Network Building Blocks for Internet Communications & The Vulnerabilities of Software Applications Jacob Spiersch INTL440 D001 Dr. Patrick Barton March 26, 2022 1 Introduction The internet communication system is highly technical but extremely powerful when it is functioning properly. Users of this advanced infrastructure are able to communicate in mediums of all kinds, including voice, text, and video, to endpoints all around the world with transmission speeds faster than the blink of an eye. Our highly technical has become fully engrained in the communication system that the internet provides. Today, many users have put much of their lives onto the internet. Business models, financial instruments, sensitive personal information, and medical records are just a few examples of the data that is being stored and transmitted on cyber space networks. Moving forward into this digital age of communication, it is important to understand the ins and outs of how this complex system is functioning. Cyber attacks are on the rise. Criminal activity within the cyberspace has been an issue since it’s inception in the 1970’s however, according to a recent alert from the Cybersecurity & Infrastructure Security Agency, “United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally”.1 If we want to continue enjoying the internet safely, we must take responsibility for the security of our own sensitive information by educating ourselves on how this system works. In this essay, I will be describing in detail how internet communication works by discussing the major network building blocks and their functions. 1 United States. Cybersecurity and Infrastructure Security Agency. United States, 2022. Web Archive. cisa.gov/uscert/ncas/alerts/aa22-040a 2 The OSI Model The transmission of data over the internet must go through seven different stages or “layers” if it is to be transmitted and received successfully. These seven layers are all part of the Open Systems Interconnection (OSI) Model. The OSI model is sometimes referred to as the reference model because it serves as a reference to how all network communications are being executed.2 To fully grasp the concepts of internet communications, a basic understanding of how these layers function in tandem with one another is crucial. Layer 1 of the OSI model functions on the physical level. The binary ones and zeros being electrically transmitted over a physical medium are referred to as “bits.” Activity present over a physical wire like cat6 or fiber optics is portrayed as a one, and the absence of activity is represented as a zero. This “activity” changes depending on the mode of transportation being used. Cat5/6 and fiberoptics are just a few common examples of physical mediums use to transport bits on the physical layer. All devices that receive and transmit bits through physical mediums can be labeled as layer 1 physical devices. The packaging and transmission of data into frames over the network is a function of layer 2, or the Data Link Layer. Each individual device on a network is assigned a Media Access Control (MAC) address that serves as its location, much in the same way a house has a mailing address. A switch, being a layer 2 device, is not concerned with how devices are connected on the physical level. Its job is to view networks logically by assigning packaged frames to the proper MAC address. Layer 2 devices are also responsible for performing error 2 Dion, Jason. Section 3: OSI Model. In CompTIA Network+ (N10-007) Full Course & Practice Exam, edited by Jason Dion for ComptTIA Network+ (N10-007). DionTraining.com, Winter 2021. 3 detection/correction which allows users to talk to one another without interfering with one another. The Network Layer (Layer 3) is concerned with routing. Routing is the forwarding of traffic with logical addressing via internet protocols like IPv4 or IPv6. Switching is the process in which data is divided into packets and forwarded to the requesting IP address. Packets are forwarded from router to another until it reaches its final destination. Switching methods include packet switching, circuit switching and message switching. Depending on the method being used, the route may be different, but the idea is that the packet gets to the proper assigned IP address in the end. Once the packets have been transmitted successfully, it becomes the job of switches on layer 2 to distribute this information to the correct device. Layer 4 is the transmission of segments on the Transport Layer. The two transmission protocols in layer 4 are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). TCP uses a series of synchronizations and acknowledgments to ensure the data is being transmitted completely and successfully3. This is referred to as a 3-way handshake and is most often used when transmitting important information like banking and medical information. UDP is faster than TCP because it does not require a handshake before data transmission can occur. UDP is commonly used to transmit audio and video due to the constant stream of information being sent. TCP’s strict transmission style would cause constant streams of information to seize up and lag if the connection were not flawless. In Layer 4 we are concerned with how the information is being sent whereas Layer 3 takes care of the location via routing and IP protocols. 3 Charles M Kozierok, The TCP/IP Guide: a Comprehensive, Illustrated Internet (San Francisco, CA: No Startch Press, 2005) 4 The Session Layer (Layer5) is responsible for session management. Session management includes various parameters such as opening, closing, checkpointing and the synchronization of information sources. Layer 5 calls upon the information provided by TCP segment header in layer 4 to further send data to layer 6, also known as the Presentation Layer. At layer 6, the formatting and representation of data takes place.4 This enables two different devices to communicate clearly with one another even if the programming language differs between the two end points. This is also where encryption and compression take place before moving on to the Application Layer. The Application Layer of the OSI model is the 7th and final layer, making it the layer closest to the user. Low-level application services like email protocol and file transfer protocol fall under this category. This is not to be confused with bigger 3rd party applications like Google Chrome or Microsoft Word. Bigger apps that users are familiar with work atop these low-level app services for a smooth and seamless experience. Layer 7 is also where service advertisement takes place which makes it easier to categorize, find, and implement devices with out having to manually connect them. Application and Web Browser Vulnerabilities With this basic understanding of the OSI model for which all internet communications are built upon, we can now discuss the vulnerabilities of software applications such as those found in web browsers. It is important to put emphasis on this because this is where most users go for their information. The high level of user traffic moving through these web browsers is 4 James Edwards and Richard Bramante, Networking Self-Teaching Guide: OSI, TCP/IP, Lans, Mans, Wans, Implementation, Management, and Maintenance (Indianapolis, IN: Wiley Pub., 2009). 5 what attracts a cyber criminal to the space. If users would like to be remain unbothered from these criminals, awareness of such vulnerabilities is essential. Web browser application developers work tirelessly to provide users with the latest and greatest products to enhance their services and retain their customers. New browser features being pushed out usually provide to the user increased workflow capabilities and extra utility control to make their work easier and more efficient. Features like browser plug-ins, cookies, and ActiveX do provide many useful features, however, they most of the time come with settings and parameters, that if not set correctly could put you at risk for an attack. This constant evolution of applications and services allows malware authors to hide behind and exploit newly developed software. Additionally, web browser applications are extremely accessible and easy to use. This level of flexibility and ease of use is great, but it’s also what makes web browsers such a dangerous place. Browsers are designed to allow customizable search functions which allow users to virtually unlimited web pages. Malware authors take advantage of this by planting malicious web pages in the guise of familiar and credible developers to entice their victims.5 These vulnerabilities are just a few examples of how dangerous applications and web browsers can be to the unsuspecting user. Conclusion The network building blocks built atop the OSI model have provided to us the most efficient form of communication the world has ever seen. This platform has been around for over 5 United States. Cybersecurity and Infrastructure Security Agency. United States, 2022. Web Archive. cisa.gov/uscert/publications/securing-your-web-browser 6 half a century, and its use is growing exponentially. New products and features being released to the masses daily opens the door for criminal exploitation and malicious attacks to personal/sensitive information. With a basic understanding of how internet communications function, combined with the awareness of dangers that may come with consumer application services, users become better equipped to defend themselves from the fast-evolving malicious territory of cyberspace. 7 Bibliography “Alert (AA22-040A).” CISA. Cybersecurity & Infrastructure Security Agency, February 9, 2022. https://www.cisa.gov/uscert/ncas/alerts/aa22-040a. Dion, Jason. “Section 3: OSI Model.” Open Systems Interconnection (OSI) Model Overview. Lecture presented at the CompTIA Network+ (N10-007) Full Course & Practice Exam, February 25, 2022. Kozierok, Charles M. The TCP/IP Guide : a Comprehensive, Illustrated Internet Protocols Reference. 1st ed. San Francisco: No Starch Press, 2005. Edwards, James, and Richard Bramante. Networking Self-Teaching Guide: OSI, TCP/IP, Lans, Mans, Wans, Implementation, Management, and Maintenance. Indianapolis, IN: Wiley Pub., 2009. “Securing Your Web Browser.” CISA. Cybersecurity & Infrastructure Security Agency. Accessed March 26, 2022. https://www.cisa.gov/uscert/publications/securing-your-webbrowser. 8