Navigation :

Network

What is a Network?

Watch the presentation

Se presentationen på svenska

A network is an interconnected system of devices designed to facilitate communication, data exchange, and resource sharing. Networks play a critical role in IT infrastructure, supporting everything from basic file sharing to the operation of complex distributed applications and services.

Core Functions of a Network

A network connects multiple devices, called nodes, to allow for seamless data transmission. This data travels in packets, which are routed to their destination through network devices. Routers manage inter-network traffic, ensuring data flows between different networks, while switches control intra-network data transfer within the same network.

»

IP Addresses and CIDR Ranges

Watch the presentation

Se presentationen på svenska

In networking, the smooth flow of data between devices relies on fundamental components such as IP addresses, CIDR ranges, subnets, and Network Interface Cards (NICs). Understanding how these elements work together is essential for managing networks effectively, whether in a local environment or the cloud.

What Are IP Addresses?

An IP address (Internet Protocol address) is a unique identifier assigned to each device on a network, enabling it to send and receive data accurately. IP addresses are classified as public or private, depending on whether they are used on the internet or within local networks.

»

Private and Public Networks

Watch the presentation

Se presentationen på svenska

This article explores how private networks create secure, internal communication environments using non-routable IP addresses, while public networks facilitate global connectivity with public IPs. Understanding the unique characteristics, benefits, and challenges of each network type provides valuable insight into their use cases and how they connect with the wider internet.

What Are Private Networks?

Private networks are used for internal communication within an organization or a defined environment, such as a home, office, or data center. Devices on a private network use non-routable IP addresses, meaning they cannot directly communicate with external networks or the public internet. This ensures a level of isolation that enhances security and control over data flow.

»

Firewalls

Watch the presentation

Se presentationen på svenska

Firewalls acts as a protective barrier between trusted internal networks and untrusted external ones, such as the internet. By filtering and controlling the flow of network traffic based on predefined security rules, firewalls help prevent unauthorized access, cyberattacks, and other potential threats. Their primary function is to allow legitimate traffic while blocking any harmful or unauthorized data.

How Firewalls Work

Firewalls inspect data packets as they enter or exit a network, deciding whether to permit or block them based on a set of rules. These rules specify criteria such as source and destination IP addresses, ports, and protocols. Firewalls can operate at various layers of the network stack, from analyzing individual packets to monitoring entire network sessions and applications.

»

The OSI Model

Watch the presentation

Se presentationen på svenska

The OSI Model (Open Systems Interconnection Model) is a framework that breaks down network communication into seven distinct layers. Each layer has a specific function that supports the transmission and reception of data across networks. This model standardizes how different systems communicate, ensuring compatibility and reliability in data transfer.

Below, we explore each layer with emphasis on Layer 4 (Transport) and Layer 7 (Application), as these are key to understanding essential protocols and the functioning of load balancers and web applications.

»

Network Intermediaries

Watch the presentation

Se presentationen på svenska

This article explains how network intermediaries like proxies, reverse proxies, and load balancers enhance network security, performance, and traffic management.

What Are Network Intermediaries?

A network intermediary is any device or service that sits between a client (e.g., a user’s computer or mobile device) and a server (hosting applications or services) to manage or direct the traffic passing through. These intermediaries perform various tasks, including traffic routing, load balancing, security filtering, and optimizing performance. Common types of network intermediaries include:

»

Brandväggar

Vad är en Brandvägg?

  • En brandvägg fungerar som en säkerhetsbarriär mellan betrodda interna nätverk och opålitliga externa.
  • Den övervakar och kontrollerar inkommande och utgående nätverkstrafik baserat på säkerhetsregler.

Hur Brandväggar Fungerar

  • Undersöker datapaket för att avgöra om de ska tillåtas eller nekas.
  • Implementerar regler baserade på 5 “tuples”:
    • Source/Destination IP
    • Source/Destination Port
    • Protocol

Tekniker för Brandväggar

  1. Packet Filtering:
    • Inspekterar paket individuellt baserat på fördefinierade regler.
  2. Stateful Inspection:
    • Kontrollerar tillståndet för aktiva anslutningar för att fatta mer informerade beslut.
  3. Next-Generation Brandväggar (NGFW):
    • Inkluderar avancerade funktioner som deep packet inspection och intrusion prevention.

Best Practices

  • Följ principen om Least Privilege: Tillåt endast nödvändig trafik och blockera allt annat.
  • Använd specifika regler: Ange exakta IP-intervall, portar och protokoll för att kontrollera trafiken.
  • Aktivera loggning och övervakning: Spåra vilka regler som utlöses för att identifiera ovanliga trafikmönster och potentiella säkerhetsincidenter.
»

Firewalls

What is a Firewall?

  • A firewall acts as a security barrier between trusted internal networks and untrusted external ones.
  • It monitors and controls incoming and outgoing network traffic based on security rules.

How Firewalls Work

  • Examine data packets to decide whether to allow or deny them.
  • Implement rules based on the 5 tuples:
    • Source/Destination IP
    • Source/Destination Port
    • Protocol

Firewall Techniques

  1. Packet Filtering:
    • Inspects packets individually based on predefined rules.
  2. Stateful Inspection:
    • Tracks the state of active connections to make more informed decisions.
  3. Next-Generation Firewalls (NGFW):
    • Incorporate advanced features like deep packet inspection and intrusion prevention.

Best Practices

  • Follow the Principle of Least Privilege: Only permit necessary traffic and block all else
  • Use Specific Rules: Specify exact IP ranges, ports, and protocols to control traffic
  • Enable Logging and Monitoring: Track which rules are being triggered to identify unusual traffic patterns and potential security incidents.
»

IP Addresses and CIDR Ranges

What are IP Addresses?

  • Unique identifiers for devices in a network.

Types of IP Addresses

  • IPv4: 32-bit addresses (e.g., 192.168.1.1); widely used.
    • Limited address space; NAT often required.
  • IPv6: 128-bit addresses (e.g., 2001:0db8:85a3::8a2e:0370:7334); designed for scalability.
    • Vast address space

CIDR (Classless Inter-Domain Routing)

  • CIDR simplifies IP address allocation by grouping addresses.
  • Represented as IP/Prefix, where Prefix indicates the subnet size.
  • Example: 192.168.1.0/24 represents 256 addresses.
  • Example: 192.168.1.1/32 represents 1 addresses.
  • Example: 0.0.0.0/0 represents all addresses.

Subnetting with CIDR

  • Divides IP ranges into smaller networks.
  • Improves network organization and security.
  • Reduces waste in address allocation.

Example of CIDR Range

  • 192.168.1.0/24:
    • Subnet contains addresses from 192.168.1.0 to 192.168.1.255.
    • Supports 256 addresses.
»

IP-adresser och CIDR-intervall

Vad är IP-adresser?

  • Unikt ID för noder i ett nätverk.

Typer av IP-adresser

  • IPv4: 32-bitarsadresser (t.ex. 192.168.1.1); vanligast.
    • Begränsat antal; NAT krävs ofta.
  • IPv6: 128-bitarsadresser (t.ex. 2001:0db8:85a3::8a2e:0370:7334); skalbarhet.
    • Enormt antal adresser.

CIDR (Classless Inter-Domain Routing)

  • CIDR förenklar tilldelning av IP-adresser genom att gruppera adresser.
  • Representeras som IP/Prefix, där Prefix anger subnätets storlek.
  • Exempel: 192.168.1.0/24 (256 adresser)
  • Exempel: 192.168.1.1/32 (1 adress)
  • Exempel: 0.0.0.0/0 (alla adresser)

Subnät med CIDR

  • Delar IP-intervall i mindre nätverk.
  • Förbättrar nätverksorganisation och säkerhet.
  • Minskar slöseri med IP-adresser.

Exempel på CIDR Range

  • 192.168.1.0/24:
    • Subnät innehåller adresser från 192.168.1.0 till 192.168.1.255.
    • 256 adresser.
»