Sunday, 26 December 2021

OSI layer theory

 

What is OSI layer?

As per “geeksforgeeks” website: OSI stands for Open Systems Interconnection. It has been developed by ISO – ‘International Organization of Standardization‘, in the year 1984. It is 7 layer architecture with each layer having specific functionality to perform. All these 7 layers work collaboratively to transmit the data from one person to another across the globe.


Layers of OSI:


1. Physical Layer

2. Data Link Layer

3. Network Layer

4. Transport Layer

5. Session Layer

6. Presentation Layer

7. Application Layer


At receiver side Physical layer will be the first layer and data link layer will be second layer and so on

 But at sender side Application layer will be the first layer and Presentation layer will be the second layer

We can remember the layers name by below line:

Please do not touch Stephen pet animal (PDNTSPA)

Each work first letter start with each layer name:


1. Physical Layer:

This layer is the first layer at receiver side and last layer at sender side, as the name indicate it is responsible for actual physical connection with the device.

It converts the signal in bits and sends by physical medium

This layer converts the digital bits into electrical, radio, or optical signals

Responsibility of physical layer:

Topology management: The topology like Bus topology, Star topology etc are managed by physical layer.

Data Flow control: The Physical layer also defines the transmission rate i.e. the number of bits sent per second.

Synchronization: It is responsible for bit synchronization

Device use at physical layer: Cables, Hubs

Protocols used at this layer: The major protocols used by this layer include Bluetooth, PON, OTN, DSL, IEEE.802.11, IEEE.802.3, L431 and TIA 449


Data Link Layer:

  • The main use of data link layer is to control error. Ensures that the data received is free of any errors, and to do that it also monitors flow control of packets. It sends data as per acknowledgement of receiver and vise versa.

 

Data link layer has two parts:

1. Media Access control MAC

2. Logic Link control LLC

Ø The packet received by Data link layer divided into frames.

Ø After framing it add MAC address on header of each frame it is also called physical addressing

Ø It encapsulates Sender and Receiver’s MAC address in the header

Ø It uses ARP (Address Resolution Protocol) protocol to get receiver MAC address.

Ø Switch & Bridge are Data Link Layer devices

Protocol used: ARP, CSLIP, HDLC,


Network Layer:

It also takes care of packet routing i.e. selection of the shortest path to transmit the packet, from the number of routes available

It uses sender and receiver IP address are added to its header for routing

It provide logical addressing for routing address

Device used in network layer is routers. 

Protocols: Routing Protocols, IP, ICMP


Transport layer:

Transport layer is responsible for segmentation and flow control error to ensure proper data transmission. Each segment has its header which contains basic information which helps in reassembly of segments. It also adds Source and Destination port numbers in its header and forwards the segmented data to the Network Layer. 

Transport Layer is called as Heart of OSI model.

It provides connection oriented connection in such connection below steps take place:

1. Stable a connection  

2. Transfer data in segments and do acknowledgement

3. Once sender get acknowledgement it disconnect the connection

Protocols: TCP (TCP stands for transmission control protocol)

, IP, UDP, DCCP and SCTP

 Session layer:

This layer is responsible for the establishment of connection, maintenance of sessions, authentication, and also ensures security. It is end to end layer which stabiles connection and disconnect only when data get transfer and session layer get confirmation for same

It also provide logical ports for data transfer

It support communication between two device by half and full duplex model

PPTP, SAP, L2TP and NetBIOS


Presentation layer:

This layer is responsible for Translation, Encryption/ Decryption, Compression:

We can understand this with an example.

Suppose a user send a message then he send message by any application like Gmail, facebook etc that application work on Application layer but when we send message it get encrypted before it send to someone else this encryption take place at presentation layer.

Or suppose we receive any file (for ex. MP3 file) when we try to open that we get option to open in VLC media this selection option take place at presentation layer.

And we open file in an application this application work at application layer.

Protocols: XDR, TLS, SSL and MIME


Application layer:

At the very top of the OSI Reference Model stack of layers, we find the Application layer which is implemented by the network applications

Ex: Application – Browsers, Skype Messenger, etc. 

Protocols: HTTP, SMTP, DHCP, FTP, Telnet, SNMP and SMPP.

Code Injection

 

Code Injection

 Definition:

Code injection occurs when an attacker exploits a vulnerability in a system by injecting malicious code into a vulnerable program. This manipulation allows the attacker to alter the program’s intended execution, often resulting in severe consequences such as the spread of computer viruses or worms.

Types of Code Injection:

  1. Cross-site Scripting (XSS): Learn more
  2. SQL Injection: Learn more
  3. LDAP Injection
  4. Carriage Return-Line Feed Injection (CRLF)
  5. SMTP Injection
  6. Command Injection

How to Protect Against Code Injection:

  1. Strong Coding Practices:
    Ensure secure coding techniques are followed during application development. Validate and sanitize all user inputs to prevent malicious code from being processed.

  2. Comprehensive Security Testing:
    Perform thorough security testing of applications or websites before deployment to identify and fix potential vulnerabilities.

  3. Use Trusted and Secure Applications:
    Always use authorized websites and verified secure applications to minimize risks.

  4. Implement Least Privilege Access:
    Grant users only the minimum access necessary for their roles. For instance, if an employee does not require internet access for their work, restrict their access to prevent unnecessary exposure to risks.

Class of IP Address

 

Class of IP Address

What is IP address ?

A unique string of characters that identifies each computer using the Internet Protocol to communicate over a network

It consist for 4 bytes.

Ex: 10.23.54.67

Note: An IP address must be unique within any network.

 

There are 5 class of IP address.

Class A: 1-127

Used for large number of hosts.

Class A IP has one network byte and 3 host byte

Ex: N.H.H.H ( here N stands for Network IP and H stands for Host address)

We can understand this with example:

Suppose we have IP 10.10.10.10

Then mask address: 255.0.0.0

And Network address: 10.0.0.0

Note: An address mask represents a subnet used in computer networking

Network IP represents the number of networks

 

Class B: 128 – 191

Used for medium size network.

Class B IP has two byte for network address and 2 byte for host address

Ex: N.N.H.H ( here N stands for Network IP and H stands for Host address)

We can understand this with example:

Suppose we have IP

IP Address:           150.150.150.15

Mask Address:     225.225.0.0

Network address: 150.150.0.0

Class C: 192 – 223


Used for local area network.

Class B IP has Three byte for network address and 1 byte for host address

Ex: N.N.N.H ( here N stands for Network IP and H stands for Host address)

We can understand this with example:

Suppose we have IP

IP Address:           200.10.10.10

Mask Address:     225.225.255.0

Network address: 200.10.10.0

Class D: 224 – 239

Reserve for multi-tasking.

Class E: 240 – 255

This class is reserved for research and Development Purposes.

There are few things we need to know in IP address:

1. The hosts located in the same network, We suppose to assign  the same network ID.

2. IP address cannot start with 127 as 127 is used exclusively by Class A.

3. If all the bits of the network ID are set to 0, it could not be assigned as it specifies a particular host on the local network.

4. If all the bits of the network ID are set to 1, it could not be assigned as it is reserved for multicast address.

Tailgating and Impersonation

 

Tailgating and  Impersonation

 

Tailgating is a technique in which a person uses someone else’s access to a building or in a campus where he is not authorized.

It can be very dangerous if unauthorized person access an office or try to get sensitive information.

It may happen by just following someone across the gate.

Even if two people work in same office, each  person has its own limitation to access office area, if someone work in First floor of a building and if he do not have access of second floor he do not suppose to access second floor if he is doing it comes under Tailgating.

It’s very easy to do tailgating someone just try to make friendship with someone else in a common area like common smoking area in office or outside the campuses at any food stall they will try to make friendship and may request to allow him to enter in office campuses.

How to Protect from Tailgating:

An organization can make policy to display I-Card whenever they are in office campus.

We can use scan lock door, so that only those people get access who are authorized.

It’s everyone moral responsibility to ask question if you find any unknown or not using not using I-card.

Make entry door in such a way that only one person can enter at a time. We can see such doors used in Metro station so that only one person can pass at a time that has ticket or metro pass.

 

 

    Impersonation

Impersonation means someone pretend to be someone else

A guy may make fake social media profile to pretend as someone else to get some information.

Someone may call you and say they are calling from IT department and they may try to get sensitive information like IP address, software and antivirus details

How to protect:  

Never provide sensitive information like password, bank details or family details.

Cross check authorized phone number, email before sharing any information or money.

 

Saturday, 18 December 2021

Denial of Service

 

Denial of Service

Force a service to fast (It happens due to overload of services)

It cause a system or service to be unavailable

Attacker use advantage of a design failure or vulnerability

It may happen unintentional or may be intentional

Cause:

1. If there is low bandwidth and everyone try to download something

2. If an attacker attack any computer from multiple location

3. A loop without STP (STP stand for spanning tree protocol is a net work protocol that build a loop free logical topology for Ethernet network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them )

 

 

 


 

 

 

 

DDOS amplification

In This attack, attacker send very small attack but when it reach us it become larger attack protocols use for this are NTP, DNS, ICMP.

Ex. When we request for DNS key we get answer in large key.

Now attacker use this, he ask for small information but he get larger information in return, now if attacker ask this information to multiple computer all computer will send request to DNS server and all DNS server will send this information to web server.

 


Buffer overflows

 

Buffer overflows

Buffer is a fixed storage space

Buffer space is used to store a data for example: Suppose you added 2 numbers 5+6=11 now you if you want to multiple the output of this two numbers then you need to store this number in a buffer so 11 will be store in buffer and then in next step we will multiple 11 with a new number.

As we know buffer has a fix size so if we will try to store a values whose size is more than buffer size then it may create big issue.

Type of buffer overflow:

1. Stack overflow attack

2. Heap overflow attack

3. Integer overflow attack

4. Unicode overflow

Buffer overflow issue can be seen in C and C++ programming

There is few function like Scanf, gets Printf, Sprintf, Strcat, Strcpy etc which can lead to a buffer overflow.

Lets take an example of buffer over flow, we will assume it is Last in first out

Main(int argc, Char *argv[])

{

   func(argv[1]);

       {

          Char buffer [10];

          Strcpy(buffer, v);

       }

}

The strcpy() function in the above example copies the command arguments into the destination buffer variable without checking the string length

 

We will enter value “AAAAAAAAAAAAAAAAAAA”

Here we enter values more than the size 10, now how program run:

Fun()

Buffer[10]

return address

main()

local variables

 

 

Here value will store in buffer memory but if value is more than 10 then it will store in return address and it will return wrong value

 

 

Phishing

 

Phishing

 

You may get email or message which contain similar type of URL, but not the real one and when you will check on that you will get similar type of website:

For ex: https://rahulprakash156.blogsport.com

https://rahuulprakash156.blogsport.com ---Wrong Website

 

After logging in wrong website you may share your user name, email id Password etc

Vishing (Voice Phishing)

In office they may call and say they are calling from bank or from your boss office.

In India there is a case under investigating in which a man call a business man’s wife and said that they are from ruling part and they need donation and like that he took 200 cr.

Smishing (SMS Phishing) is done by text message

Spear Phishing:

They target a very particular person like CEO of a company for a particular information