Network Layer Protocols and Known Security Issues
The network layer controls the operation of the subnet. A key design issue is determining how packets are routed from source to destination. Routes can be based on static tables that are ‘‘wired into’’ the network and rarely changed, or more often they can be updated automatically to avoid failed components. They can also be determined at the start of each conversation, for example, a terminal session, such as a login to a remote machine. Finally, they can be highly dynamic, being determined anew for each packet to reflect the current network load. If too many packets are present in the subnet at the same time, they will get in one another’s way, forming bottlenecks. Handling congestion is also a responsibility of the network layer, in conjunction with higher layers that adapt the load they place on the network. More generally, the quality of service provided (delay, transit time, jitter, etc.) is also a network layer issue. When a packet has to travel from one network to another to get to its destination, many problems can arise. The addressing used by the second network may be different from that used by the first one. The second one may not accept the packet at all because it is too large. The protocols may differ, and so on. It is up to the network layer to overcome all these problems to allow heterogeneous networks to be interconnected. In broadcast networks, the routing problem is simple, so the network layer is often thin or even nonexistent.
The network layer is the third level of the Open Systems Interconnection Model (OSI Model) and the layer that provides data routing paths for network communication. Data is transferred in the form of packets via logical network paths in an ordered format controlled by the network layer.
Logical connection setup, data forwarding, routing and delivery error reporting are the network layer’s primary responsibilities.
Network Data Unit
A network packet is a formatted unit of data carried by a packet-switched network. A packet consists of control information and user data, which is also known as the payload. Control information provides data for delivering the payload, for example: source and destination network addresses, error detection codes, and sequencing information. Typically, control information is found in packet headers and trailers.
Main Security Issues
- Information Gathering (Scanning)
- Routing Table Poisoning
- IP Spoofing
- Denial of Service (DoS)
- Remote Code Execution (Protocol CVE)
Network protocols provide what are called “link services”. These protocols handle addressing and routing information, error checking, and retransmission requests. Network protocols also define rules for communicating in a particular networking environment such as Ethernet or Token Ring.
- CLNS, Connectionless-mode Network Service
- DDP, Datagram Delivery Protocol
- EGP, Exterior Gateway Protocol
- EIGRP, Enhanced Interior Gateway Routing Protocol
- ICMP, Internet Control Message Protocol
- IGMP, Internet Group Management Protocol
- IPsec, Internet Protocol Security
- IPv4/IPv6, Internet Protocol
- IPX, Internetwork Packet Exchange
- OSPF, Open Shortest Path First
- PIM, Protocol Independent Multicast
- RIP, Routing Information Protocol
Network Layer OpSec
This is quite in-depth and will be posted in a special blog on securing later 3.