Addressing in Computer Networks in Cyber Security

Addressing in Computer Networks in Cyber Security

Addressing in computer networks is the process of assigning unique identifiers to network devices, such as computers, routers, switches, and printers. These identifiers, also known as addresses, enable communication and data exchange among network devices. Addressing is essential for network security, as it helps to identify the source and destination of network traffic, and to apply security policies and controls based on the addresses.

There are different types of addresses used in computer networks, depending on the network layer and protocol. The most common types are:

IP Addresses

IP addresses are logical addresses that identify network devices at the internet layer of the TCP/IP model. IP addresses are used to route packets across networks, not just across physical links, but between networks of routers. The addressing scheme in use is either IPv4 (“IP Version 4”) or IPv6 (“IP Version 6”). IP networks can be broken into different sections, often called subnets¹.

IPv4 Addresses

IPv4 addresses are 32-bit binary numbers, usually written in dotted decimal notation, such as 192.168.1.1. Each IPv4 address consists of two parts: a network prefix and a host identifier. The network prefix identifies the subnet to which the device belongs, and the host identifier identifies the device within the subnet. The length of the network prefix varies depending on the subnet mask, which is another 32-bit number that indicates which bits of the address belong to the network prefix and which bits belong to the host identifier.

For example, if the subnet mask is 255.255.255.0, then the first 24 bits of the address are the network prefix, and the last 8 bits are the host identifier. In this case, the address 192.168.1.1 belongs to the subnet 192.168.1.0/24 (the /24 notation indicates the length of the network prefix), and has a host identifier of 1.

IPv4 addresses are classified into five categories: A, B, C, D, and E. Each category has a different range of values for the first octet (the first 8 bits) of the address, and a different default subnet mask. For example, class A addresses have values from 1 to 126 for the first octet, and a default subnet mask of 255.0.0.0 (or /8). Class D addresses are reserved for multicast communication, and class E addresses are reserved for experimental purposes.

The main problem with IPv4 addressing is that it has a limited address space of about 4.3 billion addresses, which is not enough to accommodate the growing number of network devices in the world. To overcome this problem, several techniques have been developed, such as:

• Network Address Translation (NAT): NAT is a process that allows multiple devices to share a single public IP address when communicating with external networks, such as the internet. NAT devices, such as routers or firewalls, map private IP addresses (which are not globally unique) to public IP addresses (which are globally unique) using port numbers. NAT helps to conserve IPv4 addresses and enhance network security by hiding internal network topology and device identities from external networks.
• Classless Inter-Domain Routing (CIDR): CIDR is a method that allows more flexible allocation of IP addresses by using variable-length subnet masks instead of fixed-length subnet masks based on class boundaries. CIDR enables more efficient use of IPv4 address space by allowing subnets to have different sizes according to their needs, and by aggregating contiguous subnets into larger blocks called supernetting or route summarization.
• Private IP Addresses: Private IP addresses are IP addresses that are not assigned by the Internet Assigned Numbers Authority (IANA) and are not routable on the internet. Private IP addresses are used within private networks, such as home or office networks, and can be reused by different networks as long as they do not communicate with each other or with external networks. Private IP addresses are defined by three ranges: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

IPv6 Addresses

IPv6 addresses are logical addresses that identify network devices at the internet layer of the TCP/IP model in IPv6 protocol. IPv6 addresses are 128-bit binary numbers, usually written in hexadecimal notation with colons separating every 16 bits, such as 2001:db8::1. Each IPv6 address consists of two parts: a global routing prefix and an interface identifier. The global routing prefix identifies the network to which the device belongs, and the interface identifier identifies the device within the network.

The length of the global routing prefix varies depending on the type of address and the prefix length value that indicates how many bits of the address belong to the global routing prefix and how many bits belong to the interface identifier.

For example, if an address has a prefix length value of /64, then the first 64 bits of the address are the global routing prefix, and the last 64 bits are the interface identifier. In this case, the address 2001:db8::1 belongs to the network 2001:db8::/64, and has an interface identifier of 1.

IPv6 addresses are classified into three types: unicast, multicast, and anycast. Unicast addresses identify a single device, multicast addresses identify a group of devices, and anycast addresses identify the nearest device among a group of devices. Each type of address has a different format and scope. For example, global unicast addresses have a global scope and can be routed on the internet, while link-local unicast addresses have a local scope and can only be used within a single network segment.

The main advantage of IPv6 addressing is that it has a much larger address space of about 3.4 x 10^38 addresses, which is enough to accommodate the current and future needs of network devices in the world. IPv6 also offers other benefits, such as:

• Simplified header format: IPv6 headers have a fixed length of 40 bytes and contain only essential fields, such as source and destination addresses, traffic class, flow label, payload length, next header, and hop limit. This simplifies packet processing and routing by reducing header overhead and eliminating the need for fragmentation and reassembly.
• Stateless address autoconfiguration (SLAAC): SLAAC is a mechanism that allows devices to automatically configure their IPv6 addresses without the need for manual configuration or a DHCP server. SLAAC devices use the Neighbor Discovery Protocol (NDP) to obtain their global routing prefix from a router advertisement message, and generate their interface identifier from their MAC address or a random number.
• Enhanced security: IPv6 supports the use of IPsec, a suite of protocols that provide authentication, encryption, and integrity protection for IP packets. IPsec can be applied to all IPv6 traffic by default, unlike IPv4 where IPsec is optional and requires additional configuration.

MAC Addresses

MAC addresses are physical addresses that identify network devices at the data link layer of the TCP/IP model. MAC addresses are used to deliver frames within a local area network (LAN), such as Ethernet or Wi-Fi. MAC addresses are 48-bit binary numbers, usually written in hexadecimal notation with hyphens separating every 8 bits, such as 00-0C-29-AB-CD-EF. Each MAC address consists of two parts: an organizationally unique identifier (OUI) and a device identifier. The OUI identifies the manufacturer or vendor of the device, and the device identifier identifies the device within the vendor’s range.

For example, if the MAC address is 00-0C-29-AB-CD-EF, then the OUI is 00-0C-29, which belongs to VMware Inc., and the device identifier is AB-CD-EF, which is assigned by VMware Inc.

MAC addresses are supposed to be globally unique and permanent for each device, as they are burned into the hardware or firmware of the network interface card (NIC) or wireless adapter. However, some devices allow changing or spoofing their MAC addresses for various purposes, such as bypassing MAC filtering or hiding their identity.

To deliver frames within a LAN, network devices use the Address Resolution Protocol (ARP) to map IP addresses to MAC addresses. ARP devices broadcast ARP request messages to ask for the MAC address of a device with a given IP address, and receive ARP reply messages from the device with its MAC address. ARP devices cache these mappings in their ARP tables for future use.

Other Types of Addresses

Besides IP addresses and MAC addresses, there are other types of addresses used in computer networks for different purposes, such as:

• Port numbers: Port numbers are logical identifiers that distinguish different applications or processes running on the same device. Port numbers are used at the transport layer of the TCP/IP model to multiplex and demultiplex data streams between source and destination devices. Port numbers are 16-bit binary numbers, ranging from 0 to 65535. Some port numbers are reserved for well-known services or protocols, such as port 80 for HTTP or port 443 for HTTPS.
• Domain names: Domain names are human-readable names that identify network resources, such as websites or servers. Domain names are used at the application layer of the TCP/IP model to provide a convenient way for users to access network resources without memorizing their IP addresses. Domain names are composed of labels separated by dots, such as www.w3schools.com. Each label can have up to 63 characters from a set of alphanumeric characters and hyphens. Domain names are resolved to IP addresses by domain name system (DNS) servers using DNS queries and responses.
• Email addresses: Email addresses are identifiers that specify the destination of an email message. Email addresses are used at the application layer of the TCP/IP model to enable email communication between users across networks. Email addresses consist of two parts: a local part and