Essential Network Security: From SQL Injection to ARP Spoofing and How to Defend

Why Network Security Matters

Both network engineers and operations staff must understand that every data breach or network attack can cause immeasurable loss for an organization.

SQL Injection

Attackers inject malicious SQL code into HTTP requests; when the server builds SQL statements from parameters, the malicious code is executed.

Example:

select * from user where name = 'lianggzone' and password = '' or '1'='1'

To prevent SQL injection, use prepared statements and perform input validation on both the client and server.

Validate input effectiveness.

Limit input string length.

Cross‑Site Scripting (XSS)

Attackers embed malicious scripts in web pages to control the victim’s browser.

Limit input length on both front‑end and back‑end.

Escape HTML characters such as <, >, etc.

The core of XSS prevention is filtering all user‑provided data.

CSRF (Cross‑Site Request Forgery)

Attackers trick a logged‑in user into sending unauthorized requests to a target site.

Use security frameworks (e.g., Spring Security).

Implement token verification in HTTP requests.

Use CAPTCHAs where appropriate.

Check the Referer header.

Validate request source.

Add CAPTCHA to critical actions.

Include and verify tokens.

File Upload Vulnerabilities

Uploading executable scripts can give attackers the ability to run commands on the server.

Determine file type using MIME type and extension checks.

Apply a whitelist of allowed file types.

Rename uploaded files to unpredictable names.

Limit file size.

Serve uploaded files from a separate domain.

DDoS Attacks

Clients send a flood of SYN packets without completing the three‑way handshake, exhausting server resources.

Limit the number of simultaneous half‑open SYN connections.

Reduce SYN timeout.

Disable unnecessary services.

ARP Protocol

ARP resolves IP addresses to MAC addresses by broadcasting requests and receiving replies.

Broadcast ARP request containing the target IP.

Target host replies with its MAC address.

Preventing ARP Attacks

Bind MAC addresses to IPs.

Use static ARP entries.

Deploy ARP‑guard or ARP‑firewall software.

Isolate compromised hosts.

Keep DNS servers patched and disable recursion.

Restrict zone transfers and dynamic updates.

RARP (Reverse ARP)

RARP allows a host that knows only its hardware address to discover its IP address via a RARP server.

DNS Working Principle

DNS translates domain names to IP addresses using UDP. The resolution process involves browser cache, OS hosts file, local DNS, root servers, TLD servers, and authoritative name servers.

DNS Attacks and Defenses

Apply security patches promptly.

Configure least‑privilege permissions.

Encrypt traffic with SSL/TLS.

Enforce multi‑factor authentication.

Deploy redundancy and failover mechanisms.

RIP Routing Protocol

RIP uses hop count (max 15) as its metric and exchanges updates via UDP port 520.

RIP Convergence Mechanisms

Count‑to‑infinity (max hop count 15).

Split horizon.

Poison reverse.

Hold‑down timers.

Triggered updates.

OSPF Working Principle

OSPF is a link‑state routing protocol that floods LSAs, builds a link‑state database, and computes shortest paths with the SPF algorithm.

TCP vs UDP

TCP is connection‑oriented, reliable, and provides flow and congestion control.

UDP is connectionless, faster, and suitable for real‑time or small‑message applications.

TCP Three‑Way Handshake and Four‑Way Teardown

Described step‑by‑step handshake and termination sequences.

HTTP vs HTTPS

HTTP transmits data in clear text on port 80.

HTTPS adds SSL/TLS encryption on port 443 and requires certificates.

Common HTTP Status Codes

200 OK – request succeeded.

403 Forbidden – server refuses to fulfill.

404 Not Found – resource does not exist.

500 Internal Server Error – server encountered an unexpected condition.

SSL/TLS Overview

SSL/TLS provides authentication, encryption, and integrity using asymmetric (public‑key) and symmetric (session key) cryptography.

Client initiates SSL handshake.

Server sends its certificate with a public key.

Client encrypts a random secret with the server’s public key.

Server decrypts the secret and both derive a shared session key.

All subsequent data is encrypted with the session key.