November 22, 2025 • 10 mins
In this lesson, you’ll learn about:
Layers: Application, Transport, Internet, Link. II. Security and Access Management (IAM & AAA) Identity and Access Management defines how users authenticate, what they can access, and how their actions are tracked. AAA Model
IV. IP Addressing: IPv4 and IPv6 IPv4
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
- Networking communication frameworks, including the OSI and TCP/IP models
- Identity and Access Management (IAM) and the AAA security model
- Secure and insecure network protocols
- IPv4 and IPv6 addressing fundamentals
- Layer 1 — Physical:
Handles the transmission of bits over physical media (cables, radio waves).
Devices: NICs, hubs, repeaters. - Layer 2 — Data Link:
Responsible for LAN communication using MAC addresses (48-bit hex).
Devices: Switches, bridges.
Protocols: Ethernet, ARP (maps IP → MAC). - Layer 3 — Network:
Handles routing and logical addressing.
Protocols: IP, IPsec, ICMP.
Devices: Routers. - Layer 4 — Transport:
Handles data delivery using:- TCP: Reliable, connection-oriented
- UDP: Fast, connectionless (e.g., VoIP)
TLS/SSL also function here for secure data transfer.
- Layers 5–7 — Session, Presentation, Application:
- Session: Controls communication sessions (simplex, half-duplex, full-duplex).
- Presentation: Formats data (JPEG, MP4, ASCII).
- Application: Interfaces with the user (HTTP, FTP, email protocols).
Layers: Application, Transport, Internet, Link. II. Security and Access Management (IAM & AAA) Identity and Access Management defines how users authenticate, what they can access, and how their actions are tracked. AAA Model
- Authentication (A1):
Proving identity, typically via passwords hashed with SHA or MD5 and compared to stored hashes. - Authorization (A2):
Defines what actions or resources a user is allowed to access. - Accounting (A3):
Logging and auditing user activity for accountability.
Example: Windows event logs for login attempts.
- Discretionary Access Control (DAC):
Users can manage permissions for their own resources (less strict). - Mandatory Access Control (MAC):
Centralized, classification-based access rules (e.g., “Top Secret”).
IV. IP Addressing: IPv4 and IPv6 IPv4
- Introduced in 1983
- Uses 32-bit dotted decimal notation (e.g., 192.168.1.1)
- Address space nearly exhausted
- 10.x.x.x
- 172.16–31.x.x
- 192.168.x.x
- Introduced in 1996
- Uses 128-bit hexadecimal notation
- Virtually unlimited address space → no need for NAT
- Unicast: One-to-one
- Multicast: One-to-many
- Anycast: One-to-nearest node among many
You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Welcome to the deep dive. Today, we're cracking open the
dense technical blueprints of modern technology and really distilling them
into something you can.
Speaker 2 (00:09):
Use right into actionable knowledge.
Speaker 1 (00:11):
Exactly if you're coding, if you're building infrastructure, or focus
on cybersecurity, you know that understanding how data communicates isn't optional. Yes,
it's the absolute foundation, it really is.
Speaker 2 (00:24):
And people ask this all the time, Right, why do
I need to know the OSIME model? I just need
to build an API And the answer is always about complexity,
It's about scale. These models, OSI, Triple A IP, they
aren't just academic, they're the map. They give you the
vocabulary you need to actually solve problems.
Speaker 1 (00:42):
You're kind of debugging blind without them, totally blind.
Speaker 2 (00:44):
If you don't know layer three from layer four, you're
just guessing.
Speaker 1 (00:47):
So our mission today is to create a shortcut for you.
We're going to unpack how data travels, how access is controlled,
and honestly, which old insecure protocols you need to get
rid of right now?
Speaker 2 (00:58):
Okay, so where we start the map itself.
Speaker 1 (01:00):
Let's start with the map, the OSI model.
Speaker 2 (01:02):
The Open System's Interconnection Model Standardize way back in what
nineteen eighty four.
Speaker 1 (01:07):
Yeah, And it's basically this conceptual framework that breaks down
network communication into seven distinct layers.
Speaker 2 (01:13):
It's how everyone in it gets on the same page.
Whether you're talking about a bad cable or a piece
of malware, you can point to a layer.
Speaker 1 (01:21):
And to really master this, you do need to know
the seven layers in order, from the physical wire all
the way up.
Speaker 2 (01:26):
And for that we have the classic mnemonic.
Speaker 3 (01:30):
Please do not throw sausage pizza away, a classic for
a reason, and that gives you physical data, link, network transport, session, presentation,
and finally application at the top.
Speaker 1 (01:42):
And we use those numbers constantly L one, L two,
L three. It's shorthand absolutely. Now a really core concept
here is something called peer based communication.
Speaker 2 (01:50):
Right. This is so important. A layer only talks to
the layer directly above it or directly below it.
Speaker 1 (01:56):
So layer three, the network layer, can't just jump up
and talk to the application layer at layer seven.
Speaker 2 (02:00):
Nope, it has to go up or down one step
at a time through the whole stack.
Speaker 1 (02:05):
And as the data moves through that stack, it actually
gets transformed, doesn't it.
Speaker 2 (02:09):
It does. The generic name for the data any layer
is a protocol data unit or PDU.
Speaker 1 (02:15):
But it changes names.
Speaker 2 (02:16):
Yeah, and knowing the names is a good way to
show you really get it. At layer four, the transport layer,
it's called a segment, and.
Speaker 1 (02:23):
Then at layer three it becomes a packet.
Speaker 2 (02:25):
Right, and then finally at layer two, the data link layer,
we call it a frame.
Speaker 1 (02:29):
So that leads us to how data gets packaged in
the first place, encapsulation encapsulation.
Speaker 2 (02:35):
So you're sending an email that starts at the top
layer seven. As your data travels down the stack toward
the wire.
Speaker 1 (02:41):
It picks up extra information at each layer exactly.
Speaker 2 (02:44):
Each layer wraps the data in a header. Think of
it like putting a letter into an envelope, then putting
that envelope into a slightly bigger one, and.
Speaker 1 (02:52):
That header has all the instructions precisely.
Speaker 2 (02:55):
It tells the corresponding pere layer on the other machine
what to do with the data. Then when it's received,
the reverse happens. The encapsulation yep, starts at the bottom
layer one. As the data goes up the stack, each
layer just strips off the header that it's peer put
on until you're left with the original application data at
layer seven.
Speaker 1 (03:14):
Okay, so let's dig into a few of these layers.
Layer one, the physical layer. Pretty simple, but you can't
do anything without.
Speaker 2 (03:20):
It, No, you can't. This is the realm of bits,
the actual zeros and ones flowing as electrical signals, lightover
fiber or radio waves.
Speaker 1 (03:28):
Your cables, your network interface card, your.
Speaker 2 (03:31):
NIC and some older devices you should be wary of,
like hubs or repeaters. Remember a hub is well, it's
pretty dumb. It just blasts every bit of traffic it
receives to every single device connected to it.
Speaker 1 (03:44):
Which is a security and performance nightmare.
Speaker 2 (03:47):
Huge one.
Speaker 1 (03:48):
So we've got the physical bits flowing. Now let's talk
about how we control who has access to this data flow.
Speaker 2 (03:53):
Okay, that brings us to identity and access management or
triple A services.
Speaker 1 (03:59):
Triple A authentication, authorization, and accounting exactly.
Speaker 2 (04:02):
Authentication is you proving who you are.
Speaker 1 (04:04):
Yeah.
Speaker 2 (04:05):
Authorization is what you're allowed to do once you've proven.
Speaker 1 (04:07):
It, and accounting is the log of everything you did.
Speaker 2 (04:10):
Yep, the audit trail.
Speaker 1 (04:11):
Let's focus on authentication for a second. That Windows login
screen everyone sees when you type in your password, something
very specific happens.
Speaker 2 (04:19):
Right. This system does not just compare your plain text
password to a stored one. That would be incredibly insecure.
Speaker 1 (04:26):
So what does it do.
Speaker 2 (04:27):
It uses a one way cryptographic function called hashing. It
takes your password, runs it through an algorithm like SAHA
two five six, and produces a unique string a hash value, and.
Speaker 1 (04:39):
It compares that generated hash to the hash it has
on file.
Speaker 2 (04:42):
For you exactly, and just to be crystal clear for
anyone listening, this is fundamentally different from encryption. How so, Well,
encryption is a two way process. You can encrypt something
and then you can decrypt it back to the original.
Hashing is a one way street. You cannot reverse it
to get the original password.
Speaker 1 (05:00):
Which is why even if a password database gets stolen,
the passwords themselves are still protected in theory.
Speaker 2 (05:06):
Yes, that's the whole point.
Speaker 1 (05:08):
Okay, so you're authenticated. Now comes authorization. This is about permissions,
right Are.
Speaker 2 (05:13):
You an ADVIN a standard user? This determines what files,
what systems, what resources you're allowed to touch.
Speaker 1 (05:21):
And there are different models for this, aren't there?
Speaker 2 (05:23):
There are? The most common one you'll see in a
corporate setting is probably discretionary access control or DAC.
Speaker 1 (05:30):
Discretionary meaning the owner of the resource gets to decide.
Speaker 2 (05:33):
Exactly you create a file, you get to decide who
can read it or edit it.
Speaker 1 (05:37):
It's flexible, but the opposite of that would be mandatory
access control MA.
Speaker 2 (05:43):
MA is the complete opposite. It's rigid, top down. A
central authority sets the rules and classifications and the user
can't change anything. Think government classifications top secret. Right, the
data is labeled top secret and you have top secret clearance.
The system enforces it.
Speaker 1 (05:59):
It'satory, and the final a accounting or auditing.
Speaker 2 (06:03):
This is all about the logs. Every log in, every
failed attempt, every file access, it all gets written to
a log like the Windows event viewer.
Speaker 1 (06:10):
So if something bad happens, you have a trail.
Speaker 2 (06:13):
You have a trail. It's all about accountability.
Speaker 1 (06:15):
Okay, let's jump back to the OSI model, to layer three,
the network laire. This is where we find the Internet's
address book.
Speaker 2 (06:21):
Ip IPv four, specifically our original standard from nineteen eighty three.
It uses a thirty two bit address.
Speaker 1 (06:28):
Which gives us about four billion addresses.
Speaker 2 (06:30):
Seemed like a lot at the time.
Speaker 1 (06:32):
Yeah, we burn through those a lot faster than anyone expected,
which led to the problem of address exhaustion.
Speaker 2 (06:37):
And the solution was IPv six.
Speaker 1 (06:39):
IPv six, with its massive one hundred and twenty eight
bit address space. It gives us well an effectively unlimited
number of addresses, something like three hundred and forty one dacillient.
Speaker 2 (06:50):
So why aren't we all using it? The adoption has
been so.
Speaker 1 (06:52):
Slow, it's been painfully slow. A big part of it
is the notation. IPv four is that familiar dotted decimal
one ninety two point one ZI eight point one point one,
easy to remember right. IPv six uses longer hexodesimal characters
right in the mix of numbers and letters from eight f.
It just it looks more complex than people have been
reluctant to switch.
Speaker 2 (07:10):
So if IPv four addresses are all gone, how's the
Internet still running predominantly on it?
Speaker 1 (07:15):
One beautiful beautiful hack Network Address translation or NAT.
Speaker 2 (07:19):
Paired with private IP addressing exactly RC nineteen eighteen set
aside specific ranges of IPS that anyone can use inside
their private.
Speaker 1 (07:27):
Network, the ones everyone recognizes. The Class C range starts
at one ninety two point one six eight point zero
point zero.
Speaker 2 (07:34):
Or the Class A range, which starts at ten point
zero point zero. Your home or office network uses these
private IPS for all your devices.
Speaker 1 (07:43):
And then the router uses NAT to translate all of
those private addresses into one single public IP address to talk.
Speaker 2 (07:50):
To the Internet, and just like that, thousands of devices
can share one address.
Speaker 1 (07:53):
It bought us decades an incredible fix. So we have
the map, we have the security gate, and we have
the address book. Let's finish up with the actionable security checklist.
Speaker 2 (08:01):
Yeah, this is critical as a defender. Your job is
so hard. An attacker just needs to find one week.
Speaker 1 (08:07):
Link one insecure protocol, just.
Speaker 2 (08:09):
One, and there's still so many out there. So let's
just make a list of things you must retire.
Speaker 1 (08:13):
Okay, Web traffic HTTPP plaintext.
Speaker 2 (08:16):
Absolutely not. The mandatory replacement is HTTPS, and the.
Speaker 1 (08:19):
S NHTTPS relies on a protocol it.
Speaker 2 (08:22):
Does and that protocol must be TLS Transport Layer Security,
specifically version one point two or higher.
Speaker 1 (08:28):
Not SSL.
Speaker 2 (08:29):
No, if you see anything anywhere still using SSL, that
is a five alarm fire. All versions of SSL are broken,
vulnerable to attacks like poodlely it's deprecated.
Speaker 1 (08:40):
Okay, what about remote administration logging into a router or
a switch tel Net?
Speaker 2 (08:46):
Never Telnet sends your username and your password in plaintext
for anyone on the network to see. It is trivial
to sniff those credentials.
Speaker 1 (08:54):
The replacement is non negotiable.
Speaker 2 (08:56):
You must use SSH secure shell specifically as SH version.
Speaker 1 (09:00):
Two, and the same goes for transferring files with FDP right.
Speaker 2 (09:03):
Same exact problem. Plaintext credentials you have to use SFTP,
which is secure FTP because it runs over an SSH tunnel.
Speaker 1 (09:10):
It extends to everything email.
Speaker 2 (09:12):
Use the secure versions POP three, s IPS Network Monitoring
SNMP version three, Versions one and two have major security flaws.
Avoid them completely.
Speaker 1 (09:21):
That was a pretty complete journey. We covered the seven
layer osimapp, the triple A security gate, the IP address book,
and the essential protocols to lock it all down.
Speaker 2 (09:31):
It's a lot, but it's all connected.
Speaker 1 (09:33):
So to help lock this in, let's pose a scenario
for you listening.
Speaker 2 (09:36):
Okay, Imagine you are asked to remotely configure a brand
new network router, but the only access tool they give
you is telnet. What foundational security flawed does that immediately expose?
And what is the mandatory secure alternative you have to
insist on using.
Speaker 1 (09:51):
That plaintext credential exposure is the giveaway? Of course, the
only right answer is SSH version two. Now, for one
final thought to leave you with, we talked about a
layer four, that transport layer, and that critical choice between
TCP and UDP.
Speaker 2 (10:04):
Right reliability versus speed.
Speaker 1 (10:06):
So here's the question. Given that TCP has to complete
its handshakes and reliability checks, how am I choosing UDP
for a critical system, even with the risk of dropping
packets actually be a calculated trade off that improves security
by mitigating certain kinds of denial of service attacks.
Speaker 2 (10:21):
Something to think about as you design your next system.
Welcome to the deep dive. Today, we're cracking open the
dense technical blueprints of modern technology and really distilling them
into something you can.
Speaker 2 (00:09):
Use right into actionable knowledge.
Speaker 1 (00:11):
Exactly if you're coding, if you're building infrastructure, or focus
on cybersecurity, you know that understanding how data communicates isn't optional. Yes,
it's the absolute foundation, it really is.
Speaker 2 (00:24):
And people ask this all the time, Right, why do
I need to know the OSIME model? I just need
to build an API And the answer is always about complexity,
It's about scale. These models, OSI, Triple A IP, they
aren't just academic, they're the map. They give you the
vocabulary you need to actually solve problems.
Speaker 1 (00:42):
You're kind of debugging blind without them, totally blind.
Speaker 2 (00:44):
If you don't know layer three from layer four, you're
just guessing.
Speaker 1 (00:47):
So our mission today is to create a shortcut for you.
We're going to unpack how data travels, how access is controlled,
and honestly, which old insecure protocols you need to get
rid of right now?
Speaker 2 (00:58):
Okay, so where we start the map itself.
Speaker 1 (01:00):
Let's start with the map, the OSI model.
Speaker 2 (01:02):
The Open System's Interconnection Model Standardize way back in what
nineteen eighty four.
Speaker 1 (01:07):
Yeah, And it's basically this conceptual framework that breaks down
network communication into seven distinct layers.
Speaker 2 (01:13):
It's how everyone in it gets on the same page.
Whether you're talking about a bad cable or a piece
of malware, you can point to a layer.
Speaker 1 (01:21):
And to really master this, you do need to know
the seven layers in order, from the physical wire all
the way up.
Speaker 2 (01:26):
And for that we have the classic mnemonic.
Speaker 3 (01:30):
Please do not throw sausage pizza away, a classic for
a reason, and that gives you physical data, link, network transport, session, presentation,
and finally application at the top.
Speaker 1 (01:42):
And we use those numbers constantly L one, L two,
L three. It's shorthand absolutely. Now a really core concept
here is something called peer based communication.
Speaker 2 (01:50):
Right. This is so important. A layer only talks to
the layer directly above it or directly below it.
Speaker 1 (01:56):
So layer three, the network layer, can't just jump up
and talk to the application layer at layer seven.
Speaker 2 (02:00):
Nope, it has to go up or down one step
at a time through the whole stack.
Speaker 1 (02:05):
And as the data moves through that stack, it actually
gets transformed, doesn't it.
Speaker 2 (02:09):
It does. The generic name for the data any layer
is a protocol data unit or PDU.
Speaker 1 (02:15):
But it changes names.
Speaker 2 (02:16):
Yeah, and knowing the names is a good way to
show you really get it. At layer four, the transport layer,
it's called a segment, and.
Speaker 1 (02:23):
Then at layer three it becomes a packet.
Speaker 2 (02:25):
Right, and then finally at layer two, the data link layer,
we call it a frame.
Speaker 1 (02:29):
So that leads us to how data gets packaged in
the first place, encapsulation encapsulation.
Speaker 2 (02:35):
So you're sending an email that starts at the top
layer seven. As your data travels down the stack toward
the wire.
Speaker 1 (02:41):
It picks up extra information at each layer exactly.
Speaker 2 (02:44):
Each layer wraps the data in a header. Think of
it like putting a letter into an envelope, then putting
that envelope into a slightly bigger one, and.
Speaker 1 (02:52):
That header has all the instructions precisely.
Speaker 2 (02:55):
It tells the corresponding pere layer on the other machine
what to do with the data. Then when it's received,
the reverse happens. The encapsulation yep, starts at the bottom
layer one. As the data goes up the stack, each
layer just strips off the header that it's peer put
on until you're left with the original application data at
layer seven.
Speaker 1 (03:14):
Okay, so let's dig into a few of these layers.
Layer one, the physical layer. Pretty simple, but you can't
do anything without.
Speaker 2 (03:20):
It, No, you can't. This is the realm of bits,
the actual zeros and ones flowing as electrical signals, lightover
fiber or radio waves.
Speaker 1 (03:28):
Your cables, your network interface card, your.
Speaker 2 (03:31):
NIC and some older devices you should be wary of,
like hubs or repeaters. Remember a hub is well, it's
pretty dumb. It just blasts every bit of traffic it
receives to every single device connected to it.
Speaker 1 (03:44):
Which is a security and performance nightmare.
Speaker 2 (03:47):
Huge one.
Speaker 1 (03:48):
So we've got the physical bits flowing. Now let's talk
about how we control who has access to this data flow.
Speaker 2 (03:53):
Okay, that brings us to identity and access management or
triple A services.
Speaker 1 (03:59):
Triple A authentication, authorization, and accounting exactly.
Speaker 2 (04:02):
Authentication is you proving who you are.
Speaker 1 (04:04):
Yeah.
Speaker 2 (04:05):
Authorization is what you're allowed to do once you've proven.
Speaker 1 (04:07):
It, and accounting is the log of everything you did.
Speaker 2 (04:10):
Yep, the audit trail.
Speaker 1 (04:11):
Let's focus on authentication for a second. That Windows login
screen everyone sees when you type in your password, something
very specific happens.
Speaker 2 (04:19):
Right. This system does not just compare your plain text
password to a stored one. That would be incredibly insecure.
Speaker 1 (04:26):
So what does it do.
Speaker 2 (04:27):
It uses a one way cryptographic function called hashing. It
takes your password, runs it through an algorithm like SAHA
two five six, and produces a unique string a hash value, and.
Speaker 1 (04:39):
It compares that generated hash to the hash it has
on file.
Speaker 2 (04:42):
For you exactly, and just to be crystal clear for
anyone listening, this is fundamentally different from encryption. How so, Well,
encryption is a two way process. You can encrypt something
and then you can decrypt it back to the original.
Hashing is a one way street. You cannot reverse it
to get the original password.
Speaker 1 (05:00):
Which is why even if a password database gets stolen,
the passwords themselves are still protected in theory.
Speaker 2 (05:06):
Yes, that's the whole point.
Speaker 1 (05:08):
Okay, so you're authenticated. Now comes authorization. This is about permissions,
right Are.
Speaker 2 (05:13):
You an ADVIN a standard user? This determines what files,
what systems, what resources you're allowed to touch.
Speaker 1 (05:21):
And there are different models for this, aren't there?
Speaker 2 (05:23):
There are? The most common one you'll see in a
corporate setting is probably discretionary access control or DAC.
Speaker 1 (05:30):
Discretionary meaning the owner of the resource gets to decide.
Speaker 2 (05:33):
Exactly you create a file, you get to decide who
can read it or edit it.
Speaker 1 (05:37):
It's flexible, but the opposite of that would be mandatory
access control MA.
Speaker 2 (05:43):
MA is the complete opposite. It's rigid, top down. A
central authority sets the rules and classifications and the user
can't change anything. Think government classifications top secret. Right, the
data is labeled top secret and you have top secret clearance.
The system enforces it.
Speaker 1 (05:59):
It'satory, and the final a accounting or auditing.
Speaker 2 (06:03):
This is all about the logs. Every log in, every
failed attempt, every file access, it all gets written to
a log like the Windows event viewer.
Speaker 1 (06:10):
So if something bad happens, you have a trail.
Speaker 2 (06:13):
You have a trail. It's all about accountability.
Speaker 1 (06:15):
Okay, let's jump back to the OSI model, to layer three,
the network laire. This is where we find the Internet's
address book.
Speaker 2 (06:21):
Ip IPv four, specifically our original standard from nineteen eighty three.
It uses a thirty two bit address.
Speaker 1 (06:28):
Which gives us about four billion addresses.
Speaker 2 (06:30):
Seemed like a lot at the time.
Speaker 1 (06:32):
Yeah, we burn through those a lot faster than anyone expected,
which led to the problem of address exhaustion.
Speaker 2 (06:37):
And the solution was IPv six.
Speaker 1 (06:39):
IPv six, with its massive one hundred and twenty eight
bit address space. It gives us well an effectively unlimited
number of addresses, something like three hundred and forty one dacillient.
Speaker 2 (06:50):
So why aren't we all using it? The adoption has
been so.
Speaker 1 (06:52):
Slow, it's been painfully slow. A big part of it
is the notation. IPv four is that familiar dotted decimal
one ninety two point one ZI eight point one point one,
easy to remember right. IPv six uses longer hexodesimal characters
right in the mix of numbers and letters from eight f.
It just it looks more complex than people have been
reluctant to switch.
Speaker 2 (07:10):
So if IPv four addresses are all gone, how's the
Internet still running predominantly on it?
Speaker 1 (07:15):
One beautiful beautiful hack Network Address translation or NAT.
Speaker 2 (07:19):
Paired with private IP addressing exactly RC nineteen eighteen set
aside specific ranges of IPS that anyone can use inside
their private.
Speaker 1 (07:27):
Network, the ones everyone recognizes. The Class C range starts
at one ninety two point one six eight point zero
point zero.
Speaker 2 (07:34):
Or the Class A range, which starts at ten point
zero point zero. Your home or office network uses these
private IPS for all your devices.
Speaker 1 (07:43):
And then the router uses NAT to translate all of
those private addresses into one single public IP address to talk.
Speaker 2 (07:50):
To the Internet, and just like that, thousands of devices
can share one address.
Speaker 1 (07:53):
It bought us decades an incredible fix. So we have
the map, we have the security gate, and we have
the address book. Let's finish up with the actionable security checklist.
Speaker 2 (08:01):
Yeah, this is critical as a defender. Your job is
so hard. An attacker just needs to find one week.
Speaker 1 (08:07):
Link one insecure protocol, just.
Speaker 2 (08:09):
One, and there's still so many out there. So let's
just make a list of things you must retire.
Speaker 1 (08:13):
Okay, Web traffic HTTPP plaintext.
Speaker 2 (08:16):
Absolutely not. The mandatory replacement is HTTPS, and the.
Speaker 1 (08:19):
S NHTTPS relies on a protocol it.
Speaker 2 (08:22):
Does and that protocol must be TLS Transport Layer Security,
specifically version one point two or higher.
Speaker 1 (08:28):
Not SSL.
Speaker 2 (08:29):
No, if you see anything anywhere still using SSL, that
is a five alarm fire. All versions of SSL are broken,
vulnerable to attacks like poodlely it's deprecated.
Speaker 1 (08:40):
Okay, what about remote administration logging into a router or
a switch tel Net?
Speaker 2 (08:46):
Never Telnet sends your username and your password in plaintext
for anyone on the network to see. It is trivial
to sniff those credentials.
Speaker 1 (08:54):
The replacement is non negotiable.
Speaker 2 (08:56):
You must use SSH secure shell specifically as SH version.
Speaker 1 (09:00):
Two, and the same goes for transferring files with FDP right.
Speaker 2 (09:03):
Same exact problem. Plaintext credentials you have to use SFTP,
which is secure FTP because it runs over an SSH tunnel.
Speaker 1 (09:10):
It extends to everything email.
Speaker 2 (09:12):
Use the secure versions POP three, s IPS Network Monitoring
SNMP version three, Versions one and two have major security flaws.
Avoid them completely.
Speaker 1 (09:21):
That was a pretty complete journey. We covered the seven
layer osimapp, the triple A security gate, the IP address book,
and the essential protocols to lock it all down.
Speaker 2 (09:31):
It's a lot, but it's all connected.
Speaker 1 (09:33):
So to help lock this in, let's pose a scenario
for you listening.
Speaker 2 (09:36):
Okay, Imagine you are asked to remotely configure a brand
new network router, but the only access tool they give
you is telnet. What foundational security flawed does that immediately expose?
And what is the mandatory secure alternative you have to
insist on using.
Speaker 1 (09:51):
That plaintext credential exposure is the giveaway? Of course, the
only right answer is SSH version two. Now, for one
final thought to leave you with, we talked about a
layer four, that transport layer, and that critical choice between
TCP and UDP.
Speaker 2 (10:04):
Right reliability versus speed.
Speaker 1 (10:06):
So here's the question. Given that TCP has to complete
its handshakes and reliability checks, how am I choosing UDP
for a critical system, even with the risk of dropping
packets actually be a calculated trade off that improves security
by mitigating certain kinds of denial of service attacks.
Speaker 2 (10:21):
Something to think about as you design your next system.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com