Neon-komputadór

TCP/IP Lower and Middle Layers

The Transmission Control Protocol and Internet Protocol (TCP and IP) were developed by the United States Department of Defense Advanced Projects Research Agency (ARPA) to connect the different networks designed by different vendors. Because of that of this orientation it is sometimes called "a network of networks", although this accurate phrase has fallen in disuse as TCP/IP has replace nearly all other network protocols. The success of TCP/IP is due to the fact that it concentrated on providing a few basic services that every needed (file transfers, electronic mail, remote logon), provided the services across a range of client/server systems regardless of size and with a in-built robustness to automatically recover from failures. One disadvantage is that because the automatic recovery features are so good, network problems can actually go undetected for long period of time.

Like the OSI Model, each layer in the stack invokes services in the communications process. As a transmission passes down through the stack each layers bundles relevant information called a header along with the actual data. When the transmission is received, the process occurs in reverse with each layer unpacking the header and using the relevant information. In the TCP/IP model, the data package created at the Application Layer is called the message in UDP or a stream in TCP. At the transport layer, if the package created uses TCP it's called a segment, or if it comes from UDP it's called a packet. A datagram is also the data package at the Internet Layer. A data package at the Network Access Layer is called a frame.

Data transmissions move from a TCP/IP application (Application Layer) through either the TCP (Transmission Control Protocol) or User Datagram Protocol (UDP) port to the actual TCP or UDP (Transport Layer). TCP is a connection-protocol, which means that it has sophisticated flow control and error checking. UDP is a connectionless protocol, which means the delivery of data is not as reliable, but it is quicker. The data then moves to the Internet Layer where the IP provides logical addressing and turns the segment into a datagram. The IP datagram then moves to the Network Access Layer which converts the datagram into a frame. In the case of an Ethernet LAN the frame may contained physical address information obtained by the Internet Layer protocols ARP and RARP (Address Resolution Protocol, which converts IP addresses to physical addresses) and RARP (Reverse Address Resolution Protocol, which translates physical addresses to IP addresses). The data frame is then transmitted over the network,

A description of the Network Address Layer has already been provided. Within the Internet Layer, TCP/IP uses the Internet Protocol, Address Resolution Protocol (ARP) and the Internet Control Message Protocol (ICMP). IP is used to communicate with other computers using TCP/IP, determining whether the destination is local or remote. If it is remote, the communication will be through a router. ARP converts IP addresses to physical addresses, whereas ICMP is used to send router messages. TCP/IP uses addresses classes for different networks. TCP/IP requires that every computer has a unique 32 bit address which can support (theoretically) about four billion computers. Within that however there three major network classes, Class A, Class B and class C. Class A networks has 8-bit network ID's and are assigned to organizations that demonstrate a need for such a large number of IP addresses. Class B networks uses 16-bit network IDs, of which about there are 16,000 in existence. Class C networks have 24-bit network IDs. There are over 2,000,000 Class C networks. Each Class A network can support about 16.7 million hosts, a Class B network some 65,000 hosts and a class C network 256.

Emerging Technology: IPv6

It may seem incredible, but the Internet is actually running out of numbers. This has been known for some time and a new system for allocating IP addresses has been agreed on. Called IPv6 (IP version 6), the address space is expanded to 128 bits which will more than sufficient to incorporate existing IP addresses and include address space for the immediate future. However, the opportunity has also been taken for make some other changes to the IP addressing system. The header format has been made simpler, there is improved support for extensions and option. There is a specific label for flow level, to further improve efficient data distribution. Finally, there is extensions for authentication, confidentiality and data integrity.

One of the clearest problems will be that the IP address will expand to a point well beyond the ability of humans to recall it easily. Currently the 32-bit IP address is commonly expressed in dotted decimal notation where each byte is expressed as a decimal number of up to three digits. However with the new addressing system IP addresses, under this current notation, will be four-times a long which will be almost impossible to remember. Engineers currently use hexadecimal (base 16) to express 128-bit Ipv6 addresses as eight 4-digit hexadecimal numbers,

Rather than have everyone switch over to IPv6 simultaneously, a transition period is proposed where IPv4 and IPv6 co-exist in the protocol stack in a multiprotocol configuration, just as IPv4 currently exists with IPX/SPX, NetBEUI etc.

An important aspect of the Internet Layer is subnetting. Subnetting is a method to better utilize the IP classes granted to a network. It consists of dividing address block ranges into multiple, smaller IP address blocks of addresses, For example, if you have 100 users on a network you could simply allocate all 100 addresses with one for each user. However, if 100 users are on network consist of 10 offices with 10 staff each by subnetting the addresses into a blocks of 10, you're able to reduce network congestion, support different network typologies, provide additional security, reduce broadcasts and effectively support wide area networks. One minor disadvantage of subnetting is that for each subnet two IP addresses must be lost (the first and the last in the subnet).

Within the Transport Layer there are mechanisms for multiplexing and demultiplexing. This means accepting data from multiple inputs and directing the data to a single output and accepting data from a single input and distributing it. Part of this, as you would imagine, includes error checking, flow control and verification. Within the Transport Layer two protocols are used: the Transport Control Protocol (TCP) and the User Datagram Protocol (UDP). The former is a connection service and the latter is connectionless. Basically this means that the former will check to ensure that a connection is established with the recipient and check the state of connection during the transmission (including the conclusion). The later however simply sends the data without checking the status of the recipient, either before, during or at the conclusion of the data transmission. It is at the Transport Layer that firewalls close off specific TCP and UDP ports.

Firewalls

A firewall is a system that enforces and access policy between two networks. Effectively it consists of two components - a mechanism to permit traffic and a mechanism to block traffic. In an organization, its implementation must concur with an access control policy, network use and other security policies. A firewall can also act as the public face of an organization to the Internet. It is becoming increasingly popular for organizations to use their firewall as the place to store public information. As they provide a single point of data entry and exit, they are also useful for auditing tools.

A firewall cannot protect an organization against attacks that don't go through the firewall. This includes the physical security of the network and other communication systems and the professionalism and security conscious behaviour of the staff. A firewall cannot protect against tunneling over most application protocols and nor can they provide sufficient protection of a computer system against viruses, as there as so many ways of encoding binary files, and most are transmitted via floppy disk rather than the Internet.

There are two conceptual types of firewall. Those that operate on the Network Layer and those that operate on the Application Layer. Basically, the lower-level the Layer, the less examination the firewall can perform. Generally speaking, lower-level firewalls are significantly faster, but are easier to fool into doing the wrong thing. As such Network Layers firewalls make their decisions on the source, destination address and ports in individual IP packets. More recent versions of Network Layer firewalls take into account the state of connections and the contents of some of the data. In contrast, Application Layer firewalls are usually hosts running through proxy servers which allow no traffic directly between networks and perform significant logging and auditing of traffic. A proxy server is an application that mediates traffic between a protected network and the Internet.