You are currently viewing The Crucial Role of Computer Networking in Cybersecurity

The Crucial Role of Computer Networking in Cybersecurity

Importance of computer networking in cybersecurity

In the continuous development of technology, a solid grasp of computer networking is crucial for cybersecurity professionals.

Networking as well as Linux (including scripting) and servers are the key prerequisites that need to be addressed thoroughly before passing to security concepts. Similar to structural engineering, where a solid foundation is the starting point for building structures, networking concepts serve as the groundwork.

Concepts from networking that should be learned

Returning to networking, securing a network, website, or app requires an understanding of how technologies and computers communicate. Below are provided some of the base concepts that need to be studied and integrated as knowledge and skills from this area:

  1. TCP/IP Protocols
    • Understanding the foundational TCP/IP protocols, such as TCP, UDP, IP, and ICMP, is crucial for analyzing network traffic and identifying security threats.
  2. Subnetting and IP Addressing
    • Mastering subnetting and IP addressing is fundamental for designing secure networks and implementing effective network segmentation.
  3. Firewalls and Network Security Devices
    • Proficiency in the operation of firewalls and various network security devices is crucial for securing perimeters and monitoring traffic across network layers.
  4. Virtual Private Networks (VPNs)
    • Knowledge of VPN protocols, encryption methods, and configurations is essential for ensuring secure communication over untrusted networks.
  5. Intrusion Detection and Prevention Systems (IDS/IPS)
    • Acquiring knowledge about IDS/IPS, including signature-based and anomaly-based detection methods, is critical for identifying and mitigating network threats.
  6. Network Monitoring and Packet Analysis:
    • Proficient use of tools like Wireshark for packet analysis is vital, aiding in the identification of anomalies, malicious activity, and potential vulnerabilities.
  7. Network Topologies and Architectures
    • Understanding various network topologies, including star, mesh, bus, and ring, is essential for designing scalable and secure network architectures.
  8. Wireless Security
    • Knowledge of wireless security challenges and protocols (WPA/WPA2 or WPA3) is crucial for securing Wi-Fi networks and mitigating wireless-specific attacks.
  9. DNS and DHCP Security
    • Understanding secure configurations, DNS filtering, and DHCP snooping is crucial to prevent network-based threats often exploited in cyber-attacks.
  10. Network Hardening Techniques:
    • Implementing security best practices, such as disabling unnecessary services and enforcing strong authentication, is essential for hardening routers, switches, and other network devices.
  11. Cloud Networking Security
    • Mastery of cloud networking security, including virtual networks, security groups, and identity and access management, is crucial as organizations transition to the cloud.
  12. Security Standards and Compliance
    • Familiarity with security standards and compliance frameworks, such as ISO 27001, NIST, and CIS benchmarks, is essential for maintaining a robust and compliant cybersecurity posture.

Computer networking project

To showcase the knowledge, I learned from this area, I decided to tackle a complex project, like the one from the Cybersecurity Masterclass provided by the teachbit.ro platform, which is addressed during the Computer Networking Masterclass. One key point that needs to be mentioned is that indeed key security measures could also be addressed in this topology, but it was not defined as part of the objective for the current project. For example, port security may be assigned to mitigate a DoS attack – MAC flooding on a switch for example. However, these topics will be addressed in detail in other projects where security concepts are studied also.

The project requirements were grouped into two categories: 

    • Routing
    • Switching

For the routing part, the following tasks were given (the template topology is given in the left figure below):

    • Allocate IP addresses for the network between the routers with a subnet mask of /30 from the network 89.61.128.0/24
    • Perform a routing configuration using static routes.
    • Define a static default route from R4 to ISP
    • Integrate a virtual machine – WordPress by Bitnami in topology.
    • Connect the topology from GNS3 to your local PC network.

Similarly, for the switching part, other tasks were assigned (a template of the topology is in the right figure presented below):

    • Create 6 VLANs (100 – Marketing, 200 – Sales, 300 – Production, 400 – Financial, 500 – HR, 600 – IT) on switches.
    • Configure trunk interfaces between switches and access interfaces between switches and PCs.
    • Configure RoaS (Roating on a Stick) on routers to allow routing between VLANs.
    • Configure static routes between the 2 routers.

However, I decided to perform a more complex alternative of the project, in GNS3, and not in Cisco Packet Tracer, and put both parts into a single topology which is showcased in the following figure.

Before defining the topology and working on the project, I installed GNS3 IOU (IOS on UNIX), a VM from GNS3 which allows the virtualization of the operating system for the router and the switch (by default switching may not be handled without this in GNS3).

For the tasks, I used OSPF multi-area routing protocol (instead of static routes) for the network in area 0, area 3 and area 4. Area 1 and area 2, besides addressing different LANs for the switching part, were also defined as areas for OSPF protocol and integrated into the same topology.

The internet access was obtained using the cloud option from GNS3, connecting the ISP router from the topology via the ethernet adaptor defined in GNS3 VM option as bridged, and replicating the network configuration of the (NIC) Network Interface Card. Consequently, the host and the ISP router are in the same LAN.

The VM (by Bitnami) on which WordPress is hosted was integrated into the topology by linking it to the ISP router. The same procedure was adopted also for the Ubuntu VM.

Routers R1 and R6 represent routers R1 and R2 from the switching topology given in the tasks above and 2 static routes were assigned such that connectivity between the VLANs may be obtained. After defining the VLANs on the switches, I assigned RoaS on routers R1 and R6 to have connectivity in the same area between the end devices.

Completing this project, the implementation of OSPF multi-area routing, VLAN configuration, and advanced GNS3 topology integration has enhanced my technical knowledge in computer networking. These hands-on experiences not only demonstrated theoretical applications but also highlighted the intricate deployment of robust routing protocols, VLAN segmentation, and secure network architectures.

I am thrilled to bring you further insights and experiences in the upcoming articles. Stay tuned for the next project in this cybersecurity journey!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.