NETWORK FUNDAMENTALS -

Learn the core concepts of how computers communicate with each other
and types of network weaknesses.

WHAT IS THE INTERNET?

The first iteration of the Internet was within the ARPANET project in the late 1960s. This
project was funded by the United States Defense Department and was the first
documented network in action. However, it wasn't until 1989 when the Internet as we
know it was invented by Tim Berners-Lee by the creation of the World Wide Web (WWW).
It wasn't until this point that the Internet started to be used as a repository for storing
and sharing information, just like it is today.

The Internet is made up of many small networks all joined together. These small
networks are called private networks, where networks connecting these small networks
are called public networks -- or the Internet! So, to recap, a network can be one of two
types:

- A private network
- A public network

IDENTIFYING DEVICES ON A NETWORK

Devices have two ways of being identified:

- An IP Address
- A Media Access Control (MAC) Address -- think of this as being similar to a serial
number.

IP Addresses:
Briefly, an IP address (or Internet Protocol) address can be used as a way of identifying a
host on a network for a period of time, where that IP address can then be associated with
another device without the IP address changing.

An IP address is a numerical label made up of four octets (e.g., 192.168.1.1) that

uniquely identifies a device on a network. While IP addresses can vary between devices,
no two devices on the same network can share the same IP address at the same time.
This ensures proper communication and prevents conflicts. The process of assigning and
organizing these addresses is done through IP addressing and subnetting, which governs
how networks are structured.

IP addresses operate under specific protocols that standardize communication across all
networked devices, ensuring they "speak the same language." Devices can exist on
either a private or public network, and their IP address type reflects this:

- Private IP addresses are used within local networks (e.g., home, office) and are not
accessible from the internet (Used to identify a device amongst other devices).
- Public IP addresses are used on the internet and are globally unique, allowing
devices to communicate across networks (Used to identify the device on the
Internet).

The type of network a device is on determines whether it uses a private or public IP

address.

IPv6 is a new iteration of the Internet Protocol addressing scheme to help tackle this
issue. Although it is seemingly more daunting, it boasts a few benefits:

Supports up to 2^128 of IP addresses (340 trillion-plus), resolving the issues faced with
IPv4

More efficient due to new methodologies

MAC Addresses:
Every device on a network contains a physical network interface—a microchip embedded
on its motherboard. This interface is assigned a MAC (Media Access Control) address
during manufacturing. A MAC address is a 12-character hexadecimal identifier, formatted
in pairs separated by colons (e.g., a4:c3:f0:85:ac:2d):

- The first six characters identify the manufacturer of the network interface.
- The last six characters are unique to that specific device.

This address ensures hardware-level identification within a network and is essential for
data transmission at the data link layer.

MAC address spoofing is the process of faking a device's MAC address to impersonate
another device on a network. Since MAC addresses are used for identifying devices at a
low level, spoofing can bypass weak security measures that rely solely on MAC address
filtering.

For example, if a firewall is configured to trust traffic only from the administrator’s MAC
address, an attacker who spoofs that address could gain unauthorized access by tricking
the firewall.

This vulnerability is common in public Wi-Fi environments (e.g., cafes, hotels), where
MAC-based access controls may be used to limit usage or offer premium services. If a
device spoofs the MAC address of an already authorized or paying user, it can bypass
payment systems or gain faster access—highlighting why relying solely on MAC
addresses for security is flawed.

LAN TOPOLOGIES
In reference to networking, when we refer to the term "topology", we are actually
referring to the design or look of the network at hand.

1. Star Topology:

A star topology connects all devices to a central hub or switch, making it the most
common network setup today due to its reliability and scalability. Data travels through
this central device to reach its destination.

While it requires more cabling and equipment—making it more expensive—it allows for
easy expansion as more devices are added. However, as the network grows,
maintenance becomes more complex, and if the central device fails, the entire network
is affected, though such devices are typically robust.

2. Bus Topology:

A bus topology connects all devices to a single backbone cable, similar to leaves on a
tree branch.

It is cost-effective and easy to set up due to minimal cabling and equipment.

However, it has major downsides: data travels along the same path, leading to network
slowdowns and bottlenecks when multiple devices communicate simultaneously. Also,
troubleshooting is difficult, and there is low redundancy—if the backbone cable fails, the
entire network is disrupted.

3. Ring Topology:

A ring topology connects devices in a closed loop, requiring minimal cabling and no
central hardware. Data travels in one direction, passing through each device until it
reaches its destination. A device sends its own data first before forwarding others’,
helping manage traffic and reduce bottlenecks.
This topology is easier to troubleshoot due to its unidirectional flow but can be inefficient
as data may pass through many devices. Its main drawback is a single point of failure—a
break in the loop (cable or device) causes the entire network to fail.

What Is A Switch?
A switch is a network device used to connect multiple devices via Ethernet ports,
commonly found in larger networks such as businesses or schools. Switches come with
various port counts (4 to 64) and are more efficient than hubs, as they direct packets
only to the intended recipient by keeping track of connected devices—minimizing
unnecessary network traffic.

Switches can also be connected to routers or other switches to enhance network

redundancy. This creates alternate paths for data in case one path fails, ensuring
continued network operation, even if it may slightly reduce performance due to longer
routing paths.

What Is A Router?
It's a router's job to connect networks and pass data between them. It does this by using
routing (hence the name router!).

Routing is the label given to the process of data travelling across networks. Routing
involves creating a path between networks so that this data can be successfully
delivered.

SUBNETTING
Subnetting is the term given to splitting up a network into smaller, miniature networks
within itself.

Whilst you know where to send information in real life to the correct department,
networks need to know as well. Network administrators use subnetting to categorize and
assign specific parts of a network to reflect this.

Subnetting is achieved by splitting up the number of hosts that can fit within the
network, represented by a number called a subnet mask.

As we can recall, an IP address is made up of four sections called octets. The same goes
for a subnet mask which is also represented as a number of four bytes (32 bits), ranging
from 0 to 255 (0-255).

Subnets use IP addresses in three different ways:

- Identify the network address

- Identify the host address
 - Identify the default gateway

Type Purpose Explanation Example

This address For example, a device with the
identifies the start of IP address of 192.168.1.100 will 192.168.1.0
Network the actual network be on the network identified by
Address and is used to 192.168.1.0
identify a network's
existence.
An IP address here is For example, a device will have
used to identify a the network address of 192.168.1.1
Host Address device on the 192.168.1.1 00
subnet.

The default gateway Any data that needs to go to a

address is a special device that isn't on the same 192.168.1.2
address assigned to network (i.e. isn't on 54
a device on the 192.168.1.0) will be sent to this
Default network that is device.
Gateway capable of sending These devices can use any host
information to address but usually use either
another network the first or last host address in a
network (.1 or .254)

Subnetting provides a range of benefits, including:

- Efficiency
- Security
- Full control

Let's take the typical café on the street. This cafe will have two networks:

- One for employees, cash registers, and other devices for the facility
- One for the general public to use as a hotspot

Subnetting allows you to separate these two use cases from each other whilst having the
benefits of a connection to larger networks such as the Internet.

ARP (Address Resolution Protocol)

The Address Resolution Protocol or ARP for short, is the technology that is responsible for
allowing devices to identify themselves on a network.
Simply, ARP allows a device to associate its MAC address with an IP address on the
network. Each device on a network will keep a log of the MAC addresses associated with
other devices.

When devices wish to communicate with another, they will send a broadcast to the
entire network searching for the specific device. Devices can use ARP to find the MAC
address (and therefore the physical identifier) of a device for communication.

How Does ARP Work?

In a network, each device maintains a cache, known as the ARP cache, which stores
mappings of IP addresses to MAC addresses. This process is managed by the Address
Resolution Protocol (ARP).

ARP uses two key message types:

- ARP Request: A broadcast asking, “Who has this IP address? Tell me your MAC
address.”
- ARP Reply: A response sent by the device that owns the IP address, providing its
MAC address.

Once a device receives the reply, it stores the IP-to-MAC mapping in its ARP cache. This
allows for faster communication in the future, as the device won’t need to ask again
unless the entry expires or changes.

DHCP (Dynamic Host Configuration Protocol)

IP addresses can be assigned in two ways:

- Manually: Entered directly into a device’s settings.

- Automatically: Assigned by a DHCP (Dynamic Host Configuration Protocol) server,
which is the most common method.

When a device connects to a network and doesn’t already have an IP address, it follows
a DHCP process:

- DHCP Discover – The device broadcasts a request asking for an IP address.

- DHCP Offer – A DHCP server responds with an available IP address.
- DHCP Request – The device requests to use the offered address.
- DHCP ACK – The server confirms the assignment, and the device begins using the
IP.

This automated process ensures efficient and conflict-free IP address assignment within
a network.
 THE OSI MODEL (Open Systems Interconnection Model)
The OSI (Open Systems Interconnection) model is a fundamental framework in
networking that standardizes how devices communicate across a network. It allows
devices with different designs and purposes to send, receive, and interpret data in a
uniform, interoperable way.

One of its key strengths is promoting compatibility and structure in network

communication through a layered approach.

The OSI model consists of seven layers, each with distinct responsibilities:

- Layer 7 – Application: Interfaces directly with user applications.

- Layer 6 – Presentation: Translates, encrypts, and compresses data.
- Layer 5 – Session: Manages sessions and connections.
- Layer 4 – Transport: Ensures reliable data transfer (e.g., TCP).
- Layer 3 – Network: Routes data across networks (e.g., IP).
- Layer 2 – Data Link: Manages MAC addresses and physical addressing.
- Layer 1 – Physical: Handles the actual transmission of bits over a medium.

As data moves down through the layers during transmission, each layer adds its own
information — a process called encapsulation. On the receiving end, this process is
reversed (decapsulation), allowing accurate interpretation of the message.

1. Layer 1 - Physical:

This layer is one of the easiest layers to grasp. Put simply, this layer references the
physical components of the hardware used in networking and is the lowest layer that you
will find. Devices use electrical signals to transfer data between each other in a binary
numbering system (1's and 0's).

For example, ethernet cables connecting devices.

2. Layer 2 - Data Link:

The data link layer focuses on the physical addressing of the transmission.

It receives a packet from the network layer (including the IP address for the remote
computer) and adds in the physical MAC (Media Access Control) address of the receiving
endpoint. Inside every network-enabled computer is a Network Interface Card (NIC)
which comes with a unique MAC address to identify it.
MAC addresses are set by the manufacturer and literally burnt into the card; they can’t
be changed – although they can be spoofed. When information is sent across a network,
it’s actually the physical address that is used to identify where exactly to send the
information.

Additionally, it’s also the job of the data link layer to present the data in a format
suitable for transmission.

3. Layer 3 - Network:
The third layer of the OSI model (network layer) is where the magic of routing & re-
assembly of data takes place (from these small chunks to the larger chunk). Firstly,
routing simply determines the most optimal path in which these chunks of data should
be sent.

Whilst some protocols at this layer determine exactly what is the "optimal" path that
data should take to reach a device, we should only know about their existence at this
stage of the networking module.

Briefly, these protocols include OSPF (Open Shortest Path First) and RIP (Routing
Information Protocol).

The factors that decide what route is taken is decided by the following:

- What path is the shortest? I.e. has the least amount of devices that the packet
needs to travel across.
- What path is the most reliable? I.e. have packets been lost on that path before?
- Which path has the faster physical connection? I.e. is one path using a copper
connection (slower) or a fibre (considerably faster)?

At this layer, everything is dealt with via IP addresses such as 192.168.1.100. Devices
such as routers capable of delivering packets using IP addresses are known as Layer 3
devices — because they are capable of working at the third layer of the OSI model.

4. Layer 4 - Transport:
Layer 4 of the OSI model plays a vital part in transmitting data across a network. When
data is sent between devices, it follows one of two different protocols that are decided
based upon several factors:

- TCP (Transmission Control Protocol)

- UDP (User Datagram Protocol)

TCP (Transmission Control Protocol):

The Transmission Control Protocol (TCP). Potentially hinted by the name, this protocol is
designed with reliability and guarantee in mind. This protocol reserves a constant
connection between the two devices for the amount of time it takes for the data to be
sent and received.

Not only this, but TCP incorporates error checking into its design. Error checking is how
TCP can guarantee that data sent from the small chunks in the session layer (layer 5)
has then been received and reassembled in the same order.

Advantages Of TCP:

- Guarantees the accuracy of data.

- Capable of synchronising two devices to prevent each other from being flooded
with data.
- Performs alot more processes for reliability.

Disadvantages Of TCP:

- Requires a reliable connection between the two devices. If one small chunk of data
is not received, then the entire chunk of data cannot be used.
- A slow connection can bottleneck another device as the connection will be
reserved on the receiving computer the whole time.
- TCP is significantly slower than UDP because more work has to be done by the
devices using this protocol.

TCP is used for situations such as file sharing, internet browsing or sending an email.
This usage is because these services require the data to be accurate and complete (no
good having half a file!).

UDP (User Datagram Protocol):

The User Datagram Protocol (or UDP for short). This protocol is not nearly as advanced
as its brother - the TCP protocol. It doesn't boast the many features offered by TCP, such
as error checking and reliability. In fact, any data that gets sent via UDP is sent to the
computer whether it gets there or not. There is no synchronization between the two
devices or guarantee; just hope for the best, and fingers crossed.

Advantages of UDP:

- It is much faster than TCP.

- UDP leaves the application layer (User Software) to decide if there is any control
over how quickly data packets are sent.
- UDP doesn't reserve a continuous connection on a device as TCP does.

Disadvantages of UDP:

- UDP doesn't care if the data is recieved.

- It is flexible.
 - Unstable connections result in terrible experiences for the user.

UDP is useful in situations where there are small pieces of data being sent. For example,
protocols used for discovering devices (ARP and DHCP) or larger files such as video
streaming (where it is okay if some part of the video is pixelated. Pixels are just lost
pieces of data!)

5. Layer 5 - Session:
Once data has been correctly translated or formatted from the presentation layer (layer
6), the session layer (layer 5) will begin to create and maintain the connection to other
computer for which the data is destined. When a connection is established, a session is
created. Whilst this connection is active, so is the session.

The session layer is also responsible for closing the connection if it hasn't been used in a
while or if it is lost. Additionally, a session can contain "checkpoints," where if the data is
lost, only the newest pieces of data are required to be sent, saving bandwidth.

What is worthy of noting is that sessions are unique — meaning that data cannot travel
over different sessions, but in fact, only across each session instead.

6. Layer 6 - Presentation:
Layer 6 of the OSI model is the layer in which standardization starts to take place.
Because software developers can develop any software such as an email client
differently, the data still needs to be handled in the same way — no matter how the
software works.

This layer acts as a translator for data to and from the application layer (layer 7). The
receiving computer will also understand data sent to a computer in one format destined
for in another format. For example, when you send an email, the other user may have
another email client to you, but the contents of the email will still need to display the
same.

Security features such as data encryption (like HTTPS when visiting a secure site) occur
at this layer.

7. Layer 7 - Application:
The Application Layer (Layer 7) is the topmost layer of the OSI model and the one you're
most familiar with as a user. It defines how users interact with networked services
through applications and protocols.
It provides protocols and rules for how data should be presented to the user. Common
programs like web browsers, email clients, and FTP tools (e.g., FileZilla) operate at this
layer. It offers Graphical User Interfaces (GUIs) to make data interaction intuitive and
user-friendly.

Includes essential protocols such as:

- DNS – Converts website names (like www.example.com) into IP addresses.

- HTTP/HTTPS – For web communication.
- SMTP/IMAP/POP3 – For sending and receiving email.
- FTP – For file transfers.

In short, the Application Layer is where network communication meets the user,
translating technical data into usable interfaces and experiences.

PACKETS & FRAMES

Packets and frames are both small units of data used to transmit information across a
network, but they serve different roles within the OSI model. A packet exists at Layer 3,
the Network Layer, and includes information such as IP addresses, allowing data to travel
between networks. In contrast, a frame operates at Layer 2, the Data Link Layer, and is
responsible for delivering data within the same local network using MAC addresses,
without involving IP addresses.

You can think of this relationship like mailing an envelope within another envelope. The
outer envelope (the packet) has the destination address needed to get through the
postal system (the internet), while the inner envelope (the frame) contains local delivery
details. This wrapping and layering of data is called encapsulation, where each layer of
the OSI model adds specific information to help guide the data to its destination. When
the data arrives, the process is reversed—called decapsulation—to access the original
content.

Using packets to divide large data into smaller parts is highly efficient. It prevents
network congestion by sending manageable chunks of data rather than a single large
message. For example, when loading an image from a website, the image is broken
down into multiple packets. These are sent separately and then reassembled on your
device to display the complete image. In essence, packets handle long-distance travel
with routing via IP addresses, while frames manage local delivery within the same
network, both working together to ensure smooth and reliable communication.

Packets can have different structures, depending on the type of packet and the protocol
used to send it. In networking, there are countless standards and protocols that define
how data should be packaged, transmitted, and interpreted. These protocols act as a
universal rulebook, ensuring that devices—from phones to servers—can understand each
other, even across different systems and manufacturers. Without this standardization,
communication across the vast, interconnected world of the internet would be chaotic
and unreliable.

Take the Internet Protocol (IP) as an example. When a packet uses IP, it includes a
header—a section of the packet that contains extra information about the data being
transmitted. This header doesn’t carry the actual content but rather important metadata
such as the source IP address, destination IP address, packet length, and routing
instructions. These details help network devices know where the packet is from, where
it’s going, and how to handle it along the way.

This structured format allows each networked device to process the packet correctly and
ensures the data reaches its intended destination efficiently and accurately.

Some notable headers include:

- Time to Live - This field sets an expiry timer for the packet to not clog up your
network if it never manages to reach a host or escape!
- Checksum - This field provides integrity checking for protocols such as TCP/IP. If
any data is changed, this value will be different from what was expected and
therefore corrupt.
- Source Address - The IP address of the device that the packet is being sent from so
that data knows where to return to.
- Destination Address - The device's IP address the packet is being sent to so that
data knows where to travel next.

TCP/IP (The Three-Way Handshake)

TCP (or Transmission Control Protocol for short) is another one of these rules used in
networking.

The TCP/IP protocol consists of four layers and is arguably just a summarised version of
the OSI model. These layers are:

- Application
- Transport
- Internet
- Network Interface

Very similar to how the OSI model works, information is added to each layer of the TCP
model as the piece of data (or packet) traverses it. As you may recall, this process is
known as encapsulation - where the reverse of this process is decapsulation.

One defining feature of TCP is that it is connection-based, which means that TCP must
establish a connection between both a client and a device acting as a server before data
is sent.

Because of this, TCP guarantees that any data sent will be received on the other end.
This process is named the Three-way handshake.
TCP packets contain various sections of information known as headers that are added
from encapsulation. Let's explain some of the crucial headers below:

- Source Port - This value is the port opened by the sender to send the TCP packet
from. This value is chosen randomly (out of the ports from 0-65535 that aren't
already in use at the time).
- Destination Port - This value is the port number that an application or service is
running on the remote host (the one receiving data); for example, a webserver
running on port 80. Unlike the source port, this value is not chosen at random.
- Source IP - This is the IP address of the device that is sending the packet.
- Destination IP - This is the IP address of the device that the packet is destined for.
- Sequence Number - When a connection occurs, the first piece of data transmitted
is given a random number.
- Acknowledgement Number - After a piece of data has been given a sequence
number, the number for the next piece of data will have the sequence number + 1.
- Checksum - This value is what gives TCP integrity. A mathematical calculation is
made where the output is remembered. When the receiving device performs the
mathematical calculation, the data must be corrupt if the output is different from
what was sent.
- Data - This header is where the data, i.e. bytes of a file that is being transmitted, is
stored.
- Flag - This header determines how the packet should be handled by either device
during the handshake process. Specific flags will determine specific behaviours,
which is what we'll come on to explain below.

The Three-way handshake - the term given for the process used to establish a
connection between two devices. It communicates using a few special messages. The
table below highlights the main ones:

Step Message Description

A SYN message is the initial packet sent by a client during the
1 SYN handshake. This packet is used to initiate a connection and
synchronize the two devices together.
This packet is sent by the receiving device (server) to acknowledge
2 SYN/ACK
the synchronization attempt from the client.
The acknowledgement packet can be used by either the client or
3 ACK server to acknowledge that a series of messages/packets have been
successfully received.
Once a connection has been established, data (such as bytes of a
4 DATA
file) is sent via the "DATA" message.
This packet is used to cleanly (properly) close the connection after it
5 FIN
has been complete.
# RST This packet abruptly ends all communication. This is the last resort
and indicates there was some problem during the process. For
 example, if the service or application is not working correctly, or the
system has faults such as low resources.

Any sent data is given a random number sequence and is reconstructed using this
number sequence and incrementing by 1. Both computers must agree on the same
number sequence for data to be sent in the correct order. This order is agreed upon
during three steps:

1. SYN - Client: Here's my Initial Sequence Number(ISN) to SYNchronise with (0)

2. SYN/ACK - Server: Here's my Initial Sequence Number (ISN) to SYNchronise with
(5,000), and I ACKnowledge your initial number sequence (0)
3. ACK - Client: I ACKnowledge your Initial Sequence Number (ISN) of (5,000), here is
some data that is my ISN+1 (0 + 1)

TCP Closing A Connection:

First, TCP will close a connection once a device has determined that the other device has
successfully received all of the data.

Because TCP reserves system resources on a device, it is best practice to close TCP
connections as soon as possible.

To initiate the closure of a TCP connection, the device will send a "FIN" packet to the
other device. Of course, with TCP, the other device will also have to acknowledge this
packet.

UDP/IP
The User Datagram Protocol (UDP) is another protocol that is used to communicate data
between devices.

Unlike its brother TCP, UDP is a stateless protocol that doesn't require a constant
connection between the two devices for data to be sent. For example, the Three-way
handshake does not occur, nor is there any synchronization between the two devices.

As mentioned, no process takes place in setting up a connection between two devices.

Meaning that there is no regard for whether or not data is received, and there are no
safeguards such as those offered by TCP, such as data integrity.

UDP packets are much simpler than TCP packets and have fewer headers. However, both
protocols share some standard headers, which are what is annotated below:

- Time to Live (TTL) - This field sets an expiry timer for the packet, so it doesn't clog
up your network if it never manages to reach a host or escape!
 - Source Address - The IP address of the device that the packet is being sent from,
so that data knows where to return to.
- Destination Address - The device's IP address the packet is being sent to so that
data knows where to travel next.
- Source Port - This value is the port that is opened by the sender to send the UDP
packet from. This value is randomly chosen (out of the ports from 0-65535 that
aren't already in use at the time).
- Destination Port - This value is the port number that an application or service is
running on the remote host (the one receiving the data); for example, a webserver
running on port 80. Unlike the source port, this value is not chosen at random.
- Data - This header is where data, i.e. bytes of a file that is being transmitted, is
stored.

Any port that is within 0 and 1024 (1,024) is known as a common port. Let's explore
some of these other protocols below:

Port
Protocol Description
Number
This protocol is used by a file-sharing
application built on a client-server model,
File Transfer Protocol (FTP) 21
meaning you can download files from a
central location.
This protocol is used to securely login to
Secure Shell (SSH) 22 systems via a text-based interface for
management.
This protocol powers the World Wide Web
HyperText Transfer Protocol
80 (WWW)! Your browser uses this to download
(HTTP)
text, images and videos of web pages.
HyperText Transfer Protocol This protocol does the exact same as
443
Secured (HTTPS) above; however, securely using encryption.
This protocol is similar to the File Transfer
Server Message Block Protocol (FTP); however, as well as files,
445
(SMB) SMB allows you to share devices like
printers.
This protocol is a secure means of logging
in to a system using a visual desktop
Remote Desktop Protocol
3389 interface (as
(RDP)
opposed to the text-based limitations of the
SSH protocol).

PORT FORWARDING
Port forwarding is an essential component in connecting applications and services to the
Internet. Without port forwarding, applications and services such as web servers are only
available to devices within the same direct network.

It is easy to confuse port forwarding with the behaviours of a firewall. However, at this
stage, just understand that port forwarding opens specific ports (recall how packets
work). In comparison, firewalls determine if traffic can travel across these ports (even if
these ports are open by port forwarding).

Port forwarding is configured at the router of a network.

FIREWALLS 101
A firewall is a device within a network responsible for determining what traffic is allowed
to enter and exit. Think of a firewall as border security for a network.

An administrator can configure a firewall to permit or deny traffic from entering or

exiting a network based on numerous factors such as:

- Where is the traffic coming from? (has the firewall been told to accept/deny traffic
from a specific network?)
- Where is the traffic going to? (has the firewall been told to accept/deny traffic
destined for a specific network?)
- What port is the traffic for? (has the firewall been told to accept/deny traffic
destined for port 80 only?)
- What protocol is the traffic using? (has the firewall been told to accept/deny traffic
that is UDP, TCP or both?)

Firewalls perform packet inspection to determine the answers to these questions.

We'll cover the two primary categories of firewalls:

1. Stateful:

This type of firewall uses the entire information from a connection; rather than
inspecting an individual packet, this firewall determines the behaviour of a device based
upon the entire connection.

This firewall type consumes many resources in comparison to stateless firewalls as the
decision making is dynamic. For example, a firewall could allow the first parts of a TCP
handshake that would later fail.

If a connection from a host is bad, it will block the entire device.

2. Stateless:

This firewall type uses a static set of rules to determine whether or not individual
packets are acceptable or not. For example, a device sending a bad packet will not
necessarily mean that the entire device is then blocked.

Whilst these firewalls use much fewer resources than alternatives, they are much
dumber. For example, these firewalls are only effective as the rules that are defined
within them. If a rule is not exactly matched, it is effectively useless.

However, these firewalls are great when receiving large amounts of traffic from a set of
hosts (such as a Distributed Denial-of-Service attack)
 VPN BASICS
A Virtual Private Network (or VPN for short) is a technology that allows devices on
separate networks to communicate securely by creating a dedicated path between each
other over the Internet (known as a tunnel). Devices connected within this tunnel form
their own private network.

Benefits Of A VPN:

Benefit Description
Allows networks in For example, a business with multiple offices will find VPNs
different geographical beneficial, as it means that resources like
connections to be servers/infrastructure can be accessed from another office.
connected.
VPN technology uses encryption to protect data. This means
that it can only be understood between the devices it was
being sent from and is destined for, meaning the data isn't
vulnerable to sniffing.
Offers privacy.
This encryption is useful in places with public WiFi, where no
encryption is provided by the network. You can use a VPN to
protect your traffic from being viewed by other people.
Journalists and activists depend upon VPNs to safely report
on global issues in countries where freedom of speech is
controlled.

Usually, your traffic can be viewed by your ISP and other

Offers anonymity. intermediaries and, therefore, tracked.

The level of anonymity a VPN provides is only as much as

how other devices on the network respect privacy. For
example, a VPN that logs all of your data/history is
essentially the same as not using a VPN in this regard.

VPN technology has improved over the years. Let's explore some existing VPN
technologies below:

VPN Technology Description

This technology is used by PPTP (explained below) to allow for
authentication and provide encryption of data. VPNs work by
PPP using a private key and public certificate (similar to SSH). A
(Point-to-Point private key & certificate must match for you to connect.
Protocol)
This technology is not capable of leaving a network by itself (non-
routable).
PPTP The Point-to-Point Tunneling Protocol (PPTP) is the technology
(Point-to-Point that allows the data from PPP to travel and leave a network.
Tunneling Protocol) PPTP is very easy to set up and is supported by most devices. It
 is, however, weakly encrypted in comparison to alternatives.
Internet Protocol Security (IPsec) encrypts data using the existing
Internet Protocol (IP) framework.
IPSec
(Internet Protocol
IPSec is difficult to set up in comparison to alternatives; however,
Security)
if successful, it boasts strong encryption and is also supported on
many devices.