Fundamentals of Information Systems Security/Telecommunications and Network Security

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Introduction
[edit | edit source]

Basic Concepts[edit | edit source]


Data Communication

  • Data Communications is the transfer of data or information between a source and a receiver.
  • The source transmits the data and the receiver receives it.
  • Data Communication is interested in the transfer of data, the method of transfer and the preservation of the data during the transfer process and it does not bother of the information generation.
  • Components of a DC
    • Protocol- Defines the Rules and Regulations to control and manage the communication
    • Message-information/data that is needed to be conveyed to the receiver
    • Sender- to generate the data
    • Receiver- to receive/consume the data
    • Medium- a communication channel to carry the message

Telecommunication

  • Telecommunication is the assisted transmission of signals over a distance for the purpose of communication

Networking

  • A computer network is an interconnection of a group of computers
  • An internetwork is a collection of individual networks, connected by intermediate networking devices, that functions as a single large network. Internetworking refers to the industry, products, and procedures that meet the challenge of creating and administering internetworks

Network Categories and Technologies

Category Characteristics Technologies
Local Area Network (LAN)
  • small geographic range
  • higher data transfer rates
  • typically configured and are operated by the owner of the network
  • Ethernet
  • FDDI
  • Token Ring
  • Wireless LAN
  • VLANs
Wide Area Network (WAN)
  • connects different LANs over great distances.
  • slow data rate
  • ISDN
  • Frame Relay
  • ATM
Metropolitan Area Network(MAN)
  • intermediate between LAN and WAN.
  • moderate-to-high data rates
  • SMDS which is based on DQDB

Network Models[edit | edit source]


OSI Reference Model[edit | edit source]

Overview

  • The Open Systems Interconnection Basic Reference Model (OSI Reference Model) is a layered, abstract description for communications and computer network protocol design, developed as part of the Open Systems Interconnection initiative by ISO.
  • The OSI is composed of seven layers, each specifying particular network functions.
  • The Seven Layers of OSI Model
    • One OSI layer communicates with another layer to make use of the services provided by the second layer.
    • The services provided by adjacent layers help a given OSI layer communicate with its peer layer in other computer systems.
    • Three basic elements are involved in layer services:
      • The service user- resides inside the layer
      • The service provider- resides inside the layer
      • The service access point (SAP)- resides between the layers
    • Advantages of Layering
      • Each layer is reasonably self-contained so that the tasks assigned to each layer can be implemented independently. This enables the solutions offered by one layer to be updated without adversely affecting the other layers.
      • Various technologies, protocols, and services can interact with each other and provide the proper interfaces to enable communications.

OSI Layer Services and Protocols

Layer Services Protocols
L7:Application layer
  • Identifying communication partners, determining resource availability, and synchronizing communication
FTP,TFTP,SNMP,SMTP,Telnet,HTTP
L6:Presentation layer
  • Provides a variety of coding and conversion functions that are applied to application layer data
  • Ensure that information sent from the application layer of one system would be readable by the application layer of another system
ASCII,EBCDIC,TIFF,JPEG,MPEG,MIDI
L5:Session layer
  • Establishes, manages, and terminates communication sessions consisting of service requests and service responses that occur between applications located in different network devices
NFS,NetBIOS,SQL,RPC
L4:Transport layer
  • Flow control- manages data transmission between devices so that the transmitting device does not send more data than the receiving device can process
  • Multiplexing- enables data from several applications to be transmitted onto a single physical link.
  • Virtual circuits- are established, maintained, and terminated by the transport layer
  • Error checking- involves creating various mechanisms for detecting transmission errors, while error recovery involves acting, such as requesting that data be retransmitted, to resolve any errors that occur.
TCP,UDP,SSL,SPX
L3:Network layer
  • Path determination(routing) and logical addressing
IP,ICMP,IGMP,RIP,OSPF,IPX
L2:Data link layer
  • Provides reliable transit of data across a physical network link
  • Defines different network and protocol characteristics, including physical addressing, network topology, error notification, sequencing of frames, and flow control
  • Divided into 2 sublayers-LLC and MAC
    • The Logical Link Control (LLC) sublayer of the data link layer manages communications between devices over a single link of a network
    • The Media Access Control (MAC) sublayer of the data link layer manages protocol access to the physical network medium. The IEEE MAC specification defines MAC addresses, which enable multiple devices to uniquely identify one another at the data link layer.
ARP,RARP,PPP,SLIP
L1:Physical layer
  • Defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between communicating network systems.
  • Define characteristics such as voltage levels, timing of voltage changes, physical data rates, maximum transmission distances, and physical connectors
HSSI,X.21,EIA/TIA-232

OSI Security Services

The security services that are defined in the OSI security model include

  • Data integrity - protection from modification and destruction
  • Data confidentiality - protection from disclosure
  • Authentication -verification of identity of the communication source and
  • Access control services - enable mechanisms to allow or restrict access.

Information Exchange Process

  • The seven OSI layers use various forms of control information to communicate with their peer layers in other computer systems. This control information consists of specific requests and instructions that are exchanged between peer OSI layers.
  • Control information typically takes one of two forms:
    • Headers are pre-appended to data that has been passed down from upper layers
    • Trailers are appended to data that has been passed down from upper layers
  • An OSI layer is not required to attach a header or a trailer to data from upper layers.
  • The data portion of an information unit at a given OSI layer potentially can contain headers, trailers, and data from all the higher layers. This is known as encapsulation.

TCP/IP Model[edit | edit source]

Overview

  • The TCP/IP model or Internet reference model, sometimes called the DoD (Department of Defense) model or the ARPANET reference model, is a layered abstract description for communications and computer network protocol design.
  • It was created in the 1970s by DARPA for use in developing the Internet's protocols.
  • It is a suite of protocols among which TCP and IP are the two main protocols, hence the name.
  • This model was developed before the OSI Reference Model, and the Internet Engineering Task Force (IETF), which is responsible for the model and protocols developed under it, has never felt obligated to be compliant with OSI.
  • The model is composed of 5 layers
    • Physical
    • Data Link
    • Network
    • Transport
    • Application

The TCP/IP Advantage

The reasons that TCP/IP has become the most widely used protocol are as follows:

  • The flexible addressing scheme of TCP/IP allows data to be routed over even very large networks.
  • Virtually all operating systems and platforms can use TCP/IP.
  • TCP/IP offers a very large number of utilities and tools.
  • The I/Internet communication is based on TCP/IP.

TCP/IP Services and Protocols

Layer Services Protocols Devices
Physical Layer
  • Dictates Signal Characteristics
  • Data Transmission
  • Signal Multiplexing
  • Dictates Network L/O
  • Dictates Media Characteristics
  • Switching
  • HSSI
  • X.21
  • Repeaters
  • Hubs
  • Modems
Data Link Layer
  • Error Detection and Correction
  • Flow and Error Control
  • Media Access Control
  • Virtual Circuit Switching
  • HDLC
  • ARP/RARP
  • SLIP
  • PPP
  • Bridges
  • Switches
Network Layer
  • Internetworking
  • Logical Addressing
  • Routing
  • Datagram Switching
  • Routed Protocols
    • IGMP
    • IP
    • ICMP
  • Routing Protocols
    • RIP
    • IGRP
    • BGP
    • OSF
  • Routers
  • Gateways
Transport Layer
  • Process-to-Process Delivery
  • Congestion Control
  • Quality of Service
  • TCP
  • UDP
N/A
Application Layer
  • WWW
  • Mail
  • Multimedia
  • TFTP
  • HTTP
  • FTP
  • SMTP
  • SNMP
  • POP3
  • Application Gateways

Physical Layer
[edit | edit source]

Signals[edit | edit source]


  • Data is transmitted in the form of electromagnetic signals.
  • Signals are of two types
    • Analog Signals
    • Digital Signals

Analog Signals[edit | edit source]

  • Analog data refers to information that is continuous;
  • Analog data take on continuous values
  • Analog signals - can have an infinite number of values in a range;

Digital Signals[edit | edit source]

  • Digital data refers to information that has discrete states.
  • Digital data take on discrete values.
  • Digital signals- can have only a limited number of values.

Analog vs Digital[edit | edit source]

Periodic vs Non-Periodic Signals

  • In data communications, we commonly use periodic analog signals and nonperiodic digital signals.
  • Periodic analog signals can be classified as simple or composite.
    • A simple periodic analog signal, a sine wave, cannot be decomposed into simpler signals.
    • A composite periodic analog signal is composed of multiple sine waves.

Signal Properties

  • Frequency is the rate of change with respect to time.
    • Change in a short span of time means high frequency.
    • Change over a long span of time means low frequency.
    • If a signal does not change at all, its frequency is zero.
    • If a signal changes instantaneously, its frequency is infinite.
    • Frequency and period are the inverse of each other.
  • Phase describes the position of the waveform relative to time 0.

A complete sine wave in the time domain can be represented by one single spike in the frequency domain A single-frequency sine wave is not useful in data communications; we need to send a composite signal, a signal made of many simple sine waves According to Fourier analysis, any composite signal is a combination of simple sine waves with different frequencies, amplitudes, and phases.

If the composite signal is periodic, the decomposition gives a series of signals with discrete frequencies; �if the composite signal is nonperiodic, the decomposition gives a combination of sine waves with continuous frequencies. The bandwidth of a composite signal is the difference between the highest and the lowest frequencies contained in that signal.

  • Digital Signals
    • In addition to being represented by an analog signal, information can also be represented by a digital signal. For example, a 1 can be encoded as a positive voltage and a 0 as zero voltage. A digital signal can have more than two levels. In this case, we can send more than 1 bit for each level.
    • A digital signal is a composite analog signal with an infinite bandwidth.
    • Baseband transmission of a digital signal that preserves the shape of the digital signal is possible only if we have a low-pass channel with an infinite or very wide bandwidth.
    • In baseband transmission, the required bandwidth is proportional to the bit rate;

if we need to send bits faster, we need more bandwidth.

    • If the available channel is a bandpass channel, we cannot send the digital signal directly to the channel; �we need to convert the digital signal to an analog signal before transmission.

Data Transmission[edit | edit source]

Data Rate

  • Data Rate Limits- depends on three factors:
    • The bandwidth available
    • The level of the signals we use
    • The quality of the channel (the level of noise)
 Note:Increasing the levels of a signal may reduce the reliability of the system.

Transmission Impairments

  • Signals travel through transmission media, which are not perfect. The imperfection causes signal impairment. This means that the signal at the beginning of the medium is not the same as the signal at the end of the medium. What is sent is not what is received. Three causes of impairment are attenuation, distortion, and noise.
  • Performance
    • One important issue in networking is the performance of the network—how good is it?

The first, bandwidth in hertz, refers to the range of frequencies in a composite signal or the range of frequencies that a channel can pass. The second, bandwidth in bits per second, refers to the speed of bit transmission in a channel or link.

    • The bandwidth-delay product defines the number of bits that can fill the link.

Network Topology[edit | edit source]


A Network topology is the study of the arrangement or mapping of the elements of a network.

Physical Topologies[edit | edit source]

Overview

  • Physical topology defines how the systems are physically connected. It represents the physical layout of the devices on the network.
  • There are five main types of physical topologies that can be used and each has its own strengths and weaknesses.

Topologies

Topology Advantages Disadvantages Commonly used Technology Structure
Bus
  • Uses a linear, single cable for all computers attached
  • All traffic travels the full cable and can be viewed by all other computers.
  • Easy to install
  • Costs are usually low
  • Easy to add systems to network
  • Great for small networks
  • Out-of-date technology
  • If cable breaks, whole network is down
  • Can be difficult to troubleshoot
  • Unmanageable in a large network
  • If a malicious user were on this network and utilized a packet capture program, he could see every conversation that occurred between machines.
Ethernet
Ring
  • All computers are connected by a unidirectional transmission link, and the cable is in a closed loop.
  • Does not require termination like the bus.
  • Easy to install
  • Costs are usually low
  • Great for small networks
  • Easy to add systems to network
  • If one station experiences a problem, it can negatively affect surrounding computers on the same ring.
  • Out-of-date technology
  • If cable breaks, whole network is down
  • Can be difficult to troubleshoot
  • Unmanageable in a large network
FDDI
Star
  • All computers are connected to a central device, which provides more resilience for the network.
  • It is the most prevalent topology in use today.
  • when one system goes down, it does not bring the rest of the network down.
  • Easy to install
  • Easy to add devices to network
  • One break does not bring whole network down
  • Easier to troubleshoot
  • Widely used
  • Centralized management
  • Costs are usually higher than with bus or ring networks
  • If you have only one central device and it fails, it brings the network down
Logical bus (Ethernet) and ring topologies (Token Ring)
Tree
  • The hybrid or tree topology is simply a combination of the other topologies.
  • The hierarchy of the tree is said to be symmetrical, if each node in the network having a specific fixed number, f ('branching factor' ),of nodes connected to it at the next lower level in the hierarchy.
Combined Advantages Combined Disadvantages Ethernet
Mesh
  • In this layout, every system is connected to every other system.
  • The main advantage of this topology is high availability.
  • The main disadvantage of this topology is cost, both administrative and physical.
  • Mainly used in Wide Area Network environments or in environments where high availability outweighs the costs associated with this amount of interconnection.
  • Extremely fault tolerant
  • Expensive
  • Difficult to implement
  • Difficult to administer
  • Difficult to troubleshoot problems like cable faults.
Internet

Logical Topologies[edit | edit source]

  • The Logical topology defines how the systems communicate across the physical topologies.
  • There are two main types of logical topologies:
    • shared media topology
    • token-based topology

Shared Media Topology

  • In a shared media topology, all the systems have the ability to access the physical layout whenever they need it.
  • Advantage- the systems have unrestricted access to the physical media.
  • Disadvantage-collisions: If two systems send information out on the wire at the same time, the packets collide and kill both packets.
  • Example: Ethernet- uses CSMA/CD protocol to avoid collision
  • Ideal for small networks-many networks are broken up into several smaller networks with the use of switches or hubs to reduce the collision domain.
  • Shared media networks are typically deployed in a bus, star, or hybrid physical topology.

Token Based

  • The token-based topology works by using a token to provide access to the physical media.
  • In a token-based network, there is a token that travels around the network. When a system needs to send out packets, it grabs the token off of the wire, attaches it to the packets that are sent, and sends it back out on the wire. As the token travels around the network, each system examines the token. When the packets arrive at the destination systems, those systems copy the information off of the wire and the token continues its journey until it gets back to the sender. When the sender receives the token back, it pulls the token off of the wire and sends out a new empty token to be used by the next machine.
  • Advantage - no collision problems
  • Disadvantage- latency, because each machine has to wait until it can use the token, there is often a delay in when communications actually occur.
  • Token-based network are typically configured in physical ring topology because the token needs to be delivered back to the originating machine for it to release. The ring topology best facilitates this requirement

Media[edit | edit source]

Signal and data transmissions occurs between a transmitter and at least a receiver, mostly in the form of electromagnetic waves over a transmission medium (or a sequence of them). Transmission media can be classified as:

  • Guided
  • Unguided

Guided Media[edit | edit source]

  • Twisted Pair
  • Coaxial Cable
  • Fiber Optics

Unguided Media[edit | edit source]

Unguided media provides a means for transmitting electromagnetic waves but do not guide them; examples are the propagation through air, vacuum or water, all these media are unguided.

L1 Devices[edit | edit source]

Patch Panels

Modems

Wireless Transmission Technologies[edit | edit source]

Data-Link Layer
[edit | edit source]

Concepts and Architecture

Architecture

Transmission Technologies

Technology and Implementation

Ethernet

Wireless Local Area Networks

Address Resolution Protocol (ARP)

Point-to-Point Protocol (PPP)

Network Layer
[edit | edit source]

Basic Concepts[edit | edit source]

Local Area Network (LAN)

Wide Area Network (WAN) Technologies

Metropolitan Area Network (MAN)

Global Area Network (GAN)

Technology and Implementation

Routers

Firewalls

End Systems

The Internet Protocol (IP)[edit | edit source]

Overview

  • The IP component of TCP/IP determines where packets of data are to be routed based on their destination addresses, and IP has certain characteristics related to how it handles this function.
  • The functioning of an IP based communication is analogous to Delivering Mail Through the Postal Service

IP Characteristics

  • Operates at network layer
  • Connectionless protocol- The destination device receives the data and does not return any status information to the sending device
  • Packets treated independently- A packet can be misdirected, duplicated, or lost on the way to its destination.
  • Hierarchical addressing
  • Best-effort delivery
  • No data recovery features- does not provide any special features that recover corrupted packets

IP Packet Format

  • The header consists of 12 fields + 1 optional field
Bits 0–3 4–7 8–15 16–18 19–31
Version Header length Type of Service Total Length
Identification Flags Fragment Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options
 
Data
 
  • Version(4bits) :For IPv4, this has a value of 4 (hence the name IPv4).
  • Internet Header Length(4bits)  : tells the number of 32-bit words in the header. In IPv4, this field specifies the size of the header.
  • Type of Service (8bits)
    • bits 0-2: precedence
    • bit 3: 0 = Normal Delay, 1 = Low Delay
    • bit 4: 0 = Normal Throughput, 1 = High Throughput
    • bit 5: 0 = Normal Reliability, 1 = High Reliability
    • bits 6-7: Reserved for future use or for Differentiated services or for Explicit Congestion Notification
  • Total Length(16bits) : defines the entire datagram size, including header and data, in bytes.
  • Identification : primarily used for uniquely identifying fragments of an original IP datagram.
  • Flags(3bits) : used to control or identify fragments. They are (in order, from high order to low order):
    • Reserved; must be zero.
    • Don't Fragment (DF)
    • More Fragments (MF)
  • Fragment Offset(13bits) : specifies the offset of a particular fragment relative to the beginning of the original unfragmented IP datagram.
  • Time To Live(8bits) : helps prevent datagrams from persisting in an internetwork. When the TTL field hits zero, the packet is no longer forwarded by a packet switch and is discarded.
  • Protocol : defines the protocol used in the data portion of the IP datagram.
  • Header Checksum(16bits) :used for error-checking of the header.
  • Source address : An IP address is a group of 4, 8-bit octets for a total of 32 bits. The value for this field is determined by taking the binary value of each octet and concatenating them together to make a single 32-bit value.
  • Destination address : indicates the address of the packet receiver.
  • Options : Additional header fields may follow the destination address field, but these are not often used. Note that the value in the IHL field must include enough extra 32-bit words to hold all the options (plus any padding needed to ensure that the header contains an integral number of 32-bit words)

IP Addressing

  • Each IP address has specific components and follows a basic format. These IP addresses can be subdivided and used to create addresses for subnetwork.
  • Each host on a TCP/IP network is assigned a unique 32-bit logical address that is divided into two main parts:
    • the network number- identifies a network, assigned by InterNIC or an ISP
    • the host number-identifies a host on a network,assigned by the local network administrator.
  • IPv4 Address representations
Notation Value Conversion from dot-decimal
Dot-decimal notation 192.0.2.235 N/A
Dotted Hexadecimal 0xC0.0x00.0x02.0xEB Each octet is individually converted to hex
Dotted Octal 0300.0000.0002.0353 Each octet is individually converted into octal
Hexadecimal 0xC00002EB Concatenation of the octets from the dotted hexadecimal
Decimal 3221226219 The hexadecimal form converted to decimal
Octal 030000001353 The hexadecimal form converted to octal
  • IP Address Classes
    • The IPV4 addresses are divided into five different address classes: A, B,C, D, and E.
IP Address Class Format Purpose High-Order Bit(s) Address Range No. Bits Network/Host Max. Hosts
A N.H.H.H Few large organizations 0 1.0.0.0 to 126.0.0.0 7/24 167772142 (224- 2)
B N.N.H.H Medium-size organizations 1, 0 128.1.0.0 to 191.254.0.0 14/16 65534 (216 - 2)
C N.N.N.H Relatively small organizations 1, 1, 0 192.0.1.0 to 223.255.254.0 21/8 254 (28 - 2)
D N/A Multicast groups (RFC 1112) 1, 1, 1, 0 224.0.0.0 to 239.255.255.255 N/A (not for commercial use) N/A
E N/A Experimental 1, 1, 1, 1 240.0.0.0 to 254.255.255.255 N/A N/A

Virtual Private Network (VPN)

Tunneling

Dynamic Host Configuration Protocol (DHCP)

Internet Control Message Protocol (ICMP)

Internet Group Management Protocol (IGMP)

Transport Layer
[edit | edit source]

Concepts and Architecture

The Transmission Control Protocol (TCP)[edit | edit source]

Overview

  • TCP is a connection-oriented protocol that provides data reliability between hosts. TCP has a number of unique characteristics related to the way in which it accomplishes this transmission.
  • The functioning of a TCP based communication is analogous to Sending Mail Certified(registered mail)

TCP Characteristics

  • Operates at the transport layer of the TCP/IP stack
  • Provides applications with access to the network layer
  • Connection-oriented protocol- The end systems synchronize with one another to manage packet flows and adapt to congestion in the network.
  • Full-duplex mode operation
  • Error checking- provides error checking by including a checksum in the datagram to verify that the TCP header information is not corrupt
  • Sequencing of data packets- TCP segments are numbered and sequenced so that the destination can reorder segments and determine if data is missing.
  • Acknowledgment of receipt- the receiver returns an acknowledgment to the sender indicating that it received the segment.
  • Data recovery features- the receiver can request retransmission of a segment

TCP Connection Establishment

  • TCP provides reliable transport services by establishing a connection-oriented session between the hosts. The Connection establishment is performed by using a "three-way handshake" mechanism.
  • A three-way handshake synchronizes both ends of a connection by allowing both sides to agree upon initial sequence numbers.
  • This mechanism also guarantees that both sides are ready to transmit data and know that the other side is ready to transmit as well.
  • Each host randomly chooses a sequence number used to track bytes within the stream it is sending and receiving. Then, the three-way handshake proceeds in the following manner:
    • The first host (Host A) initiates a connection by sending a packet with the initial sequence number (X) and SYN bit set to indicate a connection request.
    • The second host (Host B) receives the SYN, records the sequence number X, and replies by acknowledging the SYN (with an ACK = X + 1). Host B includes its own initial sequence number (SEQ = Y). An ACK = 20 means the host has received bytes 0 through 19 and expects byte 20 next. This technique is called forward acknowledgment.
    • Host A then acknowledges all bytes Host B sent with a forward acknowledgment indicating the next byte Host A expects to receive (ACK = Y + 1). Data transfer then can begin.

TCP segment structure

  • Consists of header(11 fields) and data sections
Bits 0–3 4–7 8–15 16–31
Source port Destination port
Sequence number
Acknowledgment number
Data offset Reserved CWR ECE URG ACK PSH RST SYN FIN Window
Checksum Urgent pointer
Options (optional)
 
Data
 
  • Source port (16 bits) – identifies the sending port
  • Destination port (16 bits) – identifies the receiving port
  • Sequence number (32 bits) – has a dual role
    • If the SYN flag is present then this is the initial sequence number and the first data byte is the sequence number plus 1
    • if the SYN flag is not present then the first data byte is the sequence number
  • Acknowledgment number (32 bits) – if the ACK flag is set then the value of this field is the next expected byte that the receiver is expecting.
  • Data offset (4 bits) – specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes. This field gets its name from the fact that it is also the offset from the start of the TCP packet to the data.
  • Reserved (4 bits) – for future use and should be set to zero
  • Flags (8 bits) (aka Control bits) – contains 8 bit flags
    • CWR (1 bit) – Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set.
    • ECE (ECN-Echo) (1 bit) – indicate that the TCP peer is Explicit Congestion Notification(allows end-to-end notification of congestion without dropping packets)capable during 3-way handshake.
    • URG (1 bit) – indicates that the URGent pointer field is significant
    • ACK (1 bit) – indicates that the ACKnowledgment field is significant
    • PSH (1 bit) – Push function
    • RST (1 bit) – Reset the connection
    • SYN (1 bit) – Synchronize sequence numbers
    • FIN (1 bit) – No more data from sender
  • Window (16 bits) – the size of the receive window, which specifies the number of bytes (beyond the sequence number in the acknowledgment field) that the receiver is currently willing to receive
  • Checksum (16 bits) – The 16-bit checksum field is used for error-checking of the header and data
  • Urgent pointer (16 bits) – if the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last urgent data byte
  • Data (Variable bits): As you might expect, this is the payload, or data portion of a TCP packet. The payload may be any number of application layer protocols. The most common are HTTP, Telnet, SSH, FTP, but other popular protocols also use TCP.

The User Datagram Protocol(UDP)[edit | edit source]

Overview

  • The User Datagram Protocol (UDP) is a connectionless transport-layer protocol that belongs to the Internet protocol family.
  • UDP is basically an interface between IP and upper-layer processes. UDP protocol ports distinguish multiple applications running on a single device from one another.
  • Unlike the TCP, UDP adds no reliability, flow-control, or error-recovery functions to IP. Because of UDP's simplicity, UDP headers contain fewer bytes and consume less network overhead than TCP.
  • UDP is useful in situations where the reliability mechanisms of TCP are not necessary, such as in cases where a higher-layer protocol might provide error and flow control.
  • UDP is the transport protocol for several well-known application-layer protocols, including Network File System (NFS), Simple Network Management Protocol (SNMP), Domain Name System (DNS), and Trivial File Transfer Protocol (TFTP).

TCP vs UDP

Service TCP UDP
Reliability Ensures that packets reach their destinations, returns ACKs when a packet is received, and is a reliable protocol. Does not return ACKs and does not guarantee that a packet will reach its destination, and is an unreliable protocol.
Connection Connection oriented, thus it performs handshaking and develops a virtual connection with destination computer. Connectionless, thus it does no handshaking and does not set up a virtual connection.
Packet sequencing Uses sequence numbers within headers to make sure that each packet within a transmission is received. Does not use sequence numbers.
Congestion controls The destination computer can tell the source if it is overwhelmed and to slow the transmission rate. The destination computer does not communicate back to the source computer about flow control through UDP.
Usage Used when reliable delivery is required. Used when reliable delivery is not required, such as in streaming video and status broadcasts.
Speed and overhead Uses a considerable amount of resources and is slower than UDP. Uses fewer resources and is faster than TCP.

Technology and Implementation

Scanning Techniques

Denial of Service

Session Layer
[edit | edit source]

Concepts and Architecture

Technology and Implementation

Remote Procedure Calls

Directory Services

Access Services

Presentation Layer
[edit | edit source]

Concepts and Architecture

Technology and Implementation

Transport Layer Security (TLS)

Application Layer
[edit | edit source]

Concepts and Architecture

Technology and Implementation

Asynchronous Messaging (E-mail and News)

Instant Messaging

Data Exchange (World Wide Web)

Peer-to-Peer Applications and Protocols

Administrative Services

Remote-Access Services

Information Services

Voice-over-IP (VoIP)

General References

Sample Questions

Endnotes

Further reading[edit | edit source]