network security
Summary
Layered security
- application layer -> SSH, HTTPS
- transport layer -> TLS
- network layer -> IPSec
- link layer -> WPA2/WPA3
Man-in-the-middle attack
- attacker intercepts or alters traffic
- can read, modify, or inject packets
- can occur along a specific layer
- possible at Wi-Fi access points, routers, compromised switches
Layered MITM
- application layer -> malware on user’s computer/browser
- transport layer -> internet service provider(ISP)
- link layer -> router/access points
- physical layer -> Wi-Fi signals/ethernet
Concept
Data transmission
- made up of layers
- headers for each layer attached to data(payload)
- actual connection on the physical layer
- might take multiple hops, ie. through routers/switches
usually the transport and network layers are combined, so we have ip address with port
Transmission protocols
- Transmission Control Protocol(TCP)
- connection-oriented - establish connection before transmitting
- reliable data transfer
- User Datagram Protocol(UDP)
Layered security
- each layer provide encryption and authentication
| Layer | Security Measure | Purpose |
|---|---|---|
| Application layer | HTTPS | - encrypt the payload |
| Transport layer | Transport Layer Security(TLS) Secure Sockets Layer(SSL) | - end-to-end protection for the payload |
| Network layer | IPSec | - protects IP packets - secure all IP traffic between endpoints |
| Link layer | Wi-Fi Protected Access(WPA2/WPA3) | - encrypts traffic between devices and access points - protects against local eavesdropping |
Which layers to protect?
- usually WPA + TLS/SSL
- protection at lowest layer is not possible
- intermmediate nodes might require IP address from higher layer