Securing Protocol Layers   «Prev  Next»

Lesson 2 TCP/IP and network security
ObjectiveNetwork security is affected at TCP/IP levels.

TCP/IP and Network Security

Describe how network security is affected at the TCP/IP levels. Internet and TCP/IP are often used synonymously. When the Internet's predecessor was first created in the 1960s, operational issues, not security, were the primary goal.
  • How is TCP/IP related to Network Security: The TCP/IP server has a default security of user ID with clear-text password. This means that, as the server is installed, inbound TCP/IP connection requests must have at least a clear-text password accompanying the user ID under which the server job is to run.

TCP/IP Protocol Layers

Security mechanisms are being "retrofitted" to work with existing networks and TCP/IP. An understanding of the the TCP/IP protocol is necessary for network security. The TCP/IP stack contains four layers: data link and physical, IP[1], ICMP[2], TCP[3] and UDP (User Datagram Protocol)[4].
Four layers of the TCP/IP Protocol: 1) Application Layer, 2) (TCP/UDP) Transport Layer, 3) (IP) Internet Layer, 4) (ARP) Network Layer
  1. Application Layer: In the application layer, a client-side application is used to initiate communication with other hosts.
  2. Transport layer (TCP/UDP): The transport layer uses two protocols, TCP and UDP, to control the flow of information between hosts. TCP is responsible for placing a message into datagrams, reassembling the datagrams upon arrival at their destination, and resending anything that gets lost.
  3. Internet layer (IP): The Internet protocol (IP) layer is used primarily for addressing hosts and routing, and does not provide any means for error correction or flow control.
  4. Network layer: Signals are transmitted across the network layer.

In the application layer, a client-side application is used to initiate communication with other hosts. The server-side uses transport layer ports to distinguish requests for various server applications.

Interoperability in the TCP/IP Protocol Stack

Interoperability in the TCP/IP protocol stack refers to the capacity of protocols at each layer to seamlessly interact and cooperate with each other. Each layer provides services to the layer above it and relies on services from the layer below it. Here's an exploration of the interoperability between the Application, Transport, Internet, and Network Interface layers, focusing on TCP/UDP, IP, and ARP protocols.
  1. Application Layer and Transport Layer (TCP/UDP): The Application Layer interacts directly with the Transport Layer. Applications typically use TCP or UDP based on their needs. TCP provides reliable, ordered, and error-checked delivery of a stream of data, making it ideal for applications requiring data integrity over speed. On the other hand, UDP is used when speed is preferred over reliability, as it offers a connectionless datagram service that emphasizes reduced latency over reliability. Applications interface with TCP or UDP using ports, which are unique identifiers that allow the Transport Layer to deliver data to the correct application.
  2. Transport Layer (TCP/UDP) and Internet Layer (IP): The Transport Layer communicates directly with the Internet Layer. Regardless of whether TCP or UDP is used at the transport layer, they both rely on IP to deliver their data units (TCP segments or UDP datagrams) to the correct host on a network. TCP or UDP pass their data units, along with addressing information (like the source and destination IP addresses), to IP, which encapsulates them into IP packets, also known as datagrams. This interoperability is crucial for end-to-end data delivery over a network.
  3. Internet Layer (IP) and Network Interface Layer (ARP): The Internet Layer depends on protocols at the Network Interface Layer for the delivery of its packets across networks. Address Resolution Protocol (ARP) is a critical protocol at this layer that interacts with IP. ARP's role is to map an IP address (a logical address at the Internet Layer) to a physical address (MAC address), facilitating data transfer on a local network. When IP has an IP datagram destined for a host on the local network, it will query ARP to provide the corresponding MAC address. ARP enables IP packets to be correctly delivered on a local network, bridging the gap between logical IP addresses and physical MAC addresses.

Interoperability in the TCP/IP model is a result of each layer's design to provide services to the layer above and receive services from the layer below. This design ensures that each layer can focus on its specific tasks, while still working together to facilitate the end-to-end transmission of data over a network. Each layer interacts with the layers adjacent to it, with protocols like TCP/UDP, IP, and ARP playing key roles in these interactions. This layered interoperability is fundamental to the operation of networks based on the TCP/IP model.

OSI model

The International Standards Organization (ISO) created a seven-layer networking model that is used to create a standard for network communications. The model is called the Open Systems Interconnect (OSI)[5] reference model. The diagram below shows the correlation between the OSI model and the TCP/IP stack. In order to better understand TCP/IP, compare it to the OSI model.
OSI Model contains 7 layers : Protocols apply to layers 2,3,5, and 7.
Layer Classification Protocol
1 Physcial  
2 Data Link (ARP) =Address Resolution Protocol
3 Network (IP) = Internet Protocol
4 Transport  
5 Session (TCP)= Transfer Control Protocol
6 Presentation  
7 Application (FTP) = File Transport Protocol

  1. Physcial = Layer 1
  2. (ARP) Data Link = Layer 2
  3. (IP) Network = Layer 3
  4. Transport = Layer 4
  5. (TCP) Session = Layer 5
  6. Presentation = Layer 6
  7. (FTP) Application = Layer 7

The TPC/IP Model contains 4 layers.
  1. (FTP) Application
  2. (TCP/UDP) Transport
  3. (IP, ICMP) Internet
  4. (ARP) Network Access

Firewall Filters

To properly program firewall filters, the security administrator must have a deep understanding and knowledge of the IP and TCP/UDP layers of TCP/IP. An understanding of TCP/UDP ports is vital. Experienced hackers understand how to exploit network operations through the TCP/IP protocol stack.
[1]IP: An Internet protocol or IP address is a number that is used to uniquely identify computers connected to the Internet.
[2]Internet Control Message Protocol (ICMP): A protocol used to communicate errors or other conditions at the IP layer.
[3]Transmission Control Protocol/Internet Protocol (TCP/IP): A suite of protocols that turns information into blocks of information called packets. These are then sent across networks such as the Internet.
[4]User Datagram Protocol UDP: A connectionless protocol at the transport layer of the TCP/IP protocol stack, often used for broadcast-type protocols such as audio or video traffic.
[5]Open Systems Interconnect (OSI): A model for for network communications standardized by ISO, containing seven primary layers; the physical, data link, network, transport, session, presentation and applications.

SEMrush Software2