Network Types and

Network Addressing
in
Network Security
Introduction
 Network Types
• Networks are classified based on
scope, purpose, and architecture,
each with unique security
challenges.

a) Local Area Network (LAN)

b) Wide Area Network (WAN)
c) Metropolitan Area Network (MAN)
d) Personal Area Network (PAN)
e) Virtual Private Network (VPN)
f) Cloud Networks
 Local Area Network (LAN)
Definition: A LAN is a network that connects computers and devices within a small
geographical area (e.g., home, office, school).

Characteristics:

• Small geographical area (e.g., office, home)

• High speed and low latency

• Uses Ethernet, Wi-Fi

• Private network

Security Considerations:

• Implement firewalls to prevent unauthorized access.

• Use VLANs (Virtual LANs) to separate different groups of users.
• Enable MAC address filtering to restrict access.

Example: Office network connecting multiple computers and printers.

 Wide Area Network (WAN)
• Definition: A WAN covers a large geographical area, often
connecting multiple LANs and other networks over long
distances.

• Characteristics:

• Covers large geographical areas

• Uses leased lines, satellites, and fiber optics
• Can connect multiple LANs
• Slower than LAN due to distance

• Security Considerations:

• VPN (Virtual Private Network) ensures encrypted data

transmission.
• IPSec (Internet Protocol Security) for secure communication.
• Deploy intrusion detection and prevention systems (IDS/IPS).

• Example: The internet, which connects global ISPs and data

centers.
 Metropolitan Area Network (MAN)
• Definition: A MAN spans a city or metropolitan area,
larger than a LAN but smaller than a WAN.

• Characteristics:
• Covers a city or metropolitan area
• High-speed fiber-optic connectivity
• Serves organizations, universities, and
government buildings

• Security Considerations:
• Implement secure wireless encryption (WPA3 (Wi-Fi
Protected Access 3), AES (Advanced Encryption
Standard)).
• Regularly monitor for unauthorized access.
• Segment the network to prevent widespread attacks.

• Example: City-wide Wi-Fi network providing public

access.
 Personal Area Network (PAN)
• Definition: A PAN is a network that connects personal
devices within a very short range (e.g., Bluetooth
devices, smartwatches).

• Characteristics:
• Limited to a few meters in range.
• Uses technologies like Bluetooth, NFC, and
Zigbee.

• Security Considerations:
• Disable Bluetooth/NFC when not in use to
prevent unauthorized pairing.
• Use device authentication mechanisms.
• Implement encryption protocols for data transfer.

• Example: Bluetooth connection between a phone and a

smartwatch.
 Virtual Private Network (VPN)
Definition: A VPN extends a private network across a public network,
allowing users to securely access network resources remotely.

Security Considerations:

Use strong encryption protocols (e.g., OpenVPN, L2TP/IPSec).

(L2TP - Layer 2 Tunnelling Protocol)

Implement multi-factor authentication (MFA) for VPN access.

Regularly update VPN software to patch vulnerabilities.

Example: A corporate VPN allowing employees to securely access internal files

from home.
 Cloud Networks
Definition: Cloud networks provide computing resources and services
over the internet, allowing access from anywhere.

Security Considerations:

Use zero-trust security models (Modern Security Approach - "Never Trust, Always
Verify.") to verify every access request.
Analogy of Russian philosophy of “Trust, but Verify”

Implement end-to-end encryption for cloud-stored data.

Ensure regular security audits to detect vulnerabilities.

Example: Google Drive, Amazon Web Services (AWS), and

Microsoft Azure.
 Comparison of Network Types, Characteristics, Security Considerations
Network Type Characteristics Example Security Considerations
Use strong passwords and WPA3 for Wi-Fi
Small geographical area (e.g., office,
Example: Office network security.
Local Area home)
connecting multiple Implement firewalls and VLANs to segment
Network (LAN) High speed and low latency
computers and printers. networks.
Uses Ethernet, Wi-Fi Private network
Enable MAC address filtering.
Covers large geographical areas
Uses leased lines, satellites, and Example: The internet, Use VPN and IPSec for secure data transmission.
Wide Area
fiber optics which connects global ISPs Deploy firewalls and IDS/IPS to detect threats.
Network (WAN) Can connect multiple LANs and data centers. Ensure proper network monitoring.
Slower than LAN due to distance
Implement encryption (WPA3, TLS) for data
Metropolitan Covers a city or metropolitan area
Example: City-wide Wi-Fi protection.
High-speed fiber-optic connectivity
Area Network network providing public Prevent unauthorized access with strong
Serves organizations, universities, and
(MAN) access. authentication.
government buildings
Monitor network traffic for anomalies.
Very small coverage area (e.g.,
Use device authentication
Bluetooth, NFC) Example: Bluetooth
Personal Area (e.g., Bluetooth pairing codes).
Connects personal devices like phones, connection between a
Network (PAN) Disable unnecessary wireless connections.
smartwatches phone and a smartwatch.
Encrypt data transfers.
Short-range communication
Secure communication over the
Example: A corporate VPN
internet Use AES-256 encryption for secure connections.
Virtual Private allowing employees to
Uses encryption to protect data Implement multi-factor authentication (MFA).
Network (VPN) securely access internal files
Provides remote access to internal Regularly update VPN software.
from home.
networks

Internet-based computing services Example: Google Drive, Implement zero-trust security models.
Cloud Networks Provides scalable resources on-demand Amazon Web Services Use end-to-end encryption for data security.
Uses virtualized data centers (AWS), and Microsoft Azure. Regularly audit access logs and permissions.
Network
Addressing
 Network
Addressing
• Network addressing is
crucial for communication,
identifying devices, and
ensuring secure data
transfer. The two main types
of network addressing are
IPv4 and IPv6.
IPv4 Addressing
IPv4 Addressing
IPv4 Addressing
IPv4 Addressing
IPv4 Addressing
IPv4 Addressing
 IPv4 Addressing
• Definition: IPv4 (Internet Protocol version 4) is a 32-bit addressing
scheme used to identify devices on a network.
• Structure: Consists of four decimal-separated octets (e.g.,
192.168.1.1).

• Types of IPv4 Addresses:

– Public IP Addresses – Assigned by ISPs, used for internet communication.
– Private IP Addresses – Used within internal networks (e.g., 192.168.0.1).
– Loopback Address – (127.0.0.1), used for testing internal connections.
– Broadcast Address – Sends messages to all devices in a network
(255.255.255.255).

• IPv4 Security Issues

• IP Spoofing – Attackers impersonate legitimate IPs to bypass security.
• Address Exhaustion – Limited IPv4 addresses increase security risks
with NAT (Network Address Translation).
• Man-in-the-Middle Attacks – Unencrypted IPv4 traffic is susceptible
to interception.
 Network Address Translation (NAT)
• Definition: NAT allows multiple devices in a private network to share a single
public IP address.

• Types of NAT:
– Static NAT – One-to-one mapping between private and public IPs.
– Dynamic NAT – Assigns public IPs from a pool dynamically.
– PAT (Port Address Translation) – Multiple private devices share a single
public IP with different port numbers.

• NAT Security Considerations

• Provides Basic Firewall Functionality – Hides internal IPs from external
attackers.
• Limits Direct Attacks – Attackers cannot directly access internal devices.
• Not a Replacement for Firewalls – Should be combined with firewall rules
and VPNs.
 Example of NAT in a Home Network
Scenario:
Imagine a home network where multiple devices (PC, Laptop,
Smartphone) connect to the internet through a router.
 Example of NAT in a Home Network
Scenario:
Imagine a home network where multiple devices (PC, Laptop,
Smartphone) connect to the internet through a router.
 Example of NAT in a Home Network
Scenario:
Imagine a home network where multiple devices (PC, Laptop,
Smartphone) connect to the internet through a router.
 Example of NAT in a Home Network
Scenario:
Imagine a home network where multiple devices (PC, Laptop,
Smartphone) connect to the internet through a router.
 Example of NAT in a Home Network
• Summary
NAT (PAT) assigns a unique port to each outgoing request.

The router uses a NAT table to track which private IP

requested which webpage.

Responses from Google are mapped back to the correct

device using these assigned ports.

Multiple devices share a single public IP without conflicts.

 IPv6 Addressing
• Definition: IPv6 (Internet Protocol version 6) is a 128-bit addressing system designed to
overcome IPv4 limitations.
• Structure: Uses hexadecimal representation (e.g., 2001:db8::ff00:42:8329).
• Advantages over IPv4:
– Larger address space – No risk of exhaustion.
– Built-in encryption – Supports IPsec for security.
– Better routing efficiency – Simplifies data transfer.

• IPv6 Security Enhancements

• Mandatory IPsec Encryption – Ensures secure communication.
• No NAT Required – Reduces the risk of NAT-based security vulnerabilities.
• Better Authentication – Uses Secure Neighbor Discovery (SEND) to prevent address
spoofing. (Each IPv6 address is tied to an RSA cryptographic key)

• RSA (Rivest-Shamir-Adleman) is one of the most widely used public-key cryptographic

algorithms. It is primarily used for secure data transmission, encryption, and digital
signatures.
RSA is a public-key cryptosystem, meaning it uses two keys:
1. Public Key – Used for encryption (shared with others).
2. Private Key – Used for decryption (kept secret).
 Address Resolution Protocol (ARP) Security
• Definition: ARP maps IP addresses to MAC addresses within a LAN.

• Security Threats:
• ARP Spoofing – Attackers send fake ARP messages to redirect
traffic.
• Man-in-the-Middle Attacks – Intercept communication between
devices.

• ARP Security Measures:

• Use ARP Spoofing Detection Tools – Monitor network traffic.
• Enable Dynamic ARP Inspection (DAI) – Prevents spoofing
attacks.
• Use Static ARP Entries – Reduces reliance on dynamic ARP
mappings.
 Subnetting in Network Security
• Definition: Subnetting divides a large network into smaller
subnetworks to enhance security and efficiency.

• Benefits:
– Limits Broadcast Traffic – Prevents unnecessary congestion.
– Enhances Security – Isolates different departments and user
groups.
– Improves Performance – Reduces collision domains.

• Subnetting Example
• Subnet Mask: Defines the network and host portions of an
IP address.
• Example: 255.255.255.0 (Class C) supports 256 hosts.
 Conclusion
• Understanding network types and addressing
schemes is fundamental to designing secure
networks. By implementing strong security
policies, encryption, authentication, and
monitoring tools, organizations can mitigate
risks and protect their infrastructure from
cyber threats.

• Key Takeaways
– Use firewalls, VPNs, and encryption to
secure LANs, WANs, and Cloud Networks.
– Implement IPv6 for better security and
authentication mechanisms.
– Apply NAT and subnetting to enhance
security and network efficiency.
– Regularly monitor for ARP spoofing and
other network-based attacks.