Blue Teaming
KimCrawley,
Jan 25
2022
Network security is a major component of cybersecurity. A large part of what you learn from Hack The Box’s Hacking Labs, Pro Labs, and HTB Academy is about how to find security vulnerabilities in computer networks. So let’s get a general grasp of the topic!
Computer networks are formed when computers are linked in order to exchange data. Every time two or more computers are set up to exchange data with each other, you’ve formed a computer network. It’s that simple. Networks can be formed with physical cables and they can also be formed wirelessly through technologies like WiFi and Bluetooth. Many of the computer networks we use today use both physical and wireless connections. We’re also seeing growth in the implementation of virtualized networks on cloud platforms.
There are various classifications of networks according to their size. Most homes and small offices have a LAN, a Local Area Network that connects a few or several endpoint devices (PCs, phones, tablets, video game consoles, printers, and Internet of Things devices such as smart speakers and smart appliances) to a central hub, usually in the form of a router. In most LANs, the router is connected to a much larger network, the internet.
The internet is the world’s largest computer network. But pretty much all networks that cover hundreds of kilometres or more are classified as WANs, Wide Area Networks. The internet is a WAN, and so are many other networks. Then we’ve got other classifications. MANs, Metropolitan Area Networks cover the area of a city. CANs or Campus Area Networks cover the area of a school, hospital, or workplace campus. Smaller than a city, larger than a LAN! PANs or Personal Area Networks are simply a new type of LAN with a lower data transfer rate, usually for home entertainment purposes. Sometimes the largest WAN, the internet, is called the GAN-- Global Area Network. And the list goes on.
Let’s get into the basics of network security.
Recommended read: WPS PIN attacks: Cracking WPS with Reaver
Network security is cybersecurity or information security pertaining to computer networks. Most cyber attacks are conducted through computer networks, especially the public internet. That’s the most common source of all types of malware, man-in-the-middle attacks, data breaches, and many more problems! It’s absolutely essential that all hackers and cybersecurity practitioners understand network security.
The relation between computer and network security is simple and straightforward. Computer security and cybersecurity means the exact same thing. If a threat actor stole a USB drive with sensitive data on it, that’s definitely a cybersecurity problem. But it’s probably not a network security problem because the unauthorized data was acquired without exploiting a computer network. But if that threat actor acquires usernames and passwords to other people’s online accounts and uses them through the internet to do all sorts of bad stuff, that’s definitely a network security problem.
Within the context of network security, firewalls are devices or software applications that filter network traffic according to measurable metrics and characteristics. The internet and most other computer networks use a technology called TCP/IP, which is a way to organize network traffic into possibly thousands of ports according to the type of service they provide. There are a grand total of 65,535 TCP/IP ports and we barely use most of them. Some of the most commonly used ports include port 443 for HTTPS encrypted web traffic, and ports 25, 465, 587, and 2525 for different types of SMTP email services.
One of the most common types of network firewalls is one that blocks and filters TCP/IP ports. The general wisdom is to block any ports you don’t ever use and filter the ports you need. That way, there are fewer ways for a cyber attacker to exploit you. We call that reducing your cyber attack surface!
Some firewalls can also block or allow applications. Other firewalls block or allow network activity according to how it behaves. Some firewalls can do multiple types of blocking and filtering. Configuring firewalls for optimal network security can be a complicated process. And no firewall or firewall configuration makes you invincible from cyber attacks. But it can measurably improve the security of your network.
There are also other kinds of network security devices. Some may be found in your home, but most of these are more often seen in academic, institutional, business, and enterprise networks.
Intrusion Detection Systems or IDS is usually seen in academic, institutional, business, and enterprise networks. But occasionally this feature is starting to appear in home networking devices as well. They monitor network activity and report activity that appears to be malicious to its logs so cybersecurity professionals can address them. Sometimes you’ll also hear about Intrusion Prevention Systems (IPS), which are what they sound like. They actively try to prevent any malicious network activity that’s detected.
We should all have antivirus software on our PCs, tablets, and phones. But enterprise networks sometimes have a computer or a device that’s dedicated to scanning a network for malware and preventing it from executing on any machine in the network.
Honeypots in the context of network security are computers which are designed for cybercriminals to attack. Their purpose is to keep attacks away from the rest of the network, and to monitor how cyber attacks behave in order to improve a network’s resilience to cyber attacks.
Sometimes business and enterprise networks have Unified Threat Management (UTM) systems which combine these various network security functions.
Really large datacenters sometimes have a SIEM, a Security Information and Event Management system. These can be configured with SIEM correlation rules in order to scan all of the device logs in a network for anomalous or malicious behavior in order to prevent cyber attacks. These are most often used in a SOC, a security operations center that a lot of larger companies and institutions have in order to defend against cyber attacks.
A network security engineer is trained in the implementation of network security. They do the day-to-day work of defending a network from cyber attacks. Here are some other roles in network security. A SOC analyst does their everyday work in a SOC. Network administrators operate a network with some security responsibilities. In smaller organizations, a network administrator may be the person in charge of network security as a whole. In larger organizations, a network administrator collaborates with network security specialists while doing constant network administration work.
Here at Hack The Box, we help a lot of people to become penetration testers-- people who simulate cyber attacks with permission of the companies they work for in order to find security vulnerabilities. But many people in our HTB Community have also used the hacker skills they learn here in the sort of defensive network security roles I’ve mentioned.
HTB Academy is a great way to start learning about network security! We have some very useful courses including Network Enumeration with Nmap, Active Directory LDAP, and of course, Introduction to Networking. Jump right in today and make the first move in your network security career!