Understanding the DoD TCP/IP Networking Model

What is the DoD Model?

The US Department of Defense (DoD) network model created to enable users to exchange data between computer systems over a wide area network (WAN).

DoD Model and TCP/IP Model

1. Network Access layer

2. Internet layer

3. Host-to-Host layer

4. Process/Application layer

OSI model

1. The Physical Layer.

2. The Data Link Layer.

3. The Network Layer.

4. The Transport Layer.

5. The Session Layer.

6. The Presentation Layer.

7. The Application Layer.

Role of Application/Process Layer and its key protocols

Enables the user (human or software) to interact with the application or network for tasks like reading messages, transferring files, or performing other network-related tasks.

Key Protocols: HTTP, SMTP, POP, FTP, HTTPS, DNS.

Role of Transport/Host-to-Host Layer and its key protocols

It determines how much data to send, where it gets sent, and at what rate.It manages end-to-end communication, ensuring reliable data transfer, error recovery, and flow control. Key protocols include TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

Role of the internet layer and key protocols

Responsible for routing data packets across different networks to reach their intended destinations.

Key Protocols: Internet Protocol (IP), Internet Control Message Protocol (ICMP), Address Resolution Protocol (ARP), IGMP (Internet Group Management Protocol)

Role of the Network Layer and key protocols

This layer determines how physical connections are set up and how bits are represented as signals.

Key Protocols: Ethernet and Wi-Fi as well as PPP (Point-to-Point Protocol), WPA2/3 security protocols for wireless networks, and STP (Spanning Tree Protocol)

TCP vs. UDP

TCP offers greater reliability by requiring acknowledgements, while UDP has faster response times and lower overheads.

Media Access Control (MAC) addressing

Unique hardware addresses set by manufacturers used to identify and communicate between devices on the same network segment.

Role of IP addresses

Identifies devices on the internet or a network, similar to physical addresses used by a post office.

Role of Subnet Masks

They are used to divide a larger network into smaller subnetworks, called subnets. Subnet masks specify which portion of an IP address refers to the network and which part refers to the host. Example: 255.255.255.0

IPv4 vs IPv6

IPv4 are 32-bit addresses, while IPv6 are 128-bit addresses

IPv6 allows for more adresses and have IPsec for built in security

Types of Tranmission media

• Twisted Pair Cables

• Fibre Optic Cables

• Coaxial Cables

• Wireless

Twisted Pair Cabling

involves two conductors twisted together to cancel out electromagnetic interference (EMI)

Fibre Optic Cables

transmit data using light pulses and offer transmission over longer distances and at higher data rates than wire cables, while being immune to EMI

Single Mode vs Multi Mode Fibres

Single-mode fibers are suited for long distances and high speeds, whereas multi-mode fibers are more cost-effective for short distances.

Coaxial Cables

has an inner conductor, insulating layer, and conducting shield, used for radio frequency signals, computer network connections, and cable television.

Wireless Technologies

use radio communication to connect network nodes without cables.

Fragmentation

The process of breaking down large packets into smaller packets for transmission.

Reassembly

The process of combining smaller packets back into a larger packet at the destination.

Network Interface Card (NIC)

Hardware that acts as the interface between a device and the network, encoding and decoding data into signals.

Public IP addresses

Are often given by an internet service provider (ISP) and assigned to your gateway device (usually a router), allowing the internet to recognize your network.

Local IP address

Every device on a local network has a unique local IP address assigned by your internal network via the router, allowing devices within your network to communicate with each other without each device needing a public IP.

Network Address Translation (NAT)

A process that allows a device needing something from outside the local network to use the LAN public IP to communicate with other networks via the router.

Modem

A device that modulates an analog carrier signal to encode digital information and demodulates it to decode transmitted information.

Transceiver

Acts as a device that converts analog signals to digital.

DSL modem

Connects a computer or router to a telephone circuit with Digital Subscriber Line service.

Router

A device that forwards data packets between telecommunications networks, effectively creating an internetwork.

Internet Layer

The layer of the DoD model responsible for routing data packets across different networks to reach their destinations.

IP addresses

Used by routers to forward packets based on routing tables.

Switch

Connects network segments or devices and processes data at the Network Access Layer of the DoD model.

Multi-port network bridge

Describes a switch that processes data at the Data Link layer in the OSI model.

Physical addressing

Involves MAC addresses and ensures reliable transmission of data frames between nodes on the same network segment.

Wireless Access Point (WAP)

Allows wireless devices to connect to a wired network using standards like Wi-Fi or Bluetooth.

IEEE 802.11

Standards supported by WAPs for sending and receiving data using radio frequencies.

Firewall

Can be implemented as hardware or software, controlling incoming and outgoing network traffic by analyzing data packets.

Software-based firewalls

Often operate at the Internet Layer of the DoD model, acting as packet filters based on established rules.

Hardware-based firewalls

Commonly operate at the Application Layer of the DoD model, working at the application level to intercept traffic for specific applications.

Multiple layers

More advanced firewalls and security appliances may operate across multiple layers of the DoD model, examining traffic based on IP addresses, port numbers, and application-specific data to identify and mitigate security threats.

Need for Preventing Unauthorised Access to a Network

Network security is needed to protect vital information while still allowing necessary access, including sensitive data like trade secrets, medical records, and financial information.

Authentication and access control

A key goal of network security is to provide authentication and access control for resources.

Prevent and monitor unauthorized access

Network security involves adopting policies to prevent and monitor unauthorized access.

Confidentiality

A core principle of computer security, ensuring that only those who are supposed to access the data can access it.

Role of Firewalls in Securing Networks

Firewalls are software and hardware devices positioned between an internal computer network and the Internet to improve system security.

Firewall rules

A network manager sets up rules for the firewall to filter out unwanted intrusions, making unauthorized access much more difficult.

Packet filters

Firewalls can operate as packet filters, allowing or blocking packets based on whether they match established rules.

Role of Operating Systems in Network Security

The operating system plays a vital role in maintaining the security within a computer system, including the security of the information it holds and the network it operates in.

Authentication

The OS provides Authentication as a protective method to ensure a user accessing a program is authorized.

Backup and Restore

The OS can provide Backup and Restore capabilities, allowing users to create copies of data, files, and folders, or even entire system image backups.

Intrusion Detection and Prevention

The OS supports Intrusion Detection and Prevention by monitoring the system for vulnerabilities and file integrity.

Prevent Viruses, Malware, and Trojans

Operating systems have inbuilt software components to help prevent viruses, malware, and Trojans from infiltrating and damaging systems.

Firewall in Operating Systems

In modern operating systems, a Firewall is often incorporated as part of the OS, controlling access to system resources based on defined policies.

Factors that Affect Network Performance

Various factors can affect network performance, including bandwidth.

Bandwidth

Bandwidth refers to the maximum amount of data that can be transmitted over a network connection in a given time, representing the capacity of the connection or channel.

Bits per second

Bandwidth is usually expressed in bits per second (bps), with common units including kilobits per second (Kbps) and megabits per second (Mbps).

Conversion from Mbps to MBps

To convert Mbps to megabytes per second (MBps), you divide by 8 (the number of bits in a byte).

Throughput

The actual amount of data transmitted over a connection in a given time.

Network Design

A critical factor in performance that involves considering both physical and logical aspects.

Physical Network Design

Addresses things like running copper and fiber cabling, the number of switch ports required, Wi-Fi access point positioning, rack layout, cooling, and power.

Logical Network Design

Deals with IP addressing and subnetting, VLANs, data flows, and network topology.

Network Topology

The choice of layout (e.g., Bus, Star, Ring, Mesh, Hybrid) that can significantly affect network performance, scalability, and reliability.

Expansion

Consideration in network design to avoid simply adding devices organically without considering potential bottlenecks.

Tiering

A method to manage growth, build in redundancy, and mitigate bottlenecks in medium or large networks.

Virtualized Infrastructure

Infrastructure like Amazon Web Services or Google Cloud services that are flexible and can dynamically expand.

Redundancy

Having alternate or additional network devices to ensure the network stays up in case of an outage.

Load Balancing

Necessary when incoming traffic is high to prevent slowdowns, lag, stoppages, or crashes.

Quality of Service (QoS)

A measure of how a network performs under load, ensuring applications like streaming media, VoIP, and web services are appropriately handled.

Data Collisions

A factor that affects network performance, which can be controlled by setting up routers and switches to use Carrier Sense Detection and Avoidance.

CSMA/CD

Carrier Sense Multiple Access with Collision Detection, which uses 'carrier-sensing' to detect signals on connecting media.

Excess Broadcast Traffic

Can negatively impact network performance and sometimes create a broadcast storm.

Broadcast Storm

Occurs when messages broadcast on a network cause receiving nodes to respond by broadcasting their own messages, flooding the LAN with packets.

Poor Network Architecture

Can lead to broadcast storms, such as having too many nodes on one network or needing VLANs or subnetting.

Spanning Tree Protocol (STP)

A link management protocol that prevents media access control (MAC), switching/bridge loops, and broadcast delays on a LAN.

Storm Control Protocols

Methods to reduce storm activity on a network.

IP-Directed Broadcasts

Should be disabled on Layer 3 devices to help reduce broadcast storms.

Broadcast Domains

Can be split up by creating new VLANs or subnets to reduce storm activity.