Posts
Ethical Hacker: Why should you learn networking?
Networking is arguably the most vital component of the current internet and IT infrastructure, the backbone of today’s technology. Imagine a world where computers, servers and other IT systems wouldn't be able to communicate with each other. That would basically kill the modern internet and most of the technology as we know it. As an ethical hacker, your job is to understand the logic behind networking, because that’s how you find vulnerabilities and misconfigurations.
So where do you learn networking from?
The golden standard for learning the basics is Cisco CCNA. While it doesn’t teach you anything about hacking, it helps with understanding the fundamentals of how networks are built. It covers one of the many domains you have to master to become a great ethical hacker.
How can an ethical hacker use networking knowledge?
Let's look at some of the attacker tactics and techniques in the MITRE ATT&CK framework, one of the most widely used knowledge bases, and compare some of the tactics and techniques to the topics addressed in the CCNA blueprint. The CCNA topics are only scratching the surface, since hacking is not the focus, but there is a ton of useful information to build solid knowledge on many protocols exploited by hackers. While there is no 1-to-1 mapping between the attack techniques and the CCNA blueprint topics, we can find a few crossing points between the two.
Network Reconnaissance & Scanning (MITRE Tactic: Reconnaissance & Discovery)
Ethical hackers gather intelligence on a target using IP addressing, subnets, VLANs, and open ports.
Tools like Nmap, Wireshark, and Netcat help with network mapping.
CCNA Topics:
1.0 Network Fundamentals – Understanding IP addressing, subnets and VLANs helps hackers map networks.
2.0 Network Access – Layer 2 discovery (CDP, LLDP, ARP) - Protocols used for reconnaissance.
3.0 IP Connectivity - Routing Concepts and layer 3 protocols (OSPF, Static Routing) - Identification of network topologies.
MITRE Techniques:
T1595 – Active Scanning (Port & Service Discovery)
T1046 – Network Service Scanning
T1018 – Remote System Discovery
T1071 – Application Layer Protocol for Command & Control
Exploiting Network Vulnerabilities (MITRE Tactic: Initial Access & Execution)
Attackers exploit weaknesses in TCP/IP, HTTP, FTP, and SSH to gain unauthorized access. MITM attacks like ARP poisoning and DNS spoofing can intercept or redirect network traffic.
CCNA Topics:
2.0 Network Access - (Telnet, SSH, HTTP, HTTPS)
4.0 IP Services - Understanding NAT, DNS, SSH
5.0 Security Fundamentals - Understanding
Device Security - Administrative Access, Device Hardening.
MITRE Techniques:
T1189 – Drive-by Compromise
T1203 – Exploitation for Client Execution
T1557 – Man-in-the-Middle (MITM)
T1040 – Network Sniffing
Wireless Attacks (MITRE Tactic: Credential Access & Privilege Escalation)
Wi-Fi hacking targets weak encryption (WEP, WPA, WPA2) and uses deauthentication attacks.
CCNA Topics:
5.0 Security Fundamentals (WLAN, WPA, SSID, Authentication)
MITRE Techniques:
T1602 – Network Sniffing for Credentials
T1556 – Modify Authentication Process
T1078 – Valid Accounts
Post-Exploitation & Data Exfiltration (MITRE Tactic: Lateral Movement & Exfiltration)
Once inside a network, ethical hackers move laterally using pivoting, port forwarding, and VPN tunneling. DNS tunneling and C2 servers are used for exfiltrating data.
CCNA Topics:
IP Connectivity - Routing Concepts - helps with pivoting and lateral movement.
Network Automation - Learning basic scripting, which could help with exfiltration techniques.
MITRE Techniques:
T1570 – Lateral Tool Transfer
T1095 – Non-Application Layer Protocol (ICMP, UDP for Covert C2)
T1048 – Exfiltration Over Alternative Protocol (DNS Tunneling)
T1071.004 – Exfiltration Over C2 Channel
Conclusion
Networking is the backbone of the modern technology. Whether you are an ethical hacker, IT technician or security analyst, understanding how networks work will make you more effective in doing your daily job. CCNA being the golden standard in learning networking is one of the certifications to consider for building the fundamental knowledge in protocols, infrastructure and communication.
.jpg)
