Unit 2 BBA V
Unit 2 BBA V
Unit 2 BBA V
The Open Systems Interconnection (OSI) model is a conceptual model created by the
International Organization for Standardization which enables diverse communication
systems to communicate using standard protocols. In plain English, the OSI provides a
standard for different computer systems to be able to communicate with each other.
OSI stands for Open Systems Interconnection. It has been developed by ISO –
‘International Organization of Standardization‘, in the year 1984. It is a 7 layer
architecture with each layer having specific functionality to perform. All these 7 layers
work collaboratively to transmit the data from one person to another across the globe.
The lowest layer of the OSI reference model is the physical layer. It is responsible for
the actual physical connection between the devices. The physical layer contains
information in the form of bits. It is responsible for transmitting individual bits from one
node to the next. When receiving data, this layer will get the signal received and convert
it into 0s and 1s and send them to the Data Link layer, which will put the frame back
together.
The functions of the physical layer are :
1. Bit synchronization: The physical layer provides the synchronization of the bits by
providing a clock. This clock controls both sender and receiver thus providing
synchronization at bit level.
2. Bit rate control: The Physical layer also defines the transmission rate i.e. the number of
bits sent per second.
3. Physical topologies: Physical layer specifies the way in which the different,
devices/nodes are arranged in a network i.e. bus, star or mesh topolgy.
4. Transmission mode: Physical layer also defines the way in which the data flows between
the two connected devices. The various transmission modes possible are: Simplex, half-
duplex and full-duplex.
* Hub, Repeater, Modem, Cables are Physical Layer devices.
** Network Layer, Data Link Layer and Physical Layer are also known as Lower
Layers or Hardware Layers.
The data link layer is responsible for the node to node delivery of the message. The
main function of this layer is to make sure data transfer is error-free from one node to
another, over the physical layer. When a packet arrives in a network, it is the
responsibility of DLL to transmit it to the Host using its MAC address.
Data Link Layer is divided into two sub layers :
1. Logical Link Control (LLC)
2. Media Access Control (MAC)
The packet received from Network layer is further divided into frames depending on the
frame size of NIC(Network Interface Card). DLL also encapsulates Sender and
Receiver’s MAC address in the header.
The Receiver’s MAC address is obtained by placing an ARP(Address Resolution
Protocol) request onto the wire asking “Who has that IP address?” and the destination
host will reply with its MAC address.
Network layer works for the transmission of data from one host to the other located in
different networks. It also takes care of packet routing i.e. selection of the shortest path
to transmit the packet, from the number of routes available. The sender & receiver’s IP
address are placed in the header by the network layer.
The functions of the Network layer are :
1. Routing: The network layer protocols determine which route is suitable from source to
destination. This function of network layer is known as routing.
2. Logical Addressing: In order to identify each device on internetwork uniquely, network
layer defines an addressing scheme. The sender & receiver’s IP address are placed in the
header by network layer. Such an address distinguishes each device uniquely and
universally.
* Segment in Network layer is referred as Packet.
Transport layer provides services to application layer and takes services from network
layer. The data in the transport layer is referred to as Segments. It is responsible for the
End to End Delivery of the complete message. The transport layer also provides the
acknowledgement of the successful data transmission and re-transmits the data if an
error is found.
• At sender’s side:
Transport layer receives the formatted data from the upper layers,
performs Segmentation and also implements Flow & Error control to ensure proper
data transmission. It also adds Source and Destination port number in its header and
forwards the segmented data to the Network Layer.
Note: The sender need to know the port number associated with the receiver’s
application.
Generally, this destination port number is configured, either by default or manually. For
example, when a web application makes a request to a web server, it typically uses port
number 80, because this is the default port assigned to web applications. Many
applications have default port assigned.
• At receiver’s side:
Transport Layer reads the port number from its header and forwards the Data which it
has received to the respective application. It also performs sequencing and
reassembling of the segmented data.
The functions of the transport layer are :
1. Segmentation and Reassembly: This layer accepts the message from the (session)
layer , breaks the message into smaller units . Each of the segment produced has a
header associated with it. The transport layer at the destination station reassembles the
message.
2. Service Point Addressing: In order to deliver the message to correct process, transport
layer header includes a type of address called service point address or port address. Thus
by specifying this address, transport layer makes sure that the message is delivered to the
correct process.
The services provided by the transport layer :
1. Connection Oriented Service: It is a three-phase process which include
– Connection Establishment
– Data Transfer
– Termination / disconnection
In this type of transmission, the receiving device sends an acknowledgement, back to the
source after a packet or group of packet is received. This type of transmission is reliable
and secure.
2. Connection less service: It is a one-phase process and includes Data Transfer. In this
type of transmission, the receiver does not acknowledge receipt of a packet. This
approach allows for much faster communication between devices. Connection-oriented
service is more reliable than connectionless Service.
* Data in the Transport Layer is called as Segments.
** Transport layer is operated by the Operating System. It is a part of the OS and
communicates with the Application Layer by making system calls.
Transport Layer is called as Heart of OSI model.
SCENARIO:
Let’s consider a scenario where a user wants to send a message through some
Messenger application running in his browser. The “Messenger” here acts as the
application layer which provides the user with an interface to create the data. This
message or so-called Data is compressed, encrypted (if any secure data) and
converted into bits (0’s and 1’s) so that it can be transmitted.
Presentation layer is also called the Translation layer.The data from the application
layer is extracted here and manipulated as per the required format to transmit over the
network.
The functions of the presentation layer are :
1. Translation : For example, ASCII to EBCDIC.
2. Encryption/ Decryption : Data encryption translates the data into another form or code.
The encrypted data is known as the cipher text and the decrypted data is known as plain
text. A key value is used for encrypting as well as decrypting data.
3. Compression: Reduces the number of bits that need to be transmitted on the network.
At the very top of the OSI Reference Model stack of layers, we find Application layer
which is implemented by the network applications. These applications produce the data,
which has to be transferred over the network. This layer also serves as a window for the
application services to access the network and for displaying the received information to
the user.
Ex: Application – Browsers, Skype Messenger etc.
**Application Layer is also called as Desktop Layer.
The functions of the Application layer are :
1. Network Virtual Terminal
2. FTAM-File transfer access and management
3. Mail Services
4. Directory Services
Computer Network TCP/IP model
The TCP/IP Model is developed before than OSI Model. The layers in TCP/IP
Model are different than OSI Model.
Internetworking protocol(IP):
1. It is an unreliable connectionless protocol used by TCP/IP Model.
2. This protocol is used for data transmission.
3. This protocol doesn’t do error checking or tracking of data, thus we cannot be
sure that the data is actually reached its destination. This is why it is also known
as best effort delivery service which means this protocol tries it best to send the
data to its destination but doesn’t take an guarantee.
4. IP protocol transmits the data in form of small packets known as datagrams.
Each of these datagrams are transmitted separately, thus they can take different
routes and sometime duplicate datagrams can be reached to destination, also
they are reached in no particular order at the destination.
ARP protocol is used to find the physical address of a device whose internet
address (IP address) is known.
3. Transport Layer
Transport layer in TCP/Model can be represented by three protocols:
Transmission control protocol (TCP), User data gram protocol (UDP) and Stream
Control Transmission Protocol (SCTP).
These three protocols in transport layer are responsible for delivery of messages
from one process to another. The SCTP protocol was later introduced to meet
the needs of newer applications.
2. It takes the data from upper layer of TCP/IP Model and adds following
information to the data:
a) Port Address – Source port address of 16 bits and destination port address of
16 bits added to the data so that it reaches to correct destination and displays the
correct source of data.
b) checksum error control – 16 bits of checksum data is added to the data
received from upper layer, this is used for error control.
c) length of data – Length defines the total bytes of data in datagram.
3. Although this protocol finds the error in the transmission of data, it doesn’t
specify the error which makes it hard to identify the actual error in transmission.
3. TCP protocol divides the data in small units called segments. Each segment
contains the sequence number which makes it possible to rearrange the
segments in correct order at the receiver side to make the complete data.
4. It also adds acknowledgement number to the segments to verify that the data
is actually reached its destination or not.
5. Unlike UDP which is unable to specify the exact error in transmission, this
protocol does error control and specifies the exact error which makes TCP a
reliable protocol.
Stream Control Transmission Protocol (SCTP)
1. This protocol combines the best features of TCP and UDP protocols.
4. Application Layer
1. This is the top most layer of TCP/IP model.
3. There are several protocols used by the application layer for user interaction
such as: HTTP, SNMP, SMTP, DNS, TELNET, FTP etc.
HTTP: HTTP stands for Hypertext transfer protocol, it allows the user to
interact with world wide web through the browser application. HTTP can be used
to transfer various types of data such as plain text, audio, video etc.
FTP: FTP stands for File Transfer Protocol. This protocol is used for
transmitting files from one system to another system.
DNS: DNS stands for Domain Name System. Each computer on a network has
different IP address, a computer is known by its IP address. DNS provides a
mapping to a name to the IP Address so a name can be used to identify a
system on network rather than IP address itself.
SNMP: SNMP stands for Simple Network Management Protocol. It managers the
devices connected to the internet using TCP/IP protocol.
SMTP: SMTP stands for Simple mail transfer protocol. It is used for email
services, using this protocol a email containing data can be sent to another email
address.
Difference between TCP/IP and OSI Model:
TCP/IP OSI
TCP refers to
Protocol. Interconnection.
model. technology.
Error control in data link layer is the process of detecting and correcting data frames
that have been corrupted or lost during transmission.
In case of lost or corrupted frames, the receiver does not receive the correct data-frame
and sender is ignorant about the loss. Data link layer follows a technique to detect
transit errors and take necessary actions, which is retransmission of frames whenever
error is detected or frame is lost. The process is called Automatic Repeat Request
(ARQ).
Flow Control
o It is a set of procedures that tells the sender how much data it can transmit before
the data overwhelms the receiver.
o The receiving device has limited speed and limited memory to store the data.
Therefore, the receiving device must be able to inform the sending device to stop the
transmission temporarily before the limits are reached.
o It requires a buffer, a block of memory for storing the information until they are
processed.
o Stop-and-wait
o Sliding window
Stop-and-wait
o In the Stop-and-wait method, the sender waits for an acknowledgement after every
frame it sends.
o When acknowledgement is received, then only next frame is sent. The process of
alternately sending and waiting of a frame continues until the sender transmits the
EOT (End of transmission) frame.
Advantage of Stop-and-wait
The Stop-and-wait method is simple as each frame is checked and acknowledged before the
next frame is sent.
Disadvantage of Stop-and-wait
Stop-and-wait technique is inefficient to use as each frame must travel across all the way to
the receiver, and an acknowledgement travels all the way before the next frame is sent.
Each frame sent and received uses the entire time needed to traverse the link.
Sliding Window
o The Sliding Window is a method of flow control in which a sender can transmit the
several frames before getting an acknowledgement.
o In Sliding Window Control, multiple frames can be sent one after the another due to
which capacity of the communication channel can be utilized efficiently.
o A single ACK acknowledge multiple frames.
o Sliding Window refers to imaginary boxes at both the sender and receiver end.
o The window can hold the frames at either end, and it provides the upper limit on the
number of frames that can be transmitted before the acknowledgement.
o Frames can be acknowledged even when the window is not completely filled.
o The window has a specific size in which they are numbered as modulo-n means that
they are numbered from 0 to n-1. For example, if n = 8, the frames are numbered
from 0,1,2,3,4,5,6,7,0,1,2,3,4,5,6,7,0,1........
o The size of the window is represented as n-1. Therefore, maximum n-1 frames can
be sent before acknowledgement.
o When the receiver sends the ACK, it includes the number of the next frame that it
wants to receive. For example, to acknowledge the string of frames ending with
frame number 4, the receiver will send the ACK containing the number 5. When the
sender sees the ACK with the number 5, it got to know that the frames from 0
through 4 have been received.
Sender Window
o At the beginning of a transmission, the sender window contains n-1 frames, and
when they are sent out, the left boundary moves inward shrinking the size of the
window. For example, if the size of the window is w if three frames are sent out,
then the number of frames left out in the sender window is w-3.
o Once the ACK has arrived, then the sender window expands to the number which will
be equal to the number of frames acknowledged by ACK.
o For example, the size of the window is 7, and if frames 0 through 4 have been sent
out and no acknowledgement has arrived, then the sender window contains only two
frames, i.e., 5 and 6. Now, if ACK has arrived with a number 4 which means that 0
through 3 frames have arrived undamaged and the sender window is expanded to
include the next four frames. Therefore, the sender window contains six frames
(5,6,7,0,1,2).
Receiver Window
o At the beginning of transmission, the receiver window does not contain n frames, but
it contains n-1 spaces for frames.
o When the new frame arrives, the size of the window shrinks.
o The receiver window does not represent the number of frames received, but it
represents the number of frames that can be received before an ACK is sent. For
example, the size of the window is w, if three frames are received then the number
of spaces available in the window is (w-3).
o Once the acknowledgement is sent, the receiver window expands by the number
equal to the number of frames acknowledged.
o Suppose the size of the window is 7 means that the receiver window contains seven
spaces for seven frames. If the one frame is received, then the receiver window
shrinks and moving the boundary from 0 to 1. In this way, window shrinks one by
one, so window now contains the six spaces. If frames from 0 through 4 have sent,
then the window contains two spaces before an acknowledgement is sent.
Cryptography and its Types
Cryptography is technique of securing information and communications
through use of codes so that only those person for whom the information is
intended can understand it and process it. Thus preventing unauthorized
access to information. The prefix “crypt” means “hidden” and suffix graphy
means “writing”.
In Cryptography the techniques which are use to protect information are
obtained from mathematical concepts and a set of rule based calculations
known as algorithms to convert messages in ways that make it hard to
decode it. These algorithms are used for cryptographic key generation,
digital signing, verification to protect data privacy, web browsing on internet
and to protect confidential transactions such as credit card and debit card
transactions.
Techniques used For Cryptography:
In today’s age of computers cryptography is often associated with the
process where an ordinary plain text is converted to cipher text which is the
text made such that intended receiver of the text can only decode it and
hence this process is known as encryption. The process of conversion of
cipher text to plain text this is known as decryption.
Features Of Cryptography are as follows:
1. Confidentiality:
Information can only be accessed by the person for whom it is intended and no
other person except him can access it.
2. Integrity:
Information cannot be modified in storage or transition between sender and
intended receiver without any addition to information being detected.
3. Non-repudiation:
The creator/sender of information cannot deny his or her intention to send
information at later stage.
4. Authentication:
The identities of sender and receiver are confirmed. As well as destination/origin of
information is confirmed.
Types Of Cryptography:
In general there are three types Of cryptography:
The private key is kept secret by the owner and the public key is either shared
amongst authorised recipients or made available to the public at large.
Data encrypted with the recipient’s public key can only be decrypted with the
corresponding private key. Data can therefore be transferred without the risk of
unauthorised or unlawful access to the data.
Figure 3: Asymmetric encryption – Using a different key for the encryption and
decryption process
Hash functions are used with cryptography to provide digital signatures and
integrity controls but as no secret key is used it does not make the message
private as the hash can be recreated.
What is a cryptographic key?
The original data is known as the plaintext, and the data after the key encrypts it is
known as the ciphertext.
The formula:
plaintext
+ key
= ciphertext
Before the advent of computers, ciphertext was often created by simply replacing one
letter with another letter in the plaintext, a method known as a "substitution cipher." For
instance, suppose that someone sends a message reading "Hello" to another person,
and each letter is replaced with the one after it in the alphabet: "Hello" becomes
"Ifmmp."
H E L L O
+1 +1 +1 +1 +1
I F M M P
"Ifmmp" looks like a nonsensical string of letters, but if someone knows the key, they
can substitute the proper letters and decrypt the message as "Hello." For this example,
the key is (letter) - 1, moving each letter down one spot in the alphabet to arrive at the
real letter.
I F M M P
-1 -1 -1 -1 -1
H E L L O
Such ciphers are relatively easy to break with simple statistical analysis, since certain
letters will appear more often than others in any given text (for instance E is the most
common letter in the English language). To combat this, cryptographers developed a
system called the one-time pad.
A one-time pad is a single-use-only key that has at least as many values as the plaintext
has characters. In other words, each letter will be replaced by a letter that's a unique
number of letters removed from it in the alphabet.
For example, suppose someone has to encrypt the message "Hello," and they use a one-
time pad with the values 7, 17, 24, 9, 11.
H E L L O
7 17 24 9 11
Whereas before we simply moved up one position for each letter (letter + 1), now we
move a different number of places in the alphabet for each letter. We add 7 to the first
letter, H; we add 17 to the second letter; and so on. For any calculations that take us
past Z, we simply go back to the beginning of the alphabet and keep adding.
H E L L O
7 17 24 9 11
O V J U Z
Starting from the plaintext "Hello," we now have the ciphertext "Ovjuz," using the key "7,
17, 24, 9, 11."
For communication via a one-time pad to work, both sides of the conversation have to
use the same key for each individual message (symmetric encryption), although a
different key is used every time there's a new message. Although to any third parties
"Ovjuz" looks like random nonsense, the person who receives the ciphertext "Ovjuz" will
know to use the key "7, 17, 24, 9, 11" to decrypt it (subtracting instead of adding):
O V J U Z
7 17 24 9 11
H E L L O
Thus, a simple message can be altered by a string of random data, a key, in order to be
encrypted or decrypted.
Cryptography is the science of secret writing with the intention of keeping the data
secret. Cryptography is classified into symmetric cryptography, asymmetric
cryptography and hashing.
Private Key:
In Private key, the same key (secret key) is used for encryption and decryption. In this
key is symmetric because the only key is copy or share by another party to decrypt the
cipher text. It is faster than the public key cryptography.
Public Key:
In Public key, two keys are used one key is used for encryption and another key is used
for decryption. One key (public key) is used for encrypt the plain text to convert it into
cipher text and another key (private key) is used by receiver to decrypt the cipher text to
read the message.
Now, we see the difference between them:
In this, the same key (secret key) are used, one key is used for
and algorithm is used to encrypt encryption and while the other is used
Private key
only one key that is called secret there are two types of key: private and
receiver need to share the same receiver does not need to share the
Before Firewalls, network security was performed by Access Control Lists (ACLs)
residing on routers. ACLs are rules that determine whether network access should be
granted or denied to specific IP address.
But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does
not have the capacity to keep threats out of the network. Hence, the Firewall was
introduced.
Connectivity to the Internet is no longer optional for organizations. However, accessing
the Internet provides benefits to the organization; it also enables the outside world to
interact with the internal network of the organization. This creates a threat to the
organization. In order to secure the internal network from unauthorized traffic, we need
a Firewall.
How Firewall Works
Firewall match the network traffic against the rule set defined in its table. Once the rule
is matched, associate action is applied to the network traffic. For example, Rules are
defined as any employee from HR department cannot access the data from code server
and at the same time another rule is defined like system administrator can access the
data from both HR and technical department. Rules can be defined on the firewall
based on the necessity and security policies of the organization.
From the perspective of a server, network traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic,
originated from the server itself, allowed to pass. Still, setting a rule on outgoing traffic is
always better in order to achieve more security and prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of
these three major Transport Layer protocols- TCP, UDP or ICMP. All these types have
a source address and destination address. Also, TCP and UDP have port numbers.
ICMP uses type code instead of port number which identifies purpose of that packet.
Default policy: It is very difficult to explicitly cover every possible rule on the firewall.
For this reason, the firewall must always have a default policy. Default policy only
consists of action (accept, reject or drop).
Suppose no rule is defined about SSH connection to the server on the firewall. So, it will
follow the default policy. If default policy on the firewall is set to accept, then any
computer outside of your office can establish an SSH connection to the server.
Therefore, setting default policy as drop (or reject) is always a good practice.
Generation of Firewall
Firewalls can be categorized based on its generation.
1. First Generation- Packet Filtering Firewall : Packet filtering firewall is used to
control network access by monitoring outgoing and incoming packet and allowing
them to pass or stop based on source and destination IP address, protocols and
ports. It analyses traffic at the transport protocol layer (but mainly uses first 3
layers).
Packet firewalls treat each packet in isolation. They have no ability to tell whether a
packet is part of an existing stream of traffic. Only It can allow or deny the packets
based on unique packet headers.
Packet filtering firewall maintains a filtering table which decides whether the packet
will be forwarded or discarded. From the given filtering table, the packets will be
Filtered according to following rules:
1. Incoming packets from network 192.168.21.0 are blocked.
2. Incoming packets destined for internal TELNET server (port 23) are blocked.
3. Incoming packets destined for host 192.168.21.3 are blocked.
4. All well-known services to the network 192.168.21.0 are allowed.
2. Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs
Stateful Packet Inspection) are able to determine the connection state of packet,
unlike Packet filtering firewall, which makes it more efficient. It keeps track of the
state of networks connection travelling across it, such as TCP streams. So the
filtering decisions would not only be based on defined rules, but also on packet’s
history in the state table.
3. Third Generation- Application Layer Firewall : Application layer firewall can
inspect and filter the packets on any OSI layer, up to the application layer. It has
the ability to block specific content, also recognize when certain application and
protocols (like HTTP, FTP) are being misused.
In other words, Application layer firewalls are hosts that run proxy servers. A proxy
firewall prevents the direct connection between either side of the firewall, each
packet has to pass through the proxy. It can allow or block the traffic based on
predefined rules.
Note: Application layer firewalls can also be used as Network Address
Translator(NAT).
4. Next Generation Firewalls (NGFW) : Next Generation Firewalls are being
deployed these days to stop modern security breaches like advance malware
attacks and application-layer attacks. NGFW consists of Deep Packet Inspection,
Application Inspection, SSL/SSH inspection and many functionalities to protect the
network from these modern threats.
Types of Firewall
Firewalls are generally of two types: Host-based and Network-based.
1. Host- based Firewalls : Host-based firewall is installed on each network node
which controls each incoming and outgoing packet. It is a software application or
suite of applications, comes as a part of the operating system. Host-based firewalls
are needed because network firewalls cannot provide protection inside a trusted
network. Host firewall protects each host from attacks and unauthorized access.
2. Network-based Firewalls : Network firewall function on network level. In other
words, these firewalls filter all incoming and outgoing traffic across the network. It
protects the internal network by filtering the traffic using rules defined on the
firewall. A Network firewall might have two or more network interface cards (NICs).
A network-based firewall is usually a dedicated system with proprietary software
installed.