Security starts with understanding how data flows. Master TCP/IP, DNS, HTTP, and common network attacks.
Networking fundamentals every security engineer must know:
OSI Model — 7 layers, know which attacks target which layer:
- Layer 2: ARP spoofing, MAC flooding
- Layer 3: IP spoofing, ICMP attacks, routing attacks
- Layer 4: TCP SYN flood, session hijacking
- Layer 7: SQLi, XSS, CSRF, SSRF, XXE
Key Protocols:
- TCP/IP: 3-way handshake, sequence numbers, TCP flags (SYN, ACK, FIN, RST)
- DNS: query types (A, AAAA, MX, TXT, CNAME), zone transfer (AXFR), DNS poisoning
- HTTP/HTTPS: methods, headers, cookies (Secure, HttpOnly, SameSite), TLS handshake
- TLS/SSL: certificate chain, CA, CRL, OCSP, cipher suites, HSTS
- SSH: key-based auth, port forwarding, jump hosts
Network Scanning:
- Nmap: host discovery, port scanning, service version, OS fingerprinting, NSE scripts
- Wireshark: packet capture, filter syntax, dissecting TLS, analysing malware traffic
OSI Model — 7 layers, know which attacks target which layer:
- Layer 2: ARP spoofing, MAC flooding
- Layer 3: IP spoofing, ICMP attacks, routing attacks
- Layer 4: TCP SYN flood, session hijacking
- Layer 7: SQLi, XSS, CSRF, SSRF, XXE
Key Protocols:
- TCP/IP: 3-way handshake, sequence numbers, TCP flags (SYN, ACK, FIN, RST)
- DNS: query types (A, AAAA, MX, TXT, CNAME), zone transfer (AXFR), DNS poisoning
- HTTP/HTTPS: methods, headers, cookies (Secure, HttpOnly, SameSite), TLS handshake
- TLS/SSL: certificate chain, CA, CRL, OCSP, cipher suites, HSTS
- SSH: key-based auth, port forwarding, jump hosts
Network Scanning:
- Nmap: host discovery, port scanning, service version, OS fingerprinting, NSE scripts
- Wireshark: packet capture, filter syntax, dissecting TLS, analysing malware traffic