WK2 Introduction to Network Protocols

Question 1

Network Protocols

Answer 1

Network protocols are a set of rules used by two or more devices on a network to describe the order of delivery and the structure of the data.

Network protocols serve as instructions that come with the information in the data packet. These instructions tell the receiving device what to do with the data. Protocols are like a common language that allows devices all across the world to communicate with and understand each other.

Even though network protocols perform an essential function in network communication, security analysts should still understand their associated security implications. Some protocols have vulnerabilities that malicious actors exploit. For example, a nefarious actor could use the Domain Name System (DNS) protocol, which resolves web addresses to IP addresses, to divert traffic from a legitimate website to a malicious website containing malware. You’ll learn more about this topic in upcoming course materials.

Question 2

Scenario to demonstrate a few different types of network protocols and how they work together on a network.

Transmission Control Protocol (TCP)

Answer 2

Say you want to access your favorite recipe website. You go to the address bar at the top of your browser and type in the website’s address. For example:

www.yummyrecipesforme.org. Before you gain access to the website, your device will establish communications with a web server.

That communication uses a protocol called the Transmission Control Protocol, or TCP. TCP is an internet communications protocol that allows two devices to form a connection and stream data.

Question 3

Scenario to demonstrate a few different types of network protocols and how they work together on a network.

TCP Handshake

Answer 3

TCP also verifies both devices before allowing any further communications to take place. This is often referred to as a handshake. Once communication is established using a TCP handshake, a request is made to the network.

Using our example, we have requested data from the Yummy Recipes For Me server. Their servers will respond to that request and send data packets back to your device so that you can view the web page.

Question 4

Scenario to demonstrate a few different types of network protocols and how they work together on a network.

Data Packets

Answer 4

A data packet is a unit of data made into a single package that travels along a given network path.

As data packets move across the network, they move between network devices such as routers.

Question 5

Scenario to demonstrate a few different types of network protocols and how they work together on a network.

The Address Resolution Protocol (ARP)

Answer 5

The Address Resolution Protocol, or ARP, is used to determine the MAC address of the next router or device on the path. This ensures that the data gets to the right place. Now the communication has been established and the destination device is known, it’s time to access the Yummy Recipes For Me website.

Question 6

Scenario to demonstrate a few different types of network protocols and how they work together on a network.

The Hypertext Transfer Protocol Secure, or HTTPS

Answer 6

The Hypertext Transfer Protocol Secure, or HTTPS, is a network protocol that provides a secure method of communication between client and website servers.

It allows your web browser to securely send a request for a webpage to the Yummy Recipes For Me server and receive a webpage as a response.

Question 7

Scenario to demonstrate a few different types of network protocols and how they work together on a network.

Domain Name System (DNS)

Answer 7

Next comes a protocol called the Domain Name System, or DNS, which is a network protocol that translate internet domain names into IP addresses. The DNS protocol sends the domain name and the web address to a DNS server that retrieves the IP address of the website you were trying to access, in this case, Yummy Recipes For Me. The IP address is included as a destination address for the data packets traveling to the Yummy Recipes For Me web server.

So just by visiting one website, the device on your networks are using four different protocols: TCP, ARP, HTTPS, and DNS.

But how do these protocols relate to security? Well, on the Yummy Recipes For Me website example, we used HTTPS, which is a secure protocol that requests a webpage from a web server. HTTPS encrypts data using the Secure Sockets Layer and Transport Layer Security, otherwise known as SSL/TLS. This helps keep the information secure from malicious actors who want to steal valuable information.

Question 8

3 Categories of Network Protocols

1. Communication Protocols

Answer 8

Communication protocols govern the exchange of information in network transmission. They dictate how the data is transmitted between devices and the timing of the communication. They also include methods to recover data lost in transit. Here are a few of them.

Transmission Control Protocol (TCP)
User Datagram Protocol (UDP)
Hypertext Transfer Protocol (HTTP)
Domain Name System (DNS)

Question 9

3 Categories of Network Protocols

1. Communication Protocols

Transmission Control Protocol

Answer 9

Transmission Control Protocol (TCP) is an internet communication protocol that allows two devices to form a connection and stream data. TCP uses a three-way handshake process. First, the device sends a synchronize (SYN) request to a server. Then the server responds with a SYN/ACK packet to acknowledge receipt of the device’s request. Once the server receives the final ACK packet from the device, a TCP connection is established. In the TCP/IP model, TCP occurs at the transport layer.

Question 10

3 Categories of Network Protocols

1. Communication Protocols

User Datagram Protocol (UDP)

Answer 10

User Datagram Protocol (UDP) is a connectionless protocol that does not establish a connection between devices before a transmission. This makes it less reliable than TCP. But it also means that it works well for transmissions that need to get to their destination quickly. For example, one use of UDP is for internet gaming transmissions. In the TCP/IP model, UDP occurs at the transport layer.

Question 11

3 Categories of Network Protocols

1. Communication Protocols

User Datagram Protocol (UDP)

Answer 11

User Datagram Protocol (UDP) is a connectionless protocol that does not establish a connection between devices before a transmission. This makes it less reliable than TCP. But it also means that it works well for transmissions that need to get to their destination quickly. For example, one use of UDP is for internet gaming transmissions. In the TCP/IP model, UDP occurs at the transport layer.

Question 12

3 Categories of Network Protocols

1. Communication Protocols

Hypertext Transfer Protocol (HTTP)

Answer 12

Hypertext Transfer Protocol (HTTP) is an application layer protocol that provides a method of communication between clients and website servers. HTTP uses port 80. HTTP is considered insecure, so it is being replaced on most websites by a secure version, called HTTPS. However, there are still many websites that use the insecure HTTP protocol. In the TCP/IP model, HTTP occurs at the application layer.

Question 13

3 Categories of Network Protocols

1. Communication Protocols

Domain Name System (DNS)

Answer 13

Domain Name System (DNS) is a protocol that translates internet domain names into IP addresses. When a client computer wishes to access a website domain using their internet browser, a query is sent to a dedicated DNS server. The DNS server then looks up the IP address that corresponds to the website domain. DNS normally uses UDP on port 53. However, if the DNS reply to a request is large, it will switch to using the TCP protocol. In the TCP/IP model, DNS occurs at the application layer.

Question 14

3 Categories of Network Protocols

2. Management Protocols

Answer 14

The next category of network protocols is management protocols. Management protocols are used for monitoring and managing activity on a network. They include protocols for error reporting and optimizing performance on the network.

Simple Network Management Protocol (SNMP)
Internet Control Message Protocol (ICMP)

Question 15

3 Categories of Network Protocols

2. Management Protocols

Simple Network Management Protocol (SNMP)

Answer 15

Simple Network Management Protocol (SNMP) is a network protocol used for monitoring and managing devices on a network. SNMP can reset a password on a network device or change its baseline configuration. It can also send requests to network devices for a report on how much of the network’s bandwidth is being used up. In the TCP/IP model, SNMP occurs at the application layer.

Question 16

3 Categories of Network Protocols

2. Management Protocols

Internet Control Message Protocol (ICMP)

Answer 16

Internet Control Message Protocol (ICMP) is an internet protocol used by devices to tell each other about data transmission errors across the network. ICMP is used by a receiving device to send a report to the sending device about the data transmission. ICMP is commonly used as a quick way to troubleshoot network connectivity and latency by issuing the “ping” command on a Linux operating system. In the TCP/IP model, ICMP occurs at the internet layer.

Question 17

3 Categories of Network Protocols

3. Security Protocols

Answer 17

Security protocols are network protocols that ensure that data is sent and received securely across a network. Security protocols use encryption algorithms to protect data in transit. Below are some common security protocols

Hypertext Transfer Protocol Secure (HTTPS)
Secure File Transfer Protocol (SFTP)

Question 18

3 Categories of Network Protocols

3. Security Protocols

Hypertext Transfer Protocol Secure (HTTPS)

Answer 18

Hypertext Transfer Protocol Secure (HTTPS) is a network protocol that provides a secure method of communication between clients and website servers. HTTPS is a secure version of HTTP that uses secure sockets layer/transport layer security (SSL/TLS) encryption on all transmissions so that malicious actors cannot read the information contained. HTTPS uses port 443. In the TCP/IP model, HTTPS occurs at the application layer.

Question 19

3 Categories of Network Protocols

3. Security Protocols

Secure File Transfer Protocol (SFTP)

Answer 19

Secure File Transfer Protocol (SFTP) is a secure protocol used to transfer files from one device to another over a network. SFTP uses secure shell (SSH), typically through TCP port 22. SSH uses Advanced Encryption Standard (AES) and other types of encryption to ensure that unintended recipients cannot intercept the transmissions. In the TCP/IP model, SFTP occurs at the application layer. SFTP is used often with cloud storage. Every time a user uploads or downloads a file from cloud storage, the file is transferred using the SFTP protocol.

Note: The encryption protocols mentioned do not conceal the source or destination IP address of network traffic. This means a malicious actor can still learn some basic information about the network traffic if they intercept it.

Key takeaways

The protocols you learned about in this reading are basic networking protocols that entry-level cybersecurity analysts should know. Understanding how protocols function on a network is essential. Cybersecurity analysts can leverage their knowledge of protocols to successfully mitigate vulnerabilities on a network and potentially prevent future attacks.