 14 down so for 13 we answer that the protocols used for email Services SMTP IMAP POP 3 and mine mine is actually just uh standards for the extension of the the protocol and then for 14 uh RDP which is for remote lo location so I can you know you ever uh use a serv
ice where someone can actually access your desktop and navigate right uh help you configure something that could be our job one day right many of my student when they do it support they would use some kind of tool that uses remote desktop like team viewer I'm pretty sure some of you are familiar with that and so RDP allows the system to connect to the other system desktop and sometime you can allow it to take control like they can take over your cursor and move things around now for question 15
it asks you what is DHCP snooping and how can you implement how how how can it be implemented on a network so DHCP Dynamic host control protocol right or some people say configuration protocol this is a protocol that we use to distribute IP address to systems are connected it could be an actual server system at home use your wireless router right when you when you turn on your wireless router and then all you have to do is let's say I have a SmartPhone I would connect my smartphone to it and you
r wireless router holds a role called DCP server it serve or provides service to give our IP access to the connected system now in an Enterprise environment or a large Network environment like rccd they would have multiple DHCP servers you can have it for version six and version four IP addresses okay now so along with that we would see snooping this is a way that we can Implement a system to prevent unauthorized access of fake servers or servers that doesn't belong to that Network so when I tau
ght at a couple other institution I would have um a rra similar to the back and I would have switches to have the students connected to the networks and we can plug that into their main Network right but it's supposed to loop back and then sometimes the students they plug it in correctly and they run the hcv server so it was given out like not real IP address for for the regular the real Network so let's say they set up a DHCP server and they plug it into that switch and they plug it into the wr
ong Port it actually circulates it out to the entire company right so if that company implemented DHCP snooping they would block all of those addresses and see that server and then you know not distribute send out that traffic to the because ultimately they have to be connected to send out traffic so you need to go back um to the users folder that you were previously at so right click go to administrate to computer Management console and then click on users folder and see if K park is there like
ly that you deleted him I can help you in a little bit any question so DHCP server is just a role right it could be a role for that particular server computer at home it is a role for your wireless router to do that um you can configure the layer switch to broadcast only from The Trusted ports so a port could be a logical Port like the number that we that represents the value for that connection Point okay but a port could be a physical Port right like if I'm looking at a wireless router and I'm
sure you have this at home and and I take a cable and I connect it to where the E it goes that's a physical part right so on the switch you would have many of these right so the switch's job is just to pass traffic back and forth right like this system to next room or somewhere in the network and the router is to pass the traffic inside and outside of the network like if you have to you know get on the freeway to get to the next neighborhood right so the router is what gets you to the freeway o
kay so with that if we configure the switch to broadcast only from The Trusted ports other things won't pass through so we basically can filter that through the ports The Logical ports so when does this happen if I wanted to take down part of your network if I can connect to your network I can put up a a fake DHCP server sending out fake IP addresses and eventually you know like let's say half of your employees their ship is in the afternoon they come in right they're going to try to connect to
uh they're gon to it's going to get the IP address from the fake vhv server and then they they're they won't be able to connect to the network like because it's not real it's not part of the network so you know you're going to get a lot of tickets saying oh I can't I don't have internet I can't get access and so on so we have to prevent things like that too for from the security side because you know any that's not part of the network should not belong there so snooping would would help you with
that different between version 4 and version 6 IP address version 4 IP has 32 bits and they are decimal numberers so decimal are your counting number Z through n 10 it is a 10 Base number this is what you learned in Ma so so stop doing that cck cancel cancel there right click here go to computer management users local users in group we did this earlier users double click set he's not there so you got to make him make him and then continue with the step when you left up IP version 6 is 128 bit r
ight um these are heximal notation they are 16 Base number so often that you would see numbers and letters but only from a through F because you know it's 0 through 9 and then a through F you often see the colon in the notation so when you do ip config at home on your computer your Windows PC at home it might come up version six right because your router is configured to give out version six traditionally I think we're still using a lot of version four because people like me right we were traine
d from version four and they're still managing the network so you often see that and the transition 2000 you know 2011 was when public IP address with version 4 they said that we max out right integration version six been around for a long time uh but you still see version 4 you just did you know ip config it pops up T Linux you see version four popping up 10.0.2 do15 version four okay so I mentioned it earlier for the DNS it's used for domain name resolution host name to IP so Google server rig
ht the DNS it would have its name but it's registered to a domain and then the IP address so to prevent DNS poisoning so what do I mean by DNS Point name the domain name system contains so many records it would contain records of how it Associated IP to the name um it would contain the reverse record it would contain the name to the IP and then the IP to the name it would contain additional information for the domain or any subdomain so if someone gets a hold of that record they can redirect rig
ht all the users to their their domain right and this is you see with fishing attack and a lot of things so DNS poisoning is a way that they can modify the system or modify the records of that system to lead into other attacks so we would Implement what's called DNS SEC and this is a security extension simply it validates the responses from the system connect into the DNS and it uses a thing called resource record signature to make sure that the records has integrity and it validates that with t
he replies so it checks and this is simply a feature that we integrated when we configure the DNS right you guys will do some of this later I'll show you how you can install DNS and config so it's a way that we can protect the record basically and then validate the rep okay any question so let's do some lookup for the DNS with our system remember that you connected to our CCD right that's the domain or the network that we're connecting to so you can open your command prompt by doing CMD just lik
e what we did earlier that's for Windows command prompt or you can search for command prompt and this should open let me change my configuration real quick never mind so we can do NS lookup which is the next step so when you when you do NS lookup basically you're looking for the the domain that you're connected to or the system is connecting to and its address right earlier you saw that when I did ip config all right it gave me these okay now you know that there's multiple in this system by look
ing at this and we talked about DHCP already right they have multiple also when we did the DNS it tells me that actually I'm connecting to this one the 219 right so this is the primary for the part the the one that I'm connecting to now depending on right I'm on the wireless network depending on the segment of the network you're connecting to that could be related to a specific subdomain so when you're looking at this how can I tell it's app parent or the subdomain rccd.edu anything after the do
t in front of it is the child okay so when you see like outlook. microsoft.com that is a subsidiary of microsoft.com right um and this is where and we can have it set up where it carries inheritance and other things and that will be related to another class but you when you look at this you can see that it is right a a subsidiary of rccd any question so now you know what to to what to look up when you need to do NS lookup so whenever sometime you get you connect to a website and it tells you it
cannot resolve that website name and you already checked the URL everything is correct sometime it might have the the old domain information so you have to flush it you have to do a DNS flush and then renew it this is what happens when they add um or modify DNS or sometime your system have old configuration and it needs to update okay so when you're done you can just do an exit to get back to your command P popup right so when you do NS lookup it takes you into the lookup um CLI command line int
erface okay so I want to cover a little bit of this and then uh we already talked a little bit about the address but I wanted to touch on it come back to it real quick because we answered the question so Kerberos you're going to see this again it uses UDP Port 88 um it is a way that Windows use to authenticate for Windows domain so when you log into rccd.edu or when you log on to these computers it's using ceros is a way that also protect your passwords right but there's no 100% security Microso
ft sorn by this technology however you know it's really how you manage the components for that technology is important so it uses a key distribution center and it would issue a a Time stamp ticket it's kind of like you buy ticket to the amusement park for that day so the the the key distribution center is going to give you a wristband and that wristband is going to tell right the the staff that works at the amusement park how long you have access to that amusement park okay maybe a day or if you
have annual pass etc etc VIP pass and so on so with that when we integrate this with authentication you would use what's called ldap which is lightweight directory access protocol this is a way that we can integrate a a service that would communicate with a database where it holds your account password credential privilege all of that right last week you did a little bit of permission or privilege control in the local system but on the server that has your account information right like active
directory which is a directory service it would use this protocol to be able to detect what group you're in what account you have and so on okay and that's support number this is how we can synchronize time so we we know that you know now with time change so you can have it sync properly and the way that you know with system updating another system syncing is important okay I back add you got to get back to where you were before do that step again to go to so minimize this and then get back to w
here you were and then we do that step where you add ke par okay so IP version four addresses right the first octet when you look at this at home or here or on your Cali today right you need to look at the first octed this octet is going to tell you what class it belongs to when it's zero to 127 that's Class A right 128 to 191 that's Class B most networks larger networks they like use 10 because it's just how we were trained right yeah you can use 12 11 15 whatever but most administrator they li
ke using 10 that's just the practice Class B is this right here most of the time you see 176 or 172 and then at home you use 192 Class C so Class C range has the least address that's great for smaller networks right the maximum you can have is 250 systems connected including your printers your smartphones etc etc right and the more you have through a centralized look uh point which is your router the more congested your network will be Class B has a little bit more and Class A has the most per N
etwork okay okay so if you have a lot of computers right I'm talking Millions we would use Class A so they normally prefer Class A to scale because we don't know if a school like this can have like you know millions of systems or not right and then earlier I mentioned to you about so this is IP headers this is how it can know like where it should send it to which exit it should take it to the router use this okay we already talked about DNS and I have a little diagram for you there so the record
s I mentioned earlier right these are the records that you would see make sure we read this part because I know some Security Plus question addresses this okay so we just did 19 now we're going to talk about quality of service so um I had like two employers that I talked to and they were telling me that they love asking these questions like what is qos and can you tell me how you can how it can be used in a network even for security uh apprentices um you have to know this because Network availab
ility is a cenal for every business okay so simply is a way that we would integrate Technologies on the network that would use to measure and control different traffic types based on priorities or operational needs my example for this is you know when you drive or you ride in the car with someone you hear the ambulance siren and you automatically know because you train or the driver would know to move over stop and so let that priority track P right so in the network environment we will integrat
e system to rank Network traffic depending on the company so if I am like twitch if I'm streaming media if I have thousands and thousands of servers because people are uploading and sharing your videos and you know chatting all all of these things then my priority traffic will be that because that's my money maker right is you know or or YouTube or you know social media type of content so you prioritize based on your operational needs and how we can do that is we would be able to quantify the qu
ality that we need hence the name quality that we need for that network service so there are tools that can be implemented but a lot of times secur um Network appliances come with Kos ability so you have to enable that feature and then you have to set up right configure it to say okay well you know when it reaches this bang width right divert the traffic to other air other systemic send it to you know switch a switch b or router a router B and so on reroute and be able to get it through so it's
not congested or when we say okay traffic that's r nine out of 10 it's going to go to this system where it's going to be able to pass back so it's like regulating traffic not necessarily putting the traffic pop but being able to have more roadways and freeway for things to get here and there Qui and the priority traffic needs to get to the right Road right any question check on the time okay we're still good any questions on things so I'm trying to condense networking stuff into one chapter or t
wo right but this is a full course so some of you took 48 with me last time and it's heavy Beauty right there's a lot to remember but as you go through security classes or IT classes we're going to reiterate some of the things you're like oh I remember that we did this or I saw that or I scanned this so it's going to start we're going to put the puzzle pieces together and at the end you're going to see oh okay this is what I need to do okay so who are the entities that assigned these things righ
t I put down that um the port numbers that you work with that's assigned by IA they're International and then there are register ports so there are common ports those are like the known doors in every house right so Port 20 we know that it's FTP so it needs to be like second nature to you whenever somebody says Port 53 you know it's DNX or Port 20 it's fdp or Port 80 is HTTP right so because you hear it and know it so much that it becomes regular to you so we need to be like that okay so there a
re some ort information here that I put sometime they use uncommon Port like you know you would see like 8,000 or you know or even higher number because the security practice now everybody's using uncommon ports because people going to scan for the common ports right but so to really exit the house there's only a certain main entrance okay so you need to mask it from port to port so even if they use uncommon Port if you sniff it out you can find what they what kind of service they use right um s
o ultimately it is discoverable so I talked about a switch okay so a switch ties to the physical port and the router rout so this is like about uh less than $4,000 when we first bought it it's probably 2,000 now so this is a switch its job is to get you to the road in that neighborhood but it can also act as a route right uh sometime when you work with voice over IP system they would use layer for switch that means that it can route and it can do other things Beyond route right in the layer four
so we'll talk about OSI later and then so the physical ports are these so how many ports do I really need on a switch it's really depending on how many system that's physically connected so for a segment like this I have about 48 49 computers I need at least 48 ports right if it doesn't fit on one Appliance I rich the switch connect the switch to another switch that's called bridging so that means that I have one for this side one for this side and then connect them together and send them up to
the backbone which is a group of other switches and rs so ultimately it's such just all plsces that are connected right and then you sometimes see a smaller switch for the smaller Network so now we can control the actual physical Port because they all have numbers so you can say number 47 belongs to system a number 48 belongs to system B and so on right so you map it to the physical system so in case I walk by I unplug that cable and I connect my laptop with the cable to it I can't right becaus
e it's not matap to my physical IP uh Mac address the physical address and that's because the switch has a table it matches right who to who okay so Mac filter you can do Mac filter so you can set up who's allowed who's not the routers connect Network to network remember that when we're entering and leaving the network that's the router that's like the gate to your house okay and um it doesn't really broadcast it usually just look for nearby to pass um if you're looking at automated um automated
system like you know Comcast Verizon uh T-mobile those are they have like tons of routers that would connect quickly and so they would automate that right so and integrating quality of service to be able to have your traffic from you know uh Marino Valley connected to someone in New York very quickly right but it needs to go from router to router because they don't own all the networks across the United States you know that it goes from one network to the next Network and so when we do forensic
for that you got to see oh where did the system get transmitted to and sometime you have to go to multiple vendor to ask to subpoena for that order okay so router deals with IP addresses protocol ports and then you can do an implicit deny you can deny a certain traffic so this is when if someone is trying to do theop service attack right the if you can control that with the router not just the firewall we can do application firewall and filter so you can set up a a a set of rules for your firew
all when it detects it it's going to say oh I'm going to block it and I'm going to notify other system but you can also control the router when it sends this many packets do not let it pass right it's kind of like saying when that car has more than 50 people inside we're not going to let it go through we're going to check every single one of them and sometimes just say no stop go away right so you can control many things through appliances okay and then so the firewall we talked about how it fil
ters there are different types so when you see the host based firewall those are just like application based it's installed on that host and then there's application based firewall that's software network based firewall it detects the network stateless rules it uses permission and it looks at like where it's coming from and the port there's State full where it inspects and make a decision based on content this is slower so like I said earlier right checking the car with 50 people yeah State fold
s good for that so if it it you know the content and so I tell my my ethical hacking class payload is so important because in that your the system it checks the payload value to look at the length or the size of your data so if the payload is too large potentially it could be an attack so we would inspect it more carefully using the firewall so that's like your border patrol people right they would look at like oh who's allowed crossing the border entering our private Network and who's not and t
hen the stateless one it's basically looking at the permissions for that system and where it's coming from so if the traffic the public traffic is coming from China or somewhere else that we don't know right just walk it right we can set up to block but you know when you block you have to keep blocking because they're very resourceful about masking the IP and where it's coming from um you know if we can use VPN you think they don't they can't use VPN of course right so we have to up level up our
level with the technology and then when you're using the militar Zone DMZ it is just a buffer area between the private Network and the public network so you can set up a logical Network that would represent would have some public facing that would allow public traffic like your web server would receive traffic from the internet but before it sends it you know to the network it has to go through all of the checkers all of the detector all of the preventers okay okay let's talk about 21 what is u
sed to prevent a broadcast storm a flood or a looping on the network switch so the switch um its job is to get things to a certain cyc of the network section of the network and sometimes it would send to everybody right that's called broadcast so when like you listen to broadcast radio you just send it to everyone in the world right um a unicast is when you send one to one and then a multicast is one to a group so sometime in the case where certain features and they it would sends to everyone an
d that can create congestion on your network with broadcast on or flooding or even looping it's keeping looking at it's just keep on going right back and forth back and forth so the we can configure spanning tree protocol your STP or in the newer protocol it's called rapid STP to prevent news broadcast storm so basically is that's simply allowing us to have better throughput track okay you got all right no problem now as we mentioned earlier about the firewall rule so ACL stand for Access Contro
l list right who has access to the network and a lot of system have ACL your computer has ACL right if you rightclick a file or a folder and go to you know the properties and look at the security tab you see the access control list you go on your wireless router you see who can be filtered or who can be blocked or who can be allowed right deny or allow so the firewall you can tell it what to check for which are the rules and when it looks at traffic so in in the the stateless firewall remember t
hat it's inspecting based on per permission control and where it's coming from right so that's the status now you might hear and interviewers they love asking this question right or even when if you take certification they might ask you on Next Generation firewall your your NG firewall so when you purchase a firewall you look into firewall you would see that some they're all different they have different functionality the category for next generation is basically it does the packet inspection an
d so there are features that it's going to look at what kind of packet it is not just the size right uh data by nature and so on because it's a good way for it to detect attacks or things that could be malicious for the network and a lot of these systems now the newer systems have ai integration they are intuitive it also learn based on behavior of the network so you can enable some of the the feature on these systems depending on you know the the technology that you buy now some firewall you wo
uld go and buy it's $10,000 that's not expensive and then if you're looking at something like Paulo Alto could be a lot tremendously more right and some of their technology they also have live Engineers that work directly with you to help in Security Management so some of you might look into getting into Paulo Alto right good company good pay any question with this okay and then I'm almost GNA be done with lecture and then I'll give you a break purpose of DMZ so we we can create the DMD to give
it a protection layer between the internet and our private Network while allowing connection when you hear DMZ sometime your mind goes to certain country that has DMZ right like we see Korea between Korea and North Korea or South Korea and North Korea right that's an area where you would see so in DMZ you would have public traffic still internet facing or Internet connected systems like your web server needs to be there sometimes there's could be you know some database connected to that web serv
er uh or could be mail server but you also need to protect those system on the DMZ so there's no Perfect Design in network I think even with all the Concepts that are integrated um the challenge is that you know you have to have it available and has throughput high throughput but also secured so Network address translation it takes your public IP and correlate that to your private IP what you know legally on the outside to the inside like legal name to nickname so there is static net it uses one
single public IP for one to one mapping private public IP like your smartphone T that right when you register for that phone number for an account with Verizon or T-Mobile they associate that phone number to an IP address really but at home when you're using your wireless router you're using Dynamic net because there's only one public IP address for all the system you have at home in a lot of networks you they use dynamic naet because you know when we establish the service even for the business
they would give us maybe one or two or a few public IP addresses for your networks and then you would use that right for the router that's facing because the router is connecting you to other networks and then everything else is going to use that IP address so it funnels through that one public IP so Nat does that and there's two type so at home when you're looking at who is you guys know how to use who is so um if you open Google and then you can find who is website a lot of the companies that
does like domain names and stuff like Go Daddy they would have who is so you can look up a domain like microsoft.com so on that right see how they block this you can't find the information used to be able to so they can secure this and then if you take ethical hacking you know why because we get the banners and that's how we're able to get in right um it would tell you like information about how that domain is registered or what kind of public IP that a certain system have okay so when you when
you use like your network um scanners to test your traffic at home to see if you have throughput a lot of times it's checking your public IP address um or when when you're using a who is system like this it would also find like what's registered to the IP address okay and you can also use I can look up and when you use who is right especially in ethical hacking that's just a passive way to look for information okay so we talked about static and dynamic net and then for proxy so proxy can be man
y things um it can be a way that we can pass all the traffic to that particular system for monitoring um it can also act as traffic police um there are many things that we can use proxy for but for the non-transparent proxy it would accept forwards and modifies request based on the rules so basically you're setting up a rules on that system and all the traffic has to go through that system right and then it's going to look at oh system a is requesting this but not meeting the rules so it's going
to modify that or reject it right and then sends it through in order to send it through it has to modify okay so that's a way that you can use non transparent proxy but proxy can also be used to make your traffic have more throughput so instead of going through one or two filtering system I can set up a thousand system and then I would allow my client system to connect to those depending on the traffic remember we talked about quality of service to get traffic to certain places quicker um but p
roxy can also be a way to bypass things too so if you use it for protection you always know that there's always the opposite side of it okay any question okay um on your system qu shark is already installed so for today we're just going to scan the network real quick oh I know that on my system they didn't resolve that yet so on your computer search wire shark and then click on the app so you can download this this is open source um you just need to install npap that means that it's always it's
a listener it's going to be there I'm on Wifi only but you need to click your ethernet adapter you would see the little graph line so don't click the virtual box or the other ones okay and huh no yeah close the install updates we don't have the privilege to do that anyways yeah so click the adapter that you would see the little graph line and it would say on yours it would say ethernet killer whatever right that's the adapter that use and then you're going to click the blue fin on the top left o
r you can also say capture start okay so select your first select your interface how you connecting and then click the blue thing yeah ethernet for you I'm on Wi-Fi only so my laptop doesn't have um ethernet adapter so what you're going to do is you're going to let it go for you know a minute or so right so these are all the conversations that the systems are communicating and we're talking about everybody your computer my computer right the switches the routers the computer next door someone do
wn the street with their smartphone right that's connected to our Network and you see there's UDP right sometime you would see TLS okay we can stop it a quick way that you want to and there are color coded right uh we'll do a lab with wire shark I did this with my other security classes already so they are color Co coded based on the type of traffic or the type of protocol um you can click the source to sort out all the same type of system this is a quick way for us to identify because when you
have 400 4,400 computers right it might be really difficult to pinpoint you can also scan a certain system by its IP address on the network so it tells you for that step you just click Start click the blue fin and then for a minute or so click stop you're going to sort it by the source tab so when you click the source tab it shows a little arrow that means you sorted so you would see the same traffic for that system right so that can help us narrow down like that system system is doing what okay
and then on the bracket on the left you might see the little bracket on the left of the the number here basically it includes that bracket tells you that that's the inclusion of all the conversation for that system okay and then anytime that let's say that I want to look at the UDP traffic for this one and yours look a little different because we're on a different segment and then um you can always double click and then on the Arrow you can expand it so you can see the frame the ethernet inform
ation the addresses right these are all the header stuff that it pulls since I'm on a UDP one it shows me the source Port the destination Port those are the doors the system used to communicate and then the length the check um so it needs to do a check sum to kind of make sure that everything is intact um and then some of them would have time stamp but the payload remember what I said earlier the size so you will have different sizes in payload depending on the packet so take a screenshot um onc
e you look at the first packet and then you can expand like what I said you can find the destination and Source address or destination address where it's sending to if there's header length information you can include that okay so let's go back here you don't have to pick the first one so my destination port it shows me that I'm because it's a UDP it's sending to 8801 port and it's coming from 50155 Port but if you wanted to pick let me see let's go back and pick something more interesting here'
s the ping one that's the icmp that's I have a pink packet destination unreachable so you can check out some packets the destination this one I have a version six address and this is a Cisco device so uh some vendors they would use their name on onto the actual physical address which you know it's easy to identify then you can find a TLS one you want to look at this is a TCP so TCP this is you know TLS is going to tie to https so secure website right here right there are 12 in a total um convers
ation gives you segment length so TCP is going to give you more details like sequent for acknowledgement and then payload size and so on if you pick a so for question I make sure that we click on one that has TCP like I did with the like I found a a TLS one I think that's like a light pink or a light purple you can also sort it by protocol and then find the TCP one so once you find the packet information put down the information here if you use a TCP right there are sin and act packets right syn
chronization or acknowledgement and so you might be able to see it right like for example this one is an act that's an acknowledgement one the oh my my app just crashed that's what I needed to upgrade funny so let's try let's let's try using like a TCP one so it's easy for you that T yeah and then remember just expain the arrow we saw that in 48 okay any question sorry my wire Shark app just crashed and you would be able to find acknowledgement number so it's a value that's used for that acknowl
edgement and then the sequence number because remember we talked about packets being data transmitted data is being broken up into different pieces so it needs sequence number to put it back in order like your bicycle it has to go from you know put the handlebar and the frame and yeah because you're using a datagram packet so you don't right any questions way yeah so let's pick one so Source destination on internet they gives you addition information I well it's best to probably see the tcv one
that you down it's all the way okay so the client so if I'm sending to you acknowledge I'm send it and then the sy so I say hey are you ready you say okay I'm ready that's acknowled and then I'm say I'm ready to send right and then you acknowledge back with the thing say no accepted right okay other hands other CL holders okay while we're doing that I'm going to stop recording
Comments
Your lectures is so great. I am so glad for your effort 🙏🙏🙏