Business Premise: The core idea is that network security must start with a business perspective: the purpose of communication is to exchange information and ideas to get work done. This must be the foundation for designing safe and reliable network systems.
The Six Questions: The text frames network design around six fundamental questions, inspired by Rudyard Kipling's "Six Wise Men": Who, What, Where, Why, When, and How. These questions should be answered by an organization's security policies to guide network architecture.
Network Models: It introduces the two most common network architecture models:
TCP/IP Model: The standard model used on the internet, developed by the Internet Engineering Task Force (IETF).
OSI 7-Layer Model: A conceptual model developed by the International Organization for Standardization (ISO).
Shared Concepts: Both models share similar goals, such as providing reliable communication, isolating functions into layers, using packets, and being scalable and resilient.
Protocol Stacks: The text describes the concept of a protocol stack, where functions are layered on top of each other. It notes that data is encapsulated (or "wrapped") as it moves down the layers of the stack, with each layer adding its own address and control information.
Layer Differences: A key distinction is made between the top three layers (Application, Presentation, and Session in the OSI model) and the lower layers. The text states that the top layers do not encapsulate data in the same way as the lower layers. It also points out that the data portion of a packet picks up new names as it is encapsulated at different layers (e.g., segment, packet, frame).
The text doesn't pose a direct question, but rather provides a detailed context for understanding the foundational principles of network security and the role of the TCP/IP and OSI models.
TCP/IP vs. OSI Model
Both models are conceptual frameworks that describe how data is transmitted over a network. They break down the complex process into smaller, more manageable layers, with each layer performing a specific function.
TCP/IP Model (4 or 5 layers): This is the practical, a de facto standard for internet communication. It is a more compact model that combines some of the OSI layers.
Application Layer: Combines the OSI's Application, Presentation, and Session layers. It's where user applications and services interact with the network (e.g., HTTP, FTP, SMTP).
Transport Layer: Manages end-to-end communication, ensuring reliable data delivery (e.g., TCP, UDP).
Internet Layer: Handles logical addressing and routing of packets across networks (e.g., IP).
Link Layer: Combines the OSI's Data Link and Physical layers. It's responsible for physical transmission of data between devices on the same network segment.
OSI Model (7 layers): A more theoretical, comprehensive model used for teaching and understanding network concepts.
Layer 7: Application - Provides an interface for user applications.
Layer 6: Presentation - Handles data formatting, encryption, and compression.
Layer 5: Session - Establishes and manages communication sessions.
Layer 4: Transport - Provides reliable data transfer between hosts.
Layer 3: Network - Manages logical addressing and routing.
Layer 2: Data Link - Handles physical addressing and error checking.
Layer 1: Physical - Deals with the physical transmission medium (cables, wireless signals).
Data Encapsulation and Protocol Data Units (PDUs)
The text correctly highlights the concept of encapsulation, which is crucial to understanding how network protocols work. As data moves down the protocol stack, each layer adds a header (and sometimes a footer) with control information. This entire package of data and headers is called a Protocol Data Unit (PDU), and it changes its name at each layer:
Application Layer (L7): Data
Transport Layer (L4): Segment (TCP) or Datagram (UDP)
Network Layer (L3): Packet
Data Link Layer (L2): Frame
Physical Layer (L1): Bits
This process is reversed during de-encapsulation as the data travels up the stack on the receiving end, with each layer stripping off its corresponding header until the original data is presented to the application.
No comments:
Post a Comment