Types of Networks
Week7 Part4-IS
RevisionSu2013
Types of Networks
There are different types of networks. Each type has different characteristics and
therefore different security needs. Some of the fundamental differentiating attributes of
the various types of networks are:
the physical distance the network spans
the topology of the network nodes
the types of media used for communication between nodes in the network
the different devices supported on the network
the different applications supported on the network
the different groups of users permitted on the network
the different protocols supported on each network
Depending on the type of network there may be different information security
requirements requiring that various protocols, security services, security mechanisms are
used in a fashion to support that type of network.
While each network environment has some characteristics and security needs unique to
that environment, there are many security techniques that should be universally applied to
all environments. For example; sound policies and procedures, risk assessment of the
assets, user awareness training, encryption technology, authentication technology, sound
credential (password) selection and protection, malware protection, firewalls are a few
security techniques that need to be applied in all of the networks albeit in configurations
that best suits a particular environment.
Local Area Network (LAN)
A LAN network covers a small geographic area that takes advantage of high speed data
transfers usually implemented through Ethernet or fiber. A LAN could be a home, office,
group of building with local proximity (university, business). LANs typically share
resources such as file servers and printers.
Wide Area Network (WAN)
A WAN covers a large geographic area that may require connection through satellite,
high speed dedicated lines and other means. The internet is a WAN. WANs can connect
LANs together into a larger organizational structure that can be used to share resources
such as file, email, dns servers to name a few. Resources can be shared using slower
connections on geographically separated areas across the WAN.
Wireless Networks and Mobile Networks
The movement to laptop systems at home and workplaces accelerated the mobility of
computing.
As employees traveled between offices, client sites, home and various other remote
locations they could remain connected to company servers as long as the remote site had
connectivity to the companies’ intranet. Initially this connectivity was provided by
having Ethernet cabling available for remote users to physically plug their laptops into.
Eventually, companies started installing wireless hotspots that could be automatically
detected by systems that had wireless cards.
The proliferation of wireless connectivity and internet use spread from the workplace to
genera ...
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
1. Types of Networks
Week7 Part4-IS
RevisionSu2013
Types of Networks
There are different types of networks. Each type has different
characteristics and
therefore different security needs. Some of the fundamental
differentiating attributes of
the various types of networks are:
the network
ifferent applications supported on the network
2. Depending on the type of network there may be different
information security
requirements requiring that various protocols, security services,
security mechanisms are
used in a fashion to support that type of network.
While each network environment has some characteristics and
security needs unique to
that environment, there are many security techniques that
should be universally applied to
all environments. For example; sound policies and procedures,
risk assessment of the
assets, user awareness training, encryption technology,
authentication technology, sound
credential (password) selection and protection, malware
protection, firewalls are a few
security techniques that need to be applied in all of the
networks albeit in configurations
that best suits a particular environment.
Local Area Network (LAN)
A LAN network covers a small geographic area that takes
3. advantage of high speed data
transfers usually implemented through Ethernet or fiber. A LAN
could be a home, office,
group of building with local proximity (university, business).
LANs typically share
resources such as file servers and printers.
Wide Area Network (WAN)
A WAN covers a large geographic area that may require
connection through satellite,
high speed dedicated lines and other means. The internet is a
WAN. WANs can connect
LANs together into a larger organizational structure that can be
used to share resources
such as file, email, dns servers to name a few. Resources can be
shared using slower
connections on geographically separated areas across the WAN.
Wireless Networks and Mobile Networks
The movement to laptop systems at home and workplaces
accelerated the mobility of
computing.
4. As employees traveled between offices, client sites, home and
various other remote
locations they could remain connected to company servers as
long as the remote site had
connectivity to the companies’ intranet. Initially this
connectivity was provided by
having Ethernet cabling available for remote users to physically
plug their laptops into.
Eventually, companies started installing wireless hotspots that
could be automatically
detected by systems that had wireless cards.
The proliferation of wireless connectivity and internet use
spread from the workplace to
general societal use. Average users demanded access to the
internet and company
intranets. Soon public places such as airports, libraries, train
stations, schools and coffee
shops installed wireless hotspots to allow people internet
access. Some towns and cities
are installing wireless hotspots to allow internet connectivity
for citizens.
5. In addition to wireless hotspots becoming omnipresent the use
of handheld devices is on
the rise. Handheld devices started with cell phones and moved
to higher functionality
devices such as the Blackberry and Palm smart phones which
allowed email access, and
various local applications. The handheld devices have continued
to evolve to higher
functioning devices which provide general internet services as
well as thousands of
applications. Examples of these are the Apple iphone and the
numerous smartphones that
support the Google Android operating system. Of course these
devices still provide
telephone services!
These devices make use of various cellular network
technologies such as GSM (Global
System for Mobile Communications), CDMA (Code Division
Mobile Access) which
conform to 3G and 4G technologies for connectivity.
Types of *NET environments.
The various types of network environments can be deployed
6. into different types of
interconnected environments. We should not think of all
interconnected computers as the
internet. Depending on the allowable members and systems of
an inter-connected
environment the environment may be termed: “internet”, the
“intranet” or the “extranet”.
Internet
The internet is global network of interconnected computers and
computer networks. The
systems that are members of the internet use the standard
“internet protocol suite” which
is TCP/IP, however not all applications use TCP/IP. The
internet serves billions of users
worldwide.
Intranet
An intranet is a private global network of interconnected
computers and computer
networks that is used by an organization. It uses all the
protocols used in the internet only
the scope of the network is within the organization.
7. Extranet
An extranet is a private global network of interconnected
computers and computer
networks that is used by an organization. It uses all the
protocols used in the internet. It
differs from an intranet in that it expands connectivity to other
users, suppliers,
organizations through secure protocols to facilitate information
exchange and
communication.
Summary
These networks continue to grow in complexity. These networks
exist in an endless
number of different configurations which all share the same
requirement which is to be
secure. To add to the complexity of the networks, devices are
being deployed into
virtualized environments, some of which are deployed to the
Cloud Computing
environment. The added dimensions of virtualization and cloud
deployments raise the
complexity of securing these environments.
8. As the network complexity grows the complexity for securing
the environment grows.
The preferred approach to implementing security in these ever
increasing complex
environments is a strategy of security in depth.
Security Architecture for OSI
Week7 Part3-IS
RevisionSu2013
Security Architecture for OSI
The ITU (International Telecommunications Union) is a United
Nations sponsored
agency which develops standards (called recommendations) for
telecommunications and
open systems interconnection (OSI). Recommendation X.800,
Security Architecture for
OSI defines a systematic approach for the manager and
technical professional responsible
for implementing security in a network, communications or
computer environment to
9. systematically define the requirements for security and to
characterize various approaches
to implement functionality that satisfies the requirements.
The framework provided by the architecture categorizes the
elements of security into
security attacks, security services and security mechanisms.
A Security Attack is an action that compromises the information
owned or entrusted to
the organization. The compromise affects some attribute of the
CIA triad.
A Security Service is a collection of functionality (routines,
programs, algorithms,
specifications) that provides support for various aspects of
security: In order to protect a
network from attack, mechanisms need to be implemented that
support each of these
services to the extent they are needed in the target environment.
Security services are
implemented by making use of one or more security
mechanisms.
Security Services:
10. cating entity is
the one they
claim to be.
resource.
unauthorized disclosure.
a are
available.
sent/received/stored is
exactly as it was sent/received/stored by the authorized entity.
parties in a
communication that they sent or received all or part of it.
observation and
logging of system activity.
The security services enumerated above are categories of
services that are further divided
into specific services that apply to different aspects of a
service. For example; the
authentication service is divided into two specific services peer
entity authentication and
11. data origin authentication. Peer entity authentication involves
each party in a logical
connection being able to confirm to some degree of confidence
the identity of the other
party. Data origin authentication is used in a connectionless
transfer such that the
recipient of the data can be confident in the identity of the
sender.
RFC 2828 provides the following definition for a security
service:
Definition: Security Service: A processing or communication
service that is
provided by a system to give a specific kind of protection to
system resources;
security services implement security policies by using security
mechanisms.
A Security Mechanism is a particular technique or set of
techniques that are used to
implement a security service.
12. Security mechanisms are divided into two groups: specific
security mechanisms and
pervasive security mechanisms. A specific security mechanism
is implemented in a
particular protocol layer or layers (e.g. TCP and/or application
layer, etc.) to provide a
security service. For example: encipherment is a specific
security mechanism that could
be implemented at various protocol layers. Encipherment may
be implemented at the
application level using PGP, the transport layer using SSL and
the IP layer using IPsec.
Specific Security Mechanisms:
encrypt and
decrypt
information. Supports authentication, data confidentiality, data
integrity.
value and append
it to a data object such that any recipient of the data can verify
the data's
origin and integrity.
resource
(control, data) from unauthorized use in accordance by the
13. systems
security policy.
unauthorized changes
to data, both malicious and accidental.
identity of an
entity.
frustrate
analysis of the data stream.
s mechanisms to control the path
data takes
from source to destination to ensure secure transmission of data.
for the
integrity of a data exchange (i.e. Digital Certificates)
Pervasive security mechanisms are not specific to any protocol
layer or security service.
The mechanism is implemented in any protocol layer and for
any service.
Pervasive Security Mechanisms:
14. g
an action to
be taken.
audit record
of security activity.
recovery from
various events.
ITU-T X.800 Security Architecture for OSI can be found at:
http://www.itu.int/rec/T-
REC-X.800-199103-I/en
http://www.itu.int/rec/T-REC-X.800-199103-I/en
http://www.itu.int/rec/T-REC-X.800-199103-I/en
Layers and Protocols
Week7 Part2-IS
Revision Spring2014
15. Layers and Protocols
Since the layers of the OSI reference model do not match the
TCP/IP layers exactly we
need to modify how we think about the OSI layers in the context
of TCP/IP. The
terminology of the OSI reference model helps us understand the
functions and divisions
between each layer. As the discussion moves to reference an
actual implementation we
need to learn about the terminology and details of that
implementation, which in this case
is TCP/IP. Numerous protocols have been listed with each layer
to familiarize you with
the layer the protocol operates at and to provide a sense for the
number of protocols there
are. These are a sampling of the protocols.
Credit to TCP/IP Network Administration by O’Reilly for
assistance in organizing thoughts and
some diagrams.
Application Layer: User accessed programs and processes are
accessed from this layer. In
16. TCP/IP any application that occurs above the transport layer is
an application. Any
program a user directly interacts with, as well as various
services a user may not be aware
of (i.e. daemons, services) is at this layer.
Note – some applications are associated with well-known port
numbers to establish host
to host communications using TCP/IP. The port numbers for
some of the sample
applications are included below.
Examples of application protocols:
- Port 25
– HyperText Transfer Protocol – Port 80
– HyperText Transfer Protocol Secure
– Ports 161 and 162
TP – Ports 20 and 21
– Port 23
- Mail delivery
– Secure shell
17. Presentation Layer: How data is represented needs to agreed to
by cooperating
applications. Applications typically take care of this job in
TCP/IP; however there is
standardization around various presentation protocols (i.e.
MIME, TIFF, JPEG).
Examples of presentation protocols:
– American Standard Code for Information
Interchange
– Extended Binary-Coded Decimal Interchange
Mode
FF – Tagged Image File Format
– Joint Photo Experts Group
– Motion Picture Experts Group
– Musical Instrument Digital Interface
– Graphic Interchange Format
Session Layer: There is no separately identifiable session layer
18. in the TCP/IP protocol
hierarchy. That is not to say session functions do not exist in
TCP/IP as they certainly do.
In TCP/IP session management for the most part occurs at the
TCP/IP layer. The
mechanisms used for session communication in TCP/IP are
called ports and sockets.
Some protocols that are considered session layer protocols are:
– Network File System
– Structured Query Language
– Remote Procedure Call
Transport Layer: Much of the discussion around TCP/IP occurs
at the transport layer. It
is important to note that in TCP there are two transport
services: TCP and UDP. TCP
provides a connection based, reliable, guaranteed data delivery
across the network. UDP
(User Data Protocol) provides an unreliable, connectionless
protocol. UDP has little
protocol overhead so it is very efficient. For sending short
amounts of information very
19. quickly UDP may be preferred. If information is dropped or lost
during transmission it is
easier to resend the data than to set up a TCP connection.
Between the two protocols there is different terminology used to
describe the data that is
transmitted. Note the differences are at the application and
transport layers.
Examples of Transport layer protocols:
– Transmission Control Protocol. Connection-oriented,
full-duplex,
guaranteed delivery, unit of transmission is called TCP Segment
– User Datagram Protocol. Connectionless, no
guaranteed delivery ,
minimal overhead, unit of transmission is called UDP Packet
Network Layer: This layer manages connections across the
network. It isolates the upper
level protocols from the details of the underlying network. In
TCP/IP this function is
20. implemented by IP (Internet Protocol), It takes care of IP
addressing and routing the data
from network to network.
Examples of Network Layer Protocols:
– Connectionless, 32-bit/4 byte address
– 128 bit/16 byte address. More security features than
IPv4.
– Internet Control Message Protocol – Used by IP and
other connectionless
protocols to detect and react to transmission errors. ICMP used
to: report
network/routing failures; test node reachability; increase
routing efficiency
(informs routers of better routes; and informs source when
datagram has exceeded
time to exist.
– Routing Information Protocol – Internal routing
protocol within an AS.
Decides based on number of hops, doesn’t consider line
utilization or bandwidth.
– Open Shortest Path First – Internal routing protocol
within an
autonomous system
21. – Border Gateway Protocol – Exterior routing protocol
between autonomous
systems
Stream
Segment
Datagram
Frame
Message
Packet
Datagram
Frame
TCP UDP
Application layer
Transport layer
Internet layer
Network Access
layer
– Internet Group Management Protocol – allows hosts
to participate in
22. multicasting.
– The most secure tunneling protocol. Is an integrated
part of IPv6 and add-
on for IPv4.
– Simple Key Exchange for IP
– Internet Key Exchange
– Internetwork Packet Exchange Protocol
Data Link Layer: The reliable delivery of data across the
physical network is handled by
the data link layer. IP tends to make use of existing data link
protocols.
– MAC Layer
– MAC Layer
– MAC Layer
– Serial Line Internet Protocol
– Point-to-Point Protocol (replaced SLIP) – encapsulates
to go across serial
lines. Not routable over Internet. Has header & data
compression, error
correction, different auth protocols, and encapsulates more than
IP. Uses PAP,
23. CHAP, or EAP to authenticate to Net Access Server (NAS).
– Address Resolution Protocol - IP passed down from
upper layers, DL
needs to resolve it into a MAC (hardware) address in order to
put into the MAC
address in the header portion of the frame. ARP broadcasts a
frame with the IP in
it, the one with that IP address responds with its MAC.
Addresses are cached in
ARP table. ARP Poisoning – type of masquerade, alter ARP
table to point to
attacker’s own MAC.
– Reverse Address Resolution Protocol. Used by
diskless machines to get
IP address. Booting system broadcasts a RARP with its MAC
address, and RARP
Server responds with an assigned IP.
– Enhancement to RARP. In addition to IP address,
BOOTP server also
provides diskless workstation with its DNS server address, and
default gateway
address.
– Dynamic Host Configuration Protocol
– Layer 2 Forwarding
24. – Layer 2 Tunneling Protocol (typically services are
combined IPsec)
–
– Integrated Services Digital Network
–
– Synchronous Data Link Control
– Link Access Procedure
– Link-Access Procedure-Balanced
– High-Level Data Link Control, extension of SDLC,
encapsulation used
in X.25
– Password Authentication Protocol
– Challenge Handshake Protocol
- Extensible Authentication Protocol
Physical Layer: This layer defines the physical characteristics
of the equipment needed to
25. carry signals across the communications/network system.
Examples of protocols and standards that operate at this layer
are:
– High Speed Serial Interface
Encapsulation of data
As in the OSI reference model data is passed down the stack
when being sent to the
network. When it is received it is passed up the stack. To show
how data is actually
passed we will use the TCP/IP layers since it represents an
actual implementation.
Consider the example where Machine 1 at the application level
creates data. It passes the
data to the layer below it (transport layer). The transport layer
creates its data and
encapsulates the data from the application data and passes it to
the internet layer. This
26. process continues down the protocol stack on machine 1 by the
internet layer passing the
data down to the network access layer. Once the network access
layer is reached the data
is transmitted on the network to Machine 2.
When Machine 2 receives the data it is at the lowest layer in the
protocol stack. The
lower level deals with the network access protocol data from the
sending machine
(Machine 2) and unwraps (removes the encapsulating protocol)
and passes the remaining
data to the layer above it which is the internet layer. The
internet layer unwraps (removes
the encapsulating protocol) and passes the remaining data to the
layer above it (Transport
layer). This continues up the protocol stack on Machine 2 by the
Transport layer
unwrapping its data and passing the remaining data to the
Application layer.
27. One of the elegant features of the protocol stack is how the
protocols are nested for
transmission. Each layer has its own independent structures.
Conceptually, a layer is not
aware of the data used in the adjacent layers (layers above or
below it). Each layer has its
own data structures, and there own terminology for describing
the data structure. This is
all described in the RFC standards for each protocol.
Data is encapsulated by the layer by placing a “header” in front
of the data it is
transmitting. The header makes the data understandable to that
layer. For any given layer
the data structure consists of a header and data. As you move
down the stack headers are
added in front of the data. As you move up the stack the header
for a given layer is
“removed” yielding the “data” which is passed back up the
stack. Of course the next layer
in the stack is interpreting that “data” as a “header” followed by
“data”.
Machine 1 Machine 2
29. OSI stack. Typical
encryption models are “end to end” encryption and “link level”
encryption. It is
worthwhile to differentiate the implications of encrypting at the
various levels.
Following is a diagram credited to: Encryption in relation to the
protocol layers (Source:
based on King and Newson, 1999, p. 104). This diagram
provides a clear picture of
where encryption occurs in the protocol stack.
Data
Data
Data
Data
Header
Header Header
Header Header Header
Application Layer
Transport Layer
30. Network Access Layer
Internet Layer
Send Receive
End-to-End Encryption
End-to-end encryption is also known as application layer
encryption. Encryption is
implemented at the highest layer of the OSI stack. A protocol
example of end-to-end
encryption is the sending and receiving of encrypted email
using services such as PGP or
S/MIME. Other examples of end-to-end encryptions are
applications such as: SHTTP
(secure hypertext transfer) or SET (Secure Electronic
Transactions). You could think of
this as encryption occurring between processes. With
application layer encryption the
routing information is not encrypted. Since the encryption
occurs at the highest protocol
layer as the data is passed down the stack to lower layers
routing information is
31. prepended to support routing between intermediate hosts. The
routing information is not
encrypted and therefore exposed to an attacker. Therefore,
while the data is encrypted,
the traffic pattern is not encrypted and could be captured and
analyzed by an
eavesdropper.
With end-to-end encryption keys must be exchanged by each
pair of application users.
This is in contrast to link layer encryption where encryption
keys are exchanged between
hosts. The number of encryption keys for distribution and
management is an area of
concern.
Transport/Network Encryption
With IPsec encryption occurs at the Network and IP layers of
the stack. With IPsec
security associations can be set up between hosts and devices
with IP addresses and port
numbers. This permits a more granular policy than link layer
encryption. While the end-
points in Transport/Network encryption are not as wide as
32. Application encryption it is
considered in the above diagram as end-to-end encryption.
Link Layer Encryption
Link layer encryption occurs at both ends (incoming and
outgoing) of each
communications link such as a frame relay switch or a router.
This provides a high level
of security but it does require a lot of encryption devices. Since
the message is decrypted
each time it enters an encryption device there is a window the
data is exposed to
eavesdroppers before the data is re-encrypted for the next hop.
When sending data across
the internet the user has no control over the security
implemented at various hosts (hops)
along the route. For intranets or extranets link layer encryption
may be adequate since the
infra-structure is under the management and control of the
organization but when
information is sent outside an organization link layer encryption
may not be adequate.
33. Often, both end-to-end and link layer encryption are combined
for additional protection.
With end-to-end encryption the user data is encrypted with
encryption keys known only
to the sender and receiver at the application layers. Each data
frame is then encrypted
with encryption keys shared by adjacent devices or hosts for
sending to the next
device/host. By implementing both techniques the application
message is never in
plaintext until it reaches its destination. Using both encryption
techniques does provide a
small window of opportunity for an eavesdropper when the
frame header is in decrypted
within the frame switch or router.
Telecommunications, Network and Internet Security
34. Week7 Part1-IS
RevisionSu2013
Telecommunications, Network and Internet Security
The topics in this lesson cover several areas in the domain of
information security. Much
of material in this lesson is a framework for Information
Security, however presenting it
at this point has afforded us the opportunity to build up a base
of knowledge covering
various topics from a more pragmatic perspective.
This lesson will provide some architectural framework around
the concepts we have
discussed so far and also provide essential concepts for further
learning of Information
Security concepts.
Open Systems Interconnection (OSI) Reference Model
Data communications and network technology is very complex.
They consist of
numerous functions and protocols that describe the actions and
interactions that go on in
35. a network.
The OSI reference model provides a model that neatly divides
the network into layers.
The OSI reference model provides a universally accepted model
for discussing
communication functions. By dividing the functions into layers
the complexity of the
entire communications/network model is “simplified”
(relatively speaking). Each layer
consists of the functions and protocols implemented at that
layer. Any given layer
implements numerous functions and protocols.
Definition:
Protocol: An agreed upon set of rules for communicating.
The layers functionally build on one another. That is, an upper
layer relies on the services
and protocols of a lower layer. The stacked layers are
commonly referred to as the
protocol stack (general term) or IP stack (example of a specific
stack). There are seven
36. layers in the OSI reference model. The layers are defined in
descending order from
highest to lowest.
Number Name Description
7 Application Various application programs
6 Presentation Services to present data to applications
5 Session Manages sessions between applications. Establishing
connections and terminating sessions.
4 Transport Provides end to end delivery of data
3 Network Manages data addressing and delivery between
networks
2 Data Link Provides reliable data communication across
physical
link
1 Physical Defines physical characteristics of network media
When two machines communicate with one another the
37. respective layers on each
machine communicate with one another. That is, the same layer
on each machine
understands the protocols for that layer. For example,
application data layers on one
machine can understand application data layers on another
machine since they use the
same protocols. The following is a logical view of how each
machine understands the
protocols from the respective layer on the other machine.
Standards Committees
The OSI reference model is a reference model. In other words it
is used as a reference to
simplify the understanding of what occurs in a network and
communications model. Of
equal importance to the functions that occur at each layer in the
protocol stack is how
each layer in the protocol stack interfaces to the layer above and
below it.
There was a time when manufacturers developed their own
proprietary interfaces.
Allowing a competitor to easily interface to their hardware or
38. software was not a priority.
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
Machine 1 Machine 2
39. Logical View of Communication between Protocol Layers
In fact, the more difficult it was for a competitor the better
since it meant the customer
would look to a single supplier for a complete solution. This is
no longer acceptable
practice. Customers want systems that adhere to standard
interfaces. They want to be able
to choose between various manufacturers and mix and match
components that are
tailored to their requirements.
Proprietary interfaces are still developed by manufacturers so
that their specialized
hardware and software can be optimized to their environment.
However standard
interfaces must also be provided, and not as an afterthought.
They must be an integral
part of the implementation which is fully documented, tested
and supported.
It should be noted that when a new technology is brought to the
market that first
implementation has a significant advantage in establishing the
40. standards. Subsequent
implementations by various companies will undoubtedly
influence the standards, but the
first to the market with a good idea usually has a distinct
advantage since they gain
market share (and influence) and they often represent the
leading authority on the
technology.
Discussion: There was a time when many operating systems
were completely
proprietary. To use a third party device required opening up
source code to
understand how a device driver could be written for a “non-
standard device”. I
recall working on problems in the 1960s and 1970s developing
on-line interfaces
to various photo composition machines (fore runners of today’s
laser and inkjet
printers). The interfaces for writing a device driver in the
operating system code
were not cleanly delineated and over time customers demanded
that operating
systems open their source code so third party manufacturers
41. could implement to
various operating system interfaces so devices would work “out
of the box” with
minimal problems.
By having well defined interfaces between the layers different
manufacturers can
implement hardware and software that work together. The well
defined protocols are
published in standards. Standards committees are comprised of
representatives from
various companies throughout the communications, network and
computing industry
worldwide. The protocols are developed and standards
documents are published that
document the protocols. As the protocols are used problems are
found which result in the
protocols being modified in stepwise refinement. As changes
are made revised standards
are issued for review. When approval is reached a new version
of the standard is issued.
The world of network and communications technology has a
huge number of standards
42. and protocols. The standards committees are made up from
experts in the various
technologies from industry, government and academia. The
representatives are from
throughout the world since communications standards must span
international borders. If
you are thinking of developing anything you need to first check
the body of standards to
see what is already available.
Some of the standards organizations are:
P (Federal Information Processing Standard) from the NIST
(National Institute
of Standards and Technology).
Standardization
Sector (ITU-T)
43. TCP/IP
The OSI reference model is an idealized model that neatly
breaks down communications
and networks technology into functional layers with sharp well
defined interfaces
between each layer. The model provides useful abstractions to
help to organize your
thinking without being “burdened” by the details of an actual
implementation.
When design moves to implementation the details need to be
considered. There are
several implementations of networks that used the OSI reference
as a model. Digital
Equipment Corporations DECnet and Novell Networks are two
implementations that
made use of OSI reference model.
The dominant networking protocols used today is TCP/IP
(Transmission Control Protocol
– Internet Protocol).
There is not a consensus on how the TCP/IP protocol stack
maps to the OSI reference
44. model. Following are two different mapping between the OSI
reference model layers and
the layers in the TCP/IP implementation:
Example 1:
OSI
Reference
Model Layer
OSI Layer Equivalent TCP/IP layer
7, 6 , 5 Application, Presentation,
Session,
Application
4 Transport Transport
3 Network Network
2 Data Link Data Link
1 Physical Physical
45. Example 2:
OSI
Reference
Model Layer
OSI Layer Equivalent TCP/IP layer
7, 6 , 5 Application, Presentation,
Session
Application
4 Transport Host to Host Transport
3 Network Internet
2, 1 Data Link, Physical Network Access Layer