Network Communications and Layers: the Basics
[MEMEX//CYBERSECURITY TRADECRAFT #7]
Networks enable organizations to communicate and connect.
However, communication also makes network attacks more likely.
How?
Malicious actors always seek opportunities to exploit vulnerable and unprotected networks and devices.
Communication occurs over a network when information is transmitted from one point to another in broken-down pieces called data packets.
Data Packets
A basic unit of information that travels from one device to another within a network. When data is sent from one device to another across a network, it is sent as a packet that contains information about the message and addressing information to find it's destination.
Imagine you're at work sitting next to your boss surfing facebook while he's doing market research. How do your packets not accidentally end up on your bosses screen?
(https://www.youtube.com/@AaronTitus)
The solution to this problem is IP addresses and routers.
Everything connected to the internet in some way has an IP address. Anywhere two or more pieces of equipment intersect, there is a device called a router. Routers direct your packets around the internet, helping each packet get one step closer to its destination.
Your device sends its packet to the first router, which adds its own IP address to the packet.
Each time the packet reaches a new router, another IP address layer is added until it reaches the server.
When the server sends back information, it creates packets with an identical wrapping.
As the packet makes its way back to you, each router it passes back through unwraps an IP address layer to discover where to send the packet next, until it reaches your computer, and not your bosses.
What information does a packet contain?
A data packet is very similar to a physical letter in that it must contain specific info to get to where it needs to go. This includes the internet protocal address, or the IP address, and the media access control, or MAC, address.
There is a protocol number that tell the receiving device what to do with the information in the packet. The body of the packet contains the message that needs to be transmitted to the receiving device.
At the end of the packet is a footer, similar to a signature at the end of a letter, that signals to the receiving device that it has reached the end of the packet.
Bandwidth
Bandwidth refers to the amount of data a device receives every second. You can calculate bandwidth by dividing the quantity of data by the time in seconds. Network performance can be measured by bandwidth. Speed refers to the rate at which data packets are received or downloaded.
Security personnel are interested in network bandwidth and speed because if either is irregular, this can indicate an attack. Packet sniffing aids in this process, referring to the practice of capturing and inspecting data packets across the network.
The movement of data packets across a network can be used to get a snapshot of how well a network is performing at a given point in time. Network communication is important for the sharing of resources and data which allows organizations to function like a well-oiled machine.
Transmission Control Protocol and Internet Protocol (TCP/IP)
TCP/IP stands for Transmission Control Protocol and Internet Protocol.
TCP/IP is the standard model used for network communication. Let's take a closer look at this model by defining TCP and IP separately.
TCP, or Transmission Control Protocol, is an internet communication protocol that allows two devices to form a connection and stream data.
IP stands for Internet Protocol. IP has a set of standards used for routing and addressing data packets as they travel between devices on a network. Included in the Internet Protocol (IP) is the IP address that functions as an address for each private network.
When data packets are sent and received across a network, they are assigned a port.
A port is a software-based location that organizes the sending and receiving of data between devices on a network.
Ports divide network traffic into segments based on the service they will perform between two devices. The computers sending and receiving these data segments know how to prioritize and process these segments based on their port number.
This is like sending a letter to a friend who lives in an apartment building. The mail delivery person not only knows how to find the building, but they also know exactly where to go in the building to find the apartment number where your friend lives.
Data packets include instructions that tell the receiving device what to do with the information.
These instructions come in the form of a port number. Port numbers allow computers to split the network traffic and prioritize the operations they will perform with the data.
Some common port numbers are port 25, which is used for e-mail, port 443, which is used for secure internet communication, and port 20, for large file transfers.
The Four Layers of the TCP/IP Model
The TCP/IP model is a framework that is used to visualize how data is organized and transmitted across the network. The TCP/IP model has four layers. The four layers are: the network access layer, the internet layer, the transport layer, and the application layer.
The TCIP/IP model is a framework that has 4 layers:
the network access layer
the internet layer
the transport layer
the application layer
Knowing how the TCP/IP model organizes network activity allows security professionals to monitor and secure against risks.
Layer 1 - The Network Access Layer
The network access layer deals with creation of data packets and their transmission across a network.
This includes hardware devices connected to physical cables and switches that direct data to its destination. Examples of hardware associated with this layer are hubs, modems, cables, and wiring.
Address resolution protocol, or ARP, is considered part of this layer because MAC addresses are used to identify hosts on the same physical network, ARP is needed to map IP addresses to MAC addresses for local network communication.
Layer 2 - The Internet layer
The internet layer is where Internet protocol, or IP addresses are attached to data packets to indicate the location of the sender and receiver. This layer is responsible for ensuring the delivery to the destination host, which may usually, though not always, resides on a different network.
The internet layer also focuses on how networks connect to each other. For example, data packets containing information that determine whether they will stay on the LAN or will be sent to a remote network, like the internet.
Another common protocol that lives on this layer is the Internet Control Message Protocol, or ICMP, which shares error information and status updates of data packets, which can be useful detecting and troubleshooting network errors.
Layer 3 - The Transport Layer
The transport layer is responsible for the delivery of data between two systems or networks and includes protocols to control the flow of traffic across a network.
These protocols permit or deny communication with other devices and include information about the status of the connection. Activities of this layer include error control, which ensures data is flowing smoothly across the network.
TCP and UDP are the two transport protocols that occur at this layer.
The Transmission Control Protocol, or TCP, is an internet communication protocol that allows two devices to form a connection and stream data. TCP ensures that data is sent to the correct destination by wrapping it the data packet with IP address information. It contains the port number of the service the user intends to use at the destination. This information resides in the TCP header of a TCP/IP packet.]
The User Datagram Protocol, or UDP is a connectionless protocol that does not establish a connection between devices before transmitting. UDP is mostly used for performance-sensitive applications that operate in real-time, such as video streaming.
Layer 4 - The Application Layer
Finally, at the application layer, protocols determine how the data packets will interact with receiving devices. Functions that are organized at the application layer include file transfers and email services.
This layer defines which internet services and applications any user can access.
The application layer in the TCP/IP model is similar to the application, presentation, and session layers of the OSI model.
Layers of the OSI Model
Application
Presentation
Session
Transport
Network
Data Link
Physical
(coursera)
The Open Systems Interconnection, or OSI model visually organizes network protocols into different layers, which network professionals often use to communicate with each other about potential sources of problems or security threats in a network.
The OSI model provides a more in depth understanding of the processes that occur at each layer, although it's important that an analyst is familiar with both the TCP/IP and OSI models.
OSI Layer 7 - Application Layer
Everyday users use processes in this layer daily. For example, all of the networking protocols that software applications use to connect a user to an internet. User connection to the internet via applications and requests is an identifying feature of this layer.
OSI Layer 6 - Presentation Layer
Operations at the presentation layers involve data translation and encryption for the network.
Functions that occur in this layer include encryption, compression, and confirmation that the character code set can be interpreted on the receiving system.
An example of a type of encryption that takes place at this layer is SSL, which encrypts data between web servers and browsers as part of websites with HTTPS.
OSI Layer 5 - Session Layer
A session is what you have when two devices establish a connection with each other.
The session is kept open by session layer protocols which the data is being transmitted and terminates the session once the transmission is complete.
The session layer is also responsible for activities such as authentication, reconnection, and setting checkpoints during a data transfer, which can ensure that the transmission picks up at the last session checkpoint the connection is reestablished.
OSI Layer 4 - Transport Layer
The transport layer is responsible for delivering the data between the devices connected on the network.
This layer also handles the speed and flow of the data transfer, and breaks the data down into smaller pieces to make them easier to transport. This break-down process is called segmentation, where large data transmissions are broken down into smaller pieces that can be processed by the receiving system.
OSI Layer 3 - Network Layer
The network layer oversees receiving the frames from the data link layer and delivers them to their destination, which can be found based on the address that resides in the frame of the data packets.
OSI Layer 2 - Data Link Layer
The data link layer organizes how data packets are sent within a given network and is home to switches on the local network and network interface cards on local devices.
Examples of protocols used at this layer are network control protocol (NCP), high-level data link control (HDLC), and synchronous data link control protocol (SDLC).
OSI Layer 1 - Physical Layer
The physical layer is made of all it's physical component hardware involved in network transmissions. Hubs, modems, cables, and wiring are all considered part of the physical layer.
Summary of the TCP/IP Model and OSI Concept
The TCP/IP Model is a framework model that helps network engineers and security analysts visualize how data is organized and transmitted across a network to communicate where disruptions or security threats occur.
This model is segmented into four layers: the network access layer, the internet layer, the transport layer, and the application layer.
The OSI model is a concept that describes the seven layers computers use to communicate and send data over the network. There are many similarities between the OSI model and the TPC/IP model.
Both define the standards for networking and divide network processes into different layers. The TCP/IP model could be thought of as a simplified version of the OSI model. Both are conceptual models that help network professionals design network processes and protocols for data transmission between systems.