person Tute World Team

Networking Basics for Security

You can't secure a network you don't understand. This article covers the essential networking concepts — TCP/IP, DNS, ports, firewalls — that underpin every security discussion about how data travels across the internet.

How Does the Internet Actually Work?

The internet is a global network of interconnected computers. When you visit a website, your request travels through many layers of infrastructure before reaching the server and coming back to your screen. Here's the simplified path:

  1. You type https://example.com into your browser
  2. Your computer asks DNS: "What is the IP address of example.com?"
  3. DNS responds: "It's 93.184.216.34"
  4. Your computer connects to that IP address over TCP
  5. TLS encrypts the connection (the "S" in HTTPS)
  6. The server sends back the webpage
  7. Your browser renders it

Every one of these steps is a potential attack surface. Let's walk through the key components.

IP Addresses: The Internet's Postal System

Every device on the internet has an IP address — a unique numerical label that identifies it and enables routing. Like a postal address for data.

  • IPv4: 32-bit addresses written as four numbers: 192.168.1.1. About 4.3 billion possible addresses — we've run out.
  • IPv6: 128-bit addresses to solve the shortage: 2001:0db8:85a3::8a2e:0370:7334. Practically unlimited.
  • Public vs. Private: Your home router has a public IP (visible to the internet) but your devices have private IPs (only visible within your home network, like 192.168.x.x).
Security relevance: IP addresses are used in firewall rules, access controls, and attack attribution. They're not foolproof identifiers — attackers use VPNs and proxies to mask their real IP.

TCP vs. UDP: Reliability vs. Speed

Data travels across the internet in packets. Two main protocols govern how:

TCP (Transmission Control Protocol)

Reliable, ordered, confirmed. TCP establishes a connection (the three-way handshake), ensures every packet arrives, and re-sends any that are lost. Used for: web browsing, email, file transfers, SSH.

Analogy: Sending a registered letter — you get a confirmation it arrived.

UDP (User Datagram Protocol)

Fast, unreliable, connectionless. UDP fires packets with no confirmation. Some are lost, and that's acceptable. Used for: video streaming, online gaming, DNS, VoIP.

Analogy: Shouting across a room — fast, but some words may be missed.

Security relevance of TCP handshake

The TCP three-way handshake (SYN → SYN-ACK → ACK) establishes every TCP connection. SYN flood attacks exploit this by sending thousands of SYN packets without completing the handshake, exhausting server resources — a classic DDoS method.

Ports: The Doors on Every Server

A port is a numbered endpoint on a device. Think of an IP address as a building's street address, and ports as individual apartment doors within that building. Different services listen on different ports:

PortProtocolService
80TCPHTTP (unencrypted web)
443TCPHTTPS (encrypted web)
22TCPSSH (secure shell / remote access)
25TCPSMTP (email sending)
53UDP/TCPDNS (domain name resolution)
3389TCPRDP (Remote Desktop Protocol)
Security relevance: Attackers scan for open ports to find vulnerable services. Port 3389 (RDP) exposed to the internet is a common ransomware entry point. Firewalls block unnecessary ports. Always close what you don't need.

DNS: The Internet's Phone Book

The Domain Name System (DNS) translates human-readable domain names (google.com) into IP addresses (142.250.80.46) that computers use to route traffic.

Without DNS, you'd have to remember the IP address of every website. DNS is the phonebook of the internet.

DNS is a major attack vector

  • DNS Spoofing / Cache Poisoning: Injecting false DNS records to redirect users to attacker-controlled servers
  • DNS Hijacking: Compromising a router or ISP's DNS to redirect all traffic
  • DNS Tunneling: Smuggling data out through DNS queries (bypassing firewalls that only block TCP/UDP but allow DNS)

Defense: DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records, and DNS over HTTPS (DoH) / DNS over TLS (DoT) encrypt DNS queries.

Firewalls: The Gatekeepers

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predefined rules. It decides what's allowed in and what's blocked.

  • Packet filtering firewalls — examine each packet and block based on IP address, port, or protocol. Simple and fast.
  • Stateful inspection firewalls — track the state of connections and only allow packets that are part of an established, legitimate connection.
  • Next-generation firewalls (NGFW) — add deep packet inspection, intrusion prevention, application awareness, and SSL decryption.
  • Web Application Firewalls (WAF) — sit in front of web applications and block attacks like SQL injection and XSS.

Frequently Asked Questions

What is the OSI model and do I need to know it?

The OSI (Open Systems Interconnection) model is a 7-layer framework for thinking about network communication: Physical, Data Link, Network, Transport, Session, Presentation, Application. Security professionals often reference it (e.g., "a Layer 7 attack" means an application-layer attack like HTTP flood). You don't need to memorize it to start, but it becomes a useful mental model as you go deeper.

Why is HTTP dangerous and HTTPS safe?

HTTP sends everything in plain text — anyone monitoring the network can read your usernames, passwords, and data. HTTPS wraps HTTP in TLS encryption, so even if your traffic is intercepted, it's unreadable ciphertext. The "S" in HTTPS means "secure" — and it's always a minimum requirement for any site handling sensitive data.

What is a VPN and does it protect me?

A VPN (Virtual Private Network) encrypts all traffic from your device and routes it through a server in another location. It protects against network-level eavesdropping (useful on public Wi-Fi) and hides your IP from websites. It does NOT protect against malware, phishing, or weak passwords. It's one layer of protection, not a silver bullet.

← Types of Threats Next: Authentication & Authorization →

Frequently Asked Questions

What will I learn here?

This page covers the core concepts and techniques you need to understand the topic and progress confidently to the next lesson.

How should I use this page?

Start with the overview, then follow the section links to deepen your understanding. Use the table of contents on the right to jump to specific sections.

What should I read next?

Use the navigation below to continue to the next lesson or explore related topics.