Gone But Not Forgotten: Part 1 – TCP/IP
An M365 Admins Guide to Understanding Critical “Older” Technology
- In order to battle the “bad guys”, M365 admins should understand how critical older technology works.
- This three-part blog series focuses on TCP/IP, DHCP, and DNS.
- TCP/IP, or transmission control protocol/Internet protocol, standards are used to ensure packets of data, such as emails and file transfers, are framed or boxed and addresses properly.
Just to be clear, I’m not one of those dinosaur IT admins that recommend you install NT 4.0 so you can feel the pain of it as part of some initiation ritual into the world of IT. I mean, yes, by IT time standards, I am a dinosaur (started in the 90s), and yes, I do know the pain of installing servers on-premises. But, I’ve embraced the modern world of cloud systems and know that the modern admin (both IT and non-IT) has plenty of “newer” technology to master with limited reason to look back at the past.
Critical “Older” Technology Focus Points
What I’ve come to believe within my 25 years of work in IT, as an author of server tech books, as a journalist, as a global security advisor and speaker, is that the key to understanding how to battle the “bad guys” begins with the foundation itself. And as an M365 admin (IT or non-IT admin), battling the “bad guys” is part of the job. To do it well, you have to understand, to a degree, critical “older” technology. While it may not seem like it, there are technologies that are still very much alive and in use every single day of our lives as M365 admins. In this article series, I’d like to focus on three that are all related to some degree and are the underpinnings of everything we do. TCP/IP, DHCP, and DNS.
TCP/IP stands for transmission control protocol/Internet protocol and it’s actually not just two protocols but a whole suite of them. Protocols are a set of standards. Having standards causes different manufacturers to follow a protocol when developing things that will work together on a network or the Internet. To send a simple document (or image) from one computer/device to another, the document needs to be broken up into data packets or packages and then sent over the wire internally (within your network) or externally (over the Internet). In much the same way a post office needs an address to locate the recipient, the network/Internet uses the TCP/IP address to route its packages to its recipient. TCP/IP standards are used to ensure packets of data (email, file transfers, etc.) are framed or boxed and addressed properly so they are able to reach their destination.
It all starts with binary code. Everything. Everything in the computer you’re using or mobile devices you carry is all about 0s and 1s. A 0 or 1 are called bits. 8 of those is a byte. (4 is a nibble… that’s a little-known fact you can use on trivia night). What gets sent over the wire, that document or picture, isn’t a document or picture… it’s 0s and 1s. It gets broken down into mini packets of data and, thanks to consistent addressing schemes, it can be shipped out in pieces and reassembled at the destination.
The addressing for each device is a 32-bit binary number expressed in dotted decimal notation. Ok… take a breath… that sounds scarier than it is. Here is an example of an address: 10.1.1.20. You can locate your own computer’s address by opening a command prompt and typing ipconfig. Now, in the old days, we had to know IP addressing schemes and classes and subnetting and supersubnetting and so on. But, for the sake of simplicity, let’s just focus on three things. The address, the subnet mask, and the default gateway.
Imagine you have to deliver a letter to a house on 10th Street. The house number is 1.1.20. But, on the envelope, you just see 10.1.1.20. How would you know which part of that address is the street and which is the house? In your area, there is also a 10.1th Street and a 10.1.1th Street. That’s where the subnet mask would tell you where the street (or network) ends and the house (or node) begins. So, if I told you the subnet mask for 10.1.1.20 was 255.0.0.0, assuming the 255 was the street or network portion, you would say 10 is the network and 1.1.20 is the node.
Here is another example: 192.168.1.35 with a subnet mask of 255.255.255.0. Based on what you already know, you can see that the network is 192.168.1, and the node is 35. Within a network, you can use this addressing scheme to get data from one system to another. But, what if you’re trying to send data to a system that is on a completely different network? From the computer or node at 192.168.1.35 over to the node at 10.1.1.20. What solution allows you to transfer from one network to another, or from your network to Internet itself? A router!
If you did that ipconfig trick a moment ago, you saw three things… the IPv4 address, the subnet mask, and the default gateway. That default gateway is the address of the router. It’s like the post office in that there are two boxes for letters… local (on your network) and out of town (for every other network). If a network/node doesn’t exist on your side of the router, it goes to the other side, which could mean another network or the Internet itself. Then what? It becomes part of a bigger picture that we’ll discuss soon.
TCP/IP used to be an essential part to every IT admins training. But in modern times, it’s not a focus, due in part to the widely deployed use of DHCP and DNS technology. And we’ll save those for the next article.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!