Zach's Blog

      This week I learned more about firewalls and intrusion detection systems. Firewalls are extremely important as they help prevent malicious actors from doing harmful things on a network such as DoS attacks and data exfiltration. Beyond firewalls, intrusion detection systems provide another level of security by performing deep packet inspections to detect any intrusions onto one's network. Some possible intrusions that could be caught on a network is port scanning, network mapping, and DoS attacks. With a goal of network intruders being to perform reconnaissance on a network to determine attack vectors, an IDS can be vital to recognizing such activity.

        In week 7 we learned more about the link layer and local area networks. Once specific topic that was fairly important this week was ARP, address resolution protocol. Within a LAN, network devices such as network interface cards (NICs) are given unique MAC addresses which identifies the card. However, the layer 3 interface needs 32 bit address for forwarding. With ARP we can resolve IP addresses to MAC addresses. For a host to determine the MAC address of another without having previous knowledge of it, the host mush search it's cache to determine if it knows the MAC address of the other host. If the desired MAC address it's unknown, an ARP broadcast can be sent and the host machine can reply with its MAC address, updating the requesting machine's ARP table, and allowing the requesting machine to send a datagram.

      This week we learned about the Network Layer control plane, such as routing protocols, the software defined networking control plane, and the internet control message protocol (ICMP). Throughout the lectures I found ICMP most interesting as I've seen it most often. ICMP is used in the network layer, where communication between different hosts and routers can be tested. ICMP can be used to query a network by issuing a ping command. In the instance where a ping command fails , that information is also valuable as it allows error to be reported due to a host, network, port, or protocol being unreachable. ICMP sends a request to another host or router, and if reachable, the host or router sends back a reply. However, if the host or router is unreachable, the datagram sent by the querying host is thrown out, and an ICMP error message is delivered to the querying host.