Name: ___________________________________

DEPARTMENT OF BUSINESS, ADVANCED MANUFACTURING & LOGISTICS

22603VIC Certificate IV in Cyber Security

Learner Resource

VU23213 Utilise basic network concepts and

Department: Business, Advanced Manufacturing & Logistics
Course: 22603VIC Certificate IV in Cyber Security
Unit of Competency:
VU23213 Utilise basic network concepts and protocols required in cyber security

Prepared by: Curriculum Unit, Melbourne Polytechnic

Document creation date: February 2023
Version: 1.0

© Melbourne Polytechnic 2023

National Provider no. 3075

Authors:
Frank Trcka, Teacher, Melbourne Polytechnic
Eleanor Ravenarki, Curriculum Developer, Melbourne Polytechnic

Disclaimer Statement:
PLEASE NOTE that by clicking on a link you may be directed to a third-party site.
You should respect the intellectual property on that site. You may be leaving the Melbourne Polytechnic website.
Melbourne Polytechnic does not endorse a linked site or guarantee the accuracy or currency of any information
contained on the third-party linked site.

Acknowledgements
National training packages are attributed as ‘© State of Victoria (Department
of Education and Training) 2018’. Training packages are copied and
communicated under Creative Commons Attribution-Non Derivative 3.0 Australia (CC BY-ND 3.0
AUS) license.

Images/illustrations
Getty Images contained in this resource are provided under a license agreement with Melbourne
Polytechnic. Any further reproduction or communication of these images is not permitted.

For information regarding material in this document, contact:

Uday Vaiyda
Program Lead Information Technology and Building Surveying
Business, Advanced Manufacturing & Logistics
[email protected]

Melbourne Polytechnic Page 2 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Contents
Introduction...........................................................................................................................................5
About this Learner Resource.............................................................................................................5
Glossary of abbreviations and cyber security terms..............................................................................6
Getting Started activity........................................................................................................................11
Topic 1. Key network security concepts..............................................................................................12
1.1 Network vulnerabilities that affect cyber security.....................................................................13
1.2 Differences between network security and cyber security.......................................................14
1.3 Organisations’ security policy....................................................................................................16
1.4 Business implications of cyber security breaches......................................................................17
Topic 2. Key features of the TCP/IP suite of protocols.........................................................................19
2.1 Binary number system and hexadecimal number systems.......................................................19
2.2 Conversions between number systems.....................................................................................20
2.3 IPv4 and IPv6 (internet protocol versions 4 & 6) addressing schemes......................................24
2.4 OSI and TCP/IP models of data communication........................................................................25
2.5 Differences and commonalities between the OSI and TCP/IP models.......................................28
2.6 TCP/IP Network Interface Layer standards................................................................................29
2.7 TCP/IP Internet Layer standards and protocols........................................................................30
2.8 TCP/IP Transport Layer Standards and protocols......................................................................31
2.9 How TLS and HTTPS can provide security..................................................................................31
Topic 3. Services, standards and protocols..........................................................................................34
3.1 Server Message Block (SMB) in the local area network.............................................................34
3.2 Quick (QUIC) User Datagram Protocol (UDP)............................................................................35
3.3 Narrowband Internet of Things (NB-IoT) and Long Range IoT (LoRa-IoT) standards for IoT
devices............................................................................................................................................37
Topic 4. Function and operation of key networking devices...............................................................40
4.1 Physical and logical network representations of a local area network......................................41
4.2 Switches and network routers...................................................................................................42
4.3 Firewalls....................................................................................................................................43
4.4 Wireless access point (WAP) and a wireless enabled end point................................................45
4.5 End to end network troubleshooting........................................................................................46
Melbourne Polytechnic Page 3 of 56
VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Topic 5. Implement network security laboratory and testing environment........................................49
5.1 Software tools for the testing environment..............................................................................49
5.2 Use of virtualisation ..................................................................................................................50
5.3 Interconnectivity of the virtualised tools...................................................................................50
5.4 Use of the testing environment.................................................................................................51
Topic 6. Present current examples of cyber network attacks and resources.......................................52
6.1 Denial-of-Service (DOS) & Distributed Denial-of-Service (DDOS) attack mechanisms...............52
6.2 Ransomware breach..................................................................................................................53
6.3 Local Area Network (LAN) Address Resolution Poisoning (ARP)................................................54
6.4 Resources that increase industry’s awareness of cyber security awareness.............................55
References...........................................................................................................................................56

Melbourne Polytechnic Page 4 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Introduction
Welcome to VU23213 Utilise basic network concepts and protocols required in cyber security.

For full unit details: https://training.gov.au/Training/Details/VU23213

This unit describes the skills and knowledge required to comprehend how data travels around the
internet. It includes the function and operation of protocols such as Open System Interconnection
(OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) suite and devices that facilitate
data transfer. The exposure to these protocols is at an introductory level in this unit.

About this Learner Resource

This Learner Resource includes information and activities to assist you to successfully complete this
unit of competency. Use the Table of Contents to look for the topics relevant to your classes and
assessments.

For an important fact, an example or extra knowledge to understand a concept.

For further information, links are provided to relevant websites and videos. These are highlighted as
follows:

Weblink:

www.insert_weblink_here.com

Learning Activities are provided as an opportunity for you to apply the concepts and practise the
skills you learn in this unit.

Learning Activity:

Answers: (if required)

Melbourne Polytechnic Page 5 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Glossary of abbreviations and cyber security terms

Word Description

binary A number system that contains two symbols, 0 and 1. Also known as
base 2.

cyber security Measures used to protect the confidentiality, integrity and availability
of systems and data.

cyber security event An occurrence of a system, service or network state indicating a

possible breach of security policy, failure of safeguards or a previously
unknown situation that may be relevant to security.

cyber security incident An unwanted or unexpected cyber security event, or a series of such
events, that have a significant probability of compromising business
operations.

cyber threat Any circumstance or event with the potential to harm systems or data.

data security Measures used to protect the confidentiality, integrity and availability
of data.

decimal Another name for the number system that contains the digits 0 to 9.
Also known as denary or base 10. Decimal fractions are numbers where
the fraction is indicated by the use of a full stop, eg 4.1 or 6.3.

denial-of-service attack An attempt by an adversary to prevent legitimate access to online

services (typically a website), for example, by consuming the amount of
available bandwidth or the processing capacity of the server hosting the
online service.

device access control Software that can be used on a system to restrict access to
software communications ports. Device access control software can block all
access to a communications port or allow access based on device types,
manufacturer’s identification or even unique device identifiers.

distributed-denial-of- A distributed form of denial-of-service attack.

service attack (DDOS)

DHCP Dynamic Host Configuration Protocol

 Word Description

FTP File Transport Protocol

hardware A generic term for ICT equipment.

host A computer that is attached to an Internet network and can

communicate with other Internet hosts.

hexadecimal A number system using 16 symbols from 0-9 and A-F, also known as
base 16 and hex.

HTTP Hyper Text Transport Protocol

HTTPS Hyper Text Transport Protocol Secured

ICT equipment Any device that can process, store or communicate data, such as
computers, multifunction devices, network devices, smartphones,
digital cameras, electronic storage media, smart devices and other
radio devices.

IP Internet Protocol

IPv6 Internet protocol version 6. A protocol used for communicating over

packet switched networks. Version 6 is the successor to version 4 which
is widely used on the internet.

ISP Internet Service Provider

Local Area Network A collection of devices connected together in one physical location,
(LAN) such as a building, office, or home.

malicious code Any software that attempts to subvert the confidentiality, integrity or
availability of a system.

network The combination of two or more hosts and the connecting links
between them. A physical network is the hardware that makes up the
network. A logical network is the abstract organization overlaid on all or
part of one or more physical network

Melbourne Polytechnic Page 7 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 Word Description

network access control Security policies used to control access to a network and actions on a
network. This can include authentication checks and authorisation
controls.

network device ICT equipment designed to facilitate the communication of data. For
example, routers, switches and wireless access points.

OSI Open Systems Interconnection

packet The block of control information and data for one transaction between
a host and its network.

penetration test A penetration test is designed to exercise real-world scenarios in an

attempt to achieve a specific goal, such as compromising critical
systems or data.

phishing A technique for attempting to acquire sensitive data, through a

fraudulent solicitation in email, website or text in which the perpetrator
masquerades as a legitimate business or reputable person

protocol A set of rules for handling communications at the physical or logical

level.

realm A security policy domain defined for a web or application server.

remote access Access to a system that originates from outside an organisation’s

network and enters the network through a gateway, including over the
internet.

Security advisors Personnel appointed to perform security functions or specialist services

related to security within an entity.

Security incident a. action, whether deliberate, reckless, negligent or accidental

that fails to meet protective security requirements or entity–
specific protective security practices and procedures that
results, or may result in, the loss, damage, corruption or
disclosure of official information or resources
b. approach from anybody seeking unauthorised access to official
resources
c. observable occurrence or event (including natural disaster

Melbourne Polytechnic Page 8 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 Word Description

events, terrorist attacks etc) that can harm Australian

Government people, information or assets.
© Commonwealth of Australia 2022.

Australian Government Attorney-General’s Department Protective Security Policy Framework

Glossary

Security plan Central document detailing how the entity plans to manage and
address their security risks.
© Commonwealth of Australia 2022.

Australian Government Attorney-General’s Department Protective Security Policy Framework

Glossary

Security risk Something that could result in compromise, loss, unavailability or

damage to information or physical assets, or cause harm to people.
© Commonwealth of Australia 2022.

Australian Government Attorney-General’s Department Protective Security Policy Framework

Glossary

Security risk Managing risks related to an entity's information, people and physical
management assets.

server A computer or process that provides data, services, or resources that

can be accessed by other computers or processes on the network.

software An element of a system including, but not limited to, an application or

operating system.

Standard Operating A standardised build of an operating system and associated software

Environment that can be used for servers, workstations, laptops and mobile devices.

Standard Operating Instructions for following a defined set of activities in a specific manner.
Procedure For example, an approved data transfer process.

TCP Transmission Control Protocol

TCP/IP Transmission Control Protocol/Internet Protocols

UDP User Datagram Protocol

Melbourne Polytechnic Page 9 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 Word Description

Virtual Local Area . Network devices and other ICT equipment grouped logically based on
Network (VLAN) resources, security or business requirements instead of their physical
location.

virtualisation Simulation of a hardware platform, operating system, application,

storage device or network resource.

vulnerability A vulnerability assessment can consist of a documentation-based

assessment review of a system’s design, an in-depth hands-on assessment or
automated scanning with software tools. In each case, the goal is to
identify as many security vulnerabilities as possible.

Wide Area Network A collection of local-area networks (LANs) or other networks that
(WAN) communicate with one another. A WAN is essentially a network of
networks, with the Internet the world's largest WAN.

wireless access point A device which enables communications between wireless clients. It is
typically also the device which connects wired and wireless networks.

wireless The transmission of data over a communications path using

communications electromagnetic waves rather than a wired medium.

Additional Cybersecurity terminology is available on Australian Cyber Security Centre site.

Melbourne Polytechnic Page 10 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Getting Started activity

Getting Started Activity:

Watch the vide on cloud security and answer the questions

Video Link: What is Cloud Security and Why Do You Need It?

https://www.youtube.com/watch?v=JyQ_NHwA0QI

What is cloud security protecting data from?

1 Select the answer mentioned in the video

ANSWER DESCRIPTION

Vectors
☐
Cyber attacks
☐
networks
☐
Breaches
☐
Moodle Note: multiple choice

What are the steps required to secure cloud data based on?
2 Select all the correct answers

ANSWER DESCRIPTION

Amount of data
☐
Number of authorised users
☐
Type
☐
Sensitivity
☐
Moodle Note: multiple choice

Melbourne Polytechnic Page 11 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Topic 1. Key network security concepts
In this topic you will learn about:
 Network vulnerabilities that affect cyber security in a data network
 Differences between network security and cyber security
 OSI and TCP/IP models of data communication
 Organisation/enterprises’ security policy
 Business implications of cyber security breaches.

Image by Yuichiro Chinofrom Getty Images, Licence, added on 02/02/202

Melbourne Polytechnic Page 12 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
1.1 Network vulnerabilities that affect cyber security
A network vulnerability is a weakness or flaw in software, hardware, or organisational processes,
which when compromised by a threat, can result in a security breach. Network vulnerabilities can
lead to more advanced attacks such as a DDoS (distributed denial of services) attack, which can bring
a network down to a crawl or prevent users from accessing it altogether.
Different Types Of Network Vulnerabilities
Network vulnerabilities come in many forms but the most common types are:
 Malicious software (Malware) such as Trojans, viruses, and worms that are installed on a
user’s machine or a host server.
 Social engineering attacks that trick users into divulging personal information such as a
username or password.
 Outdated or unpatched software that exposes the systems running the application and
potentially the entire network.
 Misconfigured firewalls / operating systems that allow or have default policies enabled.

The Australian Cyber Security Centre has an information security manual that provides guidelines for
networking.

Web Link: Guidelines for Networking

https://www.cyber.gov.au/acsc/view-all-content/advice/guidelines-networking

Web Link: Common network vulnerabilities

https://purplesec.us/common-network-vulnerabilities/

Video link: Common Types Of Network Security Vulnerabilities In 2022

https://www.youtube.com/watch?v=2VaPTIuRs4k
Network security vulnerabilities are constantly evolving as threat actors seek new and intuitive ways
to gain access to a business’s network. In this video the most common types of network
vulnerabilities that threaten the security of network systems in 2022 are discussed.
1.2 Differences between network security and cyber security

Information
security

Cyber security

Network security

Cyber Security: is a branch of information security. It is the measure to protect an organisation’s

system - internet-connected devices, such as hardware, operating systems, programs, mobile
devices and data from cyber-attacks and malicious attacks.
Network Security : is a subset of Cyber Security that is designed to protect the authenticity of any
channel, and also the relevant information that can be sent via network nodes. It is the measure
taken by any enterprise or organisation to secure its computer network and data using both
hardware and software systems. This is to secure the confidentiality and accessibility of the data and
network that is stored by the organisation. An organisation’s network security will need to have
preventative and responsive solutions for the diverse types of cyber threats.

Difference between network security and cyber security

Parameters Network Security Cyber Security

1. Definition Network security is a feature Cyber security is a system that protects

that protects data as it travels a company’s device and server data.
through and across an
organization’s network.

2. Data Protects the data flowing over Protects the data that is located in
the network devices, servers and in the realm

Melbourne Polytechnic Page 14 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 3. Hierarchy It is a subset of cyber security. It is a subset of information security.

4. Viruses Deals with the protection from Deals with the protection from cyber-
DOS attacks, viruses, and attacks and cybercrimes
worms.

5. Strikes against Network Security strikes against Cyber Security strikes against cyber
trojans. threats and cyberattacks.

6. Security Secures the data traveling Deals with the protection of the data
across the network by resting.
terminals.

7. Examples Multi-factor authentication, Secure sensitive data, online

software updates, and rigorous authentication, and up-to-date
password regulations are all information are all examples of
part of network security. cybersecurity precautions.

8. Job titles of Network Security Engineer and Cyber Security Architect and Cyber
people working Network Security Architect Security Analyst
in the sector

9. Job role Safeguarding an organisation’s Cyber security specialist is an expert in

IT infrastructure the protection, detection, and recovery
of cyber security threats.

Sourced: Geeks for Geeks

Web link: Difference between Network Security and Cyber Security

https://www.geeksforgeeks.org/difference-between-network-security-and-cyber-security/

Melbourne Polytechnic Page 15 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
1.3 Organisations’ security policy
Within your role you will need to locate and review the organisation or enterprise’s security policy.
Security policy is a formal document that outlines and defines guidelines on how an organisation or
enterprise plans to protect its personal IT assets including collected data. A security policy provides
details about the principles, procedures, and best practices to enforce, monitor, and manage
organisational networks.
An organisation’s network security policy may contain information about:
 Passwords – creating strong passwords, frequency of changing them and password
protection.
 Account management - outlines standards for creating, administrating, using, and removing
user accounts.
 Email policy - sending, receiving, and storing messages.
 Clean Desk - confidential information stays protected, saving of documents in secured
folders
 Network Security and VPN Acceptable Use - standards for connecting to the organisation’s
network from any host.
 Portable storage devices – encryption of information, securing of portable storage devices
and reporting lost or stolen devices.
 Downloading software and applications – installation of software and programs.
 Systems Monitoring and Auditing - monitors for inappropriate actions.

The Australia the Protective Security Policy Framework (PSPF) helps Australian Government entities
to protect their people, information and assets, both at home and overseas. It sets out government
protective security policy and supports entities to effectively implement the policy across the
following outcomes: security governance, information security, personnel security and physical
security.

Web Link: Protective security policy framework

https://www.protectivesecurity.gov.au/
This site provides information about the Protective security policy framework
The Australian Government Business site has information on how to create a cyber security policy to
protect an organisation and plan how to respond if an incident occurred.

Web Link: Create a cyber security policy

https://business.gov.au/online/cyber-security/create-a-cyber-security-policy
 Learning Activity: Reviewing Cyber security policy

This learning activity will occur in the classroom in small groups, or you will write your responses
in your activity worksheet.
Access the Victorian Department of Health and Human Services Privacy and information security
guideline for funded agency staff and answer these questions.
1. Passwords – choose 1 requirement. Explain what the network vulnerability is and how this
requirement will provide security protection for the organisation.
2. Clear desks and screens – choose 1 requirement. Explain what the network vulnerability is
and how this requirement will provide security protection for the organisation.

1.4 Business implications of cyber security breaches

Businesses face increasingly sophisticated and capable cybercriminals targeting what matters most
to them; their money, data and reputation.
Business implications of cyber security breaches can cause:
 financial loss – from theft of money, information, disruption to business
 business loss – damage to reputation, damage to other companies the organisation may rely
on to do business
 costs – getting the affected systems up and running
 investment loss – time notifying the relevant authorities and institutions of the incident.

What is at risk
A business’ money, information, technology and reputation could be at risk. This could include the
destruction, exposure or corruption of the following:
 customer records and personal information
 email records
 financial records
 business plans
 new business ideas
 marketing plans
 intellectual property
 product design
 patent applications
 employee records (which could include sensitive personal identifiable information such as
their date of birth).
Source: © Commonwealth of Australia 2020. Australian Government Business. All content on business.gov.au is under a
Creative Commons Attribution 3.0 Australia,

Melbourne Polytechnic Page 17 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Web Link: Cyber security and your business

https://business.gov.au/online/cyber-security/cyber-security-and-your-business

Web Link: Cyber Security and Australian Small Businesses Results from the Australian Cyber
Security Centre Small Business Survey

https://www.cyber.gov.au/sites/default/files/2020-07/ACSC%20Small%20Business%20Survey
%20Report.pdf

Summary Learning Activity: How cyber secure are you?

Web Link: Cyber

https://www.cyber.gov.au/learn
Using a secure network access the ACSC website and take this 3 minute quiz to see how cyber
secure your practices are.

Melbourne Polytechnic Page 18 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Topic 2. Key features of the TCP/IP suite of protocols
There are a number of key features of the TCP/IP suite of protocols.
In this topic you will learn about:
 Binary number system and hexadecimal number systems
 Conversions between number systems
 IPv4 and IPv6 (internet protocol versions 4 & 6) addressing schemes
 Differences and commonalities between the OSI and TCP/IP models
 Key protocols of the TCP/IP suite
 TCP/IP Network Interface Layer standards
 TCP/IP Internet Layer standards and protocols are defined and demonstrated
 TCP/IP Transport Layer Standards and protocols
 How TLS and HTTPS can provide security for network communications

2.1 Binary number system and hexadecimal number systems

Binary is how computers process data. Binary and Hexadecimal number systems are examples of
positional number systems with different bases. Binary number systems use a base of two while
hexadecimal uses a base of 16.

Number system employing 2 as the base. This system requires only two digits, 0
Binary number
and 1. The decimal number system (or base ten) requires 10 digits: 0, 1, 2, 3, 4,
system
5, 6, 7, 8, 9.

Hexadecimal or hex number (or base 16) requires 16 symbols or digits from 0 to
9, followed by six alphabetic characters A, B, C, D, E and F. This system allows for
Hexadecimal
the representation of large numbers with fewer digits. For example, the decimal
number
number 50485 in binary is represented by 1100010100110101 and in
system
hexadecimal notation is represented as C535. Every four binary symbols can be
represented by a single hex symbol.

For example, the binary number 1010 is represented as follows: 1011 = 1 * 23 + 0 * 22 + 1 * 21 + 1 *

20 = 1 * 8 + 0 * 4 + 1 * 2 + 1 * 1 = 11 (base 10)

For example, the hexadecimal number 123 is represented as follows: 123 = 1 * 162 + 2 * 161 + 3 *
160 * 0 = 1 * 256 + 32 + 3 = 291 (base 10)
Video Link: Introduction to Number Systems

https://www.youtube.com/watch?
v=crSGS1uBSNQ&list=PLBlnK6fEyqRjMH3mWf6kwqiTbT798eAOm&index=29

Video Link: Binary Number System

https://www.youtube.com/watch?v=M41M9ATm49M
This video series explains some of the core concepts behind binary numbers in computing

2.2 Conversions between number systems

There are many methods or techniques which can be used to convert numbers from one base to
another.
In computer science, different number bases are used:
 decimal is base 10, which has ten units (0-9)
 binary is base 2, which has two units (0-1)
 Hexadecimal, also known as hex, is the third commonly used number system. It has 16 units
- 0-9 and the letters A, B, C, D, E and F.

DECIMAL BINARY HEXADECIMAL

0 0000 0

1 0001 1

2 0010 2

3 0011 3

4 0100 4

5 0101 5

6 0110 6

7 0111 7

8 1000 8

9 1001 9

10 1010 A

Melbourne Polytechnic Page 20 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 11 1011 B

12 1100 C

13 1101 D

14 1110 E

Binary to hexadecimal
1. Start at the rightmost digit and break the binary number up into groups of four digits. These
are known as nibbles. If there are less than four digits, use just that number of digits for that
group.
2. Next, convert each group of four digits into decimal.
3. Convert each decimal value into its hex equivalent.
4. Put the hex digits together.
Example - 1101 to hex
1101 = decimal 13
13 = hex D
Result - D
Example - 11000011 to hex
Break into groups of four - 1100 0011
1100 = decimal 12 0011 = decimal 3
12 = hex C 3 = hex 3
Result - C3
Example - 110011 to hex
Break into groups of four - 0011 0011. In this example, extra 0s are added at the highest values to
create two groups of four bits.
0011 = decimal 3 0011 = decimal 3
3 = hex 3 3 = hex 3
Result - 33

Video Link: How To Convert Binary to Hexadecimal

https://www.youtube.com/watch?v=tSLKOKGQq0Y
This video tutorial explains how To Convert Binary to Hexadecimal

Melbourne Polytechnic Page 21 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Video Link: Decimal to Binary Conversion

https://www.youtube.com/watch?
v=2U9b76JRz7s&list=PLBlnK6fEyqRjMH3mWf6kwqiTbT798eAOm&index=31

Decimal to hexadecimal
The AQA specification requires you to be able to convert from decimal to numbers containing
multiple digits in hexadecimal. To convert:
 If the decimal number is bigger than 16, divide it by 16. Take the hexadecimal equivalent of
this result - this represents the first digit. Take the hexadecimal equivalent of the remainder
- this represents the second digit.
 If the decimal number is smaller than 16, take the hexadecimal equivalent of the decimal
number.
Example - convert decimal 22 to hexadecimal
16 goes into 22 once with 6 left over, so 22 ÷ 16 = 1 remainder 6
1 = hex 1
6 = hex 6
Result - 16
Example - convert 138 to hexadecimal
138 ÷ 16 = 8 remainder 10
8 = hex 8
10 = hex A
Result - 8A

Video Link: Decimal to Hexadecimal Conversion

https://www.youtube.com/watch?
v=uVpQ9pPskNI&list=PLBlnK6fEyqRjMH3mWf6kwqiTbT798eAOm&index=33

Hexadecimal to binary
1. Split the hex number into individual values.
2. Convert each hex value into its decimal equivalent.
3. Next, convert each decimal digit into binary, making sure to write four digits for each value.
4. Combine all four digits to make one binary number.
Example - hex 28 to binary

Melbourne Polytechnic Page 22 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
2 = decimal 2 8 = decimal 8
2 = binary 0010 8 = binary 1000
Result - 00101000
Example - hex FC to binary
F = decimal 15 C = decimal 12
15 = binary 1111 12 = binary 1100
Result - 11111100

Video Link: Hexadecimal to Decimal Conversion

https://www.youtube.com/watch?
v=1tHgs0mrZ5I&list=PLBlnK6fEyqRjMH3mWf6kwqiTbT798eAOm&index=36

Learning Activity: Conversions between number systems

1 What would these hex numbers be in decimal?

ANSWER
11
Choose an item.

Choose
an Choose an item.
item.2B
Choose
an Choose an item.
item.FA
Choose an item.Moodle: Drop down box
17
43
250

2 What would these hex numbers be in binary?

ANSWER
11
Choose an item.

Choose
Choose an item.
an

Melbourne Polytechnic Page 23 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 2 What would these hex numbers be in binary?

ANSWER
item.2B
Choose
an
Choose an item.
item.A
A
Choose an item.Moodle: Drop down box
00010001
00101011
10101010

2.3 IPv4 and IPv6 (internet protocol versions 4 & 6) addressing

schemes
When computers communicate with one another, certain rules, or protocols, allow them to transmit
and receive data in an orderly fashion.
IP stands for internet protocol. An IP address is assigned to each device connected to a network.
Each device uses an IP address for communication. An IP address is assigned to each device so that
the device on a network can be identified uniquely.
IPv4 and IPv6 are internet protocol version 4 and internet protocol version 6. To facilitate the routing
of packets, TCP/IP protocol uses a 32-bit logical address known as IPv4. IPv6 offers 1,028 times more
addresses than IPv4.
 IPv4 is a 32-bit address
 IPv6 is a 128-bit hexadecimal address.

The address format of IPv4:

It contains 4 octets or fields separated by ', and each field is 8-bit in size. The number that each field
contains should be in the range of 0-255. IPv4 is only numerical

4 octets

192. 168. 20 150.

.

The address format of IPv6:

Melbourne Polytechnic Page 24 of 56
VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Pv6 is a 128-bit hexadecimal address. It contains 8 fields separated by a colon, and each field is 16-
bit in size.

FDEC BA98. 7654. 3210. ADEC. BDFF. 2990. FFF

.

IVP Protocols
IPv6 is also an alphanumeric address separated by colons, while IPv4 is only numeric and separated
by periods. Again, here’s an example of each:
 IPv4 – 192.168.10.150
 IPv6 – 3002:0bd6:0000:0000:0000:ee00:0033:6778
Media access control address (MAX)
A MAC address is a 12-digit hexadecimal number assigned to each device connected to the network.
A MAC address is a hardware identifier that identifies a unique "network interface" in a device In the
OSI model, the MAC sublayer of the data-link layer (Layer 2) implements MAC addresses.
A MAC address is a 12-digit string where each digit can be any number from 0 to 9 or a letter
between A and F. Here is an example.

68: 7F: 12: 34: 74: 56

Video link: IP Addresses explained| Cisco CCNA 200-301

https://www.youtube.com/watch?v=LIzTo6e4FgY

Video Link: Binary explained IPv4 | Cisco CCNA 200-301

https://www.youtube.com/watch?
v=EDAnsWpOjGM&list=PLF1hDMPPRqGxpYdo0ctaa7MxfOi9vjs1u&index=8

Video Link: IPv6 Addresses explained | Cisco CCNA 200-301

https://www.youtube.com/watch?
v=irhS0ASkvy8&list=PLF1hDMPPRqGxpYdo0ctaa7MxfOi9vjs1u&index=9

2.4 OSI and TCP/IP models of data communication

OSI refers to Open Systems Interconnection, and TCP/IP refers to Transmission Control Protocol.
They are reference models used to describe the data communication process.

Melbourne Polytechnic Page 25 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
The TCP/IP model is used specifically for the TCP/IP suite of protocols, and the OSI model is used for
the development of standard communication for equipment and applications from different
vendors.

OSI model vs. TCP/IP model, and TCP/IP protocol suite.

OSi Reference TCP/IP Model TCP/IP Protocol Suite
Model

Application Layer Application Layer HTTP SMT Telnet FTP DNS RIP SNMP
P
Presentation Layer

Session Layer

Transport Layer Transport Layer TCP UDP

Network Layer Internet Layer ARP ICMP

IP

Data Link Layer Network Access Ethernet Token ATM Frame Relay
Layer Ring
Physical Layer

2.4.1 The Open Systems Interconnection Model (OSI Model)

The OSI Model (Open Systems Interconnection Model) describes the functions of a networking
system. The model is used by computer systems use to communicate over a network. Packets are
the exchange medium used by processes to send and receive data through Internet networks. A
packet is sent from a source to a destination.
It is composed of seven layers: Application, Presentation, Session, Transport, Network, Data link, and
Physical.

LAYER NAME FUNCTIONALITY PROTOCOLS

1. Application Provides end user applications. SMTP, HTTP, FTP, POP3,

SNMP

2. Presentation Format the data according to the MPEG, ASCH, SSL, TLS
sstax of the application.

3. Session Manages sessions or conversations NetBIOS, SAP

between computers.

4. Transport It manages the size, and sequencing TCP, UDP

of packets and transfers data
Melbourne Polytechnic Page 26 of 56
VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 between hosts. Performs error
checking on packets

5. Network Receives frames sent by the data link IPV4, IPV6, ICMP,
layer and delivers the frames to their IPSEC, ARP, MPLS.
intended destinations as per the
addresses contained inside the frame.

6. Datalink Performs node-to-node data transfer PPP, Frame Relay, ATM

where data is packaged into frames. It
also corrects errors generated at the
physical layer

7. Physical This layer transmits raw data bits RS232,100BaseTX, ISDN,

across the network from the physical Wi-Fi, Radio
layer of the sending device to the
physical layer of the receiving device.

2.4.2 TCP/IP and key protocols

One of the most routinely used sets of protocols is the Transmission Control Protocol/Internet
Protocol (TCP/IP). TCP/IP Model helps you to determine how a specific computer should be
connected to the internet and how data should be transmitted between them. It helps you to create
a virtual network when multiple computer networks are connected together. The purpose of TCP/IP
model is to allow communication over large distances. TCP/IP either combines several OSI layers into
a single layer, or does not use certain layers at all.

Four Layers of TCP/IP model

LAYER NAME FUNCTIONALITY PROTOCOLS

Network access Handles the physical Ethernet, PPP

infrastructure that allows
computers to communicate
over the internet.

Internet Controls the flow and routing IP, ARP, ICMP

of network traffic and ensures
that the information is sent
error-free. Reassembles
packets at destination.

Transport Provides a reliable connection TCP, UDP

between systems where
Melbourne Polytechnic Page 27 of 56
VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 packets are acknowledged by
sender and receiver.

Application At this layer, end-users HTTP, NTP, TELNET, FTP

interact with the applications,
e.g., email.

TCP/IP is a set of standards that defines how to establish and maintain a network conversation by
which applications can exchange data. These rules allow computers to communicate over the
internet. Some common functions for using TCP/IP are electronic mail, computer-to-computer file
transfer, and remote login.
The TCP/IP protocol suite functions as an abstraction layer between internet applications and the
routing and switching fabric.
To interconnect a TCP/IP network with other networks, you must obtain a unique IP address for your
network.
TCP/IP includes commands and facilities that allow you to:
 Transfer files between systems
 Log in to remote systems
 Run commands on remote systems
 Print files on remote systems
 Send electronic mail to remote users
 Converse interactively with remote users
 Manage a network.

Web Link: Transmission Control Protocol/Internet Protocol

https://www.ibm.com/docs/en/aix/7.2?topic=management-transmission-control-protocolinternet-
protocol
IBM provide further information on TCP/IP terminology, planning a TCP/IP network, installation
configuration, methods of communications, file transfers and displaying status information.

Web Link: Introducing the TCP/IP Protocol Suite

https://docs.oracle.com/cd/E18752_01/html/816-4554/ipov-6.html
This site resents an in-depth introduction to the protocols that are included in TCP/IP.

Melbourne Polytechnic Page 28 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
2.5 Differences and commonalities between the OSI and TCP/IP
models
There are a number of differences and commonalities between the OSI and TCP IP Model.

DIFFERENCES COMMONALITIES

 OSI has 7 layers - TCP/IP has 4 layers.  Both models have a Transport Layer, whose
purpose is to provide services on top of
 The OSI Model is a logical and conceptual
packet delivery such as segmentation,
model TCP/IP that helps you to determine
reliable delivery, and endpoints within end-
how to connect a specific computer to the
devices (ports).
Internet and how the transmission will take
place.  Both models are logical
 OSI header is 5 bytes - TCP/IP header size is  Both define networking standards
20 bytes.
 Both use the IEEE standards for Ethernet
 OSI refers to Open Systems
Both divide the communication into a number
Interconnection, whereas TCP/IP refers to
of layers
Transmission Control Protocol.
 OSI follows a vertical approach - TCP/IP
follows a horizontal approach.
 OSI model, the transport layer, is only
connection-oriented in the TCP/IP model is
both connection-oriented and
connectionless.
 OSI model is developed by ISO
(International Standard Organization) - TCP
Model is developed by ARPANET (Advanced
Research Project Agency Network).
OSI model allows you to standardise a router, a
switch, a motherboard, and other hardware -
TCP/IP allows you to establish a connection
between different types of computers.

Video link: The OSI and TCP IP Model

https://www.youtube.com/watch?v=LX_b2M3IzN8

Melbourne Polytechnic Page 29 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Video Link: What is TCP/IP and How Does It Work?

https://www.youtube.com/watch?v=614QGgw_FA4

2.6 TCP/IP Network Interface Layer standards

The TCP/IP Network Interface layer performs two functions:
 routing (determining the next computer to which the message should be sent to reach the
final destination)
 addressing (finding the address of that next computer).
A network interface is the network-specific software that communicates with the network-specific
device driver and the IP layer in order to provide the IP layer with a consistent interface to all
network adapters that might be present.
TCP/IP supports types of network interfaces:
 Standard Ethernet Version 2 (en) - for use with local area networks (LANs)
 IEEE 802.3 (et)
 Token-ring (tr)- for use with local area networks (LANs)
 Serial Line Internet Protocol (SLIP) - for use with serial connections
 Loopback (lo)- used by a host to send messages back to itself.
 FDDI
 Serial Optical (so)
 Point-to-Point Protocol (PPP) - most often used when connecting to another computer or
network via a modem.
 Virtual IP Address (vi)- not associated with any particular network adapter.

Web Link: TCP/IP network interfaces

https://www.ibm.com/docs/en/aix/7.2?topic=protocol-tcpip-network-interfaces
IBM have further information about TCP/IP Network Interface Layer standards.

2.7 TCP/IP Internet Layer standards and protocols

The Internet Layer of the TCP/IP model aligns with the Layer 3 (Network) layer of the OSI model.
This is where IP addresses and routing live. When data is transmitted from a node on one LAN to a
node on a different LAN, the Internet Layer is used. IPv4, IPv6, ICMP, and routing protocols (among
others) are Internet Layer TCP/IP.

Melbourne Polytechnic Page 30 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
The Internet Protocol is the heart of TCP/IP. IP provides the basic packet delivery service on which
TCP/IP networks are built. All protocols, in the layers above and below IP, use the Internet Protocol
to deliver data. All incoming and outgoing TCP/IP data flows through IP, regardless of its final
destination.
Internet Protocol
The Internet Protocol is the building block of the Internet. Its functions include:
 Defining the datagram, which is the basic unit of transmission in the Internet
 Defining the Internet addressing scheme
 Moving data between the Network Access Layer and the Host-to-Host Transport Layer
 Routing datagrams to remote hosts
 Performing fragmentation and re-assembly of datagrams.

Web Link: Internet Layer

https://www.oreilly.com/library/view/windows-nt-tcpip/1565923774/ch01s05.html
This site provides further information on the Internet layer and protocols.

2.8 TCP/IP Transport Layer Standards and protocols

The network layer and transport layer are closely tied together.
The transport layer (layer 4) performs three functions:
 linking the application layer to the network
 segmenting (breaking long messages into smaller packets for transmission),
 session management (establishing an end-to-end connection between the sender and
receiver).
TCP Protocol
The transport layer is the layer at which TCP/IP ports listen. Transport layer protocols are typically
responsible for point-to-point communication, which means this code is managing, establishing, and
closing communication between two specific networked devices. TCP sends data in a form that
appears to be transmitted in a character-by-character fashion. This transmission consists of the
following:
 Starting point, which opens the connection
 Entire transmission in byte order
 Ending point, which closes the connection.
TCP attaches a header onto the transmitted data. This header contains many parameters that help
processes on the sending system connect to peer processes on the receiving system.

Melbourne Polytechnic Page 31 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
TCP confirms that a packet has reached its destination by establishing an end-to-end connection
between sending and receiving hosts. TCP is therefore considered a “reliable, connection-oriented”
protocol.

2.9 How TLS and HTTPS can provide security

Transport Layer Security (TLS) and Hypertext Transfer Protocol Secure (HTTPS) can provide security
for network communications.

2.9.1 Transport Layer Security

The Transport Layer Security protocol, also known as TLS, is used to encrypt data transfer over the
Internet. TLS is primarily used to encrypt communications between servers and applications, but it is
also used in encrypting emails, messages, etc. When properly applied, TLS encryption offers several
major security advantages:
 Authentication: it enables clients to verify the identity of the server, i.e., that they are
connected to the real server
 Confidentiality: it prevents attackers from reading the contents of traffic
 Integrity: it prevents attackers from modifying traffic
 Replay prevention: it protects against attackers replaying requests against the server

To connect to a server using TLS, the client and the server exchange the so-called TLS handshake
sequence. The sequence goes through the following steps:
 Negotiation: The two parties agree on the TLS version and the cipher suite they will be using
 Authentication: The server’s identity is authenticated via the certificate (there are also types
of TLS handshake that require the client’s authentication)
 Encryption: Session keys (i.e. the master secret) that will be necessary to encrypt traffic are
established with the use of the public and private keys of each party
 Message authentication: A message authentication code (MAC) is provided by the TLS
protocol to ensure the integrity and authenticity of each exchanged message

Video Link: What are TLS Security Settings and how to enable TLS Encryption

https://www.youtube.com/watch?v=BgXKkm6hpPo
This video explains what is TSL encryption, how it works, its vulnerabilities and how to prevent TLS
vulnerabilities.

Melbourne Polytechnic Page 32 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
2.9.2 Hypertext Transfer Protocol Secure (HTTPS)
Hypertext Transfer Protocol Secure (HTTPS) is a protocol that secures communication and data
transfer between a user's web browser and a website. A malicious actor can easily impersonate,
modify or monitor an HTTP connection. HTTPS is not a separate protocol from HTTP. Rather, it is a
variant that uses Transport Layer Security (TLS) encryption over HTTP to secure communications.

HTTPS provides protection against these vulnerabilities by encrypting all exchanges between a web
browser and web server. An HTTPS URL begins with https:// instead of http://. An example of this is
when purchasing on a retailer' s e-commerce website, when they are ready to place an order, they
are directed to the product's order page. The URL of this page starts with https://, not http://.

HTTPS is based on the TLS encryption protocol, which secures communications between two parties.
TLS uses asymmetric public key infrastructure for encryption. This means it uses two different keys:
 The private key. This is controlled and maintained by the website owner and resides on the
web server. It decrypts information that is encrypted by the public key.
 The public key. This is available to users who want to securely interact with the server via
their web browser. The information encrypted by the public key can only be decrypted by
the private key.

Video Link: SSL, TLS, HTTPS Explained

https://www.youtube.com/watch?v=j9QmMEWmcfo
HTTPS is a secure protocol that tells visitor the website has an additional layer of security.

Learning Activity: The Cisco online NetAcad Cybersecurity - Cisco CCNA 200-301

This program is not essential to complete your course, but is highly recommended.
https://learningnetwork.cisco.com/s/ccna-exam-topics?ccid=ccna&dtid=website&oid=cdc-ccna-
exam
Chapter 1 Network Fundamental

Melbourne Polytechnic Page 33 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Topic 3. Services, standards and protocols
Services, standards and protocols will facilitate security and the functional operation of a network.
In this topic you will learn about:
 Server Message Block (SMB) in the local area network
 Quick (QUIC) User Datagram Protocol (UDP)
 Narrowband Internet of Things (NB-IoT) and Long Range IoT (LoRa-IoT) standards for IoT
devices.

Image by Yuichiro Chinofrom Getty Images, Licence, added on 02/02/202

3.1 Server Message Block (SMB) in the local area network

The Server Message Block (SMB) is a network protocol that enables users to communicate with
remote computers and servers. Used by billions of devices in a diverse set of operating systems,
including Windows, MacOS, iOS, Linux, and Android, Server Message Block (SMB) is a network file
sharing and data fabric protocol. SMB allows sharing of files, centralised data management, and
lowered storage capacity needs for mobile devices.
Web Link: Preventing SMB traffic from lateral connections and entering or leaving the
network

https://support.microsoft.com/en-us/topic/preventing-smb-traffic-from-lateral-connections-and-
entering-or-leaving-the-network-c0541db7-2244-0dce-18fd-14a3ddeb282a

Video Link: What is the SMB protocol & how does it work?

https://www.youtube.com/watch?v=csocwMe7l_E&feature=emb_logo

Web Link: How do we use the SMB protocol?

https://nordvpn.com/blog/what-is-smb/
https://learn.microsoft.com/en-us/windows-server/storage/file-server/file-server-smb-overview

3.2 Quick (QUIC) User Datagram Protocol (UDP)

Quick UDP Internet Connection (QUIC) is a network protocol initially developed and deployed by
Google, and now being standardised in the Internet Engineering Task Force. QUIC is very similar to
TCP+TLS+HTTP/2, but implemented on top of another transport protocol called User Datagram
Protocol (UDP), which is responsible for the physical delivery of application data (e.g. an HTTP/3
message) between the client and server machines. QUIC sits under HTTP/3, absorbing the secure TLS
layer which formerly ran under HTTP/2.
Key features of QUIC include:
 Connection establishment latency
 Improved congestion control
 Multiplexing without head-of-line blocking
 Forward error correction
 Connection migration.

QUIC Transport Protocol

QUIC uses the UDP standard to transmit data without the use of TCP ports, making it much harder
for firewalls to block. While TCP is typically implemented in the operating system, QUIC is typically
implemented as part of an application such as a browser. QUIC is focused on reducing the number of
round-trips to establish a new connection. This includes the handshake step, encryption step, and
initial data requests.

Melbourne Polytechnic Page 35 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 TCP handshake vs QUIC handshake

Image by Sedrubal from Wikimedia Commons, CC BY-SA 4.0, added 6/2/2023

Video Link: Introduction to the QUIC Protocol

https://www.youtube.com/watch?v=EkVd4k0R4Tw
This video provides information about QUIC protocol , who uses it and its purpose.

Web Link: QUIC (Quick UDP Internet Connections)

https://peering.google.com/#/learn-more/quic

Melbourne Polytechnic Page 36 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
3.3 Narrowband Internet of Things (NB-IoT) and Long Range IoT
(LoRa-IoT) standards for IoT devices
Narrowband Internet of Things (NB-IoT) and Long Range IoT (LoRa-IoT) standards for IoT devices are
investigated

3.3.1 Narrowband Internet of Things (NB-IoT)

Narrowband Internet of Things (NB-IoT) technology was developed to enable long-range
communications at a low bit rate among IoT devices across wide geographical footprints and within
urban infrastructure.
NB-IoT uses low-power wide-area network (LPWAN) technology that operates independently in
unused 200 kilohertz bands that have previously been used for Global System for Mobile
Communications. NB-IoT increases the power battery life of IoT devices as it is drawing less energy.
NB-IoT can be used in a diverse set of applications including smart metering for utilities such as
electricity, gas, and water, security in commercial properties, connected health care, occupant
tracking, smart parking, agricultural use, GPS Tracker and connecting industrial appliances and
systems.
As more devices are being connected, the tracking of information is becoming more complex. Some
surveys show that up to 90% of connected devices collect sensitive information, and yet 70% of such
data do not have any encryption. Many IoT devices also generate data related to personal
behaviour, providing new business opportunities that help companies in reaching their marketing
goals. There are some major subgroups of potential attacks on LPWAN depending on the technology
purpose:
 Data-focused attacks, which focus on accessing the data that circulate in LPWAN networks;
 DoS or denial of service attacks, with the intent to block or even inhibit the complete data
transfer;
 Monetary-focused attacks, where an attacker may look into the financial losses for the
operators of the LPWAN or the owners. For instance, some attackers try to send data at no
cost (by putting the costs on other users);
 Hardware exploitation, where the aim is to gain control over the elements of the network
for other operations (such as mining cryptocurrencies, spying, misusing the elements to
launch a DoS attack);
 Hybrid attacks, which are performed to achieve several aims at a time

Melbourne Polytechnic Page 37 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
NB-IoT Protocol
NB-IoT protocol stack has been categorised into user plane and control plane.
In user-plane LTE-NB protocol stack consists of physical layer (PHY), MAC layer, RLC layer and PDCP
layer.
In Control-plane LTE-NB protocol stack consists of PHY, MAC, RLC, PDCP, RRC and NAS layers.

Web Link: NB-IoT Protocol Stack

https://www.rfwireless-world.com/Terminology/LTE-NB-IoT-Protocol-Stack.html#:~:text=NB%2DIoT
%20protocol%20stack%20has,PDCP%2C%20RRC%20and%20NAS%20layers.

Video Link: What is NB-IoT?

https://www.youtube.com/watch?v=pf7wcl1IZYc

Video Link: NB-IoT, Narrowband Internet of Things

https://www.youtube.com/watch?v=dOGTdWm6kvw

3.3.2 Long Range IoT (LoRA) Internet of Things

Long range IoT wireless technologies form the basis for a LPWAN (Low Power Wide Area Network).
In these types of networks, IoT devices with low energy consumption are connected to gateways
which transmit data to other devices and network servers. LoRA supports short and long-range
communication because it connects sensor to cloud and also enables real-time data communication
and analytics. The devices assess the received data and control the end devices. Accordingly, the
protocols are specially designed for long-range capabilities, low-power devices, and reduced
operating costs.
LoRa-IoT devices include:
 Monitoring and control of equipment and systems
 Smart metering
 Smart grid
 City lighting control
 Smart buildings
 Agriculture monitoring
 GPS Trackers NB-IOT Transmitters

Video Link: What is LoRa? (2020)

https://www.youtube.com/watch?v=WdJxXzSE9Gs

Melbourne Polytechnic Page 38 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 Learning Activity: CISCO Academy - Introduction to IoT and Digital Transformation

This program is not essential to complete your course, but is highly recommended.
The program includes information on IoT, along with emerging technologies such as data analytics
and artificial intelligence and cybersecurity, are digitally transforming industries.

Web Link: Introduction to IoT and Digital Transformation

https://skillsforall.com/course/introduction-iot?
utm_medium=event&utm_source=skillsforall.com&utm_campaign=writ&utm_content=getstarte
dbuttoni2iot&utm_team=field_global

Further your knowledge of how the rapid growth of digital networks is transforming our lives and
industries - from connected appliances to smart factory equipment - and creating new economic
opportunities.

Melbourne Polytechnic Page 39 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Topic 4. Function and operation of key networking
devices
The foundations of networking include switches, routers and wireless access points. Through these
devices a network can communicate with other networks and to the internet. The other networks
can be accessed through wireless access points that extend bandwidth to multiple devices. Access
can mean risk to cyber security threats so firewalls along with layers of security need to be
operational.
In this topic you will learn about:
 Physical and logical network representations of a local area network
 Function and operation of network switches and network routers
 Function and operation of a firewall
 Function and operation of a wireless access point (WAP) and a wireless enabled end point
 End to end network troubleshooting .

Image by Yuichiro Chinofrom Getty Images, Licence, added on 02/02/202

Melbourne Polytechnic Page 40 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
4.1 Physical and logical network representations of a local area
network
A network topology is the physical and logical arrangement of nodes and connections in a local area
network (LAN). Nodes usually include devices such as switches, routers and software with switch
and router features.
Physical topology - describes a local area network's actual or physical layout, i.e., wires, media
(computers), or cable.
Logical topology – show how data or signals in a network flow or are transmitted across the
network.
Network topologies are often represented as a graph.

Figure Physical topography of a LAN

©Tafe Queensland, 2023, used with permission

Melbourne Polytechnic Page 41 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Figure Logical topography, ©Tafe Queensland, 2023, used with permission

Web Link: Physical and logical networks

https://www.ibm.com/docs/en/powerha-aix/7.2?topic=networks-physical-logical

Web Link: Physical and logical network diagram

https://www.dnsstuff.com/physical-logical-network-diagram

4.2 Switches and network routers

Routers and Switches are network connecting devices. Routers work at the network layer and
connect multiple networks, while switches connect multiple devices in a network.

4.2.1 Network switch

A network switch connects devices such as computers, wireless access points, servers and printers
on the same network within a building or campus. Switches share information between devices by
using Media Access Control addresses to forward data to the correct destination. A switch includes
several ports, each of which may be linked to a LAN or a high-performance server or workstation
through a bridge function. A switch is considered a data link layer device (Layer 2) of the OSI model
and use packet switching to receive, process and forward data.
Melbourne Polytechnic Page 42 of 56
VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Web Link: How Does a Switch Work?

https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/network-
switch-how.html

4.2.2 Network Router

A router is a networking device that connects computers and other devices to the Internet. Routers
are the workhorses that transfer packets of data between networks to establish and sustain
communication between two nodes in an internetwork. Routers may be wired or wireless. Routers
operate at the network layer (Layer 3) of the OSI model; a router uses the destination IP address in a
data packet to determine where to forward the packet.
Routers can help protect from attacks if they offer built-in firewalls or web filtering, which examines
incoming data and blocks it as needed.

Web Link: How Does a Router Work?

https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/how-does-a-
router-work.html

Learning Activity: Cisco Cybersecurity Essentials 6.2.4.4 Router and Switch Resilience

In this Packet Tracer activity, you will complete the following objectives:
 Hardening the IOS Configuration
 Activating the Cisco IOS Resilient Configuration Feature

Web Link: Cisco Cybersecurity Essentials 6.2.4.4 Router and Switch Resilience

https://contenthub.netacad.com/legacy/CyberEss/1.1/en/index.html#6.2.4.4

4.3 Firewalls
A firewall is a network security device that monitors incoming and outgoing network traffic and
decides whether to allow or block specific traffic based on a defined set of security rules .These may
be referred to as firewall rules. Firewalls can be software, hardware, or a combination of both.
A firewall’s purpose is to establish a barrier between an organisation’s internal network and
incoming traffic from external sources (such as the internet) in order to block malicious traffic.
The difference between firewalls with one another is usually in how tight the security and selectivity
of access, and the scope of protection at various layers of the OSI.
Melbourne Polytechnic Page 43 of 56
VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Firewall itself has several functions to protect networking devices:
 As a Network Security Post – a firewall will try to filter the network traffic in accordance
with the security policies or firewall rules
 Installed for File Transfer Protocol (FTP) to prevent data leakage
 Record user activity – when you access data, network users will go through a firewall which
then records it as documentation
 Prevent Modification of Other Party Data.
Proper setup and maintenance of your firewall are essential to keep your network and devices
protected.

Default to
connection
denial for
inbound traffic Data backups
Use antivirus
for network
protection
hosts

Firewall
Update network Segmented
firewalls security network:
practices

Web Link: What is a firewall? Definition and explanation

https://www.kaspersky.com.au/resource-center/definitions/firewall
This site provides extensive information about the function and operation of a firewall.

Video Link: What is a Firewall?

https://www.youtube.com/watch?v=x1YLj06c3hM
This video provides an overview of the function and operation of a firewall.

Video Link: How to Check Your Firewall Settings

https://www.youtube.com/watch?v=rgcqxwO4GCs

Melbourne Polytechnic Page 44 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 Learning Activity: Check Your Firewall Settings

Watch the How to check your firewall settings video then follow the steps shown in the video to
check your devices firewall settings. Record the settings below.
Incoming connections:
Active public networks:
Notification state:

4.4 Wireless access point (WAP) and a wireless enabled end

point
This chapter explains the function and operation of a wireless access point (WAP) and a wireless
enabled end point. A wireless access point (WAP) is a networking device that allows wireless-
capable devices to connect to a wired network. While a wireless enabled endpoint is the remote
computing device that communicates back and forth with a network to which it is connected e.g.
desktops. Laptops. Smartphones.

4.4.1 Wireless access point (WAP)

A wireless access point (WAP) is a networking device that allows wireless-capable devices to connect
to a wired network. This provides the WAP with the internet connection and bandwidth required.
They form wireless local-area networks (WLANs) and can provide network connectivity in office
environments, public places, like coffee shops, airports etc.

Web Link: CISCO Set up a Wireless Network using a Wireless Access Point (WAP)

https://www.cisco.com/c/en/us/support/docs/smb/wireless/cisco-small-business-100-series-
wireless-access-points/smb5530-set-up-a-wireless-network-using-a-wireless-access-point-wap.html

Web Link: Wireless Access Point vs Wi-Fi Router

https://www.youtube.com/watch?v=OxiY4yf6GGg
This video provides information about the different functions of WAP and Wi-fi router.
Wireless endpoints are physical devices that connect to a network system such as mobile devices,
desktop computers, virtual machines, embedded devices, and servers. When a device connects to a
network, there is a flow of information between networks. Internet-of-Things devices—like
cameras, lighting, refrigerators, wearables, security systems, smart speakers, Point of sale (POS)
systems, and thermostats—are also endpoints.
Endpoints are targets for cyber-attacks as they are an entry point to data, and rely on users
implementing security measures.

Melbourne Polytechnic Page 45 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Security practices for endpoint devices include:
 Cybersecurity awareness education for users
 Ensure endpoints are operating with the latest software updates and patches
 Encrypt endpoints
 Have layered cybersecurity strategies in place
 Enforce strong passwords .

Web link: What is endpoint security and how does it work?

https://www.kaspersky.com/resource-center/definitions/what-is-endpoint-security
On Kaspersky’s site they provide further information on end points and the importance of security
protection.

4.5 End to end network troubleshooting

Network troubleshooting in the process of measuring, identifying, and resolving network-related
issues. There are various methods and commands for end to end troubleshooting. Basic network
problems may include:
 Cable problem
 Connectivity
 Configuration
 Software issue
 Networking IP issue
 Traffic overload.

4.5.1 Methodical approach when trouble shooting

On physical systems check the physical

Are you using the correct connection (adapter connection, cabling, wall
adapter? sockets)

Check the logical network

configuration on both Is the IP address correctly configured?
systems

Check both systems if there Do firewall rules need to be configured?

are security measures in
place that possibly prevent
communication

Melbourne Polytechnic Page 46 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
4.5.2 Test commands
There are multiple network end to end test commands and here are 3:
 Ping
 tracert/traceroute
 netcat.

4.5.3 Ping
Ping (or ping) is the most commonly known network troubleshooting command. Ping sends an ICMP
echo request to a host computer over an IP network. If the host is reachable, it sends back an ICMP
echo reply, and reports the time it took to reach the host and other data such as errors or packet
loss.
To use the ping command, go to the command prompt and enter ‘ping’ followed by the IP address or
the URL. ping www.google.com

Web Link: ping

https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ping
This Microsoft site provides examples of ping command outputs and parameters.

4.5.4 Traceroute/Tracert
Traceroute traces the route between a source and the destination. It reports back the IP addresses
of all the routers involved.
In Windows systems, type tracert followed by hostname. For example: tracert www.googlecom

Video Link: PING and TRACERT (traceroute) networking commands

https://www.youtube.com/watch?v=vJV-GBZ6PeM

4.5.5 Netcat
The Netcat (nc) command is for reading and writing data between two computer networks using
either TCP or UDP. Netcat functions as a back-end tool that allows for port scanning and port
listening. The command differs depending on the system (netcat, nc, ncat, and others).

Web Link: Netcat

https://www.linuxfordevices.com/tutorials/netcat-command-in-linux

Melbourne Polytechnic Page 47 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Video Link: How to test connectivity with Netcat

https://www.youtube.com/watch?v=W2-phl3tY3o

Summary Learning Activity: CISCO CCNA 7: Switching, Routing, and Wireless Essentials

You are invited to explore the CISCO course CCNA 7: Switching, Routing, and Wireless Essentials
CCNA 7: Switching, Routing, and Wireless Essentials
You can further enhance your knowledge and skill in switching technologies and router operations
that support small-to-medium business networks, including wireless local area networks (WLAN)
and security concepts.

Melbourne Polytechnic Page 48 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Topic 5. Implement network security laboratory and
testing environment
There are a number of components of a network security laboratory and testing environment, in this
topic you will learn about:
 Software tools for the testing environment
 Use of virtualisation
 Virtual machine images and their construction
 Interconnectivity of the virtualised tools.

Image by Yuichiro Chinofrom Getty Images, Licence, added on 02/02/202

5.1 Software tools for the testing environment

There are a few different performance tests that can be applied to see how well a network is
functioning. Performance tests may be for download and upload speeds, penetration tests and
network load tests.
Using software tools a network’s performance can be monitored accurately and efficiently. include
but are not limited to:
 Network Performance Monitor
  Paessler Router Traffic Grapher (PRTG)
 NetScanTools
 NirSoft NetworkLatencyView Tool
 PingPlotter
 NetFlow Traffic Analyzer
 Network Bandwidth Analyzer Pack
 Engineer's Toolset.

5.2 Use of virtualisation .

Virtualisation is the creation of a virtual version of computer hardware platforms, storage devices,
and network resources. Virtualisation enables new network services to be created and
deployed quickly, often within minutes, enabling organisations to respond rapidly for scaling up or
down.
Virtual Machines build on top of a software layer called a hypervisor. Even though the VMs are
running on a portion of the underlaying computer hardware the VM runs its own operating system.
A container is similar to a VM however it only contains an application that has been packaged with
all the files configurations and dependencies for it to operate.
Virtualisation tools can be used to:
 simulate the behaviour of components that might be unavailable,
 component may be difficult to access
 when it is simply too expensive to test in another environment.

Web Link: Virtual Machines vs Container

https://www.youtube.com/watch?v=eyNBf1sqdBQ

5.3 Interconnectivity of the virtualised tools

Hypervisor
The network hypervisor provides the essential abstraction layer along with monitoring and
management capabilities. This enable administrators to create, provision and manage virtual
networks through software.
Software
Software drives the behaviours of network virtualisation, admins can invoke operations manually or
a program can control them automatically.
Physical network hardware elements

Melbourne Polytechnic Page 50 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
This includes switches, routers, firewalls, load balancers and VPNs. The network virtualisation
identifies these and creates a logical network. The underlying hardware remains to provide an IP-
based packet forwarding platform.
The network virtualisation layer handles all network and security services.

Web Link: How network virtualization works

https://www.techtarget.com/searchnetworking/tip/How-network-virtualization-works

5.4 Use of the testing environment

Use of the testing environment is demonstrated

Summary Learning Activity: Undertaking testing using virtual machines

This activity will occur over multiple sessions.

In the computer lab you will use virtual machines and undertake performance tests for download
and upload speeds, penetration tests and network load tests.

Melbourne Polytechnic Page 51 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
Topic 6. Present current examples of cyber network
attacks and resources
In this topic you will learn about:
 Denial-of-Service (DOS) & Distributed Denial-of-Service (DDOS) attack mechanisms
 Ransomware attack mechanisms
 Ransomware breach
 Local Area Network (LAN) Address Resolution Poisoning (ARP)
 Resources that increase industry’s awareness of cyber security awareness.

Image by Yuichiro Chinofrom Getty Images, Licence, added on 02/02/2023

6.1 Denial-of-Service (DOS) & Distributed Denial-of-Service

(DDOS) attack mechanisms
With Denial-of-Service (DOS) & Distributed Denial-of-Service (DDOS) attacks cybercriminals take
advantage of normal behaviour that occurs between network devices and servers, often targeting
the networking devices that establish a connection to the internet.
6.1.1 A Denial-of-Service (DoS)
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it
inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or
sending it information to overwhelm its infrastructure and triggers a crash. Denial-of-service attacks
are designed to disrupt or degrade online services such as websites, email and DNS services.
To achieve this goal, attackers may use a number of approaches to deny access to legitimate users of
online services such as:
 using multiple computers to direct a large volume of unwanted network traffic at online
services in an attempt to consume all available network bandwidth
 using multiple computers to direct tailored traffic at online services in an attempt to
consume the processing resources of online services
 hijacking online services, in an attempt to redirect legitimate users away from those services,
to other services that the adversary controls.
Organisations can implement security measures to prepare for and potentially reduce the impact if
targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy.

Video Link: Denial of Service (DoS and DDoS) Attacks

https://www.youtube.com/watch?v=tifTN315SVI

6.1.2 Distributed Denial-of-Service (DDOS) attack mechanisms

Distributed Denial of Service (DDoS) attacks are evolving to become more prevalent and
sophisticated. A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to
a single target. The same methods of attack as DoS flooding the target or sending it information but
it is from multiple locations at once.

Video Link: Telstra DoSP - Denial of Service Protection

https://www.youtube.com/watch?v=CqsX2Tg8abs
This video by Telstra discusses DDOS solutions

6.2 Ransomware breach

Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or
organisation’s data is encrypted so that they cannot access files, databases, or applications. This may
occur in the local files, then cloud and shared files. A ransom is then demanded by the attacker.

STAGE ATTACK MECHANISM

Melbourne Polytechnic Page 53 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
 Campaign Refers to the method the cyber attacker uses to deliver a ransomware attack.
The attacker forces users to download malicious software unwittingly.

Infection The malicious code or code block prepared by the cyber attacker starts to
spread on the targeted IT network.

Staging The attacker tries to embed the ransomware into the system that it is
penetrating by making minor changes to the cyber-attack vector.

Scanning Occurs when the ransomware starts scanning the IT network to identify the
files to encrypt. The authorised access definitions and permission levels in the
system to determine the path the attacker can take after scanning.

Encryption Local files on the IT network are encrypted, then the ransomware moves to the
cloud, and shared files on the network. Data on the network is encrypted and
copied. Finally, the copied and encrypted data is uploaded again to replace the
original files on the network.

The ransom request is made by the attacker. Sometimes the attackers set a
Renumeration
time, and the ransom increases over time.

Web Link: The anatomy of a ransomware attack

https://krontech.com/the-anatomy-of-a-ransomware-attack

Video Link: 5 Most Targeted Industries by Ransomware Attacks

https://www.youtube.com/watch?v=EuyV2O5D5_I
According to CISA, in 2022, 14 US critical sectors have been subjected to intense ransomware
attacks.

6.3 Local Area Network (LAN) Address Resolution Poisoning

(ARP)
A Local Area Network (LAN) comprises cables, access points, switches, routers, and other
components that enable devices to connect to internal servers, web servers, and other LANs via
wide area networks. All devices within a local area network (LAN) has two addresses. One changes
(your IP address), and one is fixed (your MAC address). ARP keeps those two systems connected. The
ARP process involves translation. For example, your IP address may be quite a bit shorter than your
MAC address. And they're never made up of the same numerals in the same order. Computers in a

Melbourne Polytechnic Page 54 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
LAN are typically connected together using Ethernet switches, which are used to forward data
between devices by examining the destination MAC address within received frames. Switches store
the source MAC address found in a frame within a MAC Address Table, where the address is
associated with the interface on which it was received.
A Local Area Network (LAN) Address Resolution Poisoning (ARP) is a form of spoofing attack that
hackers use to intercept data.. An attacker commits an ARP spoofing attack by tricking one device
into sending messages to the attacker instead of the intended recipient

6.4 Resources that increase industry’s awareness of cyber

security awareness
There are multiple useful resources that increase industry’s awareness of cyber security awareness.
The Australian Cyber Security Centre have resources for organisations to educate their team
members about cyber threats.

Summary Learning Activity: Perform a malware scan

Access the Cyber gov website Performing a malware scan using Microsoft Defender Antivirus for
Windows 10
Follow each of the steps to perform a malware scan with Microsoft Defender Antivirus on your
device with a Microsoft 10 program.
This learning activity will take 15-20 minutes.

Melbourne Polytechnic Page 55 of 56

VU23213 Utilise basic network concepts and protocols required in cyber security
Learner Resource
References

Australian Cyber Security Centre October 2021, Preparing for and Responding to Denial-of-

Service Attacks ,accessed 16 January 2023, < https://www.cyber.gov.au/sites/default/files/2021-

10/PROTECT%20-%20Preparing%20for%20and%20Responding%20to%20Denial-of-Service

%20Attacks%20%28October%202021%29.pdf>

Australian Cyber Security Centre 2023, Cyber security and your business s<

https://business.gov.au/online/cyber-security/cyber-security-and-your-business> accessed 16

January 2023

Australian Cyber Security Centre, Guidelines for Networking, accessed 10 February 2023, <

https://www.cyber.gov.au/sites/default/files/2022-12/21.%20ISM%20-%20Guidelines%20for

%20Networking%20%28December%202022%29.pdf>

Difference between Network Security and Cyber Security 2022, accessed 12 December 2022, <

https://www.geeksforgeeks.org/difference-between-network-security-and-cyber-security/>

Fujdiak, R.; Mikhaylov, K.; Stusek, M.; Masek, P.; Ahmad, I.; Malina, L.; Porambage, P.; Voznak,

M.; Pouttu, A.; Mlynek, P. Security in Low-Power Wide-Area Networks: State-of-the-Art and

Development toward the 5G. In LPWAN Technologies for IoT and M2M Applications; Elsevier:

Amsterdam, The Netherlands, 2020; pp. 373–396. [Google Scholar]

Kadusic, Esad, Natasa Zivic, Christoph Ruland, and Narcisa Hadzajlic. 2022. "A Smart Parking

Solution by Integrating NB-IoT Radio Communication Technology into the Core IoT Platform" Future

Internet 14, no. 8: 219. https://doi.org/10.3390/fi14080219