UNDERSTANDING NETWORK PROTOCOLS

Archie Bianes Liezl Marie Lagrimas Irish Mae Lirio Karen Joy Samera

DEFINITION OF NETWORK PROTOCOLS

A

network protocol defines rules and conventions for communication between network devices. Protocols for computer networking all generally use packet switching techniques to send and receive messages in the form of packets.

Packet Switching - any protocol that breaks files into packets.

EXAMPLES OF NETWORK PROTOCOL

HYPER TEXT TRANSFER PROTOCOL (HTTP)

is a method of transmitting the information on the web.

POST OFFICE PROTOCOL (POP)

is use to retrieve emails from the remote server over the TCP/IP connection.

INTERNET MESSAGE ACCESS PROTOCOL(IMAP)

is used to access the emails on the remote servers. The email messages are generally stored on the email server and the users generally retrieve these message whether by the web browser or email clients

POST OFFICE PROTOCOL VS. INTERNET MESSAGE ACCESS PROTOCOL

SIMPLE MAIL TRANSFER PROTOCOL (SMTP)

is a protocol that is used to send the email messages between the servers.

FILE TRANSFER PROTOCOL (FTP)

is used to transfer (upload/download) data from one computer to another over the internet or through computer network.

USER DATAGRAM PROTOCOL (UDP)

is a most important protocol of the TCP/IP suite and is used to send the short messages known as datagram.

DOMAIN NAMING SERVICE (DNS)

An Internet protocol and distributed database, provides more English like names for IP addresses.

TELNET

Is a protocol that allows for one machine to connect to another computer on the Internet.

WORLD WIDE WEB (WWW)

A protocol that uses hypertext accessed by using a browser.

links

and

TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL (TCP/IP)

-is the basic communication language or protocol of the Internet. Transmission Control Protocol(higher layer) -manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. Internet Protocol(lower layer) -handles the address part of each packet so that it gets to the right destination.

TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL (TCP/IP)

STANDARD PROTOCOL ARCHITECTURES

Two

approaches (standard)
Reference Model

OSI

never used widely but well known

TCP/IP

Protocol Suite

most widely used

OSI REFERENCE MODEL

Open

Systems Interconnection Reference model

provides a general framework for standardization defines a set of layers and services provided by each layer one or more protocols can be developed for each layer

Developed

by the International Organization for Standardization (ISO)

also published by ITU-T Telecommunications Union) (International

layered model
Seven layers seven has been presented as the optimal number of layer

Delivered

too late (published in 1984)

by that time TCP/IP started to become the de facto standard

Although

no OSI-based protocol survived, the model is still valid (in the textbooks)

OSI - THE LAYER MODEL

Each layer performs a subset of the required communication functions Each layer relies on the next lower layer to perform more primitive functions Each layer provides services to the next higher layer Changes in one layer should not require changes in other layers

THE OSI ENVIRONMENT

OSI LAYERS (1)

Physical Physical interface between devices Characteristics Mechanical - interface specs Electrical - voltage levels for bits, transmission rate Data Link Basic services: error detection and control, flow control at the link level (point to point) Higher layers may assume error free transmission Later a sub layer is added to Data Link Layer MAC (Medium Access Control) sub layer to deal with broadcast networks

OSI LAYERS (2)

Network

Transfer of information through communication network

network related issues

Network nodes (relays/routers) should perform switching and routing functions QoS (Quality of Service) and congestion control are also addressed in this layer Several other internetworking issues

e.g. differences in addressing, max. data length, etc.

Higher layers do not need to know about underlying networking technology Not needed on direct links

OSI LAYERS (3)

Transport

End to end exchange of data In sequence, no losses, no duplicates If needed, upper layer data are split into smaller units
Control of dialogues
whose turn to talk? Dialogue discipline (full-duplex, half-duplex)

Session

Checkpointing and recovery

OSI LAYERS (4)

Presentation

Data formats Data compression Encryption

Application

Support for various applications

RISKS
Availability Integrity Confidentiality

Access to personal information Could be high risk.

Degree of reliance on IT - Could be high risk.

Unauthorized access Could be high risk.

CONTROLS

Ensuring the confidentiality of data through the application of a cryptographic algorithm or a secret key. Assuring the integrity of data through the application of a message authentication code (MAC), checksum is sent with the data. Providing peer authentication to ensure that network traffic and data are sent from the expected host. Providing replay protection to assure that the same data is not delivered multiple times and that the data is delivered in an acceptable order. Providing traffic analysis protection by obscuring the identities of the endpoints and the size of the data. Providing access control by assuring that only authorized users can access particular network resources.

NETWORK PERFORMANCE AUDIT

Before conducting a network performance audit, internal auditors need to understand how the network operates. The best way to do this is by requesting a copy of the company's network diagram. In addition, auditors need to identify any critical business applications that reside within the network and the network components that support them, as well as determine each application's network bandwidth use.

 Network

Bandwidth Use When assessing the application's network bandwidth use, the auditor should conduct a network traffic analysis that identifies:
The average amount of data flowing within the network (i.e., overall bandwidth use). The data's packet size distribution. The type of data flow within the network. The data's error rate.

1.

2. 3. 4.

NETWORK DEVICES CONFIGURATION

Auditors need to review the configuration of all network devices (e.g., routers and printer settings). When reviewing the configuration of network devices, auditors need to:

Check for routes that cause bandwidth choking or clogging of network traffic due to the use of only one gateway. Identify all network users and their level of network access. Determine if access control lists configured properly and are enabled. (ACLs) are

Identify whether network administrators are monitoring and tracking changes made to ACLs. Determine whether the company uses a switch port analyser or remote network monitoring specification. Identify if network administrators are tracking and limiting changes to the overall network.

NETWORK APPLICATIONS CONFIGURATION

In terms of reviewing the configuration of network applications, (e.g., determining whether the server application is excessively querying clients) auditors need to:
1.

First understand the importance and role of the network device within the organization's network topology. Be aware of best practices for network devices in general.

2.

3.

Identify whether each component and subcomponent of the network are missing, applied incorrectly, or used inappropriately.

END OF REPORT Thank you! :)