Skip to main content

Computer Systems Security Planning for Success

Dr. Jan Pearce, Editor

Section 4.1 Network Access Layer

A protocol is a set of rules. Protocols in computing are typically thorough rules that dictate communication. A protocol may include information about the syntax used, error correction, synchronization, or any other aspect of how communication occurs in the context of that situation. In computer security it is important to have a thorough understanding of common protocols as their weaknesses often determine how and if an attack will occur. Protocols exist for both hardware and software and have been developed via individuals and organizations. Early networking protocols were often developed on mailing lists using Requests for Comments (RFCs). You may still see RFCs being crafted, referred to, or actively worked on. Some of the earliest web protocols are detailed in RFCs.
 1 
datatracker.ietf.org/doc/html/rfc2616
More often than not, large protocols have working groups and associations developing, such as the 802.11 group at the Institute of Electrical and Electronics Engineers (IEEE)
 2 
www.ieee.org/
which handles WiFi protocols. These groups publish papers detailing how the protocols work.
🔗
This chapter will give a brief description of important protocols following the TCP/IP layering model. It is important to note that some of these protocols may reach across layers to accomplish tasks. In this case they will be grouped according to which layer they largely function within.
🔗

Subsection 4.1.1 The OSI Model

The Open Systems Interconnection (OSI) model describes.
🔗
🔗

Subsection 4.1.2 ARP

Address Resolution Protocol (ARP) is used on the local ethernet segment to resolve IP addresses to MAC addresses. Since this protocol functions at the ethernet segment level, security was not a primary concern. Unfortunately this means that ARP communications can be easily spoofed to cause a MitM scenario. A malicious actor simply sends out several ARP packets, gratuitous ARP, saying that traffic for a certain IP address should be sent to them. Since the MAC to IP address table is cached in several places, it can take a long time for all the caches to invalidate and resolve an issue caused by malicious ARP frames.
🔗
There is a protocol designed to mitigate the issues with ARP. Dynamic ARP Inspection (DAI) reaches across layers to work with the DHCP lease database and drop packets that are not using the MAC address used when a DHCP lease was granted. While this can solve many of the issues associated with ARP it is also a good practice to use secure higher-level protocols such as HTTPS just in case.
🔗
🔗

Subsection 4.1.3 Wifi

The Wifi protocols we are most concerned with are the security standards used to encrypt data. By the nature of a wireless protocol, information sent on the network is available to anyone with an antenna. These Wifi security standards are the only thing protecting your network traffic from being viewing by anyone within your transmitting range. There are currently four standards:
🔗
  • Wireless Equivalent Privacy (WEP) is depreceated and should not be used. It was developed in 1999 and uses an RC4 stream and 24-bit encryption. Several attacks have been developed that can crack WEP within a matter of seconds.
    🔗
    🔗
  • Wifi Protected Access (WPA) utilized Temporal Key Integrity Protocol (TKIP) to change the keys being used. This 128-bit encryption method has also been cracked and the protocol should not be used.
    🔗
    🔗
  • Wifi Protected Access 2 (WPA2) makes use of AES encryption and is currently the most popular standard. WPA2 is still considered secure.
    🔗
    🔗
  • Wifi Protected Access 3 (WPA3) was developed in 2018 and is currently considered state-of-the-art. Many networks are beginning the transition from WPA2 to WPA3.
    🔗
    🔗
🔗
You have attempted 1 of 1 activities on this page.
🔗
PrevTopNext