Transmission Control Protocol in Wireless Networks - Coursework Example

TRANSMISSION CONTROL PROTOCOL Student’s Name Class Instructor Institution of Affiliation City Date Table of Contents 1.0. Introduction 3 1.2. Hypertext Transfer Protocol (HTTP) 4 1.2.0. Definition 4 1.2.1. Uses of HTTP 4 1.2.3. Function 5 1.2.4. Security 6 1.2.5. Advantages of Using HTTP 6 1.3. File Transfer Protocol (FTP) 7 1.3.0 Definition 7 1.3.1. Uses of FTP 7 1.3.2. Security 7 1.3.3. Advantages of FTP 8 1.3.4. Function 8 1.4. Simple Mail Transfer Protocol (SMTP) 9 1.4.0. Definition 9 1.4.1. Uses of SMTP 9 1.4.2. Function 10 1.4.3. Security 10 1.4.4. Advantages of SMTP 11 1.5. Domain Name System (DNS) 11 1.5.0. Definition 11 1.5.1. Uses of DNS 11 1.5.2. Function 12 1.5.3. Security 12 1.5.4. Advantages of DNS 13 1.6. Conclusion 13 1.7. References 13 1.0. Introduction The application layer can be explained as an abstraction layer specifying the interface methods and shared protocols that are used in communication network by communicating hosts. This abstraction is employed in both computer networking standard models, that is: OSI model (Open Systems Interconnection model) and TCP/IP (Internet Protocol Suite). Even though the two models are similar in terms of their specific highest level layer, they have different detailed definitions and functions. TCP (Transmission control Protocol) is a protocol that is reliable and connection-oriented. In the IP, TCP is a major protocol (Leung, K. and Li, V. 2006, 64). The origin of TCP rates back to the implementation of the initial network where it complimented the IP. Thus, the whole suite is usually known as TCP/IP. In TCP/IP, it is the application layer that contains the interface methods and communication protocols used across an IP network for process-to-process communications. The Application layer protocols contains the following protocols: File Transfer Protocol (FTP), Domain Name System (DNS), Simple Mail Transfer Protocol (SMTP) and Hypertext Transfer Protocol (HTTP). These protocols defines how clients and servers (application processes), running on distinct end systems, communicate with each other. The following figure is an example of TCP offering reliable data transfer over IP network to File transfer protocol using Ethernet. 1.2. Hypertext Transfer Protocol (HTTP) 1.2.0. Definition A Hypertext Transfer Protocol can be explained as a hypermedia, distributed, collaborative information systems application protocol. In other words, HTTP is a set of rules for file transfer (multimedia, sound, text, video and graphic images) on World Wide Web. Hypertext can be explained as a structured text using hyperlinks (logical links) between nodes that contain text. Hypertext is manipulated using HTML (Hypertext Markup Language). 1.2.1. Uses of HTTP It provides a data communication foundation for the WWW (World Wide Web) where it runs and depends on the TCP/IP protocol suite to function. The protocol that transfers or exchanges the hypertext is the HTTP. In the transmission of information over the internet, the primary protocol for this function is HTTP (Berners-Lee, T., Fielding, R. and Frystyk, H. 1996, 5). Clients on the internet can make requests for various kinds of content using HTML and HTTP from application servers and the World Wide Web hosting the content. 1.2.3. Function In order to identify the HTTP resources across the internet (such as web servers), URLs (Uniform Resource Locators) which are the unique identifiers used. URL can be defined as the combination of the client, filename, the page retrieval scheme, the full path and the location of the site. The URL can also contain information like the TCP port number that will be used. The following figure shows an example of an URL. HTTP offers various authentication schemes like digest access and basic access authentication that operate through a challenge-response mechanism where upon identification, the server before providing the requested content issues a challenge (Franks et al, 1999, 8). Typically, the entire process of HTTP takes place in four steps namely: A request for the page required is sent by the client to web server; The request is received and analyzed by the server which then sends an ACK back to the client together with the required HTML code for making the page; The client then starts deciphering the HTML and creating the page; Lastly, in succeeding requests, the client retrieves any objects that are embedded such as images. After retrieval of all the page elements, the browser of the client displays the complete Web page. Apart from providing a mechanism for receiving data by the client from the server, HTTP also provides other types of communication like data passing from a client to a server. These mechanisms in the HTTP specifications are regarded to as methods. When it comes to general web browsing, the most used methods are POST and GET. In order for a standard web page to be built by a browser, the individual retrieval of each object is done using the GET method, whereas while implementing shopping cart style applications for transactional websites, the POST method is used. 1.2.4. Security In terms of security, HTTP is prone to security attacks such as: proxy denial of service attacks, DNS spoofing, man-in-the-middle attacks and file and path names based attacks. The TRACE method may be used for cross-site tracing. Therefore, for security reasons, the TRACE method should be disabled in the configurations of the server. HTTPS (Hyper Text Transfer Protocol Secure) is a version of HTTP that uses either Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols to encrypt communications. The two protocols use an asymmetric Public Key Infrastructure that contains a public and private key for encrypting and decrypting communication. The public key is used to encrypt the message while the private key is used to decrypt the message. 1.2.5. Advantages of Using HTTP The main advantages of HTTP is that it is a secure protocol for transmitting data, HTTP is simple to program since it is coded using plaintext, it provides additional search capabilities with a single request, HTTP provides persistent connections and lastly, by implementing HTTPS, HTTP provides data integrity. 1.3. File Transfer Protocol (FTP) 1.3.0 Definition This is the protocol that is highly used in transferring large files between computers over the network. The transfer of files is achieved through the use of the Internet’s TCP/IP protocols to allow the transfer of files using port 21. FTP uses a client-server model. FTP usually uses out-of-band controlling, this means that for information exchange and control, FTP uses port 20 of TCP (control connection) and uses port 21 for sending the actual data (data connection). The fact that FTP establishes 2 connections makes it different from other client-server applications (Matthews, J., 2005, 45). The FTP was defined first in RFC 172 which was written in 1971. The protocol has undergone several changes over the years to its current specification defined in the RFC 959. 1.3.1. Uses of FTP The main objectives of the FTP are to transfer data efficiently and reliably and promote file sharing. The FTP also lists files, creates and removes directories. The main use of FTP is to download or upload large files from and to a server using the Internet. In FTP, the client requests for a file from the server. Upon receiving the file request, the server opens for the client a TCP connection and transfers the file. After the file transfer is completed, the connection is closed by the server. Upon request for a second file by the client, a new TCP connection is reopened by the server again. 1.3.2. Security In terms of security and log in, FTP users can authenticate themselves using clear-text sign-in protocol, commonly in password and a username form. However, if configured, the server can allow users to connect anonymously using an e-mail address and username without a password. FTP is insecure (prone to brute force attack, packet capture or sniffing, FTP bounce attack, port stealing, spoofing attack and username enumeration) since upon entering your username and password, the information is sent as plaintext to the server. This personal information can be intercepted and read easily since it is not encrypted. In order to protects and encrypt users information and content, the servers uses FTL with TLS encryption or SFTP to secure FTP. 1.3.3. Advantages of FTP The benefits of FTP is that it offers a faster way of downloading and transferring large file, it is efficient, it provides authentication and it establishes two connections for transferring files to and from. 1.3.4. Function FTP can run in either passive or active mode, this determines how the establishment of a data connection is done. In active mode, the client starts to listen for incoming server data connections on port M. The client sends an FTP command PORT M informing the server the port which it is listening. The server starts a data channel from port 20 (the data port of the FTP server) to the client. The following figure illustrates an active FTP session lifecycle. 1.4. Simple Mail Transfer Protocol (SMTP) 1.4.0. Definition SMTP is an electronic mail (email) transmission internet standard. It is a TCP/IP that is used for sending and receiving electronic mail. It is a protocol that is text-based and connection-based where the sender of a mail communicates with the receiver of the mail by supplying necessary data and issuing command strings over a TCP connection. 1.4.1. Uses of SMTP However, since its capacity of queuing messages at the receiving side is limited, SMTP is commonly used with either IMAP or POP3 protocols. In this case, the program used by users to send and receive e-mail uses SMTP to send e-mail and either IMAP or POP to receive e-mail. The protocol was first defined in 1982 by RFC 821 and last updated with additions of extended SMTP in 2008 by RFC 5321, which is now the most commonly used protocol. Any SMTP communication that occurs between mail servers makes use of port 25. However, mail clients frequently submit their outgoing emails on port 587 to mail servers (Myers, J. 1996, 9). The following figure shows a mail processing model. The blue arrows indicates SMTP variations implementation. 1.4.2. Function In the figure above, the mail user agent (mail client) submits an email to the mail submission agent (mail server) on port 587 using SMTP. The mail submission agent then forwards the mail to the mail transfer agent. The mail transfer agent makes use of DNS to search for the domain of the recipient in the mail exchanger record. The mail transfer agent then chooses an exchange server based on several factors such as the target host. The mail transfer agent is an SMTP client in this case. After the incoming message is accepted by the final hop, the final hop passes the message for local delivery by the mail delivery agent to the local mail server where the mail is stored. Authenticated mail user agents can then perform a batch retrieval of mail from the local mail server. 1.4.3. Security In terms of security, emails sent by the SMTP standard are not encrypted and no authentication is used. The messages sent are prone to security threats such as interception and modification. In order to overcome this security issues, an administrator can make use of client-side solutions like PGP (pretty good privacy) or secure MIME (S/MIME). However, for maximum security, the main focus should be put to securing SMTP traffic. Secure Sockets Layer (SSL) is used in securing SMTP connections. However, by using SSL on port 25 (since port 25 is used by all SMTP servers by default), servers that are not using SSL cannot establish connections through port 25. The best way to secure SMTP is by using TLS (transport layer security) for SMTP connections since it doesn’t interfere with connections to clients and other servers and it provides TLS-encryption which can be used to encrypt messages. 1.4.4. Advantages of SMTP The advantages of SMTP are: simplicity in sending emails, quick delivery of email, it is reliable since it always tries to re-send emails that were not successfully delivered, and it also provides an option for being used as a dedicated server for handling all outgoing messages. 1.5. Domain Name System (DNS) 1.5.0. Definition DNS can be defined as a naming system that is hierarchical and decentralized for any resources, computers and services that are connected to a private network or the Internet. It associates the participating entities assigned domain names with various information. Most eminently, in order to identify and locate the underlying network protocols with computer devices and services, the DNS translates the memorized domain names to IP addresses (Goerzen, J. 2004, 65). 1.5.1. Uses of DNS DNS is an important component necessary for the internet to function since it provides a global, distributed directory service. In the assigning and mapping of domain names to Internet resources, the DNS delegates this responsibility by designating each domains authoritative name servers. Administrators of network resources can also delegate authority over their allocated name space sub-domains to the other name servers. This mechanism offers fault tolerant and distributed service. The DNS protocol is also defined by the DNS. 1.5.2. Function In general, the DNS acts as an Internet phonebook where it translates hostnames of computers that are human-friendly to numerical IP addresses. For example, WWW.address.com is translated to 192.128.96.2. However, unlike a phonebook, it can be updated quickly to allow a services location to change on the network without the end users being affected. The DNS also reflects administrative partitioning. The following figure shows an example of how DNS works. 1.5.3. Security In terms of security, with the original DNS specification and the fact that DNS was designed as a public database makes the DNS vulnerable to security threats such as: cache poisoning, rogue servers whose information is untrustworthy, cache poisoning attacks which can be in the form of denial of service attacks or masquerading, client flooding and information leakage. In order to prevent this security attacks and vulnerabilities, the Internet Engineering Task Force (IETF) introduced a DNS security extension known as DNSSEC that secures the underlying DNS protocols. Another security measure was the introduction of DNSCrypt which is capable of encrypting the regular DNS traffic and making it secure from man-in-the-middle and eavesdropping attacks. 1.5.4. Advantages of DNS The main advantages of DNs is that it is more reliable since it delivers messages with a zero downtime, the DNS provides an automatic error checking service since every DNS server has a software for error detection, DNS servers provide flexibility in usability, DNS is consistent to use where organizations can maintain a constant internal and external Internet resources naming structure, DNS servers are easy to maintain and lastly, DNS servers provide security to an organizations data. 1.6. Conclusion The main role of the application layer is to standardize communications where it relies on the basic protocols in the transport layer to establish host-to-host channels for data transfer and control data exchange in a peer-to-peer or client-server networking model. The application layer protocols rely on TCP for data transmission, TCP have a few advantages in that it provides congestion control, offers a reliable data transmission, provides error detection and flow control. 1.7. References Berners-Lee, T., Fielding, R. and Frystyk, H., 1996. Hypertext transfer protocol--HTTP/1.0 (No. RFC 1945). Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A. and Stewart, L., 1999. HTTP authentication: Basic and digest access authentication (No. RFC 2617). Goerzen, J., 2004. Domain Name System. In Foundations of Python Network Programming (pp. 65-85). Apress. Leung, K.C. and Li, V.O., 2006. Transmission control protocol (TCP) in wireless networks: issues, approaches, and challenges. IEEE Communications Surveys & Tutorials, 8(4), pp.64-79. Matthews, J., 2005. Computer networks: Internet protocols in action. John Wiley & Sons. Myers, J., 1996. Local mail transfer protocol (No. RFC 2033). Read More