How the Internet Really Works: What You Must Know Before Learning Cybersecurity

Before you learn how to defend something, you need to know how it works. Many beginners skip this part and end up frustrated when tools don’t make sense.

Here’s a simple example.
Let’s say you get a security alert showing “Suspicious traffic on port 3389.”
If you don’t know that port 3389 is used for Windows Remote Desktop, the alert feels like random noise.
If you do know, you instantly realize someone might be trying to break into a machine.

Once the basics click, cybersecurity becomes way easier.

Most people picture the internet as a magical cloud. But really, it’s a giant network of physical cables, routers, and data centers.

2.1 Physical Infrastructure

Beneath your feet are fiber cables carrying data at the speed of light.
Huge undersea cables cross oceans.
And gigantic buildings called data centers store and process everything you browse.

If an important cable gets accidentally dug up, entire regions can slow down or go offline.
The internet might feel wireless, but it’s built on a surprising amount of physical stuff.

2.2 Internet Service Providers (ISPs)

Your ISP is the company that gives you access to the internet. Every message from your device travels through their network first.

2.3 How Data Travels Across the World

Your data doesn’t teleport.
It travels through multiple routers, across cities, through undersea cables, and eventually reaches a server somewhere far away.

Tools you can try:

• Traceroute (shows you the path your data takes)

• Submarine Cable Map (lets you see real ocean cables)

To make cybersecurity less intimidating, you need to understand how devices identify each other and talk.

3.1 IP Addresses

An Internet Protocol (IP) address is your device’s online address.
There are two types:

• Public IP address: the address the world sees

• Private IP address: used inside your home or office network

3.2 Ports

Ports are like doors on a device.
Each service uses a specific door.

Examples:

• Web browsing uses port 80 or 443

• Email uses ports like 25 and 587

• Attackers scan for open ports to find weaknesses

3.3 MAC Addresses

A Media Access Control (MAC) address is like your device’s permanent ID number on a local network.

3.4 DNS – Domain Name System

DNS is the internet’s phonebook.

You type “google.com”…
DNS finds the numeric IP address behind that name.

If DNS gets tampered with, you can be redirected to fake websites without even noticing.

This is where the puzzle pieces start fitting together.

4.1 Packets

Every message is broken into small pieces called packets, sent across the network, then reassembled at the destination.
It’s like mailing a long letter in separate envelopes.

4.2 Routers and Switches

Routers choose the best path for packets.
Switches connect devices within a smaller network like a home or office.

4.3 NAT – Network Address Translation

Network Address Translation (NAT) lets multiple devices share one public IP address.
Imagine a house with many rooms but only one main gate.
NAT manages who goes in and out through that gate.

4.4 Firewalls

A firewall decides which traffic is allowed or blocked.
Think of it as the bouncer checking IDs at the door.

4.5 Important Protocols Explained

Transmission Control Protocol (TCP)

Reliable. Checks for errors. Resends lost packets.
Used for websites, emails, and downloads.

User Datagram Protocol (UDP)

Fast but doesn’t check for errors.
Used for live streams, online games, and calls.

Hypertext Transfer Protocol (HTTP)

Used to load websites.

Hypertext Transfer Protocol Secure (HTTPS)

Same as HTTP but encrypted for safety.

Secure Shell (SSH)

Secure way to control a remote computer.

These models help you understand how data moves.

5.1 OSI – Open Systems Interconnection Model

Seven layers:

1. Physical

2. Data Link

3. Network

4. Transport

5. Session

6. Presentation

7. Application

Each layer plays its role, from cables at the bottom to applications at the top.

5.2 TCP/IP – Transmission Control Protocol / Internet Protocol Model

This is the real-world version with four layers:

1. Link

2. Internet

3. Transport

4. Application

5.3 Why This Matters in Cybersecurity

Knowing the layers helps you troubleshoot problems and understand where attacks happen.

• Cable unplugged? Physical Layer

• Bad IP configuration? Network Layer

• Website loads wrong? Application Layer

5.4 How Attackers Exploit Layers

Example:
A SYN flood attack abuses the Transport Layer’s handshake process.

These are things you use daily even if you don’t notice them.

6.1 HTTPS – Hypertext Transfer Protocol Secure

Encrypts your connection so nobody can spy on your data.

6.2 Email Protocols

Simple Mail Transfer Protocol (SMTP)

Sends emails.

Internet Message Access Protocol (IMAP)

Reads email from multiple devices.

Post Office Protocol Version 3 (POP3)

Downloads email to one device.

6.3 File Transfer Protocol (FTP)

An older method of moving files. Not secure unless encrypted (FTPS or SFTP).

6.4 Secure Shell (SSH)

Lets you access computers remotely in a secure way.

6.5 Application Programming Interfaces (APIs)

APIs allow apps to talk to each other.
For example, your weather app uses an API to get temperature data.

Let’s break the big picture down.

7.1 Client and Server

The client (your device) requests data.
The server provides it.

7.2 Frontend, Backend, and Database

• Frontend: what you see

• Backend: the invisible logic

• Database: stores all the information

7.3 Cookies and Sessions

Cookies help websites remember you.
Sessions keep you logged in while you use a site.

7.4 Where Vulnerabilities Hide

• Structured Query Language (SQL) Injection

• Broken authentication

• Weak session handling

Tools to explore:

• Burp Suite

• OWASP Juice Shop

Cyberattacks don’t always involve genius-level tricks. Many come from simple mistakes.

8.1 Weak Points Attackers Look For

• Default passwords

• Outdated software

• Open databases

• Poorly configured servers

• Unsecured APIs

8.2 Misconfigurations

A misconfiguration is a mistake in setup.
Even one wrong setting can expose sensitive data.

8.3 Social Engineering + Technical Tricks

Hackers combine human psychology and internet mechanics.
For example, a fake login page that steals your password.

8.4 Real Attack Example

Distributed Denial of Service (DDoS) Attack on Dyn, 2016

Hackers used insecure smart devices to overwhelm servers, knocking major websites offline.

You don’t need them all now, but you’ll meet them eventually.

9.1 Packet Sniffer: Wireshark

Shows the packets traveling across your network.

9.2 Port Scanner: Nmap (Network Mapper)

Checks which “doors” (ports) are open on a device.

9.3 DNS Tools

Domain Information Groper (dig)

Gives detailed DNS info.

Name Server Lookup (nslookup)

Finds a domain’s IP address.

9.4 Browser Developer Tools

Let you inspect network activity, cookies, and more directly in your browser.

9.5 Network Monitoring Tools

• GlassWire

• Fing

They help you visualize what devices are connected and what traffic is happening.

This is where everything comes together.

10.1 You Start Thinking Like a Defender

You can finally:

• understand logs

• recognize abnormal traffic

• spot misconfigurations

• predict risks

10.2 You Connect the Dots

Knowing the basics helps you identify issues quickly.
For example, repeated failures on port 22 might be someone trying to break into Secure Shell (SSH).

10.3 Logs Stop Looking Scary

Instead of panicking, you start reading logs like clues.

10.4 Habits That Keep You Growing

Great cybersecurity learners:

• stay curious

• practice

• break things safely

• explore new tools

• follow news about new attacks

Cybersecurity is never boring, and learning the internet’s backbone gives you the confidence to grow.