DOCSLIB.ORG

Networking and Network Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Networking and Network Security Networking and network security 5/20/20 Reasons To Know Networking In Regard to Computer Security ■ To understand the flow of information on the Internet ■ To understand the levels of activity in network traffic flow ■ To understand the basis for vulnerabilities ■ To understand the basis for security tools and how they work Base Principle – Packet Switching ■ Messages broken up into packets ■ Packets are sent onto network, routed to destination, reassembled ■ Advantages (compared to circuit switching; e.g. traditional phones) ■ Better sharing of bandwidth ■ Greater overall efficiency ■ Allows more users, no greater delay Protocol Layering ■ Protocol: a convention for communication between two agents (aka handshaking) ■ Motivation: Separation of functionality ■ Layers take care of particular task re: information ■ Offer services to next layer in protocol stack ■ Advantage: modularity ■ Disadvantages: possible overlap, redundancy of functionality Protocol Data Units ■ Layer sends message by building a protocol data unit (PDU) ■ Take data from layer N, add additional information to meet needs of layer N-1 ■ PDU handed to next lower layer ■ Lower layer now has responsibility for message Internet Protocol Stack ■ Seven layers in Open Systems Interconnect (OSI) model ■ 7) Application ■ 6) Presentation ■ 5) Session ■ 4) Transport ■ 3) Network ■ 2) Data Link ■ 1) Physical General Layer Functions ■ Segmentation / Reassembly ■ Breaking large message into standard size chunks ■ Error Control ■ How to detect or correct errors ■ Flow Control ■ Avoid overwhelming slower systems ■ Multiplexing ■ Sharing of lower-level connections ■ Connection setup ■ How to establish a virtual communication path Application Layer (7) ■ Function: High-Level Application Systems and End-User Processes ■ Implemented in: Software ■ PDU: Message ■ Examples ■ sftp, http, smtp, ssh, … Presentation Layer (6) ■ Function: Provides independence from differences in data representation by formatting and encrypting data ■ Implemented in software ■ Examples: ASCII encoding, NFS, FTP file path/name translation Session Layer (5) ■ Function: Establishes, manages and terminates connections between applications ■ Implemented in software ■ Examples: SSL, DNS, RPC Transport Layer (4) ■ Function/Service: Transport message from one system to another system ■ Implemented in: Software ■ PDU: Segment ■ Two methods ■ TCP (connection-oriented protocol) ■ UDP (connectionless protocol) TCP ■ TCP=Transmission Control Protocol ■ Connection-Oriented Service ■ Guaranteed Delivery of Message ■ Flow Control ■ Breaks message into shorter segments ■ Advantage: More Control ■ Examples ■ http, sftp, smtp, ssh UDP ■ UDP = User Datagram Protocol ■ Connection-less Service ■ No Guaranteed Delivery of Message ■ No Flow Control / Handshaking ■ No Overhead For Connection ■ Continuous Data Stream ■ Advantage: Faster ■ Disadvantage: Possible loss of information ■ Examples ■ Video, Voice (e.g. phone) Network Layer (3) ■ Function/Service: Routing segments from host to host, through intermediate systems ■ Network Layer receives segment and destination address from Transport Layer ■ Implemented in: Hardware & Software ■ PDU: Datagram ■ Two maJor parts ■ IP Protocol: structure of datagram, how end systems (and routers) act on this information ■ Routing protocols: for transfer from source host to destination host ■ Examples: IP, IPX Data Link Layer (2) ■ Function/Service: Move a datagram from one node to the next in the route ■ Implemented in: Hardware ■ PDU: Frame ■ Examples: ■ Ethernet, Token Ring, FDDI, Gigabit Ethernet Physical Layer (1) ■ Function/Service: Routing physical bits from one network node to adjacent node ■ Implemented in: Hardware ■ PDU: Bits ■ Examples: ■ Optical fiber, Twisted pair wire, Coaxial cable ■ Voltage levels, signaling What implements each layer? ■ End Systems / Hosts: Implements all layers ■ Routers/Switches: Layers 1-3 and possibly IP protocol ■ Bridges: Implements layer 1-2 ■ Hubs: Implements layer 1 (essentially repeaters) ■ Firewalls ■ Packet filtering (operate at layer 3) ■ Application gateways (operate at layer 7) Internet Addressing ■ 32 bits that uniquely identifies internet host ■ Displayed www.xxx.yyy.zzz ■ Split into two parts: network and host ■ Certain network segments reserved ■ Can be used for isolated private networks ■ 10.0.0.0 – 10.255.255.255; ■ 172.16.0.0 – 172.31.255.255; ■ 192.168.0.0 – 192.168.255.255 NAT Internally use Externally use 10/16 port numbers to 172.0/12 distinguish hosts 192.168/16 Internal Internet Boundary router network ■ Assume traffic is TCP or UDP ■ Replace external port number with index into table identifying internal host and port ■ Deal with other protocols on case-by-case basis Ports ■ Certain system process must respond to a particular application protocol (e.g. sftp, smtp) ■ Port is the “address” for application communication on system ■ E.g. Port 80 for http ■ E.g. Port 25 for smtp ■ E.g. Port 1521 for Oracle connections ■ Port List: http://www.iana.org/assignments/port-numbers Socket ■ Interface between the application layer and the transport layer ■ Acts as an API between application and network ■ Programmer only controls application side, plus a few transport level details ■ Transport protocol (TCP or UDP) ■ A few transport parameters (e.g. maximum buffer size) Additional Information ■ Internet Engineering Task Force (IETF) ■ http://www.ietf.org ■ Primary documents: RFCs ■ IP: RFC 791 ■ TCP: RFC 793 ■ UDP: RFC 768 ■ Internet Addressing: RFC 900 ■ OSI Model and Information Security ■ http://www.giac.org/practical/GSEC/Damon_Reed_GSEC.pdf Firewalls References • Stallings, Chapter 9 • Cheswick, et. al. “Firewalls and Internet Security, 2nd ed.” Addison-Wesley, 2003. 24 Firewalls • On the day that you take up your command, block the frontier passes, destroy the official tallies, and stop the passage of all emissaries. - Sun Tzu, The Art of War 25 What is a Firewall? • System or group of systems that enforces an access control policy between two or more networks • In principle the firewall is a pair of mechanisms: – one which exists to block traffic – one which exists to permit traffic 26 What is a Firewall? • A choke point of control and monitoring • Interconnects networks with differing trust levels • Imposes restrictions on network services – only authorized traffic is allowed • Auditing and controlling access – can implement alarms for abnormal behavior • Is itself immune to penetration (well, in theory) • Provides perimeter defense 27 Firewall cartoon 28 Firewall characteristics • Four techniques used to control access to a network: – Service control - determines the types of services allowed; • the firewall may filter traffic on the basis of IP address, TCP port number • may provide proxy services • may be the mail or web server – Direction control • inbound or outbound controls 29 Firewall techniques – User control • controls access to a service according to the user who is asking for it – Behavior control • controls how the services are used • for example, may filter spam • limit access to part of the information on a web server 30 Firewall Limitations • Cannot protect from attacks that bypass the firewall – e.g. sneaker net, utility modems, trusted organizations, trusted services (eg SSL/SSH) • Cannot protect against internal threats – e.g. disgruntled employee, idiots inside organization • Cannot protect against transfer of all virus infected programs or files – because of the huge range of OS & file types 31 Bottom line • For a firewall to be effective, it must be part of a consistent overall organizational security architecture • Firewall policies must be realistic and reflect the level of security in the entire network 32 Types of firewalls • Network layer – make decisions based on source or destination addresses or port numbers (look at IP addresses in the Network layer) – a router is a type of network layer firewall – the earliest of these types of firewalls did packet filtering based on either the source or destination (or both) addresses in individual packets. (we call these circuit-layer firewalls now) 33 Types of firewalls • Application layer – Generally these are hosts running proxy servers which permit no traffic directly between networks and which perform elaborate logging and auditing of traffic passing through them – Can also be used as NATs • Circuit-level gateways – Work at the TCP level (transport layer) 34 Network Layer Firewall using Packet Filters • Uses the simplest of components • Foundation of any firewall system • Examine each IP packet (no context) and permit or deny according to rules • Hence restrict access to services (ports) • Possible default policies – that not expressly permitted is prohibited – that not expressly prohibited is permitted 35 Network Layer Firewall using Packet Filters • Deny/Allow can be based on characteristics of the packet – source address – destination address – port number • there are a lot of “well known” port numbers • see http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers 36 Attacks on Packet Filters • IP address spoofing – Fake source address to be trusted – Response: add filters on router to block • Source routing attacks – Attacker sets a route other than default – Response: block source routed packets • Tiny fragment attacks – Split header info over several tiny packets – Response: either discard or reassemble before check 37 Firewalls - Application Level Gateway/Proxy • Works at the application layer of the OSI stack • Use an application specific gateway
Load more

Recommended publications
  • Solutions to Chapter 2
    CS413 Computer Networks ASN 4 Solutions Solutions to Assignment #4 3. What difference does it make to the network layer if the underlying data link layer provides a connection-oriented service versus a connectionless service? [4 marks] Solution: If the data link layer provides a connection-oriented service to the network layer, then the network layer must precede all transfer of information with a connection setup procedure (2). If the connection-oriented service includes assurances that frames of information are transferred correctly and in sequence by the data link layer, the network layer can then assume that the packets it sends to its neighbor traverse an error-free pipe. On the other hand, if the data link layer is connectionless, then each frame is sent independently through the data link, probably in unconfirmed manner (without acknowledgments or retransmissions). In this case the network layer cannot make assumptions about the sequencing or correctness of the packets it exchanges with its neighbors (2). The Ethernet local area network provides an example of connectionless transfer of data link frames. The transfer of frames using "Type 2" service in Logical Link Control (discussed in Chapter 6) provides a connection-oriented data link control example. 4. Suppose transmission channels become virtually error-free. Is the data link layer still needed? [2 marks – 1 for the answer and 1 for explanation] Solution: The data link layer is still needed(1) for framing the data and for flow control over the transmission channel. In a multiple access medium such as a LAN, the data link layer is required to coordinate access to the shared medium among the multiple users (1).
    [Show full text]
  • External Data Representation Standard: Protocol Specification 1. Status of This Standard Note: This Chapter Specifies a Protocol
    External Data Representation Standard: Protocol Specification 1. Status of this Standard Note: This chapter specifies a protocol that Sun Microsystems, Inc., and others are using. It has been desig- nated RFC1014 by the ARPA Network Information Center. 2. Introduction XDR is a standard for the description and encoding of data. It is useful for transferring data between differ- ent computer architectures, and has been used to communicate data between such diverse machines as the Sun Workstation, VAX, IBM-PC, and Cray. XDR fits into the ISO presentation layer, and is roughly analo- gous in purpose to X.409, ISO Abstract Syntax Notation. The major difference between these two is that XDR uses implicit typing, while X.409 uses explicit typing. XDR uses a language to describe data formats. The language can only be used only to describe data; it is not a programming language. This language allows one to describe intricate data formats in a concise man- ner. The alternative of using graphical representations (itself an informal language) quickly becomes incomprehensible when faced with complexity. The XDR language itself is similar to the C language [1], just as Courier [4] is similar to Mesa. Protocols such as Sun RPC (Remote Procedure Call) and the NFS (Network File System) use XDR to describe the format of their data. The XDR standard makes the following assumption: that bytes (or octets) are portable, where a byte is defined to be 8 bits of data. A giv enhardware device should encode the bytes onto the various media in such a way that other hardware devices may decode the bytes without loss of meaning.
    [Show full text]
  • Data Link Layer
    Data link layer Goals: ❒ Principles behind data link layer services ❍ Error detection, correction ❍ Sharing a broadcast channel: Multiple access ❍ Link layer addressing ❍ Reliable data transfer, flow control: Done! ❒ Example link layer technology: Ethernet Link layer services Framing and link access ❍ Encapsulate datagram: Frame adds header, trailer ❍ Channel access – if shared medium ❍ Frame headers use ‘physical addresses’ = “MAC” to identify source and destination • Different from IP address! Reliable delivery (between adjacent nodes) ❍ Seldom used on low bit error links (fiber optic, co-axial cable and some twisted pairs) ❍ Sometimes used on high error rate links (e.g., wireless links) Link layer services (2.) Flow Control ❍ Pacing between sending and receiving nodes Error Detection ❍ Errors are caused by signal attenuation and noise. ❍ Receiver detects presence of errors signals sender for retrans. or drops frame Error Correction ❍ Receiver identifies and corrects bit error(s) without resorting to retransmission Half-duplex and full-duplex ❍ With half duplex, nodes at both ends of link can transmit, but not at same time Multiple access links / protocols Two types of “links”: ❒ Point-to-point ❍ PPP for dial-up access ❍ Point-to-point link between Ethernet switch and host ❒ Broadcast (shared wire or medium) ❍ Traditional Ethernet ❍ Upstream HFC ❍ 802.11 wireless LAN MAC protocols: Three broad classes ❒ Channel Partitioning ❍ Divide channel into smaller “pieces” (time slots, frequency) ❍ Allocate piece to node for exclusive use ❒ Random
    [Show full text]
  • OSI Model and Network Protocols
    CHAPTER4 FOUR OSI Model and Network Protocols Objectives 1.1 Explain the function of common networking protocols . TCP . FTP . UDP . TCP/IP suite . DHCP . TFTP . DNS . HTTP(S) . ARP . SIP (VoIP) . RTP (VoIP) . SSH . POP3 . NTP . IMAP4 . Telnet . SMTP . SNMP2/3 . ICMP . IGMP . TLS 134 Chapter 4: OSI Model and Network Protocols 4.1 Explain the function of each layer of the OSI model . Layer 1 – physical . Layer 2 – data link . Layer 3 – network . Layer 4 – transport . Layer 5 – session . Layer 6 – presentation . Layer 7 – application What You Need To Know . Identify the seven layers of the OSI model. Identify the function of each layer of the OSI model. Identify the layer at which networking devices function. Identify the function of various networking protocols. Introduction One of the most important networking concepts to understand is the Open Systems Interconnect (OSI) reference model. This conceptual model, created by the International Organization for Standardization (ISO) in 1978 and revised in 1984, describes a network architecture that allows data to be passed between computer systems. This chapter looks at the OSI model and describes how it relates to real-world networking. It also examines how common network devices relate to the OSI model. Even though the OSI model is conceptual, an appreciation of its purpose and function can help you better understand how protocol suites and network architectures work in practical applications. The OSI Seven-Layer Model As shown in Figure 4.1, the OSI reference model is built, bottom to top, in the following order: physical, data link, network, transport, session, presentation, and application.
    [Show full text]
  • OSI Model: the 7 Layers of Network Architecture
    OSI Model: The 7 Layers of Network Architecture The Open Systems Interconnection (OSI) Reference Model is a conceptual framework that describes functions of the networking or telecommunication system independently from the underlying technology infrastructure. It divides data communication into seven abstraction layers and standardizes protocols into appropriate groups of networking functionality to ensure interoperability within the communication system regardless of the technology type, vendor, and model. The OSI model was originally developed to facilitate interoperability between vendors and to define clear standards for network communication. However, the olderTCP/IP model remains the ubiquitous reference framework for Internet communications today. The 7 layers of the OSI model This image illustrates the seven layers of the OSI model. Below, we’ll briefly describe each layer, from bottom to top. 1. Physical The lowest layer of the OSI model is concerned with data communication in the form of electrical, optic, or electromagnetic signals physically transmitting information between networking devices and infrastructure. The physical layer is responsible for the communication of unstructured raw data streams over a physical medium. It defines a range of aspects, including: Electrical, mechanical, and physical systems and networking devices that include specifications such as cable size, signal frequency, voltages, etc. Topologies such as Bus, Star, Ring, and Mesh Communication modes such as Simplex, Half Duplex, and Full Duplex Data transmission performance, such as Bit Rate and Bit Synchronization Modulation, switching, and interfacing with the physical transmission medium Common protocols including Wi-Fi, Ethernet, and others Hardware including networking devices, antennas, cables, modem, and intermediate devices such as repeaters and hubs 2.
    [Show full text]
  • Medium Access Control Layer
    Telematics Chapter 5: Medium Access Control Sublayer User Server watching with video Beispielbildvideo clip clips Application Layer Application Layer Presentation Layer Presentation Layer Session Layer Session Layer Transport Layer Transport Layer Network Layer Network Layer Network Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller Data Link Layer Data Link Layer Data Link Layer Computer Systems and Telematics (CST) Physical Layer Physical Layer Physical Layer Institute of Computer Science Freie Universität Berlin http://cst.mi.fu-berlin.de Contents ● Design Issues ● Metropolitan Area Networks ● Network Topologies (MAN) ● The Channel Allocation Problem ● Wide Area Networks (WAN) ● Multiple Access Protocols ● Frame Relay (historical) ● Ethernet ● ATM ● IEEE 802.2 – Logical Link Control ● SDH ● Token Bus (historical) ● Network Infrastructure ● Token Ring (historical) ● Virtual LANs ● Fiber Distributed Data Interface ● Structured Cabling Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.2 Design Issues Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.3 Design Issues ● Two kinds of connections in networks ● Point-to-point connections OSI Reference Model ● Broadcast (Multi-access channel, Application Layer Random access channel) Presentation Layer ● In a network with broadcast Session Layer connections ● Who gets the channel? Transport Layer Network Layer ● Protocols used to determine who gets next access to the channel Data Link Layer ● Medium Access Control (MAC) sublayer Physical Layer Univ.-Prof. Dr.-Ing. Jochen H. Schiller ▪ cst.mi.fu-berlin.de ▪ Telematics ▪ Chapter 5: Medium Access Control Sublayer 5.4 Network Types for the Local Range ● LLC layer: uniform interface and same frame format to upper layers ● MAC layer: defines medium access ..
    [Show full text]
  • The OSI Model: Understanding the Seven Layers of Computer Networks
    Expert Reference Series of White Papers The OSI Model: Understanding the Seven Layers of Computer Networks 1-800-COURSES www.globalknowledge.com The OSI Model: Understanding the Seven Layers of Computer Networks Paul Simoneau, Global Knowledge Course Director, Network+, CCNA, CTP Introduction The Open Systems Interconnection (OSI) model is a reference tool for understanding data communications between any two networked systems. It divides the communications processes into seven layers. Each layer both performs specific functions to support the layers above it and offers services to the layers below it. The three lowest layers focus on passing traffic through the network to an end system. The top four layers come into play in the end system to complete the process. This white paper will provide you with an understanding of each of the seven layers, including their functions and their relationships to each other. This will provide you with an overview of the network process, which can then act as a framework for understanding the details of computer networking. Since the discussion of networking often includes talk of “extra layers”, this paper will address these unofficial layers as well. Finally, this paper will draw comparisons between the theoretical OSI model and the functional TCP/IP model. Although TCP/IP has been used for network communications before the adoption of the OSI model, it supports the same functions and features in a differently layered arrangement. An Overview of the OSI Model Copyright ©2006 Global Knowledge Training LLC. All rights reserved. Page 2 A networking model offers a generic means to separate computer networking functions into multiple layers.
    [Show full text]
  • Osi (Open Systems Interconnection) Model
    OSI (OPEN SYSTEMS INTERCONNECTION) MODEL OSI (Open Systems Interconnection) is a standard description or "reference model" for how messages should be transmitted UNDERSTANDING EACH LAYER between any two points in a network. Layer 7 – Application layer There are 7 layers in this model: This is the closest layer to the end user. It provides the interface between the applications we use and the underlying layers. But 7 APPLICATION notice that the programs you are using (like a web browser – Firefox…) do not belong to Application layer. Telnet, FTP, email client (SMTP), Hyper Text Transfer Protocol (HTTP) are examples of 6 PRESENTATION Application layer. 5 SESSION Layer 6 – Presentation layer This layer ensures the presentation of data, that the communica- tions passing through are in the appropriate form for the recipient. 4 TRANSPORT In general, it acts as a translator of the network. For example, you want to send an email and the Presentation will format your data 3 NETWORK into email format. Or you want to send photos to your friend, the Presentation layer will format your data into GIF, JPG or PNG… 2 DATA LINK format. Layer 5 – Session layer 1 PHYSICAL Layer 5 establishes, maintains and ends communication with the receiving device. THE PROCESS Layer 4 – Transport layer This layer maintains ow control of data and provides for error checking and recovery of data between the devices. The most When a device wants to send information to another one, its data common example of Transport layer is Transmission Control Proto- must go from top to bottom layer. But when a device receives this col (TCP) and User Datagram Protocol (UDP).
    [Show full text]
  • Nist Sp 800-77 Rev. 1 Guide to Ipsec Vpns
    NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel Karen Scarfone Paul Wouters This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 C O M P U T E R S E C U R I T Y NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel* Computer Security Division Information Technology Laboratory Karen Scarfone Scarfone Cybersecurity Clifton, VA Paul Wouters Red Hat Toronto, ON, Canada *Former employee; all work for this publication was done while at NIST This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 June 2020 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority.
    [Show full text]
  • Network Layer Security Adaptation Profile
    Recommendation for Space Data System Standards NETWORK LAYER SECURITY ADAPTATION PROFILE RECOMMENDED STANDARD CCSDS 356.0-B-1 BLUE BOOK June 2018 Recommendation for Space Data System Standards NETWORK LAYER SECURITY ADAPTATION PROFILE RECOMMENDED STANDARD CCSDS 356.0-B-1 BLUE BOOK June 2018 RECOMMENDED STANDARD FOR NETWORK LAYER SECURITY ADAPTATION PROFILE AUTHORITY Issue: Recommended Standard, Issue 1 Date: June 2018 Location: Washington, DC, USA This document has been approved for publication by the Management Council of the Consultative Committee for Space Data Systems (CCSDS) and represents the consensus technical agreement of the participating CCSDS Member Agencies. The procedure for review and authorization of CCSDS documents is detailed in Organization and Processes for the Consultative Committee for Space Data Systems (CCSDS A02.1-Y-4), and the record of Agency participation in the authorization of this document can be obtained from the CCSDS Secretariat at the e-mail address below. This document is published and maintained by: CCSDS Secretariat National Aeronautics and Space Administration Washington, DC, USA E-mail: [email protected] CCSDS 356.0-B-1 Page i June 2018 RECOMMENDED STANDARD FOR NETWORK LAYER SECURITY ADAPTATION PROFILE STATEMENT OF INTENT The Consultative Committee for Space Data Systems (CCSDS) is an organization officially established by the management of its members. The Committee meets periodically to address data systems problems that are common to all participants, and to formulate sound technical solutions to these problems. Inasmuch as participation in the CCSDS is completely voluntary, the results of Committee actions are termed Recommended Standards and are not considered binding on any Agency.
    [Show full text]
  • 1.2. OSI Model
    1.2. OSI Model The OSI model classifies and organizes the tasks that hosts perform to prepare data for transport across the network. You should be familiar with the OSI model because it is the most widely used method for understanding and talking about network communications. However, remember that it is only a theoretical model that defines standards for programmers and network administrators, not a model of actual physical layers. Using the OSI model to discuss networking concepts has the following advantages: Provides a common language or reference point between network professionals Divides networking tasks into logical layers for easier comprehension Allows specialization of features at different levels Aids in troubleshooting Promotes standards interoperability between networks and devices Provides modularity in networking features (developers can change features without changing the entire approach) However, you must remember the following limitations of the OSI model: OSI layers are theoretical and do not actually perform real functions. Industry implementations rarely have a layer‐to‐layer correspondence with the OSI layers. Different protocols within the stack perform different functions that help send or receive the overall message. A particular protocol implementation may not represent every OSI layer (or may spread across multiple layers). To help remember the layer names of the OSI model, try the following mnemonic devices: Mnemonic Mnemonic Layer Name (Bottom to top) (Top to bottom) Layer 7 Application Away All Layer 6 Presentation Pizza People Layer 5 Session Sausage Seem Layer 4 Transport Throw To Layer 3 Network Not Need Layer 2 Data Link Do Data Layer 1 Physical Please Processing Have some fun and come up with your own mnemonic for the OSI model, but stick to just one so you don't get confused.
    [Show full text]
  • Guidelines for the Secure Deployment of Ipv6
    Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks NIST Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-119 Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.
    [Show full text]