Certified SOC Experts

Day 2: Fundamentals of Network and DC

Trainer: Himanshu S
What is the Network and Data Communication:

A network is a group of interconnected devices, such as computers, servers, and other

hardware, that communicate and share resources with each other. These devices are
connected through various mediums like cables, wireless signals, or satellite links.

For example, two users a half-world apart can teleconference in real-time using their
workstations equipped with microphones and webcams.

Data Communication

• Data communication is the process of transferring data from one location to another or
between two locations, regardless of their geographical distance, data content, or
format.

• It allows electronic and digital data to move between networks, such as connecting a
laptop to a Wi-Fi network.

• Examples of data communication channels include copper wires, optical fibers, wireless
communication using radio spectrum, storage media, and computer buses
OSI Model:

The OSI model! It stands for Open Systems Interconnection, and it's a 7-layer architecture
that helps us understand how data is transmitted between computers. The OSI model was
developed by the International Organization for Standardization (ISO) in 1984.
TCP/IP Model:

The TCP/IP model! It's a 4-layer architecture that's widely used in modern computer
networks, including the internet. The TCP/IP model was developed in the 1970s by the
Department of Defense's Advanced Research Projects Agency (ARPA) and is still the
foundation of the internet today.
Basic Networking and Network Devices Concepts:

1. Firewall
A firewall is a security system that monitors and controls incoming and outgoing network
traffic based on predetermined security rules and policies. It acts as a barrier between a
trusted network, such as a private network, and an untrusted network, such as the internet.
They can perform various functions, such as:
• Packet filtering: Inspecting and filtering packets based on their source and destination
IP addresses, port numbers, and protocols.
• Stateful inspection: Monitoring the state of network connections and allowing or
blocking traffic based on the connection's state.
• Application-level filtering: Inspecting traffic at the Application Layer and blocking traffic
based on specific application protocols, such as HTTP, FTP, or SMTP.
• Network address translation (NAT): Translating private IP addresses to public IP
addresses and vice versa, providing a layer of security and hiding internal network
structures.
• NextGen Firewall: A next-generation firewall (NGFW) is a network security device that
provides capabilities beyond a traditional, stateful firewall. In addition to access control,
NGFWs can block modern threats such as advanced malware and application-layer
attacks.
IDS and IPS:

An Intrusion Detection System and Intrusion Prevention System are monitoring systems
that detects and prevents suspicious activities and generates alerts when they are
detected. Based upon these alerts, a security operations center (SOC) analyst or incident
responder can investigate the issue and take the appropriate actions to remediate the
threat.
VPN:

A Virtual Private Network (VPN) is a secure network that uses encryption and tunneling
protocols to provide remote access to a private network over the internet. VPNs allow users
to securely access a private network from a remote location, such as their home or a public
network, as if they were directly connected to the private network.
Switches:

• Network switches are devices that connect multiple devices, such as computers, servers,
and other network devices, together on a computer network. They work by using packet
switching to receive, process, and forward data to the destination device.

• Some network switches also support Power over Ethernet (PoE), which allows network
cables to provide electrical power to connected devices, such as IP cameras, wireless
access points, and VoIP phones.

• Network switches can be managed or unmanaged, with managed switches providing

advanced features such as VLANs, Quality of Service (QoS), and port mirroring. In
contrast, unmanaged switches are plug-and-play devices that require no configuration.
Routers:

• A network router is a device that connects multiple local area networks (LANs) and
allows devices to share data over the Internet or an intranet. It acts as a gateway that
passes data between these networks using the Internet Protocol (IP) to send IP packets
containing data and IP addresses of sending and destination devices. Routers maintain
a set of route-forwarding tables that identify how to forward data to reach the
destination device's LAN.

• The primary function of a router is determining the most efficient routing path for a
packet to traverse the network. Routing protocols are used to calculate routes, and they
are classified into three main categories: interior gateway protocols (IGPs), exterior
gateway protocols (EGPs), and hybrid protocols.
What is Network Security:

Network security is the practice of protecting the confidentiality, integrity, and availability
of computer networks and data transmitted over them. It involves implementing various
security measures to prevent unauthorized access, misuse, and exploitation of network
resources.

Authentication Concepts:

Authentication is the process of verifying the identity of a user or device before granting
access to a network or system.

• Password Based
• MFA
• Token Based
• Biometric
Network Topology:
Network topology refers to the layout of a network, describing how devices and
connections are arranged. Common types of network topologies include bus, star, ring,
mesh, tree, and hybrid. Each topology has its advantages and disadvantages in terms of
complexity, cost, reliability, and performance.

• In a bus topology, all devices are connected to a single cable, making it simple and cost-
effective. However, if the cable fails, the entire network goes down.

• In a star topology, each device is connected to a central hub or switch, providing

redundancy and ease of management. However, if the central hub fails, the entire
network is affected.

• In a ring topology, devices are connected in a circular fashion, allowing data to flow in
one direction. This topology provides high reliability and equal bandwidth for all
devices. However, if one device fails, it can affect the entire network.

• In a mesh topology, each device is connected to every other device, providing multiple
paths for data transmission and high redundancy. However, this topology can be
expensive and complex to implement.
• In a tree topology, devices are connected in a hierarchical manner, allowing for the
division of a large network into smaller segments. This topology is useful for networks
with a central server and multiple clients.

• In a hybrid topology, a network combines two or more topologies, providing the benefits
of each while minimizing their drawbacks.
Network Concepts:

• Half Duplex

• Full Duplex

• Semi Duplex

In short, half duplex and full duplex are two different modes of communication in computer
networks, with full duplex offering the highest data rate but also being the most complex to
implement.
Network Communication Medium:

1. Ports
Network ports are virtual endpoints that bridge data transmission among multiple
applications, services, or devices within a network. They are logical connections that are
established between multiple devices to transfer and exchange data among them.

2. Protocols
Network protocols are rules and standards that govern how data is transmitted over a
network. These protocols define the format, sequence, and error checking of data packets,
as well as the acknowledgment and retransmission of lost packets.

3. Services in Networking
In networking, services refer to the functionalities provided by network protocols and
devices to enable communication between different nodes in a network. These services
include packetizing, routing, forwarding, flow control, and congestion control.