# **General Summary: Cybersecurity - Concepts and Roles**

## **1. LAN – Main Topologies**

### **Star**

* **Description:** all devices are connected to a central device (switch or hub).
* **Pros:** easy to expand (add nodes), reliable.
* **Cons:** higher cost (more cables and devices); if the central node fails, the whole network stops.

### **Bus**

* **Description:** all devices share a single main cable (backbone).
* **Pros:** cheap and easy to install.
* **Cons:** one cable failure breaks the entire network; difficult to troubleshoot; low efficiency.

### **Ring (Token Ring)**

* **Description:** devices are connected in a closed loop; each node passes data to the next.
* **Pros:** less congestion than a bus; simple cabling.
* **Cons:** unidirectional path → inefficient; one node or cable failure breaks the loop.

---

## **2. Network Devices**

### **Switch**

* **What it does:** connects multiple devices and forwards data only to the correct destination port (using a MAC table).
* **Typical use:** schools, offices, medium-to-large networks.

### **Router**

* **What it does:** connects different networks (e.g., LAN to Internet) and determines the best path for packets.
* **Redundancy:** multiple switches/routers can be linked for fault tolerance — if one link fails, traffic uses an alternate path (minor performance drop, but no downtime).

---

## **3. Subnetting – Key Concept**

* **Definition:** dividing a large network into smaller subnetworks (subnets).
* **Purpose:** better **organization, efficiency, security, and traffic control.**
* **Tool:** **subnet mask** (32 bits) defines the network and host portions of an IP.

### **Main Addresses**

| Type            | Purpose                               | Example       |
| --------------- | ------------------------------------- | ------------- |
| Network address | Identifies the network                | 192.168.1.0   |
| Host address    | Identifies a device within the subnet | 192.168.1.100 |
| Default gateway | Routes to other networks/Internet     | 192.168.1.1   |

### **Benefits**

* Less broadcast traffic → more efficient.
* Better security → separation between groups.
* More control → custom rules per subnet.

### **Example**

* **Subnet 1:** POS, cash registers, internal devices.
* **Subnet 2:** public Wi-Fi.
  → Both access the Internet via the same router but stay isolated from each other.

---

## **4. ARP – Address Resolution Protocol**

* **Purpose:** maps **IP addresses to MAC addresses** so devices can communicate locally.

* **How it works:**

  1. Host A doesn’t know the MAC of 192.168.1.50 → sends ARP Request (“Who has 192.168.1.50?”) in **broadcast**.
  2. The target replies with its MAC address (ARP Reply → **unicast**).
  3. Host A saves the IP–MAC pair in its **ARP cache**.

* **Useful Commands:**

  * `arp -a` (Windows/macOS/Linux) → shows ARP cache.
  * `ip neigh` (Linux modern systems).

* **Note:** ARP works only within the same local network (Layer 2).
  For communication across networks, a **router** is required.

---

## **5. DHCP – Dynamic Host Configuration Protocol**

* **Purpose:** automatically assigns IP addresses to devices.
* **Process:**

  1. **DHCP Discover:** the device searches for a DHCP server.
  2. **DHCP Offer:** the server offers an IP address.
  3. **DHCP Request:** the device requests that offered IP.
  4. **DHCP ACK:** the server confirms the assignment.

→ The device can now use the assigned IP address.

---


# Modello OSI — in breve

* **Scopo:** standardizzare la comunicazione tra dispositivi eterogenei.
* **Struttura:** 7 livelli (7→1). Ogni livello aggiunge/rimuove intestazioni (**incapsulamento**) per garantire invio, ricezione e interpretazione corretti.

## I 7 livelli (one-liner)

1. **Fisico:** trasporta bit su mezzo fisico (segnali elettrici/ottici).
2. **Data Link:** usa **MAC** e **frame** per consegna locale sul segmento; prepara il formato di trasmissione.
3. **Rete:** **IP** e **routing** tra reti (metriche: hop, affidabilità, velocità). Dispositivo tipico: **router**.
4. **Trasporto:** consegna end-to-end. **TCP** affidabile / **UDP** veloce.
5. **Sessione:** apre, mantiene, chiude le sessioni tra applicazioni.
6. **Presentazione:** traduce, comprime, **cifra**; uniforma i formati (es. TLS/HTTPS).
7. **Applicazione:** protocolli di alto livello usati dalle app (HTTP/HTTPS, DNS, SMTP/IMAP, FTP/SFTP).

## TCP vs UDP

* **TCP**

  * Connessione orientata; **3-way handshake**: SYN → SYN/ACK → ACK.
  * Ordine e integrità garantiti; controllo congestione; più overhead ⇒ più lento.
  * Uso: web, email, file transfer.
  * Header chiave: porte src/dst, seq/ack, flag (SYN/ACK/FIN), checksum; chiusura ordinata con **FIN/ACK**.
* **UDP**

  * **Senza connessione**; nessuna garanzia di consegna/ordine.
  * Minimo overhead ⇒ massima velocità.
  * Uso: streaming, VoIP, gaming; discovery leggeri.
  * L’app gestisce eventuali controlli.

## Pacchetto vs Frame

* **Pacchetto (L3):** contiene IP sorgente/destinazione + payload; header con **TTL** (evita loop) e **checksum**.
* **Frame (L2):** incapsula il pacchetto aggiungendo **MAC** sorgente/destinazione (busta fisica sul segmento).

## Porte (0–65535)

* Identificano i servizi a livello di trasporto.
* Comuni: **21 FTP**, **22 SSH**, **80 HTTP**, **443 HTTPS**, **445 SMB**, **3389 RDP**.
* Possono essere personalizzate (es. HTTP su **8080**); va specificata nell’URL/connessione.

## Promemoria rapido

* 1 Fisico: bit
* 2 Collegamento: MAC & frame
* 3 Rete: IP & routing
* 4 Trasporto: TCP/UDP
* 5 Sessione: sessioni
* 6 Presentazione: formati & cifratura
* 7 Applicazione: protocolli utente

## Nota pratica (sfida)

* Connettiti a **8.8.8.8:1234** per ricevere una flag (IP di destinazione + porta specifica).

---
