Securing Protocol Layers   «Prev  Next»

Lesson 9

TCP-IP-STACK Conclusion

This module discussed how hackers often exploit weaknesses in the TCP/IP stack of various Internet hosts to compromise a network's security.
Reviewing the basics of TCP/IP, you learned how packets are created and sent according to the OSI model, and saw how a network routes those packets.
If you understand how messages are sent across the Internet, you can take specific steps to ensure that your company is sending information as securely as possible.

Now that you have completed this module, you should be able to
  1. Describe how network security is affected at the TCP/IP levels
  2. Describe the physical and data link layers of a network
  3. Identify the Internet layer and its weaknesses
  4. Identify the Transport Layer (TCP/UDP)and its weaknesses
  5. Identify the application layer and its weaknesses
  6. Discuss the security implications of commonly used applications
  7. Describe the OSI model and how packets are sent across the Internet

Key terms and concepts

  1. Address Resolution Protocol (ARP): A network protocol that is used to convert IP addresses to physical network addresses by sending an ARP broadcast to request the address.
  2. Compressed Serial Line Internet Protocol (CSLIP): Compresses the IP and TCP headers, thus reducing the size of the packet and improving bandwidth.
  3. Daemon: A process that performs a specified operation at a predefined time or in response to certain events. Daemon is a UNIX term. In other operating systems such as Windows, daemons are referred to as services.
  4. Datagram: An IP packet.
  5. Denial-of-service: An attempt by attackers to prevent legitimate users of a service from using that service by flooding a network, or by disrupting connections or services.
  6. Encryption: The process of disguising a message to make it unreadable by humans. The resulting data is called ciphertext.
  7. File Transfer Protocol (FTP): An approved method that allows the delivery of files across the Internet. An FTP server stores directories of files using a hierarchical structure. Normally, a user is a client and a company acts as the server.
  8. Firewall: A security system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.
  9. Hypertext Transfer Protocol (HTTP): A TCP/IP application that uses a browser to access and retrieve Web pages from the server.
  10. Transmission Control Protocol/Internet Protocol (TCP/IP): A suite of protocols that turns information into blocks of information called packets. These are then sent across networks such as the Internet.
  11. Internet Control Message Protocol (ICMP): A protocol used to communicate errors or other conditions at the IP layer
  12. Internet Assigned Numbers Authority (IANA): Oversees and coordinates the assignment of every unique protocol identifier used on the Internet.
  13. IP spoofing: A hacker imitating an Internet Protocol (IP) device that has an IP address allowing the hacker to gain access to the system.
  14. Network News Transfer Protocol (NNTP): A TCP/IP application that is one-to-many communication: a message is posted to a single location, and any number of users can contact the NNTP server to retrieve it.
  15. Network topology: The type of network (ethernet or token ring), the IP address range, the subnet mask, and the naming scheme. The most common network topologies are the star, bus, ring and hybrid.
  16. Open Systems Interconnect (OSI): A model for for network communications standardized by ISO, containing seven primary layers; the physical, data link, network, transport, session, presentation and applications.
  17. Packet: In general usage, a packet is a unit of information transmitted as a whole from one device to another on a network. In packet-switching networks, a packet is defined more specifically as a transmission unit of fixed maximum size that consists of binary digits representing data, a header containing an identification number, source, and destination addresses, and sometimes error-control data.
  18. Packet sniffer: A device or program that is used to monitor traffic on a network, can be installed anywhere in a networked system, and is virtually undetectable. Sniffers are used for legitimate network management functions or for stealing information off a network.
  19. Point-to-Point Protocol (PPP): A protocol for connecting to the Internet. PPP provides error checking and compression of the IP and TCP headers.
  20. Proxy server: Proxy servers communicate with external servers on behalf of the internal clients. When the terms application gateway or circuit-level gateway are used, they refer to the specific services provided by each form of firewall.
  21. Reverse Address Resolution Protocol (RARP): A network protocol that causes a host to broadcasts its physical address. The RARP server then replies with the host's IP address.
  22. Screening router: Examines inbound and outbound packets based upon filter rules. Screening router is another term for a packet filter.
  23. Serial Line Internet Protocol (SLIP): A data link layer protocol, a simple form of connecting to the Internet.
  24. Simple Mail Transfer Protocol (SMTP): The Internet standard protocol to transfer electronic mail messages from one computer to another. It specifies how two mail systems interact, as well as the format of control messages they exchange to transfer mail.
  25. Simple Network Management Protocol (SNMP): A TCP/IP application that allows administrators to check the status and sometimes modify the configuration of SNMP nodes.
  26. Smurf attack:A type of denial-of-service attack in which a series of pings are sent to a remote host to inundate the host's system.
  27. Transmission Control Protocol/Internet Protocol (TCP/IP): A suite of protocols that turns information into blocks of information called packets. These are then sent across networks such as the Internet.
  28. Telnet: A TCP/IP application that is used for remote terminal access and can be used to administer a UNIX machine.
  29. UDP (User Datagram Protocol): A connectionless protocol at the transport layer of the TCP/IP protocol stack, often used for broadcast-type protocols such as audio or video traffic.
  30. Virtual Private Network (VPN): An extended local area network (LAN) that enables an organization to conduct secure, real-time communication.
  31. Winnuke: A program that exploits the Windows TCP/IP stack causing Windows machines running an older version of the TCP/IP protocol stack to either crash or lock up.

Protocol Layers Quiz

Click the quiz link below to take a multiple-choice quiz about the material we have covered in this module.
Protocol Layers Quiz