Skip to main content

Network Topologies and Cabling

Wireless

Network Networks:

Standard Topologies

1. Mesh Topology

Description: Every system is connected to every other system, providing multiple paths for data transmission.

  • Li-Fi:Types Uses light for communication, boasting speeds that surpass Wi-Fi.

  • Zigbee: A low-energy wireless protocol tailored for IoT devices.

  • Satellite: Leverages orbiting satellites for communication.

Zigbee Personal Area Network (PAN)

  • Description: A short-range wireless PAN technology tailored for automation, machine-to-machine communication, remote control, and IoT device monitoring.

  • Security Features::

    • SupportsFull bothMesh: centralizedEvery andnode decentralizedconnects securityto models.every other node. Common in critical networks like bank networks.
    • ReliesPartial onMesh: securelySome transmittednodes symmetricare keysconnected (typicallyto encryptedall in-transit).others, but some only to a few. Useful when full mesh is too costly or complex.

  • Potential Vulnerability: During the pre-configuration phase, there's a brief window when a single key might be transmitted without protection.

  • Use Cases: Commonly found in IoT and smart home hubs (Amazon Echo, Philips Hue Lights)

Bluetooth & IEEE 802.15

Definition: Bluetooth falls under the IEEE 802.15 standard, commonly known as a Personal Area Network (PAN).

UsageAdvantages:

  • BluetoothHigh connectsRedundancy: devicesEnsures suchdata astransmission celleven phoneif headsets,some mice,connections keyboards, GPS, and many other gadgets.fail.
  • BluetoothFault has historically been a target for various exploits, making it a significant wireless security concern. Bluetooth's many vulneraries can be seen with a quick "Bluetooth exploit" Google search.

Connection Setup:

  • Devices connect via pairing, where a primary device scans for other devices on the 2.4GHZ radio frequency.

  • Pairing typically uses a 4-digit code. This is not primarily a security feature, but rather to prevent accidental connections.

Mobile System Attacks: Bluetooth Vulnerabilities

Bluejacking (Annoyance)

DefinitionTolerance: BluejackingCan ishandle akinmultiple to a digital prank, similar to the real-world "ding-dong-ditch."

How it works:

  • Tech-savvy individuals push unsolicited messages to other Bluetooth users within proximity.

  • The intent is often to annoy or playfully engage them.

  • This exploits a loophole in Bluetooth's messaging options.

Bluejacking is more about mischief than causing harm.

Bluesnarfing (Data Theft)

Definition: A serious threat where unauthorized users wirelessly connect to early Bluetooth devices to illicitly access and manipulate data.

How it works:

  • The attacker stealthily connects to the devicefailures without theaffecting owner's knowledge.

  • Once connected, they can download and even alter data.

Bluesnarfing directly jeopardizes user data and privacy.

Bluebugging

Definition: A more advanced form of Bluesnarfing where attackers gain comprehensive remote control over a Bluetooth device.

How it works:

  • The attacker exploits vulnerabilities to control various features and functionalities.

  • This can involve activating microphones, using the phone as a surveillance tool, or manipulating device settings.

Bluebugging provides attackers with an alarming amount of control over the victim's device.

Cellular Networks:

  • 4G: Represents the fourth generation of mobile network tech.

  • 5G: Offers quicker data transfer rates compared to 4G.

Cellular (5G)

Features

  • Performance: Offers faster data transfer speeds and reduced latency compared to previous generations.

  • User Identification:

    • While both 4G and 5G devices can utilize eSIM technology, which is essentially a digital SIM embedded in devices, the way these devices communicate with networks differs. In 5G, there is an improved and more secure identification process.

    • Instead of constantly broadcasting a permanent identifier (IMSI in 4G), 5G uses a Subscription Permanent Identifier (SUPI) which can be concealed when transmitted. This concealed version, called Subscription Concealed Identifier (SUCI), provides better security and privacy.

eSIM is a physical change (embedded SIM) in the device, while SUPI and SUCI are part of 5G's protocol to enhance privacy.

Security Enhancements

  • Air Interface Threats:

    • 5G introduces mechanisms to combat threats like session hijacking.

    • By encrypting the user’s identity (using SUCI), potential interception or tracking becomes more difficult.

    "Specific methods used in 5G to address air interface threats would be a good deeper dive for understanding."

  • 5G Versions

    • NSA (Non-Standalone) 5G: Initially, many carriers adopted NSA 5G, which leans on 4G for control signaling. It's a transitional approach.

    • SA (Standalone) 5G: Fully independent of older architectures and considered more secure. You can tell if you are using NSA or SA if your device falls back to 4G

      connectivity.

  • DiameterExample Protocol:Hardware/Software This protocol is critical for authentication, authorization, and accounting (AAA).:

    warning Given its pivotal role in network operations, it's a potential target for attackers who wish to disrupt or gain unauthorized access.

Concerns

  • Legacy Issues: Operating alongside older technologies (3G/4G) means that vulnerabilities from those generations might be targeted in 5G, especially in NSA scenarios.

  • IoT and DDoS: With a vast number of IoT devices set to use 5G, the risk of large-scale DDoS attacks grows.

    A high number of connected devices implies a broad attack surface. If multiple devices get compromised, they can collectively launch massive DDoS attacks.

  • Transition: The reliance on 4G core in NSA 5G will diminish as more infrastructure is upgraded and more users adopt pure 5G devices.

Content Delivery Networks (CDN)

Definition

CDNs are geographically dispersed networks of proxy servers and data centers. Their primary objective is to deliver content quickly and efficiently by placing it in locations near users.

Functionality

  1. High Availability: By distributing the load, CDNs mitigate risks associated with server failures, ensuring content remains accessible.
  2. Speed: With servers closer to users, latency is reduced, resulting in faster load times.
  3. Scalability: CDNs can handle high numbers of users or sudden traffic spikes, making them ideal for popular websites or during viral events.

Security Concerns

  • MaliciousBitTorrent. ContentWhen Injection:you
      download
    • files

      CDNsvia BitTorrent, your computer connects to multiple other computers that servehave JavaScriptthe same file. There's no central server. Each computer (or otherpeer) content types have been exploited by attackers to insert malicious code into web pages. This could lead toshares a wide rangepiece of securitythe issues,file suchwith aseach dataother.

      • breaches
    • Cryptocurrencies orlike malwareBitcoin dissemination.

      and Ethereum utilize blockchain technology

EnsureMesh topology is prevalent in WANs, such as the integrityInternet ofbackbone, contentwhere servedconstant fromconnectivity CDNs,is for instance, by using Subresource Integrity (SRI) checks.crucial.

Protection

2. Features

Ring Topology

ManyDescription: CDNSystems providersare alsoconnected offer:in a circular fashion. Data often travels in one direction.

  1. DDoS Protection: Mitigating large-scale attempts to disrupt service.
  2. Web Application Firewalls (WAF): Protecting web applications from common web exploits.

Use Cases

  • Video and Audio Streaming: Allows for buffer-free streaming even at peak times.
  • Software Downloads: Efficiently delivers software updates or large file downloads.

Examples

  • TraditionalTraffic CDNs:Management: FocusA on'token' deliveringsystem genericis content.utilized Examplesto includeprevent Akamai, Fastly,collisions and Limelight.manage traffic.

  • Cloudflare:Example Hardware/Software:

    • IBM's Token Ring Whilenetwork Cloudflarein doesthe offerpast CDNused capabilities,MAUs its(Multistation primaryAccess focusUnits) isas a hardware device to create and maintain the ring topology.
    • FDDI (Fiber Distributed Data Interface): Another ring-based technology, but focused on webfiber performanceoptics.
      • and security. Cloudflare's network accelerates web content and also provides additional services like DDoS protection, WAF, and DNS services.

Ring topologies have become less common due to technological advances and maintenance challenges.

3. Bus Topology

Description: All devices share a single communication line or 'bus'.

  • Functionality: Possible data collisions if multiple devices transmit simultaneously.

  • Example Hardware/Software:

    • 10Base2 (Thin Ethernet) and 10Base5 (Thick Ethernet): Ethernet standards that used coaxial cables in bus topology.
    • BNC connectors and T-connectors were standard for attaching devices to the bus in 10Base2 networks.

Collisions such as in early Ethernet setups, can hinder network performance. Today, this design is largely obsolete.

4. Star Topology

Description: All devices connect to a central hub or switch.

  • Advantages:

    • Ease of Installation & Maintenance: Simplified troubleshooting and scalability.
    • Isolation of Devices: Individual device failures don't cripple the whole network.

Example Hardware/Software:

  • Ethernet switches (e.g., Cisco Catalyst switches, Netgear ProSafe switches): Modern devices that intelligently forward data only to the intended recipient.
  • Call of Duty's P2P System: Operates like a star topology where one player's system is the central host. All players connect to this host. If the host disconnects, the game briefly pauses for "host migration" to a new player.

Star topology, especially with switches like Cisco's, is predominant in modern LANs due to its robustness and simplicity.

Back to top