The ONLY Way to Protect Networks from Criminal Hacking: Computer Networking Simplified

Cheryl Abram

21 min readMay 14, 2023

COMPUTER NETWORKING SIMPLIFIED

Computer networks are made of 3 simple conditions:

Connection

Communication and

Sharing

Anywhere you have these 3 conditions, processes, or events you have a network — in both the analog and digital world. Knowing and thoroughly understanding these 3 conditions is critical to protecting information systems from insider and external threats.

Let’s use this anlogy to examine why.

What 4 major conditions/processes must be present to form a hurricane?

A hurricane requires:

moist ocean air
low air pressure
warm temperatures
tropical winds

If you interrupt or remove any of these conditions then you don’t have a hurricane. You may still have a storm but you don’t have the destructive power for which hurricanes are infamous.

Similarly, if you interrupt or remove connection, communication or sharing, you’ve interrupted a networking event. Without a network, criminal hacking and the destruction it could cause, is highly tempered if not completely halted.

This is how we manage criminal hackers. We “starve” them of the primary thing they need to survive — the network.

Now let’s get into understanding these networking conditions.

CONNECTION

Network connection is critical in computing, as it enables the communication and transfer of data between devices and systems. Without network connectivity, computers and other devices would be unable to share resources or access the internet.

In the modern business world, network connectivity is vital for many processes such as remote working, data sharing, and cloud computing. It allows employees to work remotely and collaborate on projects, regardless of location. Network connectivity also enables businesses to access cloud-based services, such as data storage and software applications, which can improve efficiency and reduce costs.

This is why cybersecurity professionals need to present themselves as PARTNERS that enable business efficiency, effectiveness and reduced costs.

Computers connect to each other through a physical or logical link, which allows them to establish a communication channel. There are several physical and logical links or media available:

Physical Connections & Media

Note: most physical ports use electricity as an energy source (medium)

Physical media fall into two categories: guided media and unguided media.

Guided media or direct connection is a process akin to a direct decision-making pathway in the human brain, where a stimulus leads to a specific, predictable response with minimal interference — like seeing an object and reaching out to grab it.

With guided media, the signals are guided along a PHYSICAL solid medium, such as a fiber-optic cable, a twisted-pair cooper wire or a coaxial cable.This media includes our physical connections like ethernet, fibre optic cables and HDMI.

While guided media generally offer a more reliable and interference-free path for signals, they are not completely immune to interference or degradation. However, compared to unguided media, the controlled physical environment significantly reduces these risks.

Logical Connections & Media

Logical means software defined or “detailed rules written in a programming language” which the computer’s processor interprets and executes to perform specific tasks.

Unguided media or indirect connection is akin to an indirect decision-making pathway in the human brain, where a stimulus leads to a specific, predictable response but with various factors between the decision and final response — like seeing an object, reaching out to grab it, but you have to navigate a complex obstacle of people and objects to finally grab it, which requires even more decision-making like, “should I walk around this person or ask them to move?”, “should I move this object or just step over it”?. This media includes the software defined or logical connections like Wi-FI, cellular and bluetooth.

With unguided media, the LOGICAL signals propagate in the atmosphere like a radio wave and in outer space, such as in a digital satellite channel.

Just as in human decision-making, where the complexity of the environment can necessitate more nuanced and adaptable responses, unguided media must dynamically respond to their environment to successfully transmit data.

Once the physical or logical connection is established, computers can communicate with each other by sending and receiving data using specific protocols like The Transmission Control Protocol/Internet Protocol (TCP/IP), File Transfer Protocol (FTP) and Simple Mail Transfer Protocol (SMTP).

CONNECTION REQUIREMENTS

In addition to physical or logical media, a computer needs several things in order to connect to another device or network:

A network interface: This can be a wired or wireless adapter that allows the computer to connect to a network. Examples include Ethernet cards and Wi-Fi adapters.
Network protocol stack: This is a group of protocols that control the transmission of data over the network. Examples include TCP/IP, which is used for internet communication.
Network configuration: The computer must be configured with the correct IP address, subnet mask, and default gateway in order to communicate with other devices on the network. NOTE: IP addresses belong to the CONNECTION not the device. The IP address is used to identify a device’s point of connection to the network (the network interface card (NIC)) for the purpose of routing data. The connection is between the IP address and the port number which forms a SOCKET. The MAC (Media Access Control) address is the unique identifier that identifies the device.
Network credentials: If the network is secured, the computer must have the correct login credentials in order to connect to it.
Software: The computer must have the necessary software installed to support the network protocol and connection, such as a web browser for internet connections or remote access software for remote connections.
Permission: Some networks have restrictions on who can connect to it, the computer needs to have permission to connect.

Once all these things are in place and configured correctly, the computer should be able to connect to the network and communicate with other devices on it.

Hacking Connection Protocols

TCP/IP (Transmission Control Protocol/Internet Protocol) is a set of communication protocols that are used to connect devices on a network.

These protocols define the rules and procedures for exchanging data over the internet. The two main protocols in the TCP/IP suite are TCP and IP.

TCP (Transmission Control Protocol) is responsible for establishing and maintaining connections between devices, as well as ensuring that data is transmitted reliably and in the correct order.

IP (Internet Protocol) is responsible for routing data packets to their correct destination.

Criminal hackers may exploit vulnerabilities in these protocols to gain unauthorized access to a network and steal sensitive information. Here are a few examples of how they might do this:

TCP/IP Hijacking involves taking over a network session between two machines to intercept or inject data.
IP Spoofing is when an attacker pretends to be another machine by using its IP address, potentially bypassing IP-based security measures.
TCP/IP Flooding (part of DoS attacks) overwhelms a network with excessive traffic, disrupting legitimate communications.
TCP/IP Tunneling can be used maliciously to encapsulate and transmit network protocols over an unauthorized network, bypassing the network’s security mechanisms.
TCP/IP Session Hijacking is when an attacker takes over a web session by stealing or predicting a session token.

Protecting Connections

There are several ways that cybersecurity defenders can protect computer connections from unauthorized hacking:

Disable unnecessary network interfaces: If a computer has multiple NICs, it is a good idea to disable any that are not in use to reduce the attack surface.
Encryption: Data can be encrypted to protect it from being intercepted and read by unauthorized parties during transmission. This can include using secure protocols like HTTPS and SSH to encrypt web and remote connections, respectively.
Firewalls: A firewall can be used to block unauthorized incoming and outgoing traffic to and from a network. This can help prevent hackers from accessing the network through an open port, NIC or connection.
Virtual Private Networks (VPNs): A VPN allows users to securely connect to a network over the internet. This can protect against hackers intercepting data during transmission, as well as giving users secure remote access to a network.
Network segmentation: Dividing a network into smaller segments can limit the potential damage that a hacker can cause if they are able to breach the network (e.g., virtual LAN (VLAN))
Access controls: Limiting access to a network or specific resources within a network to only authorized users can prevent hackers from gaining access to sensitive data and systems (e.g., permissions, network access control (NAC) validates the security state of a connection device and grants or denies access accordingly).
Use intrusion detection and prevention systems (IDPS) : An IDPS can detect and prevent malicious connections by monitoring network traffic for signs of malicious activity.
Regular software updates: Cybersecurity defenders should keep software and systems updated with the latest security patches to protect against known vulnerabilities.
Disable remote management: If the NIC supports remote management, it should be disabled unless it is needed.
Regular security risk assessments: Cybersecurity defenders should regularly assess the security of the network and systems to identify and address any potential vulnerabilities.
Employee education and awareness: Educating employees about potential cybersecurity threats and how to identify and report them can help prevent successful attacks.
Permissions: Permissions and security are central to the idea of networking: you can access files and share resources only if someone gives you permission to do so.

Most personal computers that connect to the Internet allow outgoing connections (so you can, theoretically, link to any other computer), but block most incoming connections or prohibit them completely.

Servers (the machines on the Internet that hold and serve up Web pages and other files) operate a more relaxed policy to incoming connections.

Communication Without Connection?

Computers can communicate without first establishing a traditional connection (like that in TCP) when using broadcast or multicast communication methods, where the message is sent to all or a specific group of devices on a network, respectively.

Computers can “hear” a broadcast without a connection because broadcast communication is a method where a message is sent to all devices on a network, rather than a specific device. In this method, the sender does not need to establish a connection with each individual device before sending the message, and all devices on the network are configured to listen for broadcast messages.

When a computer sends a broadcast message, it sends the message to a special broadcast address, typically ending in 255 (for example, 192.168.1.255), which is a reserved address that is recognized by all devices on the local network. All devices on the network are programmed to listen for messages sent to the broadcast address, and when a message is received, it is processed by the device’s operating system or network stack.

Also, broadcast communication can be facilitated by the use of multicast communication protocol. This protocol allows a sender to send a message to a specific group of devices that have joined a multicast group. The group of devices can be dynamic, and new devices can join or leave the group at any time.

The distinction here is that the communication does not require a session or connection establishment phase typical of connection-oriented protocols like TCP.

COMMUNICATION

To communicate is to impart, participate, or share. Keep in mind that communication is not limited by language. We communicate in many non-verbal ways as well, including:

We also communicate or share things other than what we typically consider “information”. For instance, we communicate or share infections and emotions.

The history of communication itself can be traced back since the origin of speech circa 100,000 BCE. The use of technology in communication may be considered since the first use of symbols about 30,000 years BCE.

Did you know, the original meaning of technology is “art” or “skill”?

Ports & Protocols

Ports are numbered and used as global standards to identify specific processes or types of network services. Much like before shipping something to a foreign country, you’d agree where you’d be shipping out of and where you’d have it arriving, TCP ports allow for standardized communication between devices.

A port is always associated with a protocol. Generally, this is with Transmission Control Protocol or User Datagram Protocol for communication, but Internet Control Message Protocol messages use specific ports as well.

Protocols

Protocols are like the English grammar rules that we learn in school. Remember those rules? Here are a few of them:

Rule 1: Every sentence should start with a Capital letter in the first word.
Rule 2: Every sentence should either end with a period, question mark or exclamation mark.
Rule 3: Every sentence should have a subject, verb and object.
Rule 4: Use an apostrophe to show possession.
Rule 5: Proper nouns should be capitalized when used (anywhere in the sentence).
Rule 6: Common nouns should be capitalized only at the beginning of the sentence.

These rules (and countless others) are the set of guidelines, instructions or protocols that English speakers use to transmit and receive verbal and written communication in a consistent format.

There are three main types of network protocols:

network management protocols — maintain and govern the network through protocols such as ICMP and SNMP
network communication protocols — include basic data communication tools like TCP/IP and HTTP
network security protocols — include HTTPS, SFTP, and SSL

Criminal hackers attack and manipulate protocols!

One protocol that we are all familiar with is HTTP (https://www.w3schools.c om/nodejs/nodejs_http.asp)

Just as grammar rules govern the structure and order of words in verbal and written communication, protocols govern the structure and order of data in digital communication. Protocols ensure that the sender (e.g., client) and receiver (e.g., server) of the data understand and can process the information being transmitted.

A protocol is a set of rules that must be followed by the communicationg parties in order to have successful and reliable data communication. For example, ethernet and HTTP.

All activity in the Internet that involves two or more communicating remote entities is governed by a protocol.

TCP is called a connection-oriented protocol because it establishes a connection between the receiving and sending devices before transmitting any data. TCP ports are ports that comply with the transmission control protocols

For instance, protocols in routers determine a packet’s path from source to destination; hardware-implemented protocols in the network interface cards of two physically connected computers control the flow of bits on the “wire” between the two computers; a congestion control protocol controls the rate at which packets are transmitted between sender and receiver.

Different protocols are used to accomplish different communication tasks. Protocols are running everywhere in the Internet.

Ports

There are different types of ports available: Serial port. Parallel port. USB port.

If a port (service) is open, the application (software process/program) specific to that port is actively listening (receiving information; “I am accepting communication/connection”) and can likely be talked to via that port/service.

I had a hell of a time understanding logical ports!!!! What do they look like? Where are they? Where can I find one? I had so many questions and no answers…until now. Because I’ve come to understand more about what ports are, I’ve found the answer to my question.

Logical Ports

A logical port is a virtual endpoint for network communication, and it is usually represented by a number, also known as a port number. Logical ports are used by the transport layer protocols, such as TCP and UDP, to identify the source and destination of data packets in a network communication.

A software that uses logical ports would typically include the following components:

Port definitions: These are the predefined port numbers that are associated with specific services or protocols. For example, port 80 is commonly associated with HTTP traffic, while port 22 is associated with SSH.
Port binding: This is the process of associating a specific service or protocol with a specific port number. For example, binding the HTTP service to port 80 would allow incoming traffic on port 80 to be processed by the HTTP service.
Port forwarding: This is the process of redirecting incoming traffic on a specific port to a different internal IP address or service. For example, forwarding incoming traffic on port 80 to a web server running on a specific internal IP address.
Port filtering: This is the process of allowing or denying incoming traffic based on the source, destination, or port number of the traffic. For example, allowing incoming traffic on port 80 from a specific IP address range, and denying incoming traffic on port 80 from all other IP addresses.
Port monitoring: This is the process of monitoring incoming and outgoing traffic on specific ports, and collecting information such as the source and destination IP addresses, port numbers, and packet counts.

The software that implements logical ports can be implemented as part of an Operating System, Network devices like routers, or as a standalone software, it can be written in various programming languages and can have different levels of complexity.

A logial or “software-defined” port is a virtual endpoint for network communication that is implemented in software, rather than in hardware.

Here’s an example of a simple implementation of a software-defined port in Python:

Communication Requirements

A computer must have the following to communicte within a network:

a network interface card (NIC) or built-in network adapter, and it must
have a network operating system such as Windows, Linux, or MacOS installed.
Additionally, the computer must have the necessary communication protocols, such as TCP/IP, configured and enabled. These protocols allow the computer to communicate with other devices on the network by providing a standard set of rules and procedures for exchanging data.
The computer also needs an unique IP address that identifies it within the network.

Hacking Communication

Communication protocols are the set of rules and procedures that govern the exchange of information between devices over a network. Some examples of common communication protocols include:

TCP/IP (Transmission Control Protocol/Internet Protocol): A set of protocols that are used to connect devices on a network, and define the rules and procedures for exchanging data over the internet.

HTTP (Hypertext Transfer Protocol): A protocol used for transmitting data over the internet, primarily used for web communication.

HTTPS (HTTP Secure): A secure version of HTTP that encrypts data in transit to prevent eavesdropping and tampering.

SMTP (Simple Mail Transfer Protocol): A protocol used for sending and receiving email.

FTP (File Transfer Protocol): A protocol used for transferring files between computers over a network.

SSH (Secure Shell): A protocol used for securely accessing and managing remote devices over a network.

Criminal hackers may exploit vulnerabilities in these protocols to gain unauthorized access to a network and steal sensitive information. Here are a few examples of how they might do this:

Man-in-the-Middle (MitM) attacks: Criminal hackers may intercept and modify communication between two parties without either party being aware of the intrusion.

Sniffing: Criminal hackers may use packet sniffing tools to intercept and read sensitive data being transmitted over a network.

Phishing: Criminal hackers may use phishing emails or fake websites to trick users into providing login credentials or other sensitive information, allowing the hacker to gain access to the user’s computer or network.

Malware: Criminal hackers may use malware such as viruses, trojans, or ransomware to infect a user’s computer and gain control of it, allowing them to access the user’s files and network connections.

Brute-force attacks: Criminal hackers may use automated tools to guess login credentials for different protocols such as FTP, SMTP, SSH, HTTP, HTTPS.

Exploiting vulnerabilities: Criminal hackers may use known vulnerabilities in software or operating systems to gain unauthorized access to a computer or network and intercept communication.

Interception: Criminal hackers may use various techniques like jamming, interception of radio waves to disrupt the communication between two parties.

Protecting Communication

There are several ways that cyber defenders can protect communication protocols in a network:

Encryption: Encrypting data in transit and at rest can protect communication from being intercepted and read by unauthorized parties.

Firewalls: Firewalls can be used to block unauthorized access to the network by filtering incoming and outgoing traffic based on predefined rules.

Virtual Private Networks (VPNs): VPNs can be used to create a secure, encrypted tunnel between two or more devices, allowing them to communicate securely over an otherwise insecure network.

Intrusion detection and prevention systems (IDPS): These systems can detect and prevent malicious activity on the network by analyzing network traffic and identifying patterns that indicate an attack.

Access controls: access controls can be used to restrict access to the network to only authorized users, devices and services.

Network segmentation: separating network into smaller parts, and limit the access of devices and users to the parts of the network where they need to access.

Regularly applying software updates and patching vulnerabilities: Software vulnerabilities in the systems can be exploited by attackers, thus regular updates and patches can help to reduce the risk of exploitation.

Regularly monitoring and auditing network activity: Regularly monitoring and auditing network activity can help to identify suspicious activity and respond to security incidents quickly.

SHARING RESOURCES

Sharing resources is a fundamental aspect of computer networking. It allows multiple devices to access and use the same resources, such as printers, files, and data storage, over a network. This can greatly increase productivity and efficiency, as users can access resources from any device on the network without having to transfer files or physically connect devices.

There are different ways to share resources on a network:

File sharing: Allows users to access and share files stored on a central server or computer. This can be done through protocols such as SMB (Server Message Block), NFS (Network File System), and FTP (File Transfer Protocol).

Printer sharing: Allows multiple users to access and print to a shared printer. This can be done through protocols such as LPR (Line Printer Remote) and LPD (Line Printer Daemon).

Remote desktop sharing: Allows users to access and control another computer remotely, as if they were sitting in front of it. This can be done through protocols such as RDP (Remote Desktop Protocol) and VNC (Virtual Network Computing)

Cloud Services: Allows users to share and access data and applications on remote servers, these servers can be accessed over the internet using various devices and platforms.

Resource allocation: Allows users to share resources such as CPU, memory, and storage space. This can be done through technologies such as virtualization, which allows multiple virtual machines to share the same physical resources.

Sharing resources in a network can also help to reduce costs, as it eliminates the need for multiple devices and licenses for the same resources.

Sharing Requirements

In order to facilitate the sharing of resources in a network, the following hardware and software components are typically necessary:

Network Interface Card (NIC): A NIC is a hardware component that allows a computer to connect to a network. It is necessary for all devices on the network to have a NIC in order to communicate and share resources.

Network Operating System: A network operating system, such as Windows Server, Linux, or MacOS Server, is necessary for managing and controlling access to shared resources. It allows for the creation of user accounts, permissions, and access controls for shared resources.

File Server: A file server is a computer or device that stores and manages files that are shared on the network. It can be a dedicated hardware device or a software-based solution running on a regular computer.

Print Server: A print server is a device or software that allows multiple users to access and print to a shared printer. It manages the print jobs and controls access to the printer.

Remote Desktop Software: Software that allows remote access and control of another computer, such as Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC), is necessary for remote desktop sharing.

Cloud Services: Cloud-based services such as Dropbox, Google Drive, and OneDrive allow users to share and access data and applications on remote servers, these servers can be accessed over the internet using various devices and platforms.

Virtualization software: Virtualization software such as VMware, Hyper-V, and VirtualBox allows multiple virtual machines to share the same physical resources, this is necessary for resource allocation.

Network Switch/Router: These devices are necessary for connecting multiple devices on the network and allowing them to communicate and share resources.

Hacking Sharing Protocols

Criminal hackers may exploit resource sharing protocols such as RDP, VNC, FTP, and network switches to gain unauthorized access to a network and steal sensitive information. Here are a few examples of how they might do this:

RDP and VNC: Criminal hackers may use brute-force attacks to guess login credentials for remote desktop protocols, or exploit known vulnerabilities in the software to gain unauthorized access to a computer or network.
FTP: Criminal hackers may use brute-force attacks to guess login credentials for FTP servers, or exploit known vulnerabilities in the software to gain unauthorized access to a file server and steal sensitive information.
Network switches: Criminal hackers may use techniques like ARP spoofing to intercept communication between devices on a network, or exploit vulnerabilities in the switch’s firmware to gain unauthorized access to the network.
Phishing: Criminal hackers may use phishing emails or fake websites to trick users into providing login credentials or other sensitive information, allowing the hacker to gain access to the user’s computer or network.
Malware: Criminal hackers may use malware such as viruses, trojans, or ransomware to infect a user’s computer and gain control of it, allowing them to access the user’s files and network connections.
Backdoors: Criminal hackers may exploit vulnerabilities in the network switches firmware to install backdoors, which allows them to have persistent access to the network and the resources shared on it.
Remote Access: Criminal hackers may use Remote Access Trojan (RAT) to gain remote access to a computer and move laterally through the network to gain access to other resources.

It’s important to note that these protocols and network devices are usually secured with a combination of firewalls, intrusion detection and prevention systems, regular software updates and patches, access controls, and network segmentation to prevent these types of attacks.

Protecting Sharing Protocols

Cyber defenders can take several measures to protect networks from hacking of sharing protocols and services such as RDP, VNC, cloud-based services, and network switches. Here are a few examples:

Firewalls: Firewalls can be used to block unauthorized access to the network by filtering incoming and outgoing traffic based on predefined rules. This can help to prevent hackers from accessing services such as RDP and VNC.

Intrusion detection and prevention systems (IDPS): These systems can detect and prevent malicious activity on the network by analyzing network traffic and identifying patterns that indicate an attack. This can help to protect against hacking of network switches and cloud-based services.

Access controls: Access controls can be used to restrict access to the network to only authorized users, devices, and services. This can help to prevent hackers from accessing services such as RDP and VNC.

Network segmentation: Network segmentation can be used to separate the network into smaller parts, and limit the access of devices and users to the parts of the network where they need to access. This can help to prevent hackers from moving laterally through the network.

Two-factor authentication (2FA): Two-factor authentication can be used to protect remote access protocols such as RDP, VNC, and SSH by requiring an additional form of authentication, such as a token or biometrics.

Virtual Private Networks (VPNs): VPNs can be used to create a secure, encrypted tunnel between two or more devices, allowing them to communicate securely over an otherwise insecure network. This can help to protect against hacking of cloud-based services.

Regularly applying software updates and patching vulnerabilities: Software vulnerabilities in the systems can be exploited by attackers, thus regular updates and patches can help to reduce the risk of exploitation.

Regularly monitoring and auditing network activity: Regularly monitoring and auditing network activity can help to identify suspicious activity and respond to security incidents quickly.

Encryption: Encrypting data in transit and at rest can protect communication from being intercepted and read by unauthorized parties.

Employee awareness and education: Employee awareness and education can help to prevent social engineering attacks, such as phishing, that are often used to gain initial access to a network.

DEFENDING FORWARD

There are several innovative ways that cyber defenders can defend forward and gain hacker trust or cooperation:

Bug Bounty Programs: These programs offer rewards to hackers who report vulnerabilities in a company’s systems, rather than exploiting them. This can incentivize hackers to report vulnerabilities to the company rather than exploiting them.

Offensive Security: By simulating attacks on the network and identifying vulnerabilities, companies can proactively identify and fix vulnerabilities before they are exploited.

Honeypots: These are decoy systems or services that are set up to attract and detect malicious activity. This can help to identify and track hackers, and gain insight into their tactics, techniques, and procedures.

Red Team/Blue Team exercises: These exercises involve simulating real-world attacks on a company’s systems to identify vulnerabilities and test incident response plans. This can help to improve the overall security of the network.

Collaboration with the hacker community: Building relationships with the hacker community through events, meetups, and other initiatives, can help to foster trust and cooperation. This can help to identify vulnerabilities and threats early, and gain valuable insight into the mindset of attackers.

Deception techniques: These techniques involve planting false information on a network to deceive attackers and misdirect their efforts. This can help to protect the company’s assets and buy time for incident response teams to respond.

Bi-directional communication: Establishing a direct communication channel with hackers, such as a “kill-switch” or a “hacker hotline” can help in convincing them to stop the attack and avoid escalating the situation.

Quid pro quo: Creating a mutually beneficial relationship with hackers, where the company provides them with legal and legitimate ways to use their skills, in exchange for their cooperation in identifying vulnerabilities and helping to secure the company’s systems.

It’s important to note that these methods must be used in compliance with the laws and regulations of the country and with the ethical guidelines.

This is alot of information for one article but it was all useful for me and I primarily work with cybersecurity policy and risk management! Leave me a comment or a thumbs up if you found this useful.