CCT 110: Networking Essentials Unveiled - IPv4, IPv6, IP Classes, ICMP, IGMP, and ARP for Cybersecurity Success (D4.1.2)

Ever wondered how the invisible threads of the internet hold together the vast tapestry of global communication? Join me, Sean Gerber, as we unravel the mystique behind internet protocols, where the transition from IPv4's limited landscape to IPv6's boundless horizons marks a revolution in digital connectivity. Illuminating the depths of IP classes, address schemes, and the critical importance of understanding these concepts, we equip you with the essential know-how to navigate the cybersecurity realm with confidence.

The digital era's Achilles' heel—cybersecurity—is laid bare as we dissect the harrowing Mega Breach Database incident, a stark reminder of our shared vulnerability in this interconnected world. Together, we shed light on the armor of password management and the shield of multi-factor authentication, forging strategies to fortify our defenses against cyber threats. By imparting this knowledge to peers and loved ones, we join forces in the ongoing battle to secure cyberspace for generations to come.

As we chart the course toward the coveted CISSP certification, grasp the significance of every concept, from ARP tables to potential vulnerabilities lying in ambush for the unwary. This episode isn't just about passing an exam; it's about instilling a foundation of cybersecurity comprehension that stands firm against the tides of technological advancement. Whether you're setting foot on the path of a cybersecurity career or already marching through the ranks, this journey through the landscape of cyber defense is tailored to keep you one step ahead.

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

TRANSCRIPT

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Good morning to Sean Gerber with CISSP cyber training and I hope you all are doing well. We're having a blessed day today and today is an amazing day. We're getting into the month of February, so it's just awesome because we're getting closer to spring, which, when spring comes, it definitely gets to be much nicer outside and you can actually escape the confines of your home. Yeah, that's at least for me here in Wichita, kansas. It's actually been very nice the past couple days. It's awesome. So we're excited about that. But you aren't here to talk about that. We're here to hear about the CISSP and we're going to be talking about domain 4.1.2 and we're going to be getting into IPv4, ipv6, ip classes, icmp, igmp and ARP. That's the plan for today, but before we do one thing I want to show that's in the news today that I saw actually yesterday. It's the Mega Breach Database and they're saying about 26 billion records are were exposed and they call the mother of all cyber disclosures. So that's all that was interesting. There's 26 billion records, about 12 terabytes of data, and it comes from somebody who had been storing all of these breaches that have occurred in a very meticulous detail and their system was basically compromised and the records are a trove. They say they're from 101.5 billion belonging just to 10 cent customers and 500 million from Chinese Twitter-like sites such as Weibo, along with MySpace and so forth, and I know there's lots of people's information that's in here. Now many think that there's probably quite a few duplicates because of the sheer size of it, and that might be very much the case. But this thing is a monster and the fact that all that information was in one location is not a good option for people who had their information compromised. But let's be honest If you are listening to this program, you are fully aware that your information has probably been compromised more than once, and you are also aware that most people's information has been compromised. They just don't know it. So it's interesting to see how this will play out and how much more will be available to cyber crimes. But this comes down to, you must have you, obviously, some level of password management in place and as a security professional, it's important that you teach that to your employees, you teach it to folks that you care about and anybody else that you will actually listen to you, because having that ability to change your passwords and also because we are rely so much on username and password, it's important that you have that in place, as well as some level of password rotation and multi factor authentication. This came Troy Hunt. I don't know if you all have heard from him. He's like I have been pwned. He said they are identified 71 million unique email addresses in the hall which if anybody would know, he would know. So that's just a new amount of data that wasn't really there before and so it's the mother of all data breaches. So this is through info of security magazine. You'll be able to go check it out. If you just Google mother of all database breaches, you'll probably find it pretty quick. But it would be something you want to recommend. There's actually a link in there to check people's to see if they're actually compromised or not. I would just verify that it is a good link and not some fishing link. You don't want that? All right, let's move on to today's topic, all right? So today we are going to be getting into again 4.1.2. And this is in chapter 11 of the ISC square ninth edition book. Now, as it relates to, what we primarily teach here at CIS is probably CISP cyber training. There are plenty of other books out there that are more than capable of helping you as well. This is but what I've used. I figured this is the one that that is the official guide from ISC squared, so this is the one I'll go with. Some people have said that they like ones that are a little bit easier to read. It kind of comes down to what your preference is, but all I can say is this is where we're going forward and we'll see what we got. Now. I also got to put a plug in shameless plug for CISSPcybertrainingcom. Head on over there during this call or during this podcast and check out one of the products that we have available for you. There's a lot of really good stuff over there to help you study for the CISSP, as well as helping you with your mentoring and cybersecurity careers. If you're a business owner, there's also some ability for you to be able to tap into me directly using some of the mentorship products that are available to you as well, so you can actually hire just like hiring a CISSO for asking me some questions that you may have. Okay, so let's get into introduction to IPv4. Now, if you all have been listening to this podcast we have talked about in the past about IPv4 and IPv6. Well, let's just kind of get into what is IPv4? Now, ipv4 is the fourth version of the internet protocol and it's used pretty much throughout the globe. There's a fixed number of IP addresses and the time that it was created, they thought well, my gosh, there's a gob of IP addresses this is never going to expire. Well, unfortunately, they saw that about 20 years ago going yeah, that's not gonna happen, we're gonna run out of IP addresses. And so, therefore, they came up with IPv6, which we'll get into in just a second. Now it's a 32-bit address scheme which allows for 4.3 billion unique addresses and thinking 4.3 is plenty right. But now that you see the fact that there's like 3 billion people on the planet, or however many there are, and then you have IoT devices you have all of that intertwined you know real quick that 4.3 is just not gonna be enough. Now. It operates on the network layer of the OSI model, so that's where it's at right now. So it's a foundational communication piece on that and it does allow for end-to-end communication between point A and point B and multiple other points that are on the internet Now. And it's typical IPv4 address will look like and if you're watching the video you'll be able to have the video be on CISP, cyber training as well as at some point it will be on YouTube. But if you look at the video or just listen what I'm saying, ipv4 address is typically around like this is usually typically a home address or one that you'd have internal to your network is 192.168.1.1, so it's four octets. So that is a typical IPv4 address and these octet ranges. So the 192 will range from zero to 255. So your 192.168.1.1, each of those octets will range from zero to 255, which is basically 256 bytes. So that is the introduction right there when you're dealing with IPv4. Now IPv4 addressing they're written in the dot decimal format, which again considers a four octets, and these are separated by these specific periods, a dot. Basically. Now each address is divided into networks and host partitions with various classes. So you've got an A, b and a C class and we'll get into the classes here in just a little bit of what are those and how does that actually work. But each IPv4 address consists of 32 bits within the four octets and they have the classes from A, b and C. And I'm kind of going over this again multiple times because it can be confusing, especially if you don't have an understanding of the networking background. And folks that listen to this podcast will range from folks that are extremely good at networking and they're like, yeah, this is not no brainer to others that have been working maybe in the audit space, compliance space, which understand IP addresses but they don't really deal with them all that much. So, again, the IP address that you might be dealing with is a 192.168.1.1. And the dot one at the end of the 192.168.1.1, that last dot one. It represents the host. So it represents the IP address of the host that it's tied to. So, like the computer I'm working on right now, it could be 192.168.1.1. It also could be dot 142, depending upon how many hosts that are actually in my network. So that is the number that goes up and goes down depending upon the hosts that are on that specific network. Now, if you fill up your hosts right with 256 different hosts, you then would go up to 192.168.2.1.0. You basically add that up. So that's how this network can quickly expand, for the number of IP addresses can quickly grow to the number of devices you may have on your network. Now that's where we get into the situation of running out of IP addresses if you're dealing with anything that is unique to the internet. So we'll get into the different classes and that's kind of how this kind of plays out. Now, ipv4 subnetting this allows for the division of large networks into smaller, more manageable, what we call subnets, and it helps in aiding in efficient address allocation and routing. So we're talking about an example of subnetting. A Class C network which is Class C is 192, the 192 octet. We can do that into smaller segment subsets such as 192.168.1.0 slash 24, or 192.168.2.0 slash 24. So we're going to kind of walk through different what is a Class C subnet also in just a few seconds. Now, ipv4 protocols when you're dealing with IPv4, the common protocols that you deal with in this space is TCP, which is transmission control protocol, and UDP, which is user datagram protocol. Now, tcp is a connection type protocol which has a handshake which allows you to. Basically, you have the SIN, the SINAC, and then you basically create this connection between two points. The UDP is a broadcast type protocol which basically is a barrage of information to a point. Udp works really well in streaming services because you're allowed to have some level of packet drop in the overall process, whereas TCP because you want a finite or a specific connection, the TCP protocol is one that's typically used. Now, these protocols will facilitate a reliable and connectionless, in some cases communication, depending upon what you're looking for. Now, when it comes to the overall protocols it does, tcp doesn't ensure that you do have a reliable connection, while UDP does offer that connectionless, fast communication, like we talked about as it relates to streaming services. Now, when in HTTP, your Hypertext Transport protocol uses TCP for that data transfer connection, while DNS offers to use UDP for quick queries and, as we know, dns does not have to have that direct connection, it's using it just from a broadcast standpoint. So those are just some ways that each of the protocols, tcp and UDP, are used within a networking environment. Now, when you're dealing with IPv6, this is Internet Protocol version six and it's designed to replace the IPv4 due to just the fact there's too many IP addresses that are needed and there's not enough to go around. Now. This came out because of the fact that they felt that this was they knew this was going to happen many, many years ago, just because the overall number of IP addresses that were being gobbled up. But what ended up happening is, as we got into NAT routing, which is where the firewall will actually give you an internal IP address. In the case of, let's just say, like my home address, it's a Class C, so it starts off at 192.168, blah, blah, blah, blah, blah it they. Once you have that internal NAT routing from the router, that did help alleviate some of that IP loss, the IPv4 loss, and what they had originally anticipated was my router at home would have an IPv4 address, then my refrigerator would have an IPv4 address and my whatever would have. Then they all would take from the overall number of IPv4 addresses. Well, because of NAT routing at the firewalls, then we didn't need to worry about that so much. So it pushed off the overall IP address exhaustion date. They pushed it out. But unfortunately now, because there are so many IP addresses that are communicating to the Internet that it had to be IPv6, had to come into the fray to be insured that we had adequate communication with these devices. Now IPv6 again, like I said, it's the latest version. It's designed to be to replace IPv4. And it uses 128 bit address scheme which provides as much higher number of addresses that can be utilized. Now, because it is so large, it makes it extremely challenging for individuals to go and put in an IP address, whereas in the past if I put in I can remember 192.168.1.1,. I can do that. But when I deal with an IPv6 address as I'll read here just a second that is beyond most peoples comprehension to try to add that in, including myself, because, yeah, I'm not that smart. There's people out there I'm sure I know there are that can probably roll off an IPv6 address without even blinking an eye. A typical IPv6 address will be basically eight different octets that are set aside and these octets are separated by a colon. So on the one, if you see on the screen, it's 2001,. Odb 885a3, 000000, 882e, 03707334. Okay, yeah, that's a mouthful I couldn't even dream of. I think I remember 2001 because that's a year. So that just shows you that I've. It's extremely challenging to deal with this when you're trying to grow, add, put out addresses on an internal network. So, therefore, ipv6 is one of those that you have to have some sort of machine that is going to help you with your overall address schema. Now, it's in a hexadecimal notation and it's more streamlined, obviously, than IPv4. It does include global, unicast link, local and multicast addresses. So it's not like the traditional IPv6, or IPv4, which has TCP and UDP addresses. It's got multicast link, local and multicast addresses. It is a more straightforward structure, including all of those pieces, and it's supposedly better organized and identified. For someone who deals with network, I'm sure it is. I don't deal with networking that much, so to me, if you're just trying to be one that I like the old days of 192.168.1.1, it looks way more complicated, and it is more complicated in the fact that you have to understand the hexadecimal format and the hexadecimal processes. Now, ipv6 transition mechanisms there's various transition mechanisms that exist to facilitate the coexistence of IPv4 and IPv6 during a migration process. Now, this includes dual stack, tunneling and translation mechanisms. These are set in place to help during this overall, from moving from IPv4 to IPv6. What dual stack does is just, as an example, allows for devices to both run in IPv4 and IPv6 concurrently, ensuring capability between the two Now you'll get in. Most devices today will have the ability to run IPv4 and IPv6, because they understand the networks that they're getting dropped into to maybe an IPv4 network or an IPv6 network. So they have to be able to do both, and so therefore, in the past you had to actually go in and manually make the change. But the equipment that's coming out now and the software that's in it does have the ability to understand both. So what are IP classes? The IP classes. So we're dealing with class A, b, c, d and E. Now, each of these classes they have an address range. So we'll just kind of quickly walk through those. Your class A ranges from the 1.0.0.0.0 to 126.255.255.255. Now if you're looking at the screen you'll be able to see that on at CISP cyber training. But bottom line is that that is your address range. So most there's a lot of that was with some of the first class. Eight networks that came out were bought up by large companies and these range from you begin from one to 126. An example of a class A network would be a 10.0.0.1. That would be a class A network. Now I said that, right, 10.0.0.1. Yes, class B networks will range from the 128.0.0.0. And that is a spin off of 126.255.255.255, is the class A, it's the next, that's where it rolls into. The next was 128 and so forth. Now the network portion of this again is the first two octets and the intended use again is medium sized networks that are available to you. So this is more the company that I used to, that I work for. They have dealt with class B's, class A's typically the mill, the Air Force had some of those. I've seen very large companies buy those up as well. Class C network is what you'll find a lot in a small network and this starts at 192 and ends at 223. And that's the first three octets are the network portion and these again they're intended for various small situations. A class D will start at 224 and it will end at 239. And these are multicast addresses. And then a class E is 240 to 255. And this was pretty much reserved for experimental uses, and so those are the different types of addresses that you're going to see. Now. In most situations you see a class A, a class B and a class C networks are what you operate in and that is the primary uses One. If you go to a company you'll see they're most likely in a class B type network. And then you're dealing with the class A for a very large type networks. So when you're subnetting with IP classes, you're going to there's a way to efficiently allocates and addresses network resources and the CIDR allows for flexible addressing without strict adherence to a traditional class boundaries. And what is CIDR? It's the CIDR. You'll see that it's the slash that is at the end of an overall of an IP address and it allows you to basically be able to go lower with it but in more, be more sub optimized as it relates to going into your various address locations. So an example of a class B address, such as 172.16.0 to zero, you can break that into smaller sub sub nets, such as 172.16.1.0, slash 24. And then you can break it even smaller, break it down again to the same 172.16.2.0, slash 24. And it takes a large. You can allow you to have a very large set of IP addresses and bring them into a much smaller subnet. Now what is? And when you're dealing with CIDR? It stands for classes in our domain routing. It is designed to allocate and specify IP addresses and their routing behavior. So one thing to consider is you see this slash eight, 1624, what it basically is saying is that it's saying that the four slash eight, that's allowing the number that is going to be set up for the network portion of the address. And then it allows more flexible and efficient allocation of IP addresses compared to just the traditional class-based addressing. So now we're going to get into ICMP, now Internet Control Messages Protocol. So the ICMP is a network layer protocol used for error reporting and diagnostic functions. It includes messages such as echo requests, replying, which is also a ping, and destination unreachable. You'll see ICMP packets, pings that are done when you're trying to connect from one location to the next. So one example of this is that if you want to do a ping, let's say to 192.168.1.1, it sends an ICMP packet to that host. Now, if that host is reachable so this is all done through command line if that host is reachable, then you'll receive a, a basically reply backwards to you. If you receive that reply back, that host is alive. If you don't receive a reply back, then that means either the host is not alive or the network connection is not valid, and so it allows you the ping does allow you, when you're dealing with network communications, to figure out what is. Is there a networking issue or is it a host issue? And it's helped me numerous times. Obviously, people that I'm not a full network guy by any stretch of the imagination, but there's that is one of the key primary tools that they'll use is they will ping that host just to ensure that it is up and operational. Especially if they know it's operational and they ping it and they don't get anything back Again, it comes back to then there's probably a network issue in between that location. Now IC, icmp security implications that come up is there's various attacks that occur with the ICMP and this could be a flood attack and or a redirect attack. Now this is where the filtering is important to ensure you have some level of network security and an IP. I see him P flood would be where someone is just sending ping requests to you, trying to overwhelm your network with these packets. So if I, if I'm like I'm a host and I've got a computer sitting in a network and I set up a script to constantly be pinging that host, it's going to consume the bandwidth at that host to going to the host and it's going to also consume the amount of processing resources that that host can can complete because it's trying to figure out, all send back replies to all of these ICMP packet requests. So it's important that you have some level of protections against that so that it doesn't this flood that comes in. It can shunt it, it can dump it to a location where it doesn't overwhelm your system. So those are some considerations you got to think about. Igmp is an internet make group management protocol. Now this is used by hosts and routers to manage multicast group memberships and it enables hosts to join or leave the multicast group dynamically. So it allows them to be able to to receive live video streaming and allows them to join and leave without having it. So if I left the stream, it allows the connection to disc to be dropped. So therefore I'm not being overwhelmed with with data coming in. So it allows you to basically jump on and and get off in a dynamic format. Now the IGMP versions there's one version, one, two and three. They exist with improvements around efficiency and group management and that the version is really crucial for the proper multicast communication. It's just an important factor in all of this and it does allow for precise group membership control. Igmp three is one of the newer versions and it does allow for that type of control with your membership. The next one is ARP. This is an address resolution protocol. Now, arp is designed to map any known IP addresses to corresponding MAC addresses on a local network. So we talked about this through CI-SPEC cyber. You have your IP address, which is your 192.168.1.1. Then you have your MAC address, which is the actual hard-coded address that's in your cards that are on your device. This MAC address is how they communicate and then it allows that on your network to be able to manage this, this overall connection. Now the IP address will change. The MAC address will not change, ideally. Now can you go in and change your MAC address? Yes, in most cases you can go in and actually change the MAC address of your device. The MAC addresses are supposed to be where they are individually designed for that system and they're never, ever another MAC address like it. However, because there's so many devices being created, it's seen in the past where MAC addresses on the same network will be identical and if they are identical, your networking will not work. So therefore, you may have to go in and make a tweak to your MAC address, especially on your internal network, to ensure that it's working. I've seen people go and make MAC addresses that they actually understand and they know what those systems are specifically for the device, so that when they're trying to troubleshoot they know which device is actually causing them problems, because the IP address may change. But bottom line is the MAC address is a key component in the overall network piece of this and ART plays a function in doing that. It will map that IP address to the overall MAC address on your network and therefore allows the devices to communicate well between the two. Now we're dealing with ARP spoofing and security concerns around this. That ARP spoofing involves sending false ARP messages to associate an attacker's MAC address with a little legitimate IP address. So you already have it, or an ARP table has it set up, where your IP address is mapped to a MAC address inside. The attacker will then try to. The attacker will try to get false ARP messages associated with their specific IP address tied to the MAC address. By doing that it allows them to be able to get into your network and redirect the traffic through that machine onto them, which basically facilitates what they call a man in the middle attack. That's what ARP spoofing is. So it's more or less just kind of regurgitation to that. You're taking a MAC address and you're taking an IP address and this is all put into what we call an ARP table. Okay, and then that ARP table, that MAC address and that IP address are mapped together. The attacker is taking and going in and trying to and removing or removing the MAC address. That's there, putting his or her MAC address in that spot. So when you're dealing with that ARP table, it redirects from through that machine, the original machine, to the attacker's address, which allows for a man in the middle attack. Okay, that's all I've got for you today. I hope things. I hope you understand that it makes sense to you. Feel free to reach out to me at any time at CISSP Cyber Training. I'm happy to answer your questions. Today we talked about IPv4, v6, the various classes, icmp, igmp and ARP tables. All again I recommend for your funding for the CISSP. It's important you have the foundations of those. You go when you look for a test that's coming in or a CISSP exam. They'll be asking you questions about what are those? What does an IPv6 look like? What does IPv4 look like? And then they'll use it in context with the actual question. It's not going to be as basic as well. Hey, what does an IPv4 address look like they're going to ask you? You have an IPv4 address and it's x, y and z and you are getting ready to set up a ARP table and in that ARP table you have MAC address x, y, z. How would that man in the middle attack occur in this situation? That's a typical kind of setup that they would do for a test. So you have to understand IPv4, you got to understand ARP tables and you got to understand IPv6. So all of those are. That's why these important for you to really understand the concepts of each of these topics so that you can kind of get, when you go take the test, what does that? What do each of these terms mean? Again, when you go to the CISSP, there's varying ranges of your knowledge. As you're going in it's, you have to be a mile wide and an inch deep in your knowledge, and this is the purpose of CISSP. Cyber training is to help you get that mile wide knowledge and inch deep, and then, if you want to dig deeper, you can go for it. All right, that's all I've got for you today. Again, go check out CISSPcybertrainingcom and we'll catch you on the flip side, see you.