DOCSLIB.ORG

Adaptive Distributed Firewall Using Intrusion Detection Lars Strand

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Adaptive Distributed Firewall Using Intrusion Detection Lars Strand UNIVERSITY OF OSLO Department of Informatics Adaptive distributed firewall using intrusion detection Lars Strand UniK University Graduate Center University of Oslo lars (at) unik no 1. November 2004 ABSTRACT Conventional firewalls rely on a strict outside/inside topology where the gateway(s) enforce some sort of traffic filtering. Some claims that with the evolving connectivity of the Internet, the tradi- tional firewall has been obsolete. High speed links, dynamic topology, end-to-end encryption, threat from internal users are all issues that must be addressed. Steven M. Bellovin was the first to propose a “distributed firewall” that addresses these shortcomings. In this master thesis, the design and implementation of a “distributed firewall” with an intrusion detection mechanism is presented using Python and a scriptable firewall (IPTables, IPFW, netsh). PREFACE This thesis is written as a part of my master degree in Computer Science at the University of Oslo, Department of Informatics. The thesis is written at the Norwegian Defence Research Establishment (FFI). Scripting has been one of my favourite activities since I first learned it. Combined with the art of Computer Security, which I find fascinating and non-exhaustive, it had to be an explosive combina- tion. My problem next was to find someone to supervise me. This is where Professor Hans Petter Langtangen at Simula Research Laboratory and Geir Hallingstad, researcher at FFI, stepped in. Hans Petter Langtangen is a masterful scripting guru and truly deserves the title “Hacker”. Geir Hallingstad is expert in the field of computer/network security and gave valuable input and support when designing this prototype. Huge thanks to them both. I would also like to thank Ronny Windvik, researcher at FFI, for lots constructive help during the last intensive months of writing. Also a special thanks to Camilla Rakvåg, for her patience and support during my many late hour hacking session. Lars Strand, November 1st, 2004 - Kjeller Contents 1 Introduction 1 1.1 Background . 1 1.2 Problem . 2 1.3 Purpose . 2 1.4 Limits . 2 1.5 Chapter overview . 3 2 Background 5 2.1 Security . 5 2.1.1 Defining security . 5 2.1.2 Security service - the building blocks . 5 2.1.3 Security policy . 8 2.1.4 Security mechanism . 8 2.1.5 Security architecture . 9 2.2 Threats and Attacks . 10 2.2.1 Threats . 10 2.2.2 Security Attacks . 10 2.3 Cryptography . 16 2.3.1 Encryption . 16 2.3.2 Secure Hash . 19 2.3.3 Message Authentication Code (MAC) . 19 3 Firewall technology 21 3.1 Firewall is a good thing . 21 3.1.1 Simplicity . 21 3.1.2 Buggy programs . 22 3.1.3 Older protocols/programs not designed for security . 22 i 3.1.4 New threats . 22 3.1.5 Logging . 22 3.1.6 Limit exposure . 23 3.2 Firewall limitations . 23 3.2.1 Maintenance . 23 3.2.2 End-to-end principle . 24 3.2.3 Internal traffic . 24 3.2.4 Interpreting the traffic . 25 3.2.5 Single point of failure . 25 3.3 Types of firewalls . 26 3.3.1 Packet filter . 27 3.3.2 Proxy . 29 3.3.3 Network Address Translation (NAT) . 30 3.4 Distributed firewall . 30 3.4.1 Network topology . 30 3.4.2 Distributed design . 31 3.4.3 Discussion . 31 4 Intrusion Detection 35 4.1 Why? . 35 4.2 The intruder . 36 4.3 Damage control . 36 4.4 Different types of intrusion detection . 36 4.4.1 Statistical anomaly detection . 36 4.4.2 Rule-based detection . 37 4.4.3 Network and Host based . 37 4.5 Problems and future direction . 37 5 Scenarios 39 5.1 Scenario 1: A small network . 39 5.2 Scenario 2: A medium sized network . 40 5.3 Scenario 3: A topology independent network . 42 5.4 Scenario 4: A large network . 43 6 Design and implementation 45 ii 6.1 Implementation tools . 45 6.1.1 Development platform . 45 6.1.2 Python . 46 6.1.3 Firewall . 46 6.2 Python Intrusion Detection Environment (PIDE) . 47 6.2.1 How does it work? . 47 6.2.2 Implementation issues . 47 6.2.3 Requirements . 52 6.3 Blackbox - the cryptographic abstraction class . 53 6.3.1 Third party module . 53 6.3.2 The need for padding . 53 6.3.3 The rest of the abstraction layer . 54 6.4 Master and client . 55 6.4.1 Master . 55 6.4.2 Client . 59 6.5 Auxiliary functions . 62 6.5.1 Ping . 62 7 Implementation issues 65 7.1 Discussion of message format . 65 7.1.1 Home-brewed format . 65 7.1.2 XML . 66 7.2 Intrusion detection methods . 69 7.2.1 Network intrusion detection . 69 7.2.2 Host based intrusion detection . 69 7.3 Discussion of encryption keys . 70 7.3.1 Hash output . 70 7.3.2 PBKDF2 . 70 7.4 Discussion of authentication choice . 71 7.4.1 Extensible Authentication Protocol (EAP) . 72 7.4.2 Using SSL-socket . 72 7.4.3 Authentication choice . ..
Load more

Recommended publications
  • Overlaymeter: Robust System-Wide Monitoring and Capacity-Based Search in Peer-To-Peer Networks
    OverlayMeter: Robust System-wide Monitoring and Capacity-based Search in Peer-to-Peer Networks Inaugural-Dissertation zur Erlangung des Doktorgrades der Mathematisch-Naturwissenschaftlichen Fakultät der Heinrich-Heine-Universität Düsseldorf vorgelegt von Andreas Disterhöft aus Duschanbe in Tadschikistan Düsseldorf, März 2018 aus dem Institut für Informatik der Heinrich-Heine-Universität Düsseldorf Gedruckt mit der Genehmigung der Mathematisch-Naturwissenschaftlichen Fakultät der Heinrich-Heine-Universität Düsseldorf Berichterstatter: 1. Jun.-Prof. Dr.-Ing. Kalman Graffi 2. Prof. Dr. Michael Schöttner Tag der mündlichen Prüfung: 24.09.2018 Abstract In the last decade many peer-to-peer research activities have taken place. Applications using the peer-to-peer paradigm are present and their traffic, depending on the region, accounts fora significant proportion of the total traffic on the Internet. The defined goal of the systemsisto deliver a certain quality of service, which is a challenge in decentralized systems. This is due to the fact that participants have to make decisions based on their locally available information. In order to make the best decisions, a solid and extensive data basis is indispensable. For this purpose the literature on the field of p2p networks proposes monitoring the system, an approach that we follow in this work. Monitoring refers to the gathering and dissemination of system- and peer-specific data. This dissertation deals with open research questions for the improvement and extension of monitoring approaches. Furthermore, issues to simplify procedures for putting such peer-to-peer systems into operation are addressed in this work. In the first part we deal with monitoring procedures in the system-specific context.
    [Show full text]
  • Addressing Contents
    IPv4 - Wikipedia, the free encyclopedia Página 1 de 12 IPv4 From Wikipedia, the free encyclopedia The five-layer TCP/IP model Internet Protocol version 4 is the fourth iteration of 5. Application layer the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. IPv4 is the dominant DHCP · DNS · FTP · Gopher · HTTP · network layer protocol on the Internet and apart from IMAP4 · IRC · NNTP · XMPP · POP3 · IPv6 it is the only standard internetwork-layer protocol SIP · SMTP · SNMP · SSH · TELNET · used on the Internet. RPC · RTCP · RTSP · TLS · SDP · It is described in IETF RFC 791 (September 1981) SOAP · GTP · STUN · NTP · (more) which made obsolete RFC 760 (January 1980). The 4. Transport layer United States Department of Defense also standardized TCP · UDP · DCCP · SCTP · RTP · it as MIL-STD-1777. RSVP · IGMP · (more) 3. Network/Internet layer IPv4 is a data-oriented protocol to be used on a packet IP (IPv4 · IPv6) · OSPF · IS-IS · BGP · switched internetwork (e.g., Ethernet). It is a best effort IPsec · ARP · RARP · RIP · ICMP · protocol in that it does not guarantee delivery. It does ICMPv6 · (more) not make any guarantees on the correctness of the data; 2. Data link layer It may result in duplicated packets and/or packets out- 802.11 · 802.16 · Wi-Fi · WiMAX · of-order. These aspects are addressed by an upper layer ATM · DTM · Token ring · Ethernet · protocol (e.g., TCP, and partly by UDP). FDDI · Frame Relay · GPRS · EVDO · HSPA · HDLC · PPP · PPTP · L2TP · Contents ISDN · (more) 1. Physical layer
    [Show full text]
  • DISTRIBUTED FIREWALL: a WAY of DATA SECURITY in LOCAL AREA NETWORK Satinder1, Vinay2 1Assistant Professor (Extn.), Department of Computer Science, Govt
    International Journal of Advance Research In Science And Engineering http://www.ijarse.com IJARSE, Vol. No.4, Special Issue (01), April 2015 ISSN-2319-8354(E) DISTRIBUTED FIREWALL: A WAY OF DATA SECURITY IN LOCAL AREA NETWORK Satinder1, Vinay2 1Assistant Professor (Extn.), Department of Computer Science, Govt. College For Women, Hisar, Haryana, INDIA 2Computer Programmer, Computer Section, College of Basic Sciences & Humanities, CCS HAU, Hisar, Haryana, INDIA ABSTRACT Today, Computer and Internet network are essential part of our life. A number of personal transaction occur every second and computer network are mostly used only for transmission of information rather than processing. So, network security is essentialfor avert hacking of our confidential or important information. Network security can be attained by firewall. Firewall is a system or a group of system that implement a set of security rules to apply access control between two networks to protect inside network from outside network. In Short, we can say that, Firewall is a set of software programming and hardware device to secure host computer. A firewall is typically placed at the extremity of a system and act as filter for an illegitimate traffic. But, Conventional firewalls trust on the notions of restricted topology restriction and controlled entry points to apply traffic filtering.There are some problems for restricting the network topology i.e. End-to-End encryption problems, filtering of some protocols.Distributed firewallprotect from hackers attacks that originate from both the Internet and the internal network.Italso protect the client'scomputer and network's serversfrom unwanted hackers and intrusion.In this paper, we introduce the concept of distributed firewall.
    [Show full text]
  • Data Security Based on Lan Using Distributed Firewall
    Jayshri V.Gaud et al, International Journal of Computer Science and Mobile Computing, Vol.3 Issue.3, March- 2014, pg. 386-391 Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320–088X IJCSMC, Vol. 3, Issue. 3, March 2014, pg.386 – 391 RESEARCH ARTICLE DATA SECURITY BASED ON LAN USING DISTRIBUTED FIREWALL Jayshri V.Gaud1, Mahip M.Bartere2 ¹Department of Computer Science & Amravati University, India ²Department of Computer Science & Amravati University, India 1 [email protected]; 2 [email protected] Abstract— Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. In most of the systems, the network security is achieved by firewall and acts as a filter for unauthorized traffic. But there are some problems with these traditional firewalls like they rely on the notation of restricted topology and controlled entry points to function. Restricting the network topology, difficulty in filtering of certain protocols, end-to-end encryption problem and few more problems lead to the evolution of Distributed Firewalls. It secures the network by protecting critical network endpoints, exactly where hackers want to penetrate. This paper is a survey paper, dealing with the general concepts such distributed firewalls, its requirements and implications and introduce, its suitability to common threats on the Internet, as well as give a short discussion on contemporary implementations. A distributed firewall gives complete security to the network.
    [Show full text]
  • Distributed Firewall with Dynamic Intrusion Detection Module
    International Journal of Advanced Research in Engineering and Technology (IJARET) Volume 12, Issue 4, April 2021, pp. 484-491, Article ID: IJARET_12_04_046 Available online at https://iaeme.com/Home/issue/IJARET?Volume=12&Issue=4 ISSN Print: 0976-6480 and ISSN Online: 0976-6499 DOI: 10.34218/IJARET.12.4.2021.046 © IAEME Publication Scopus Indexed DISTRIBUTED FIREWALL WITH DYNAMIC INTRUSION DETECTION MODULE Dr. Zalte S.S. Department of Computer Science, Shivaji University, Kolhapur, India Patil P.N Department of Computer Science, Vishwakarma College of Arts, Commerce and Science, Pune, India Deshmukh S.N. Department of Computer Science, Vishwakarma College of Arts, Commerce and Science, Pune, India ABSTRACT Computers and Internet, both are becoming an essential part of life. With computer networks we are sharing resources, exchanging information, and number of personal transactions which must be secured from unauthorized access, with Network Security we can prevent and detect unauthorized access. So, we can maintain integrity, confidentiality and accessibility of computer networks. One way to achieve Network Security is FIREWALL. A firewall is a system which monitors and filters traffic and gives entry/ blocks data packets based on a set of security rules. Distributed firewall is introduced to eliminate the problems which are difficult to solved in conventional firewalls. Distributed firewall is not restricted by topology and entry point as conventional firewall. Distributed firewall secure critical network endpoints, it provides unlimited Scalability and overcomes single point of failure problems. In this paper, we have proposed Distributed Firewall with Dynamic Intrusion Detection Module to achieve elevated security to the network. Key words: Network Security, Distributed Firewall, computer networks, Policy, Threats, Intrusion Detection.
    [Show full text]
  • DATA SECURITY in LAN USING DISTRIBUTED FIREWALL Dr.T.Pandikumar1, Mekonnen Gidey2
    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 05 | May -2017 www.irjet.net p-ISSN: 2395-0072 DATA SECURITY IN LAN USING DISTRIBUTED FIREWALL Dr.T.Pandikumar1, Mekonnen Gidey2 1Associate Professor, Department of Computer & IT, Defence University, Ethiopia 2M.Tech, Department of Computer & IT, Defence University, Ethiopia ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Computers and Networking have become outside world through wide area networks and the inseparable by now. A number of confidential transactions internet. occur every second and today computers are used mostly Traditional firewalls ( Conventional firewalls ) are for transmission rather than processing of data. So devices often placed on the edge of the network that act Network Security is needed to prevent hacking of data and as a bouncer allowing only certain types of traffic in and to provide authenticated data transfer. Distributed out of the network which often called perimeter firewalls secure the network by protecting critical firewalls. They divide the network into two parts; network endpoints, exactly where hackers want to trusted on one side and un-trusted on the other side. penetrate. It filters traffic from both the Internet and the For this reason they depend heavily on the topology of internal network because the most destructive and costly the network. Moreover, firewalls are a mechanism for hacking attacks still originate from within the policy control and permit a site administrator to set a organization. They provide virtually unlimited scalability. policy on external access. Just as file permissions In addition, they overcome the single point-of-failure enforces an internal security policy and can enforces an problem presented by the perimeter firewall.
    [Show full text]
  • Ethernet and TCP/IP Presentation
    TCP/IP & LAN Oct 2007 - H. Sailer A C B D E 10/19/2017 TCP/IP & Ethernet LAN Page 1 TCP/IP illustrated, Vol 1 • Muddle though the book, chapter by chap • General Internet backbone design • Domain Name System • IXIA box demonstration • Configuration of Cisco 2950 Lan switch • IP Subnetwork address • Autonomous System, BGP • IP L3 Routers • TCP layer 4 10/19/2017 TCP/IP & Ethernet LAN Page 2 Where to go for more info • IETF - Internet Engineering Task Force - www.ietf.org • Wikipedia - an online encylopedia – www.wikipedia.org http://en.wikipedia.org/wiki/Tcp/ip • ATM, Frame Relay, MPLS - http://www.mfaforum.org/ • http://www.cisco.com/univercd/cc/td/doc/cisintwk/ • http://www.cisco.com/univercd/home/home.htm • http://www.bgp4.as/ Border Gateway Protocol Stuff • http://www.iol.unh.edu/ University of New Hampshire • http://williamstallings.com/ Great author of TCP books • http://lw.pennnet.com/home.cfm Lightwave Magazine • http://www.ethernetalliance.org/home • http://www.kegel.com Dan Kegel Networking Guru • http://www.ethermanage.com/ethernet/ethernet.html • http://www.tcpipguide.com/index.htm 10/19/2017 TCP/IP & Ethernet LAN Page 3 47% of adults have broadband at home 10/19/2017 TCP/IP & Ethernet LAN Page 4 10/19/2017 TCP/IP & Ethernet LAN Page 5 10/19/2017 TCP/IP & Ethernet LAN Page 6 10/19/2017 TCP/IP & Ethernet LAN Page 7 The Internet Where do IP address Society come from? ( non-profit ) www.isoc.org Internet Internet Internet Architecture Engineering Corporation Board Task Force Assigned IAB IETF Names & Numbers www.iab.org www.ietf.org www.icann.org 10/19/2017 TCP/IP & Ethernet LAN Page 8 • Internet Society - provides a corporate governance to oversee the operation of individual groups, to accept input from outside, and delegate on policy issues.
    [Show full text]
  • Providing Security and Privacy in Cloud Computing Using Distributed Firewall and VPN
    International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2013): 6.14 | Impact Factor (2014): 5.611 Providing Security and Privacy in Cloud Computing Using Distributed Firewall and VPN Dr. Chinthagunta Mukundha1, Dr. I. Surya Prabha2 1Associate Professor, IT Department, Sreenidhi Institute of Science and Technology, Hyd -500043, Andhra Pradesh, India 2Professor, IT Department, Institute of Aeronautical Engineering, Hyd -500043, Andhra Pradesh, India Abstract: Cloud Computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. The main interest is to investigate the impact of using Virtual Private Network VPN together with firewall on cloud computing performance. Therefore, computer modeling and simulation of cloud computing with OPNET modular simulator has been conducted for the cases of cloud computing with and without VPN and firewall. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance. Cloud Computing leverages many technologies it also inherits their security issues cloud involves defined interaction with SLA based policies for the resource and service usages. If someone violates these rules the protection level of system gets compromised. Traditional security of the system is handled by the firewall. They are made for a static and fixed environment having limited policies and interactions. But in cloud environments the scenarios are changed totally and hence the behavior of firewall might also get adaptive as per the need of cloud computing.
    [Show full text]
  • Pathspider Documentation Release 2.0
    PATHspider Documentation Release 2.0 the pathspider authors Jan 19, 2018 Contents 1 Table of Contents 3 1.1 Introduction...............................................3 1.2 Installation................................................5 1.3 Command Line Usage Overview....................................6 1.4 Active Measurement Plugins.......................................9 1.5 Passive Observation........................................... 18 1.6 Resolving Target Lists.......................................... 30 1.7 Developing Plugins............................................ 31 1.8 PATHspider Internals........................................... 40 1.9 References................................................ 45 2 Citing PATHspider 47 3 Acknowledgements 49 Bibliography 51 Python Module Index 53 i ii PATHspider Documentation, Release 2.0 In today’s Internet we see an increasing deployment of middleboxes. While middleboxes provide in-network func- tionality that is necessary to keep networks manageable and economically viable, any packet mangling — whether essential for the needed functionality or accidental as an unwanted side effect — makes it more and more difficult to deploy new protocols or extensions of existing protocols. For the evolution of the protocol stack, it is important to know which network impairments exist and potentially need to be worked around. While classical network measurement tools are often focused on absolute performance values, PATHspider performs A/B testing between two different protocols or different protocol
    [Show full text]
  • Nessus, Snort, & Ethereal Power Tools
    332_NSE_FM.qxd 7/14/05 1:51 PM Page i Register for Free Membership to [email protected] Over the last few years, Syngress has published many best-selling and critically acclaimed books, including Tom Shinder’s Configuring ISA Server 2004, Brian Caswell and Jay Beale’s Snort 2.1 Intrusion Detection, and Angela Orebaugh and Gilbert Ramirez’s Ethereal Packet Sniffing. One of the reasons for the success of these books has been our unique [email protected] program. Through this site, we’ve been able to provide readers a real time extension to the printed book. As a registered owner of this book, you will qualify for free access to our members-only [email protected] program. Once you have registered, you will enjoy several benefits, including: ■ Four downloadable e-booklets on topics related to the book. Each booklet is approximately 20-30 pages in Adobe PDF format. They have been selected by our editors from other best-selling Syngress books as providing topic coverage that is directly related to the coverage in this book. ■ A comprehensive FAQ page that consolidates all of the key points of this book into an easy-to-search web page, pro- viding you with the concise, easy-to-access data you need to perform your job. ■ A “From the Author” Forum that allows the authors of this book to post timely updates links to related sites, or addi- tional topic coverage that may have been requested by readers. Just visit us at www.syngress.com/solutions and follow the simple registration process.
    [Show full text]
  • Distributed Perimeter Firewall Policy Management Framework
    DISTRIBUTED PERIMETER FIREWALL POLICY MANAGEMENT FRAMEWORK A DISSERTATION IN Computer Science and Telecommunications and Computer Networking Presented to the Faculty of the University of Missouri-Kansas City in partial fulfillment of the requirements for the degree DOCTOR OF PHILOSOPHY by MAHESH NATH MADDUMALA M.Tech., Andhra University, India, 2007 B.Tech., M.L.Engineering College, India, 2004 Kansas City, Missouri 2017 © 2017 MAHESH NATH MADDUMALA ALL RIGHTS RESERVED DISTRIBUTED PERIMETER FIREWALL POLICY MANAGEMENT FRAMEWORK Mahesh Nath Maddumala, Candidate for the Doctor of Philosophy Degree University of Missouri-Kansas City, 2017 ABSTRACT A perimeter firewall is the first line of defense that stops unwanted packets (based on defined firewall policies) entering the organization that deploys it. In the real world, every organization maintains a perimeter firewall between internet (which could be untrusted) and its own network (private network). In addition, organizations maintain internal firewalls to safeguard individual departments and data center servers based on various security and privacy requirements. In general, if we consider firewall setup in multinational organization's network environment, every branch has perimeter firewall and a set of internal firewalls. Every branch has its own security policies defined based on its specific security requirements, type of information, information processing systems, location-based compliance requirements, etc. As the branches of the multinational organizations span across the globe, managing the policies at every branch and ensuring the compliance and consistency of security policies are quite complex. Any misconfiguration of firewall policies even at a single branch may pose risk to the overall organization in terms of financial loss and reputation.
    [Show full text]
  • An Introduction to Computer Networks (Week 4) Stanford Univ CS144 Fall 2012
    An Introduction to Computer Networks (week 4) Stanford Univ CS144 Fall 2012 PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Thu, 11 Oct 2012 19:28:39 UTC Contents Articles Names and addresses 1 Address Resolution Protocol 1 Dynamic Host Configuration Protocol 6 Domain Name System 18 IPv4 31 IPv6 41 Network address translation 54 Ebooks Dedicated to Richard Beckett 64 References Article Sources and Contributors 65 Image Sources, Licenses and Contributors 67 Article Licenses License 68 1 Names and addresses Address Resolution Protocol Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. ARP was defined by RFC 826 in 1982.[1] It is Internet Standard STD 37. It is also the name of the program for manipulating these addresses in most operating systems. ARP has been implemented in many combinations of network and overlaying internetwork technologies, such as IPv4, Chaosnet, DECnet and Xerox PARC Universal Packet (PUP) using IEEE 802 standards, FDDI, X.25, Frame Relay and Asynchronous Transfer Mode (ATM), IPv4 over IEEE 802.3 and IEEE 802.11 being the most common cases. In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP). Operating scope The Address Resolution Protocol is a request and reply protocol that runs encapsulated by the line protocol. It is communicated within the boundaries of a single network, never routed across internetwork nodes. This property places ARP into the Link Layer of the Internet Protocol Suite, while in the Open Systems Interconnection (OSI) model, it is often described as residing between Layers 2 and 3, being encapsulated by Layer 2 protocols.
    [Show full text]