Most things in life are standardized. Without a general standardization, things tend to fall into disarray. For instance, imagine Earth’s population only spoke one language - wouldn’t that be the most efficient course of action? But as luck would have it, we have multiple languages spanning many countries. Obviously, this creates a few problems when trying to communicate between languages. We use TCP/IP to standardize the way computers talk to each other, and as you’ll find out, it is also the means by which malicious attacks can be carried out.
A Military-Grade Solution for a Simple Problem
TCP/IP, or Transmission Control Protocol/Internet Protocol, is just a set of rules. This is much like commas, periods, and capitalization in English. TCP/IP will enable two or more computers to communicate based on standardized rules. These rules are actually called protocols.
This suite of protocols that TCP/IP offers isn’t the only breed of its kind. In fact, TCP/IP was invented in the late 1960’s by the United States Government. Before this period, computers were often connected with direct connections. If one computer happened to go down, the entire network would be compromised. The military’s lead on networking capability quickly caught on, as universities and other large networks had a strong need for such reliable networking capability as well.
The most popular suite of protocols is without a doubt TCP/IP, but IPX/SPX and AppleTalk do own a share of the market. IPX/SPX, known as Internetwork Packet Exchange/Sequenced Packet Exchange, was used by Novell in the company’s younger years. AppleTalk, as you may have guessed, is used by Apple for its Macintosh line of computers. These two protocols are being used less and less as time goes on for one simple reason: TCP/IP has already gained a majority of the market. Think about it: would you want to buy a computer that could only talk to several other computers? No! As time goes on, expect to see a vast majority of all computers using the TCP/IP model.
The Inner Workings of TCP/IP
Every protocol in TCP/IP operates on a specific layer. Imagine each layer as a category that we use simply to better troubleshoot, understand, and teach how the TCP/IP model works. This particular model has four distinct layers:
The Network Interface Layer
The network interface layer is the most basic layer of them all. This is simply how we transport the information. We can use satellites, coaxial cabling, Ethernet, fiber optic cable, and a multitude of other transportation means. When troubleshooting broken networks, this is where the problem is usually hiding. (Unplugged cords, wrong connections, interference, and so on.)
The Internetwork Layer
Every single computer connected to the internet has a unique address - just like your home address. If we had two computers with the same address, sending and receiving information to one of the two would be impossible. We call these addresses your IP address. This address obviously must be unique in order to communicate with other computers - and the Internet Layer makes sure of this. We will go into more detail with IP addressing very soon. For now, we have two more layers to understand.
The Transport Layer
The transport layer is responsible for making sure that the information being sent is received. If it isn’t the proper request to resend the data is initiated. This layer of the model also ensures that if the data being sent is corrupt or distorted, the proper error message be displayed. (Mostly, distorted data comes from interference from radio waves - or even because the signal is “dying out”. Every cable has a maximum distance rating - if you exceed it, the data signal will start to degrade!)
The Application Layer
The application layer is probably what you are most familiar with. This is the layer that deals with actual applications and programs - such as an instant messenger or email program. This layer makes sure that the data is used by the appropriate program. Many types of firewalls are starting to go with application layer protection - since this is where the data is “whole”, and not “partial”.
Four Layers Isn’t Bad Right? Try Seven!
The TCP/IP model is easy enough to understand, but the OSI model goes into further depth in explaining what exactly is going on behind the scenes. The OSI model was created by the International Organization for Standardization, as a means of better educating everyone about how data is transmitted between computers.
Don’t worry though, because we aren’t adding anything new. Instead, we are just dividing parts of the TCP/IP model into more parts. Looking at the below model, you can see that the physical and application layer is divided into just a few more categories:
Since both of these models are the same, they also operate exactly alike. And for this reason you don’t necessarily have to learn the OSI model. It is quickly becoming standard for learning data transportation, however.
Send the Data Already!
Data isn’t sent like you think it would be. Instead of sending everything at once, we must divide data into packets. These packets, also known as a datagram, make up the actual data being sent between computers. These packets contain header information that holds information such as where they are being sent from, and where they need to go.
As you might have guessed, firewalls do most of their checks and security measures at the packet level. Firewalls have the ability to look inside each packet, and decide whether or not it will be allowed to leave or enter a specific network. This is known as packet filtering. As stated before, more and more firewalls are starting to shift towards application layer filters - which have more power, but also require more processing power to run. Think of it as inspecting an entire email message, and not just each sentence.
The TCP/IP and OSI model are good starting points in understanding how firewalls operate. Each layer of the models has a specific job and duty. We can filter information at separate layers, if needed. We can also help troubleshoot networks based on the TCP/IP and OSI models. (Remember, most networking problems are in the physical layer!)
While it isn’t exactly a jumpstart into the mechanics of firewalls, learning these models will create a foundation for learning the ins and outs of security. We will be referencing these models in later topics, so be sure to review this chapter as necessary.