Week 2: TCP/IP and OSI Network Security & Access Control

Lecture 2.1: Overview of TCP/IP and OSI Models

Introduction to Network Protocols

Network protocols are a set of rules that dictate how data is transmitted and received over a
network. They ensure communication between different network devices, enabling
interoperability and efficient data exchange. Protocols operate at different layers of a network
model, such as the OSI (Open Systems Interconnection) model and the TCP/IP
(Transmission Control Protocol/Internet Protocol) model.

Network protocols can be broadly categorized into:

 Communication Protocols (e.g., TCP, UDP, HTTP, FTP)

 Security Protocols (e.g., SSL/TLS, IPSec, SSH)
 Routing Protocols (e.g., BGP, OSPF, RIP)
 Management Protocols (e.g., SNMP, ICMP)

OSI Model Layers and Security Considerations

The OSI Model is a conceptual framework used to understand how different network
components interact. It consists of seven layers:

1. Physical Layer – Concerned with hardware transmission (e.g., cables, wireless signals).
o Security Risks: Eavesdropping, physical damage, electromagnetic interference.
o Mitigation Strategies: Shielded cables, secure data centers, frequency hopping in
wireless communication.
2. Data Link Layer – Handles MAC addressing and frame transmission.
o Security Risks: MAC spoofing, ARP poisoning.
o Mitigation Strategies: MAC filtering, VLANs, secure switch configurations.
3. Network Layer – Manages IP addressing and routing.
o Security Risks: IP spoofing, DoS attacks.
o Mitigation Strategies: Packet filtering firewalls, IPSec.
4. Transport Layer – Ensures end-to-end communication (TCP, UDP).
o Security Risks: SYN flooding, session hijacking.
o Mitigation Strategies: Secure sockets layer (SSL), Transport Layer Security
(TLS).
5. Session Layer – Maintains and manages sessions.
o Security Risks: Session hijacking, unauthorized session interception.
o Mitigation Strategies: Encrypted sessions, session timeouts.
6. Presentation Layer – Handles data encryption, compression, and formatting.
o Security Risks: Data manipulation, encoding attacks.
o Mitigation Strategies: End-to-end encryption, secure encoding standards.
7. Application Layer – Interfaces directly with users (HTTP, SMTP, DNS).
o Security Risks: SQL injection, phishing, cross-site scripting (XSS).
o Mitigation Strategies: Web application firewalls, input validation, secure coding
practices.
TCP/IP Model and its Role in Network Security

The TCP/IP model simplifies networking into four layers:

1. Network Interface Layer (Combines OSI’s Physical and Data Link layers).
2. Internet Layer (Equivalent to OSI’s Network layer).
3. Transport Layer (Equivalent to OSI’s Transport layer).
4. Application Layer (Combines OSI’s Session, Presentation, and Application layers).

Security concerns in TCP/IP include:

 Man-in-the-middle attacks – Addressed by TLS, IPSec.

 Denial-of-service (DoS) attacks – Mitigated using rate-limiting, firewalls.
 Packet sniffing – Prevented using encryption.
 IP spoofing – Addressed by authentication and packet filtering.

Common Security Threats in Network Communication

 Eavesdropping: Attackers intercept private data transmissions.

 Spoofing: Pretending to be a trusted entity (IP, ARP, DNS spoofing).
 Denial of Service (DoS) and Distributed DoS (DDoS): Overloading a network.
 Man-in-the-middle (MITM) attacks: Intercepting and altering communication.
 Malware-based threats: Viruses, Trojans, worms affecting network performance.

Lecture 2.2: Network Security Mechanisms

Firewalls, Intrusion Detection, and Prevention Systems (IDS/IPS)

 Firewalls: Control incoming and outgoing traffic based on security rules.

o Types:
 Packet Filtering Firewalls: Inspect packets at the network layer.
 Stateful Inspection Firewalls: Monitor active connections.
 Next-Generation Firewalls (NGFWs): Combine firewall capabilities
with additional security features.
 Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS):
o IDS monitors network traffic for suspicious activities.
o IPS actively prevents detected threats.

Access Control Mechanisms and Authentication Protocols

Access control is crucial to ensuring only authorized users can access network resources.

 Authentication Mechanisms:
o Password-based authentication (e.g., multi-factor authentication, OTPs).
 o Biometric authentication (e.g., fingerprint, facial recognition).
o Certificate-based authentication (e.g., digital certificates, PKI).
 Access Control Models:
o Discretionary Access Control (DAC): Users manage access rights.
o Mandatory Access Control (MAC): System-enforced policies.
o Role-Based Access Control (RBAC): Access assigned based on user roles.

Encryption and Secure Communication Protocols (SSL/TLS, IPSec)

 SSL/TLS (Secure Sockets Layer / Transport Layer Security)

o Used for encrypting web communications (HTTPS).
o Prevents MITM attacks by ensuring data integrity.
 IPSec (Internet Protocol Security)
o Encrypts IP packets for secure communication.
o Used in VPNs to create secure remote connections.

Exercises: Identifying Security Vulnerabilities in Network Configurations

Students will:

1. Analyze Network Logs: Identify potential security breaches in a given dataset.

2. Simulate a Network Attack: Use tools like Wireshark to observe how attacks occur.
3. Configure a Firewall: Set up firewall rules to block malicious traffic.
4. Encrypt a Communication Session: Implement TLS encryption in a given scenario.

Summary & Discussion Points

 Compare and contrast the OSI and TCP/IP models in terms of security.
 Discuss the role of encryption in network security.
 What are the limitations of firewalls and how can they be supplemented?
 Explain how an organization can mitigate MITM and DoS attacks.

Recommended Readings & Resources

 Network Security Essentials by William Stallings

 Applied Cryptography by Bruce Schneier
 Online Labs: Configuring firewalls, analyzing network traffic with Wireshark

Certainly! Here are brief explanations of the key terminologies used in the lecture:
1. MAC Spoofing – An attack where an attacker changes their device’s MAC (Media
Access Control) address to impersonate another device on the network. This can be used
to bypass security restrictions or eavesdrop on network traffic.
2. ARP Poisoning (Address Resolution Protocol Poisoning) – A technique used by
attackers to send fake ARP messages, linking their MAC address to a legitimate IP
address. This misleads other devices into sending data to the attacker instead of the
intended recipient, enabling Man-in-the-Middle (MITM) attacks.
3. MAC Filtering – A security measure that restricts network access based on MAC
addresses. Only devices with approved MAC addresses can connect, but MAC spoofing
can be used to bypass this control.
4. Packet Sniffing – The act of capturing and analyzing data packets traveling across a
network using tools like Wireshark. It can be used for network diagnostics but is also a
common technique in MITM attacks to steal sensitive data.
5. Firewalls – Hardware or software-based security systems that filter incoming and
outgoing network traffic based on predefined security rules. They help prevent
unauthorized access to a network.
6. Intrusion Detection System (IDS) – A system that monitors network traffic for
suspicious activities and alerts administrators of potential threats. It does not block
attacks but provides real-time alerts.
7. Intrusion Prevention System (IPS) – Similar to an IDS, but instead of just monitoring,
it actively blocks or mitigates threats before they reach the target system.
8. IP Spoofing – An attack where an attacker forges the source IP address in network
packets to disguise their identity. This is commonly used in Denial-of-Service (DoS)
attacks.
9. Denial-of-Service (DoS) Attack – A type of cyberattack aimed at overwhelming a
network or system with excessive requests, making it unavailable to legitimate users.
DDoS (Distributed Denial-of-Service) attacks use multiple compromised systems to
amplify the effect.
10. SSL/TLS (Secure Sockets Layer / Transport Layer Security) – Cryptographic
protocols that provide encrypted communication over networks, commonly used in
securing websites (HTTPS) and email services.
11. IPSec (Internet Protocol Security) – A security protocol suite that encrypts and
authenticates network traffic, often used in VPNs (Virtual Private Networks) for secure
remote connections.