Академический Документы
Профессиональный Документы
Культура Документы
ABSTRACT
TCP/IP is used to provide network communication specific information like addresses. The data
throughout the world. Now-a-days
days all organization are produced by a layer is encapsulated in a larger
large
dependent on Internet and perform all sort of container by the layer below it. From Highest to
communication. Security controls exists for network Lowest, these layers are:
communication at each layer of the TCP/IP Model.
Even as this communicationn contains a lot of secret 1. Application Layer
information which has to travel securely, more 2. Transport Layer
protection is required. Having developed and 3. Network Layer
identified various security mechanisms for achieving 4. Data Link Layer
network security, it is essential to decide where to
apply them; both physically (at what location) and 1. Application Layer: This layer is responsible to
logically (at what layer of an architecture such as send and receive data for applications like Domain
TCP/IP). Security professionals must understand the Name System, Hypertext Transfer Protocol, and
issues and risks associated with these transactions if Simple Mail Transfer Protocol etc.
they want to provide viable and scalable security
solutions for Internet commerce.
erce. In this paper, we 2. Transport Layer: This layer is responsible to
have discussed various security protocols existing in provide connection-oriented
oriented or connectionless
all layers and what are the best protocols which have services for transporting application layer services
to be implemented to perform any communication on between networks. Transmission Control Protocol
Pro
the network. and User Datagram Protocol are commonly used
transport layer protocols.
Keywords: Security, TCP/IP, HDFS, Hadoop, OSI
Model 3. Network Layer: This layer is responsible to route
packets across networks. Internet Protocol,
1. Introduction: Internet Control Messaging Protocol and Internet
Group management Protocols are commonly
com used
TCP/IP communication consists of four layers. When Network layer protocols.
a user wants to transfer data across the networks, the
data is passed from the highest layers through 4. Data Link Layer: This layer is responsible for
intermediate layers to the lowest layer. During communications on the physical network
communication each layer adds information
information. At each components. Ethernet protocol is the best Data
layer logical unit composed of header and payload. Link Layer protocol.
The payload consists of the information passed down
from the previous layer. The header contains layer
While effective, these methods are limited to things higher layer cannot provide protection for lower
within one’s physical control. Common layer 2 layers. This is because the lower layers perform
measures include physical address filtering and functions of which the higher layers are not aware.
tunneling (e.g., L2F, L2TP). These measures can be The various Security controls that are available at
used to control access and provide confidentiality each layer are:
across certain types of connections, but are limited to
segments where the endpoints are well-known to the 5.2 Application Layer: Each application need
security implementer. Layer 3 measures provide for separate controls as per the protection required by it.
more sophisticated filtering and tunneling (e.g., If an application need to protect sensitive data sent
PPTP) techniques. Standardized implementations across networks, the application may need to be
such as IPsec can provide a high degree of security modified to provide this protection. Designing and
across multiple platforms. However, layer 3 protocols implementing a cryptographically sound application
are ill-suited for multiple-site implementations protocol is challenging and difficult as requires a large
because they are limited to a single network. Layer 4 resource investment, proper configuration of controls
transport-based protocols overcome the single .Creating new application layer security controls is
network limitation but still lack the sophistication likely to create vulnerabilities. Software’s at
required for multiple party transactions. Like all application layer can protect application data but
lower-layer protocols, transport-based protocols do cannot protect TCP/IP information such as IP
not interact with the data contained in the payload, so addresses as exists at a lower layer. Sometimes
they are unable to protect against payload corruption Standard based solutions at Application layer controls
or content-based attacks. for protecting network communications like Secure
Multipurpose Internet Mail Extensions (S/MIME) is
5.1 Available Security Control Protocols at each commonly used to encrypt email messages. DNSSEC
layer is another protocol at this layer used for secure
As we know that in TCP/IP model, the data is passed exchange of DNS query messages.
from the highest to the lowest layer, with each layer DNS Protocol: Domain Name System (DNS) is used
adding more information, a security control at a to resolve host domain names to IP addresses.
DNS cache poisoning is an attack exploiting a Replay Protection: The same data is not delivered
vulnerability found in the DNS protocol. An attacker multiple times and data is not delivered grossly out of
may poison the cache by forging a response to a order.
recursive DNS query sent by a resolver to an
authoritative server. Once, the cache of DNS resolver 5.4 Network Layer: Network layer controls provide a
is poisoned, the host will get directed to a malicious way for network administrators to enforce security
website and may compromise credential information policies. Security measures at this layer can be
by communication to this site. applied to all applications; thus, they are not
application-specific. IP Information i.e. IP Addresses
5.3 Transport Layer: To protect the data in a single is added at the network layer, hence the controls at
communication session between two hosts, controls of this layer protect both the data within the packets and
Transport layer is used. Transport layer controls the IP information for each packet. Controls at this
cannot protect IP information added at the network layer are not application- specific and protects all
layer. The most common use for transport layer network communications between two hosts or
security protocols is protecting the HTTP and FTP networks. Internet Protocol Security (IPsec), a
session traffic. The Transport Layer Security (TLS) network layer control provides a better solution than
and Secure Socket Layer (SSL) are the most common transport or application layer controls because of the
protocols used for this purpose. The Transport Layer difficulties in adding controls to individual
Protocols i.e. Transport Layer Security (TLS) protocol applications. SSL tunnel VPNs act as network layer
is used to secure HTTP Traffic. TLS has been used to VPNs and provide the ability to secure both TCP and
protect HTTP-based communications and can be used UDP communications including client/server and
with SSL portal VPNs.TLS is the standards based other network traffic. However, security protocols at
version of SSL version 3.TLS is a well-tested protocol this layer provide less communication flexibility that
that has several implementations that have been added may be required by some applications.
to many applications. It is a low risk option compared
to adding protection at the application layer. Network layer security controls are frequently used
for securing communications as they can provide
SSL, the most commonly used protocol can provide protection for many applications without modifying
any combination of the following types of protection: them and particularly over shared network such as the
Confidentiality: SSL can ensure that data cannot be Internet. Network Layer Security controls provide a
read by unauthorized parties. It is accomplished by single solution for protecting data from all
encrypting data using a cryptographic algorithm and a applications, as well as protecting IP information.
secret key, a value known only to the two parties Sometimes controls at another layer are better than
exchanging data. The data can only be decrypted by providing protection through network layer. In case
someone who has the secret key. one or two applications only need protection, then
network layer control may be excessive. In such
Integrity: SSL can determine if data has been situation Transport Layer protocols such as SSL are
changed intentionally or unintentionally during the used to provide security for communication with
transit. The integrity of data can be assured by individual HTTP-based applications. It also provides
generating a message authentication code (MAC) security for communication sessions of applications
value, which is a keyed cryptographic checksum of like SMTP, Point of Presence (POP), Internet
Internet Control Message Protocol (ICMP) is a Other protocols such as ARP, DHCP, SMTP, etc. also
protocol meant to be used as an aid for other protocols have their vulnerabilities that can be exploited by the
and system administrators to test for connectivity and attacker to compromise the network security.
search for configuration errors in a network. Ping uses
the ICMP echo function and is the lowest-level test of 5.5 Data Link Layer: Data link Layer controls for
whether a remote host is alive. A small packet dedicated circuits applied to all communications on a
containing an ICMP echo message is sent through the specific physical link between two buildings or a
network to a particular IP address. The computer that connection to an Internet service provider. Data Link
sent the packet then waits for a return packet. If the Layer controls are provided by specialized hardware
connections are good and the target computer is up, devices known as data link encryptors. It is below the
the echo message return packet will be received. network layer, controls at this layer can protect both
ICMP has its own vulnerabilities and can be abused to data and IP information. Data Link layer protocols are
launch an attack on a network. simple and are specific to a particular physical link,
they cannot protect connections with multiple links
The common attacks that can occur on a network due such as establishing a VPN over the Internet.
to ICMP vulnerabilities are −
• ICMP allows an attacker to carry out network
reconnaissance to determine network topology and
TRANSPORT
TCP/UDP TCP/UDP
IP NETWORK IP
LINK LINK
5.6 Security Vulnerabilities of TCP/IP protocol the data packets exchanged between the server
suite: Some of the common security vulnerabilities of and a client.
TCP/IP protocol suits are − o Another HTTP vulnerability is a weak
o HTTP is an application layer protocol in TCP/IP authentication between the client and the web
suite used for transfer files that make up the web server during the initializing of the session. This
pages from the web servers. These transfers are vulnerability can lead to a session hijacking attack
done in plain text and an intruder can easily read
References:
1. D. G. Maryna Krotofil, Industrial Control Systems
Security: What is happening?
2. Homeland Security U.S., Improving Industrial
Control with Defense in Depth Strategies, 2009.
3. IEEE, IEEE Standard for Electric Power Systems
Communications - Distributed Network Protocol
(DNP3), 2010.
4. PJM, Jetstream Guide DNP SCADA over Internet
with TLS Security, 2013.
5. P. -. Profinet, Profinet Security Guidelines.
Guidelines for PROFINET, 2013.
6. DNP3 Quick Reference Guide, 2002.
7. http://ittoday.info/AIMS/DSM/87-30-04.pdf
8. https://en.wikipedia.org/wiki/Network_interface_l
ayer_security
9. https://cse.sc.edu/~farkas/csce813-
2014/lectures/csce813-lect8.3.ppt
10. http://www.ittoday.info/AIMS/DSM/87-30-02.pdf
11. ijcset.net/docs/Volumes/volume2issue6/ijcset2012
020605.pdf
12. http://www.ittoday.info/AIMS/DSM/87-30-01.pdf
13. www.cse.yorku.ca/SecRAY/AppLayerSecurity_A
ndrade.pdf
14. https://securityintelligence.com › Topics ›
Application Security