Chapter 3: The Network Stack and Security

Overview

If you have any experience in the world of networking, much of what is covered in this chapter may be familiar to you. This chapter addresses the basics of a network: the parts that plug in together to make sure that information gets from point A to some other point B. If you are an experienced network administrator, the value of this chapter may not be so much the explanation of a hub, switch, and router, but rather the discussion that surrounds the terms and the impact your network choices will have in the overall security of your network.

The primary protocol used on the Internet is known as TCP/IP, short for Transmission Control Protocol/Internet Protocol. Otherwise known as the Internet Suite, this is a collection of protocols that every machine that attaches to the Internet must implement. Consider it a common vocabulary that allows one machine to make a request and another machine to fulfill the request.

While it is taken as a fait accompli that the Internet does use and will continue to use TCP/IP, it was not always the case. TCP/IP was created in the early days of the Internet for a fairly small number of nodes and a limited number of applications. The early Internet was a much friendlier place than it is today — security was not given much consideration because, for the most part, the early Internet was considered a closed user group.

The sudden popularity of the Internet placed demands on TCP/IP that the protocols were not equipped to handle. In the late 1980s, there was a push by the U.S. Department of Defense to replace the TCP/IP suite altogether with a more "modern" protocol designed for the rapidly growing and increasingly insecure Internet. The protocols that were designed were based around a conceptual model known as the OSI Model. This model stated that for computers to communicate, there needed to be certain well-defined layers. For example, the first layer of the OSI Model was known as the physical layer and this defined how manufacturers should create ones (1s) and zeros (0s) on a given piece of transmission medium, the basis for all computer communications. If we think about it for a minute, it makes sense that we can represent a one or zero in one way on a piece of fiber-optic cable as pulses of light and on a piece of copper cable as a voltage. To ensure that everyone could communicate, each one of these layers would be associated with a number of standards or even standards organizations. To keep all the protocols straight, the OSI Model would be managed and overseen by the ISO, the International Standards Organization.

This was a great idea and would have no doubt increased the scalability of the networks that we use right now, but there was a catch. By the time the ISO got everything sorted out about the OSI Model, the Internet had grown to such a size that TCP/IP was just never going to be dethroned. There was just no way to get everyone together and say, "OK, next Tuesday at 9:30 p.m., let's all shut off the Internet and turn it back on Wednesday morning using the OSI Model!" Thus, the idea of the ISO OSI protocol suite faded away.

You can still find some OSI protocols, especially in the heart of the largest and oldest ISPs in the country. For the most part, however, the OSI Model has become nothing more than a convenient way for network geeks around the world to speak a common language. When I say to you, "Well, the router will be able to do some layer 3 filtering at the border of your network," I do not need to say that "layer 3" is layer 3 of the OSI Model and that this is the same thing as the IP protocol of the TCP/IP suite. So although we never use the protocols described by the OSI Model, it has become the way that we refer to networks and network components.