Knowledge of the basics of network technologies is an integral component of successful pentesting activities. They help pentesters analyze, assess, and identify potential vulnerabilities in networks and security systems. Understanding the principles of network protocols, architecture, and communication models enables effective identification of potential threats and risks to network infrastructure. Network knowledge also allows pentesters to develop and use specialized tools to identify and exploit vulnerabilities, which contributes to increasing the level of security. Thus, the basics of network technologies become the foundation for successful performance of pentesting tasks and ensuring the security of networks and systems.
Understanding the basics of network technologies allows pentesters to effectively analyze and research networks and their components. They can identify potential vulnerabilities and penetrate systems and devices using knowledge of network protocols and communication mechanisms. By learning about the network architecture, pentesters can identify and analyze routes that can be used for unauthorized access. In addition, knowledge of network technologies enables analysis of traffic that is forwarded over the network and detection of anomalous activity or intrusion attempts. They can develop and implement penetration testing strategies based on knowledge of network protocols and interactions between systems. Therefore, the fundamentals of network technologies make pentesters more competent in identifying and correcting security problems, and also help ensure reliable protection of networks and infrastructure as a whole.
Every organization strives to make its architecture as efficient as possible, meeting its own needs or the needs of third-party users, while spending a minimum of time and resources on security. A perfectly protected system is a utopia. Therefore, the analysis of system security is reduced to the search for vulnerabilities. Delegating system testing to your employees can lead to unreliable and misleading reports about your security capabilities. Therefore, the company needs a third, disinterested person who can effectively test the system for vulnerabilities – a pentester.
A local network is the foundation of any company.
Network security tools and systems.
How to learn the basics of networks.
Every company, regardless of its function and activity, includes a local computer network (LAN). A local network is the foundation without which an organization cannot exist. Local networks are responsible for the interaction of employees with each other or with the Internet, the automation of work and the provision of services to customers. The pentester must know the structure, safeguards and types of equipment planned.
Very often you have to act according to the “black box” principle. Therefore, you need to be prepared for any surprises and know the characteristics of the main network equipment suppliers (Cisco, Juniper, Huawei). These devices will become the backbone of any advanced network. In terms of its structure, a local area network is quite typical and follows certain guidelines and design standards. The de facto standard for almost all networks in the world is Cisco’s three-tier architecture.
It consists of three components:
Access layer (access layer)
We will not delve into deep theory. Consider at the same time the typical structure of any organization.
In this example, the conditional organization has access through two Internet Service Providers (ISPs). The provider’s channels are connected to two border routers, which ensures communication redundancy. It is not necessary to have 2. Only large organizations can do this. One or more network monitors must be placed at the entrance to the network. This is usually a firewall implementation using expensive hardware (such as Cisco ASA).
Large organizations also separate an area from public services to limit access to the private network (DMZ – demilitarized zone). For example, an organization’s official website may be hosted on a DMZ server. Powerful routers or L3 switches are located in the center. These devices will ensure maximum efficiency in processing large flows of packets and connecting other parts of the network. Distribution devices will provide redundant connectivity to increase network fault tolerance (L2/L3 switches).
The access layer switches connected users on a private subnet to a larger local private network. Usually, the organization is not limited to one physical building and has (or will have) its own branches, and like a good employer, they support employees who work remotely. There is now a place for Virtual Private Network (VPN) technology. This is the topic of a separate article.
Consider typical network security devices. I adhere to the idea of distinguishing classical means and non-classical ones. Classic tools include firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS).
A network firewall (INF) is a network security device that monitors incoming and outgoing network traffic and, based on an established set of security rules, makes a decision to allow or block specific traffic. Firewalls have been used as the first line of defense for networks for over 25 years.
They provide a barrier between secure, controlled internal networks that can be trusted and untrusted external networks such as the Internet. A firewall can be hardware, software, or mixed. However, attacks can also start from internal nodes – if the attacked host is located in the same network, the traffic will not cross the network perimeter, and the firewall will be used.
Traditional network-level attack detection involves collecting and analyzing network traffic for a set of signatures that correspond to known attacks. This requires sensors (IDS/IPS) in key areas of the network that try to detect known bad patterns in network traffic. Intrusion Detection System (IDS) – an intrusion detection system – a software product or device designed to detect unauthorized and malicious activity in a computer network or on a separate host. The task of IDS is to detect the intrusion of cybercriminals into the infrastructure and generate a security alert (there are no response functions, such as blocking unwanted activity in such systems), which will be transmitted to the SIEM system for further processing.
Threat detection systems differ from classic MES because the latter rely on a set of static rules and simply limit traffic between devices or network segments without sending messages. The evolution of the IDS idea became the intrusion prevention system (IPS), which is capable of not only detecting but also blocking threats. But for several reasons, this approach is no longer relevant today: first, signatures are powerless against zero-day attacks, as well as advanced methods of hiding malicious code and control channels.
Second, modern targeted attacks (APTs) can “cross” the perimeter of traditional networks, where sensors are traditionally installed and operated from within the network. Interactions between workstations and servers within a network often go beyond IDS/IPS. Because installing specialized sensors in all network segments and monitoring each workstation is a technically complex and financially expensive task.
Non-classical means include network monitoring technologies and systems. For example, Zabbix or Netflow. PS The topic of another article. Network monitoring will significantly complicate the attack both outside the organization’s network and inside it. Small organizations often neglect this aspect of network security.
There are many options here:
Official courses from network giants – Cisco, Juniper, Huawei (expensive, but very useful). The good thing is that the Internet is full of merged courses. Both in Russian and in English. You can choose according to different levels of training, from simple to advanced. Huawei is full of free courses – https://e.huawei.com/en/talent/#/. Russian is available in a reduced volume, but not all. I have not seen the Juniper courses in Russian.
Official or additional literature from such giants. You can also search on the Internet, find it in specialized Telegram channels without any problems. It is best to study foreign literature. Unfortunately, they describe everything more clearly and in more detail.
Articles on the Internet. There is an infinite number of them on the horn.
Youtube channels. It is still more pleasant to perceive information visually. Here is a list of good channels: https://www.youtube.com/c/Certbros (in English, but everything is understandable), https://www.youtube.com/c/linkmeup-podcast/featured (network playlist for the little ones” , there is also a separate blog on Khabra, more details there).
And, of course, the icing on the cake. Legendary RFCs. How about without thousands of volumes of standards?
The list can be expanded, but this is exactly what I personally encountered and what I can recommend.
As a conclusion, we would like to say that knowledge of the basics of network technologies is a necessary basis for any IT specialist. Without understanding how a network works, what protocols are used, what network devices are on the perimeter of the network and inside it, it is impossible to properly test it for vulnerabilities.