Address Resolution Protocol (ARP) is a protocol used by IPv4 (Internet Protocol Version 4) to map IP network addresses to the hardware addresses used by a data link protocol. This protocol is used when IPv4 is used over Ethernet and operates as a part of the interface between the OSI network and OSI link layer. In the name, Address Resolution Protocol, the term“Address” refers to the process of locating a computers network address. The term “Resolved” refers to using the located address and a protocol in which a piece of information is sent by a client process on the hosting computer to a server process executing on the remote computer (Fairhurst, 2005). Once the information is received by the gaining server, the server will then uniquely identify the system in which the information was sent from and provide the required address. The process is complete when the client receives a response from the server containing the required address (Fairhurst, 2005).
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an IP address host with configuration information such as its IP address, subnet mask, and default gateway (Microsoft DHCP, 2017). DHCP is what allows a host to obtain the required TCP/IP configuration information from a DHCP server. DHCP is very commonly used and without them, networking would be much more difficult. Without this protocol, IP addresses would need to be configured manually anytime a computer is added to a network or an existing computer is moved. DHCP makes this process a breeze by controlling a pool of IP addresses and loans them out to DHCP-enabled clients when they are added to the network.
Internet Control Message Protocol (ICMP) is an error-reporting protocol used by network devices to generate error messages to the source IP address when network problems prevent delivery of IP packets (Rouse, 2015). This tool is most commonly used by network administrators to troubleshoot network connectivity issues. ICMP creates and sends error messages to the source IP address indicating that the gateway to the internet provided by a piece of hardware cannot be reached for packet delivery (Rouse, 2015).
Simple Network Management Protocol (SNMP) is a protocol that collects information over a network from devices such as routers, servers, switches, hubs, and printers, and uses it for configuration. SNMP is commonly used by LANs because it provides the ability to monitor network nodes from a management host (Microsoft SNMP, 2017). Users can monitor network devices and services such as DHCP.
Domain Name System (DNS) is a protocol that takes domain names and turns them into IP addresses. Basically, a DNS is the manager of a data that maps domain names to IP addresses. When using the internet, computers and other devices connected to the network use an IP address to route your request to the site you’re trying to reach (Brain & Crawford, 2017).
Bastion Hostis a computer that is located outside of a firewall or on the public side of a DMZ. The purpose of a Bastion Host is to be the center focal point for public connections to enter a private network and private connections leaving the network to access the internet. Due to the exposure to unprotected internet, Bastion Hosts are configured very specific, with an extreme amount of effort to minimize vulnerabilities, with all unnecessary network ports, protocols, services, and programs, either disabled or removed. Firewalls, routers, and web, mail, DNS, and FTP servers, can also be Bastion Hosts.
Demilitarized Zone (DMZ) is a sub-network that separates private networks from untrusted networks, such as the internet. DMZs are generally comprised of network security hardware and software designed to identify and filter traffic. These zones are used to provide an extra layer of security for a network and eliminate the ability from hackers to directly reach the internal network from the internet. To gain access to the private sector of the network one must first route through a DMZ and pass or acquire all necessary authentication clearances.
Screened Hosts firewall systems come in one of two forms, single homed bastion host or dual homed bastion host. Single homed bastion host systems are comprised of a bastion host and a packet filtering router. Single homed bastion host systems have a major drawback, which is if the packet filtering router becomes compromised then the whole network will be compromised (SecurityWing, 2012). To counter this major drawback, networks can use dual homed bastion host firewall systems. The dual homed system uses two network cards instead of one, one network card is used for internal connection and the second is used for connection with the router.
Screened Subnetalso known as a “triple-homed firewall” is a unique network architecture that utilizes a single firewall with three network interfaces.
The purpose of this architecture is to isolate the DMZ and its publicly-accessible resources from the intranet, thereby focusing external attention and any possible attack on that subnet (Rouse, 2008). This architecture also separates the internal network from the DMZ networks to make access to the internal network more difficult.
- Interface 1 is the public interface and connects to the internet.
- Interface 2 connects to a DMZ with hosted public services.
- Interface 3 connects to an intranet for access to and from internal networks
- (Rouse, 2008)
Point-to-Point Tunneling Protocol (PPTP) provides secure Virtual Private Network (VPN)by creating a tunnel, encrypting data with Point-to-Point Protocol (PPP), and encapsulating the data packet. PPTP does not require the use of a public key infrastructure (PKI) and still provides data confidentiality.
Layer 2 Tunneling Protocol (L2TP)establishes a highly secure VPN connection by creating a tunnel between two L2PT connection points and IPSec protocol encrypts the data and handles secure communication between the tunnel (VPNoneclick, 2016). L2TP is usually combined with another VPN security protocol to create such a high secure VPN connection. L2TP is most commonly combined with IPSec.
Internet Protocol Security (IPSec) is a security protocol used to secure internet communications across a IP network. IPSec secures communication by authenticating the session and encrypting each data packet during the connection (ibVPN, 2010).
Secure Sockets Layer (SSL) & Transport Layer Security (TSL)create a VPN connection where the web browser acts as the client and user access is restricted to specific applications rather than the entire network (VPNoneclick, 2016). This is accomplished by SSL and TLS integrated web browsers switching from current state to SSL, changing http to https, and becoming a secure web browser.
Brain, M., & Crawford, S. (2017). How Domain Name Servers Work | HowStuffWorks. Retrieved from http://computer.howstuffworks.com/dns.htm
Fairhurst, G. (2005, December 1). Address Resolution Protocol (arp). Retrieved from http://www.erg.abdn.ac.uk/users/gorry/course/inet-pages/arp.html
IbVPN. (2010, February 17). Types of VPN protocols – ibVPN.com. Retrieved from https://www.ibvpn.com/2010/02/types-of-vpn-protocols/
Microsoft DHCP. (2017). What Is DHCP? Retrieved from https://technet.microsoft.com/en-us/library/dd145320(v=ws.10).aspx
Microsoft SNMP. (2003, March 28). What Is SNMP?: Simple Network Management Protocol (SNMP). Retrieved from https://technet.microsoft.com/en-us/library/cc776379(v=ws.10).aspx
Rouse, M. (2008, February). What is screened subnet (triple-homed firewall)? Retrieved from http://searchsecurity.techtarget.com/definition/screened-subnet
Rouse, M. (2015, April). What is ICMP (Internet Control Message Protocol)? Retrieved from http://searchnetworking.techtarget.com/definition/ICMP
SecurityWing. (2012, September 12). 7 Different Types of Firewalls | securitywing. Retrieved from http://securitywing.com/types-of-firewall/
VPNoneclick. (2016, May 28). Types of VPN and types of VPN Protocols – VPN One Click. Retrieved from https://www.vpnoneclick.com/types-of-vpn-and-types-of-vpn-protocols/