Apologies in advance, this is a bit of a connective blog entry – this is a big topic, and it needs some scene setting, basic understanding and several weeks worth to get the most out of it.
We live in a connected world now – my other half was showing me a washing machine with a WiFi connection and an associated iPhone App that would allow you remote control of and reporting about your intimate garments spin cycle ! I wonder if that is really necessary to be honest, as even if it has finished, knowing that while I’m in the office and the washing machine is at home is a complete waste of electrons.
The network, and the connected nature of things is what allows us as penetration testers to attempt to compromise the security of a company without going anywhere near it. There are other aspects to full scale penetration testing as I’ve alluded to before – with social engineering and physical attack ( lock picking, not baseball bat ) parts of such a scope – but a majority of the work is computer and network based.
To that end, a good understanding and working knowledge of networking is pretty much a job pre-requisite. So, rather than giving you a lesson myself, I’ll give you a quick and dirty set of online references – this won’t make you an expert by any stretch of the imagination, but hopefully it will get us through the rest of this section without too much head scratching.1
- The OSI Model
- Internet Protocol (IP)
- Transmission Control Protocol (TCP)
- User Datagram Protocol (UDP)
So seing as you all now fully understand TCP/IP packet structure and know your URG from your SYN …