Popularly Used Security Protocols on All Layers of Network Communication

TCP/IP is used to provide network communication throughout the world. Now-a-days all organization are dependent on Internet and perform all sort of communication. Security controls exists for network communication at each layer of the TCP/IP Model. Even as this communication contains a lot of secret information which has to travel securely, more protection is required. Having developed and identified various security mechanisms for achieving network security, it is essential to decide where to apply them; both physically (at what location) and logically (at what layer of an architecture such as TCP/IP). Security professionals must understand the issues and risks associated with these transactions if they want to provide viable and scalable security solutions for Internet commerce. In this paper, we have discussed various security protocols existing in all layers and what are the best protocols which have to be implemented to perform any communication on the network.

The threats on wired or wireless networks have significantly increased due to advancement in modern technology with growing capacity of computer networks.The overwhelming use of Internet in today's world for various business transactions has posed challenges of information theft and other attacks on business intellectual assets.
In the present era, most of the businesses are conducted via network application, and hence, all networks are at a risk of being attacked.Most common security threats to business network are data interception and theft, and identity theft.
Network security is a specialized field that deals with thwarting such threats and providing the protection of the usability, reliability, integrity, and safety of computer networking infrastructure of a business.

Objective of Network Security:
The proper network implementation of protocols and services as a tool is required to protect and mitigate threats against any network infrastructure based on organizational needs.The primary goal of network security are Confidentiality, Integrity, and Availability.These three pillars of Network Security are often represented as CIA triangle.

•
Confidentiality − The function of confidentiality is to protect precious business data from unauthorized persons.Confidentiality part of network security makes sure that the data is available only to the intended and authorized persons.

•
Integrity − This goal is maintaining and assuring the accuracy and consistency of data.The function of integrity is to make sure that the data is reliable and is not changed by unauthorized persons.

•
Availability − The function of availability in Network Security is to make sure that the data, network resources/services are continuously available to the legitimate users, whenever they require it.

Achieving Network Security
International Telecommunication Union (ITU), in its recommendation on security architecture X.800, has defined certain mechanisms to bring the standardization in methods to achieve network security.Some of these mechanisms are −  En-cipherment − This mechanism provides data confidentiality services by transforming data into not-readable forms for the unauthorized persons.This mechanism uses encryption-decryption algorithm with secret keys.
 Digital signatures − This mechanism is the electronic equivalent of ordinary signatures in electronic data.It provides authenticity of the data.
 Access Control − This mechanism is used to provide access control services.These mechanisms may use the identification and authentication of an entity to determine and enforce the access rights of the entity

A LAYER-BY-LAYER LOOK AT SECURITY MEASURES
Before going into the particulars of application-based security, it may be helpful to look at how security is implemented at the different ISO layers.The ISO model divided into upper-layer protocols (those associated with the application of data) and lowerlayer protocols (those associated with the transmission of data).Examples of some of the security protocols used at each layer are listed on the right.Begin with layer 1, the physical layer.Common methods for providing security at the physical layer include: • securing the cabling conduits: encase them in concrete • shielding against spurious emissions: TEMPEST • using media that are difficult to tap: fiber optics   In an attack on DNS, an attacker's aim is to modify a legitimate DNS record so that it gets resolved to an incorrect IP address.It can direct all traffic for that IP to the wrong computer.An attacker can either exploit DNS protocol vulnerability or compromise the DNS server for materializing an attack.
DNS cache poisoning is an attack exploiting a vulnerability found in the DNS protocol.An attacker may poison the cache by forging a response to a recursive DNS query sent by a resolver to an authoritative server.Once, the cache of DNS resolver is poisoned, the host will get directed to a malicious website and may compromise credential information by communication to this site.SSL, the most commonly used protocol can provide any combination of the following types of protection: Confidentiality: SSL can ensure that data cannot be read by unauthorized parties.It is accomplished by encrypting data using a cryptographic algorithm and a secret key, a value known only to the two parties exchanging data.The data can only be decrypted by someone who has the secret key.

Transport
Integrity: SSL can determine if data has been changed intentionally or unintentionally during the transit.The integrity of data can be assured by generating a message authentication code (MAC) value, which is a keyed cryptographic checksum of the data.If the data is altered and the MAC is recalculated, the old and new MACs will differ.
Peer Authentication: Each SSL end point can confirm the identity of the other SSL endpoint with which it wishes to communicate, ensuring that the network traffic and data is being sent from expected host.SSL authentication is typically performed one-way, authenticating the server to the client, but it can be performed mutually.
Replay Protection: The same data is not delivered multiple times and data is not delivered grossly out of order.

Network Layer:
Network layer controls provide a way for network administrators to enforce security policies.Security measures at this layer can be applied to all applications; thus, they are not application-specific.IP Information i.e.IP Addresses is added at the network layer, hence the controls at this layer protect both the data within the packets and the IP information for each packet.Controls at this layer are not application-specific and protects all network communications between two hosts or networks.Internet Protocol Security (IPsec), a network layer control provides a better solution than transport or application layer controls because of the difficulties in adding controls to individual applications.SSL tunnel VPNs act as network layer VPNs and provide the ability to secure both TCP and UDP communications including client/server and other network traffic.However, security protocols at this layer provide less communication flexibility that may be required by some applications.
Network layer security controls are frequently used for securing communications as they can provide protection for many applications without modifying them and particularly over shared network such as the Internet.Network Layer Security controls provide a single solution for protecting data from all applications, as well as protecting IP information.Sometimes controls at another layer are better than providing protection through network layer.In case one or two applications only need protection, then network layer control may be excessive.Internet Control Message Protocol (ICMP) is a protocol meant to be used as an aid for other protocols and system administrators to test for connectivity and search for configuration errors in a network.Ping uses the ICMP echo function and is the lowest-level test of whether a remote host is alive.A small packet containing an ICMP echo message is sent through the network to a particular IP address.The computer that sent the packet then waits for a return packet.If the connections are good and the target computer is up, the echo message return packet will be received.ICMP has its own vulnerabilities and can be abused to launch an attack on a network.
The common attacks that can occur on a network due to ICMP vulnerabilities are − • ICMP allows an attacker to carry out network reconnaissance to determine network topology and paths into the network.ICMP sweep involves discovering all host IP addresses which are alive in the entire target's network.

•
Trace route is a popular ICMP utility that is used to map target networking by describing the path in real-time from the client to the remote host.

•
An attacker can launch a denial of service attack using the ICMP vulnerability.This attack involves sending IPMP ping packets that exceeds 65,535 bytes to the target device.The target computer fails to handle this packet properly and can cause the operating system to crush.
Other protocols such as ARP, DHCP, SMTP, etc. also have their vulnerabilities that can be exploited by the attacker to compromise the network security.
5.5 Data Link Layer: Data link Layer controls for dedicated circuits applied to all communications on a specific physical link between two buildings or a connection to an Internet service provider.Data Link Layer controls are provided by specialized hardware devices known as data link encryptors.It is below the network layer, controls at this layer can protect both data and IP information.Data Link layer protocols are simple and are specific to a particular physical link, they cannot protect connections with multiple links such as establishing a VPN over the Internet.where the attacker steals an HTTP session of the legitimate user.o TCP protocol vulnerability is three-way handshake for connection establishment.An attacker can launch a denial of service attack "SYN-flooding" to exploit this vulnerability.He establishes lot of half-opened sessions by not completing handshake.This leads to server overloading and eventually a crash.o IP layer is susceptible to much vulnerability.
Through an IP protocol header modification, an attacker can launch an IP spoofing attack.

Application Layer Security:
Application security is security provided by the application program itself Application based security has the capability of interpreting and interacting with the information contained in the payload portion of a datagram.Lower-layer security protocols like IPsec do not have this capability.They can encrypt the commands for confidentiality and authentication, but they cannot restrict their use.For example, a data warehouse using internally maintained access control lists to limit user access to files, records, or fields is implementing application-based security.Applying security at the application level makes it possible to deal with any number of sophisticated security requirements and accommodate additional requirements as they come along.This scenario works particularly well when all applications are contained on a single host or secure intranet, but it becomes problematic when one attempts to extend its functionality across the Internet to thousands of different systems and applications.
The distributed nature of applications on the Internet has given rise to several standardized solutions designed to replace these ad hoc, vendor-specific security mechanisms.

HDFS on TCP/IP Suite:
In the recent times, there has been urgent requirement to have a special Distributed File System capable of processing large datasets.The Hadoop Distributed File System (HDFS) is a distributed file system designed to process the data on the low-cost hardware.HDFS is considered to be highly faulttolerant and provides high throughput access to application data and is suitable for applications that have large data sets.All HDFS communication protocols are layered on top of the TCP/IP protocol.HDFS helps in security management of large data.
The primary objective of HDFS is to store data reliably even in the presence of failures.
The basic procedure for establishing a connection is performed in the following steps: A client establishes a connection to a configurable TCP port on the NameNode machine.A Client utilizes the ClientProtocol with the NameNode.The NameNode machine is a single point of failure for an HDFS cluster.If the NameNode machine fails, manual intervention is necessary.Automatic restart and failover of the NameNode software to another machine is not supported.

Conclusion:
In this paper, we have discussed the security protocols on the different layers of the network communication.
We have also provided an overview of the HDFS layer, which is popularly used in the present day scenario.Also other tasks are supported by the HDFS which are discussed here.In future, we would like to describe the application of upcoming security standards of network communication.
communication consists of four layers.When a user wants to transfer data across the networks, the data is passed from the highest layers through intermediate layers to the lowest layer.During communication each layer adds information layer logical unit composed of header and payload.The payload consists of the information passed down from the previous layer.The header contains layer @ IJTSRD | Available Online @ www.ijtsrd.com| Volume -2 | Issue -2 | Jan-Feb ISSN No: 2456 -6470 | www.ijtsrd.com| Volume International Journal of Trend in Scientific Research and Development (IJTSRD) International Open Access Journal Popularly Used Security Protocols on All Layers of Network Communication Assistant Professor, JIMS, Delhi Poonam Verma Assistant Professor, JIMS, Delhi provide network communication days all organization are dependent on Internet and perform all sort of communication.Security controls exists for network communication at each layer of the TCP/IP Model.n contains a lot of secret information which has to travel securely, more protection is required.Having developed and identified various security mechanisms for achieving network security, it is essential to decide where to what location) and logically (at what layer of an architecture such as TCP/IP).Security professionals must understand the issues and risks associated with these transactions if they want to provide viable and scalable security erce.In this paper, we have discussed various security protocols existing in all layers and what are the best protocols which have to be implemented to perform any communication on Security, TCP/IP, HDFS, Hadoop, OSI TCP/IP communication consists of four layers.When a user wants to transfer data across the networks, the data is passed from the highest layers through intermediate layers to the lowest layer.During communication each layer adds information.At each layer logical unit composed of header and payload.The payload consists of the information passed down from the previous layer.The header contains layer specific information like addresses.The data produced by a layer is encapsulated in a large container by the layer below it.From Highest to 2. Network Security: 2.1 Necessity for Network Security

International
Journal of Trend in Scientific Research and Development (IJTSRD) ISSN: 2456-6470 @ IJTSRD | Available Online @ www.ijtsrd.com| Volume -2 | Issue -2 | Jan-Feb 2018 Page: 84 Network users depend on DNS functionality mainly during browsing the Internet by typing a URL in the web browser.
In such situation Transport Layer protocols such as SSL are used to provide security for communication with individual HTTP-based applications.It also provides security for communication sessions of applications like SMTP, Point of Presence (POP), Internet International Journal of Trend in Scientific Research and Development (IJTSRD) ISSN: 2456-6470 @ IJTSRD | Available Online @ www.ijtsrd.com| Volume -2 | Issue -2 | Jan-Feb 2018 Page: 85 Message Access Protocol (IMAP) and File Transfer Protocol.The Internet Protocol Security (IPsec) authentication and encapsulation standard is widely used to establish secure VPN communications.The use of IPsec can secure transmissions between critical servers and clients.This helps prevent attacks from taking place.Unlike most security systems that function within the application layer of the Open Systems Interconnection (OSI) model, IPsec functions within the network layer.

Fig: Internet Protocol 5 . 6
Fig: Internet Protocol Layer: To protect the data in a single communication session between two hosts, controls of Transport layer is used.Transport layer controls cannot protect IP information added at the network layer.The most common use for transport layer security protocols is protecting the HTTP and FTP session traffic.The Transport Layer Security (TLS) and Secure Socket Layer (SSL) are the most common protocols used for this purpose.The Transport Layer Protocols i.e.Transport Layer Security (TLS) protocol is used to secure HTTP Traffic.TLS has been used to protect HTTP-based communications and can be used with SSL portal VPNs.TLS is the standards based version of SSL version 3.TLS is a well-tested protocol that has several implementations that have been added to many applications.It is a low risk option compared to adding protection at the application layer.
The DataNodes talk to the NameNode using the DataNode Protocol.A Remote Procedure Call (RPC) abstraction includes both the Client Protocol and the DataNode Protocol.By design, the NameNode never initiates any RPCs.Instead, it only responds to RPC requests issued by DataNodes or clients.Data Organization of HDFS Architecture is organized into Data Blocks: HDFS is a distributed file system that supports very large scale dataset.Such data files generally write one or few times but are engaged in number of times of reading the content from the file system.A typical block size used by HDFS is 64 MB.Thus, an HDFS file is chopped up into 64 MB chunks, and if possible, each chunk will reside on a different DataNode.There exists three types of failures which occur more commonly and they are: NameNode failures, DataNode failures and network partitions.Some of the other important tasks performed by the HDFS Architecture can be listed as below: Data Disk Failure Each DataNode consisting of data periodically sends a message to the NameNode.If there is any absence of such periodic message, then it is assumed by the NameNode that the connection is lost with the DataNode and no further communication can be continued.Datarebalancing in clustersIf data in one DataNode surpasses the given threshold of the data capacity then the data is automatically shifted from one DataNode to another DataNode.This accounts for the rebalancing schemes in HDFS architecture. HDFS also supports Data Integrity It is highly possible that a block of data fetched from a DataNode is corrupt and this can occur due to faults in a network, program handling it or a disrupted storage device.When a client retrieves file contents it verifies that the data it received from each DataNode matches the checksum stored in the associated checksum file.If not, then the client can opt to International Journal of Trend in Scientific Research and Development (IJTSRD) ISSN: 2456-6470 @ IJTSRD | Available Online @ www.ijtsrd.com|Volume -2 | Issue -2 | Jan-Feb 2018Page: 87 retrieve that block from another DataNode that has a replica of that block.