Module 2: OS and Networking Fundamentals

The CIA Triad

The CIA Triad is a foundational model for guiding information security policy, ensuring data is protected in three key ways.

• Confidentiality: Protecting data from unauthorized access. The goal is that only authorized users can see the information. (e.g., Encryption, access controls).
• Integrity: Ensuring the accuracy and reliability of data. The goal is that data remains unaltered and trustworthy. (e.g., Digital signatures, checksums).
• Availability: Ensuring information is accessible to authorized users when needed. The goal is to keep systems and data available. (e.g., Backups, redundancy).

Cyber Vulnerabilities

Vulnerabilities are weaknesses in systems that can be exploited by attackers. Understanding them is key to defense.

• Malware: Viruses, worms, and ransomware that can compromise data.
• Phishing: Social engineering attacks that trick users into revealing sensitive information.
• Weak Security Practices: Using weak passwords, not patching software, or lacking encryption.
• Human Error: Unintentional mistakes like accidental data deletion.
• Insider Threats: Malicious or negligent actions by people inside the organization.
• Third-Party Risks: Vulnerabilities introduced through vendors and partners.

Attack Surface vs. Attack Vector

These two terms define the "where" and "how" of a cyberattack.

• Attack Surface: This refers to all the possible entry points an attacker could use to get unauthorized access. This includes things like Wi-Fi devices, laptops, USB ports, and IoT points.
• Attack Vector: This is the specific method an attacker uses to exploit an entry point on the attack surface. Examples include phishing emails, malware, and compromised credentials.

What is the OSI Model?

The OSI (Open Systems Interconnection) Model is a conceptual framework that standardizes network communication into seven distinct layers. Developed by the ISO, it ensures that diverse hardware and software from different vendors can communicate with each other seamlessly. In cybersecurity, it's crucial for troubleshooting, analysis, and designing layered defense strategies.

The 7 Layers of the OSI Model

Switches

A switch acts like a smart traffic director for a local network (LAN). It connects multiple devices (computers, printers) and learns the physical MAC address of each one. When one device sends data to another, the switch creates a direct path between them, making communication fast and secure because the data only goes where it's supposed to.

• OSI Layer: Layer 2 (Data Link)
• Key Function: Uses MAC addresses for device-to-device communication within a single network.

Routers

A router acts like a postal service for networks. Its job is to connect different networks together and determine the best path for data to travel between them. Your home router, for instance, connects your local network (LAN) to the internet (a WAN). It makes forwarding decisions by looking at the logical IP address of the data packet.

• OSI Layer: Layer 3 (Network)
• Key Function: Uses IP addresses to connect different networks (e.g., LAN to WAN).

LANs and WANs

• LAN (Local Area Network): Your "neighborhood network." It connects devices in a small, localized area like a home, office, or school. LANs are characterized by high speed and are typically owned by a single organization.
• WAN (Wide Area Network): A "highway system" connecting multiple LANs over large geographical distances. The internet is the world's largest WAN. WANs are more complex and require security measures like VPNs to protect data traveling over public infrastructure.

IP Addresses: The Postal Address of the Network

An IP address is a unique identifier that tells devices where to send data on a network. Just as a home needs a street address to receive mail, every device needs an IP address to participate in network traffic. It identifies both the network a device is on and the specific device itself.

IPv4 vs. IPv6

• IPv4 (Internet Protocol version 4): A 32-bit address written as four numbers separated by dots (e.g., `192.168.1.100`). It provides about 4.3 billion addresses. Private address ranges (like `192.168.x.x`, `10.x.x.x`) are not routable on the public internet.
• IPv6 (Internet Protocol version 6): A 128-bit address written in hexadecimal notation (e.g., `2001:0db8:85a3::8a2e:0370:7334`). It was created to solve the shortage of IPv4 addresses and provides a virtually limitless number. It also has built-in security features like mandatory IPsec.

Subnetting and IP Assignment

• Subnetting: This is the process of dividing a large network into smaller, more manageable sub-networks. This improves security by isolating departments, reduces network congestion, and makes management easier. A subnet mask (e.g., `255.255.255.0` or `/24`) defines which part of the IP address is the network and which part is the host.
• Static vs. Dynamic (DHCP) Assignment:
  • Static: An IP address is manually configured and never changes. Ideal for servers and printers.
  • Dynamic (DHCP): A DHCP server automatically assigns available IP addresses to devices as they join the network. Most client devices (laptops, phones) use DHCP.

What is a Firewall?

A firewall is a network security device that acts like a security guard for your network. It monitors and controls all incoming and outgoing traffic based on a set of predetermined security rules. It creates a barrier between your trusted internal network and untrusted external networks like the internet.

Types of Firewalls

• Packet-Filtering: Filters traffic based on basic criteria like IP address, port, and protocol.
• Stateful Inspection: A smarter firewall that tracks the state of active connections and only allows traffic that is part of a legitimate, established session.
• Application-Level Gateway (Proxy): Inspects traffic at the application layer, allowing for much more granular control (e.g., blocking specific web requests).
• Next-Generation Firewall (NGFW): Integrates multiple features, including packet filtering, stateful inspection, and deep packet inspection (DPI), along with Intrusion Prevention Systems (IPS) and application control.

Common Service Ports

Firewall rules are often configured based on service ports. Knowing common ports is essential.

What is the Terminal?

A terminal, or Command Line Interface (CLI), is a text-based interface for interacting directly with a computer's operating system. Instead of clicking on icons, you type commands to manage files, run programs, and perform administrative tasks. It is an essential and powerful tool for efficiency, control, and automation in IT and cybersecurity.

Basic File System Commands (Linux/Mac)

• ls: Lists the contents of the current directory.
• cd [directory]: Changes the current directory. (e.g., cd Documents).
• pwd: Prints the current working directory path.
• mkdir [name]: Creates a new directory.
• touch [filename]: Creates a new empty file.
• cat [filename]: Displays the content of a file.
• cp [source] [destination]: Copies a file or directory.
• mv [source] [destination]: Moves or renames a file or directory.
• rm [filename]: Deletes a file.
• rm -r [directory]: Deletes a directory and its contents recursively.

Command Comparison: Linux/Mac vs. Windows

Understanding Permissions

In Linux, every file and directory has permissions that control who can do what. There are three types of access:

• Read (r): View the contents of a file or list the contents of a directory.
• Write (w): Modify a file, or create/delete files within a directory.
• Execute (x): Run a file (if it's a script/program) or enter a directory.

These permissions are set for three classes of users:

• User (Owner): The person who created the file.
• Group: A group of users who share permissions.
• Other (Everyone): All other users on the system.

The `chmod` Command

The chmod command is used to change permissions. This can be done in two ways: symbolic and octal (numeric).