TCP and IP are two of the main protocols that make up all modern networks. The Internet Protocol is responsible for routing information across networks while the Transmission Control Protocol provides guaranteed delivery of content. In this video, learn how the components of the TCP/IP stack combine to facilitate network communications.
- [Instructor] We use networks every day but don't often pause to reflect on what is happening under the covers to make those networks function properly. As we begin our exploration of network security, let's first talk about the basics of networking and a set of protocols known as TCP/IP. TCP/IP is an acronym that stands for Transmission Control Protocol/Internet Protocol. TCP and IP are two of the main protocols that make up all modern networks.
The Internet Protocol is responsible for routing information across networks. The name is a little deceiving because it's not just used on the internet. It's also used on the network in your home or office. The main responsibilities of the Internet Protocol are providing and addressing scheme, known as IP addresses, that uniquely identify computers on a network, and delivering information in chunks, known as packets, from their source to the correct destination. IP is what's known as a network layer protocol.
It supports other transport layer protocols that have higher-level responsibilities. The two main transport layer protocols are the Transmission Control Protocol, TCP, and the User Datagram Protocol, UDP. TCP is responsible for the majority of internet traffic. It is a connection-oriented protocol, meaning that it establishes connections between two systems before transferring data. TCP is also a reliable protocol that guarantees delivery by having the destination system acknowledge receipt of every packet.
TCP's reliability makes it widely used for applications that require this guaranteed delivery, such as email and websites. Because TCP is a connection-oriented protocol, systems must go through a handshaking process to create a connection before transmitting data. This process is known as the three-way handshake. TCP packets include special flags that identify packets used in this handshaking process. The SYN flag, S-Y-N, identifies packets that are requesting a new connection.
The FIN, F-I-N, flag, identifies packets that are requesting the closure of an existing connection. And the ACK, A-C-K, flag, is used to acknowledge a SYN or FIN request. Let's look at the three-way handshake process in more detail. In the first step, the system originating the connection sends a packet with a SYN flag set. This indicates that it would like to open a connection to the destination system. The destination system receives this packet and replies with another packet that does two things.
It acknowledges the original connection request and then asks to open a reciprocal connection in the other direction. This packet has both the SYN and ACK flag set and is known as the SYN/ACK packet. Finally, the original system receives the SYN/ACK packet and sends a final ACK to the destination system, completing the reciprocal connection. Once the three-packet sequence completes, the connection is open and the systems may begin exchanging data.
The User Datagram Protocol, UDP, on the other hand, is a much more lightweight protocol that doesn't use this three-way handshake because it is not connection-oriented. Systems basically send data off to each other blindly, hoping that it is received on the other end. UDP does not perform acknowledgments and therefore cannot guarantee delivery. UDP is often used for applications like voice and video, where guaranteed delivery is not essential. Many networking theorists describe these protocols using a model known as the Open Systems Interconnection, or OSI, model.
This model describes networks as having seven different layers. The first layer, the physical layer, is responsible for sending bits over the network using wires, radio waves, fiber optics, and other means. The second layer, the data link layer, transfers data between two nodes connected to the same physical network. The third layer, the network layer, expands networks to many different nodes. The Internet Protocol works at this layer. The fourth layer, the transport layer, creates connections between systems and transfers data in a reliable manner.
TCP and UPD are examples of transport layer protocols. The fifth layer, the session layer, manages the exchange of communications between systems. The sixth layer, the presentation layer, translates data so that it may be transmitted on a network. This layer describes how to represent a character in terms of bits and performs both encryption and decryption. The seventh layer, the final application layer, determines how users interact with data using web browsers and other client applications.
In addition to the OSI model, CISSP candidates must be familiar with the TCP network model. The creators of the TCP/IP network stack developed this model as they attempted to actually implement the more theoretical OSI model. Like the OSI model, the TCP model uses layers to describe different parts of a network communication, but it does so using fewer layers. The physical layer and data link layer of the OSI model are replaced by a single network interface layer in the TCP model.
The OSI's network layer is simply renamed as the internet layer in the TCP model, while the OSI's transport layer retains the same name in the TCP model. At the top of the stack, three layers from the OSI model are combined with the OSI model session layer, presentation layer, and application layer combined into a single application layer in the TCP model. You won't hear much about these network models in practice because they are rarely used and are difficult to map to real-world networks, but you must understand the layers of both models because they are covered on the CISSP exam.
Looking for study partners?Join the CISSP Exam study group
The Certified Information System Security Professional (CISSP) certification is an important component of any security professional's resume, and is a requirement for many top jobs. In this course, prepare for the fourth domain of the exam: Communications and Network Security. Instructor and cybersecurity expert Mike Chapple goes over TCP/IP networking, network security devices, and secure network design. Mike also includes coverage of specialized networking, network attacks, wireless networking, and more. The CISSP exam domains can be found here.
- How IP addresses are assigned and managed
- Multilayer protocols
- VPNs and VPN concentrators
- Designing secure networks
- Firewall management techniques
- Maintaining network availability
- Software defined networking (SDN)
- Port isolation
- Network attacks
- How Wi-Fi networks function
- WPA, WPS, and propagation attacks
- Host-based network security control