Securing Protocol Layers   «Prev  Next»

Lesson 2 TCP/IP and network security
Objective Network security is affected at TCP/IP levels.

TCP/IP and Network Security

Describe how network security is affected at the TCP/IP levels.
Internet and TCP/IP are often used synonymously. When the Internet's predecessor was first created in the 1960s, operational issues, not security, were the primary goal.

TCP/IP protocol layers

Security mechanisms are being "retrofitted" to work with existing networks and TCP/IP. An understanding of the the TCP/IP protocol is necessary for network security. The TCP/IP stack contains four layers:
  1. data link and physical
  2. IP: An Internet protocol or IP address is a number that is used to uniquely identify computers connected to the Internet.
  3. (ICMP)Internet Control Message Protocol: A protocol used to communicate errors or other conditions at the IP layer.
  4. (TCP )Transmission Control Protocol/Internet Protocol (TCP/IP): A suite of protocols that turns information into blocks of information called packets. These are then sent across networks such as the Internet.
  5. UDP (User Datagram Protocol): A connectionless protocol at the transport layer of the TCP/IP protocol stack, often used for broadcast-type protocols such as audio or video traffic.
  6. and applications.
as shown in the diagram below.

  1. In the application layer, a client-side application is used to initiate communication with other hosts. The server-side uses transport layer ports to distinguish requests for various server applications.
  2. The transport layer uses two protocols, TCP and UDP, to control the flow of information between hosts. TCP is responsible for placing a message into datagrams, reassembling the datagrams upon arrival at their destination, and resending anything that gets lost.
  3. The Internet protocol (IP) layer is used primarily for addressing hosts and routing, and does not provide any means for error correction or flow control.
  4. Signals are transmitted across the network layer
Four layers of the TCP/IP Protocol: 1) Application Layer, 2) (TCP/UDP) Transport Layer, 3) (IP) Internet Layer, 4) (ARP) Network Layer

In the application layer, a client-side application is used to initiate communication with other hosts. The server-side uses transport layer ports to distinguish requests for various server applications.
Tcp Ip Network Definitions

OSI model

The International Standards Organization (ISO) created a seven-layer networking model that is used to create a standard for network communications. The model is called the Open Systems Interconnect (OSI) reference model. The diagram below shows the correlation between the OSI model and the TCP/IP stack. In order to better understand TCP/IP, compare it to the OSI model.

TCP/IP Protocol Suite
OSI Model contains 7 layers : Protocols apply to layers 2,3,5, and 7.
Layer Classification Protocol
1 Physcial  
2 Data Link (ARP) =Address Resolution Protocol
3 Network (IP) = Internet Protocol
4 Transport  
5 Session (TCP)= Transfer Control Protocol
6 Presentation  
7 Application (FTP) = File Transport Protocol

  1. Physcial = Layer 1
  2. (ARP) Data Link = Layer 2
  3. (IP) Network = Layer 3
  4. Transport = Layer 4
  5. (TCP) Session = Layer 5
  6. Presentation = Layer 6
  7. (FTP) Application = Layer 7

The TPC/IP Model contains 4 layers.
  1. (FTP) Application
  2. (TCP/UDP) Transport
  3. (IP, ICMP) Internet
  4. (ARP) Network Access

Firewall Filters

To properly program firewall filters, the security administrator must have a deep understanding and knowledge of the IP and TCP/UDP layers of TCP/IP. An understanding of TCP/UDP ports is vital. Experienced hackers understand how to exploit network operations through the TCP/IP protocol stack.