Chapter 3: Computer Networking Basics for Security

Computer Networking Basics for Security. This is one of the most important chapters because almost every cyber attack happens over the network. If you don’t understand how data moves, how devices talk, and where the weak points are, the rest of cybersecurity feels like magic.

I’m going to explain this like we’re sitting in a small café in Airoli, Navi Mumbai—drawing on white paper napkins, using everyday examples (like your Jio Wi-Fi at home, UPI payments, or office LAN), and tying it to 2026 realities (IPv6 growth in India, Wi-Fi 7, AI threats, etc.). No jargon overload—I’ll define everything.

1. OSI and TCP/IP Models – The “How Data Travels” Blueprints

These two models show how data goes from your phone to a server (or vice versa). Think of them as layered recipes for sending a message.

• OSI Model (Open Systems Interconnection) – Theoretical, 7 layers. Created by ISO in the 1980s as a universal reference. It’s like a detailed textbook—great for learning and troubleshooting.

  Layers (bottom to top – remember “Please Do Not Throw Sausage Pizza Away”):

  1. Physical – Raw bits over cables/Wi-Fi (cables, signals, voltages). Example: Ethernet cable or Wi-Fi radio waves in your Airoli flat.
  2. Data Link – Node-to-node delivery, error detection (MAC addresses, switches). Example: Your laptop to home router via Ethernet/Wi-Fi.
  3. Network – Routing across networks (IP addresses, routers). Example: Packet from your phone to Google server via multiple ISPs.
  4. Transport – End-to-end reliability (TCP reliable, UDP fast). Example: TCP ensures your UPI payment arrives complete; UDP for video calls (speed > perfection).
  5. Session – Manages connections (setup, sync, teardown). Example: Keeping your Zoom call alive even if Wi-Fi drops briefly.
  6. Presentation – Data format/translation (encryption, compression). Example: HTTPS encrypts data; JPEG compression for images.
  7. Application – User-facing (HTTP, SMTP, DNS). Example: Browser using HTTP/HTTPS to load a website.

• TCP/IP Model (practical, used on the real internet) – 4 (or sometimes 5) layers. Developed for ARPANET (what became the internet). Simpler, protocol-specific (TCP, IP, etc.).

  Layers:

  1. Network Access/Link – Combines OSI 1+2 (physical + data link).
  2. Internet – OSI 3 (IP routing).
  3. Transport – OSI 4 (TCP/UDP).
  4. Application – Combines OSI 5+6+7 (HTTP, FTP, DNS, etc.).

Key differences (2026 view):

• OSI: 7 layers, theoretical/reference model (great for exams, troubleshooting specific issues like “is this a session problem?”). Protocol-independent.
• TCP/IP: 4 layers, practical/real-world model (what actually runs the internet). More combined layers, harder to pinpoint some issues but faster to implement.

Analogy: OSI is a detailed recipe book with steps for every tiny thing. TCP/IP is the quick cooking hack that actually gets dinner on the table every day.

Security tie-in: Attacks target specific layers → e.g., ARP poisoning (Data Link), IP spoofing (Network), SYN flood (Transport), application exploits (Application layer).

In India 2026: Most troubleshooting uses TCP/IP thinking, but certifications (like CCNA, Security+) teach OSI for clarity.

2. IP Addressing, Subnetting, Ports & Protocols

• IP Addressing Devices need addresses to find each other—like house numbers.

  • IPv4: 32-bit, e.g., 192.168.1.100 (dotted decimal). Only ~4.3 billion addresses → exhausted long ago. Uses NAT (many devices share one public IP).
  • IPv6: 128-bit, e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334 (hex). Trillions of addresses, no NAT needed, built-in security features (IPsec mandatory in some implementations).

  2026 India reality: India leads globally in IPv6 adoption (~70%+ in many metrics, thanks to Reliance Jio pushing all-IPv6 mobile since 2016). Google stats show India often 60-80% IPv6 traffic. But many home/office networks still dual-stack (both IPv4+IPv6) or IPv4-only.

  Example: Your Jio phone likely uses IPv6 natively; old broadband might still IPv4 with CGNAT.

• Subnetting – Dividing a big network into smaller ones (for organization, security, efficiency). Uses subnet mask (e.g., /24 = 255.255.255.0 → 256 addresses).

  Example: Company network 192.168.0.0/16 (65,536 addresses). Subnet to:

  • Finance: 192.168.10.0/24
  • HR: 192.168.20.0/24
  • Guest Wi-Fi: 192.168.30.0/24 (isolated).

  Security benefit: VLANs + subnets prevent lateral movement—if hacker gets on guest Wi-Fi, they can’t easily reach finance servers.

• Ports & Protocols IP gets packet to device; port gets it to app (like apartment number in building).

  • Common ports:
    • 80: HTTP (web, unencrypted)
    • 443: HTTPS (secure web)
    • 22: SSH (secure remote)
    • 3389: RDP (Windows remote)
    • 53: DNS
    • 445: SMB (file sharing – often exploited)
  • Protocols: Rules for communication.
    • TCP: Reliable, connection-oriented (handshake, error correction) – used for web, email.
    • UDP: Fast, connectionless – video streaming, DNS, gaming.
    • ICMP: Ping, error messages (used in reconnaissance).

  Security example: Firewall blocks incoming port 445 → stops WannaCry-style ransomware spread. Open ports = open doors.

3. Common Network Devices (Routers, Switches, Firewalls, IDS/IPS)

• Switch – Connects devices in LAN (Layer 2). Forwards based on MAC. Example: Your home Wi-Fi router’s switch part connects phone, laptop, TV.
• Router – Connects networks (Layer 3). Forwards based on IP. Does NAT, routing tables. Example: Your home router connects local network to Jio/BSNL internet.
• Firewall – Security guard. Filters traffic based on rules (allow/deny by IP, port, protocol). Types: Packet-filtering (basic), stateful (tracks connections), NGFW (next-gen: app awareness, IPS, URL filtering). Example: Blocks incoming port 22 unless from your office IP.
• IDS/IPS (Intrusion Detection/Prevention System)
  • IDS: Monitors + alerts (passive, like CCTV).
  • IPS: Monitors + blocks (active, like auto-locking door). Example: Snort or Suricata detects SQL injection attempt → IPS drops packet.

2026 note: Most modern routers are combo (router + switch + firewall + Wi-Fi AP). NGFW essential for businesses.

4. Wireless Networks and Common Vulnerabilities (WPA3 vs Older)

Wireless = radio waves → easy to intercept (no physical access needed).

Standards evolution:

• WEP (1990s): Broken in minutes (weak RC4, reused keys). Avoid completely.
• WPA (2003): Temporary fix, TKIP → still crackable.
• WPA2 (2004): AES-CCMP, strong encryption. But vulnerable to KRACK (2017 key reinstall), dictionary attacks on weak passwords, PMKID attacks.
• WPA3 (2018+): Current best. SAE (Simultaneous Authentication of Equals) → resists offline dictionary attacks. Forward secrecy, individualized encryption, better against brute-force. Mandatory Protected Management Frames.

2026 status: WPA3 is standard on new devices (Wi-Fi 6/6E/7 routers). Many legacy devices still force WPA2 fallback. Dragonblood flaws (2019) patched in good implementations, but downgrade attacks possible if mixed networks.

Common wireless vulnerabilities (2026):

• Weak/default passwords → brute-force/dictionary.
• Open networks (no encryption) → eavesdropping.
• Rogue APs (fake hotspots) → evil twin attacks (steal creds).
• KRACK-style (WPA2) or downgrade to WPA2.
• Deauth attacks → force disconnects.
• Public Wi-Fi risks → MITM, packet sniffing.

India example: In Airoli cafés or railway stations, fake “Free_Airoli_WiFi” AP tricks users. Use VPN always.

Best practice 2026: Use WPA3-Personal (or Enterprise with 802.1X). Strong passphrase (>20 chars). Disable WPS. Update firmware.

Whew—that’s Chapter 3 in depth! Networking is the foundation—master this, and attacks make sense.