1 of 40

Plan:1. Fundamental principles of establishing network security and its tasks�2. Network protocols�3. Tools and methods for ensuring network security�4.Reference model for interoperation of open systems�5. Importance of the OSI model�6.Capabilities and protocols of TCP/IP models�7. About google.com�8.What is the difference between TCP/IP and OSI model�

5-lecture. OSI and TCP/IP models

2 of 40

Network security – is a collection of technical and organizational measures to protect the data transmitted over a network (for example, local or global internet networks) and the devices that connect to it from all types of attacks, failures, or unauthorized access. This includes not only software protection (firewall, antivirus, encryption), but also proper system configuration, employee awareness, and correct network architecture, which are also of great importance.

Network – is a set of devices, equipment and the items within it, and the work of defending against various attacks, breaches and unauthorized access, which consists of additional technical and organizational measures.

We will consider the following network security methods

3 of 40

Primary principles of network security

  1. Authorization and Access Control
    1. Authenticate users (determine who they are) and grant them access within their assigned permissions.
    2. Approaches such as Role-Based Access Control (RBAC) or Attribute-Based Access Control (ABAC) are used.
  2. Network Segmentation
    • Divide the network into multiple logical segments (e.g., VLANs, zones). This prevents a breach or attack in one segment from affecting other segments.
    • Segmenting corporate networks into parts such as a demilitarized zone (DMZ), internal segment, and server segment is a common practice.
  3. Strong authentication (Authentication)
    • Only registered users authenticated via certificate or password should be able to access the required service or resource.
    • Two (or more) factor authentication – login/password, special token or SMS code, biometric identification.
  4. Encryption
    • When data is transmitted over the network, encryption is used so that third parties cannot read it (HTTPS, SSL/TLS, VPN tunnels).
    • Data at rest may also need to be encrypted.

4 of 40

5. Monitoring and Logging

    • Recording (logging) all connections, requests, and input‑output processes occurring on the network and monitoring them in real time (SIEM systems).
    • Logs play a crucial role in detecting security alerts or abnormal behavior.

6. Backup and Rapid Recovery

    • Regular backup copies are created to restore lost or corrupted data.
    • Having an initial plan (disaster recovery plan) enables the system to be brought back “online” as quickly as possible after an incident or attack.

7. Updates and Patching

    • Network equipment, servers, operating systems, and applications must be regularly updated to close security “holes”.
    • Modern hacking techniques mainly aim to exploit discovered vulnerabilities.

8. Employee Awareness and Training

    • Often, employees (users) unintentionally fall victim to phishing attacks, disclose passwords, or execute malicious files.
    • Therefore, the human factor is the weakest link in network security, and strengthening it is essential.

5 of 40

Tools and methods for ensuring network security

  1. Firewall (Inter-network filtering wall)
    1. Filtering incoming and outgoing traffic at the network boundary according to rules.
    2. Manages granting or denying requests based on ports, IP addresses, and protocols.
  2. IDS/IPS (Intrusion Detection/Prevention Systems)
    • IDS – detects anomalous or malicious traffic on the network and alerts about it.
    • IPS – blocks malicious traffic and takes active measures (sometimes considered the “next step” compared to IDS).
  3. VPN (Virtual Private Network)
    • Extends a private network over the public (Internet) network via an encrypted tunnel.
    • Remote employees or branches obtain a secure connection through this tunnel as if they were operating within the internal network.

6 of 40

OSI and its functions

3/23/2021

6

At the beginning of the 1980s, the International standardization organizations—ISO, ITU‑T—developed a model that played an important role in network development.

This model was called the Open System Interconnection model (Open System Interconnection, OSI) or simply OSI.

OSI

TASK

OSI model defines the interaction of systems at different layers, assigns them standard names, and determines which layer performs which functions. Each layer is related to a specific aspect

7 of 40

4.Client (endpoint) protection

  • Software and systems such as antivirus, anti-malware, host-based firewall, EDR (Endpoint Detection and Response).
  • Protects client devices from malware and phishing, preventing potential threats from entering the network.

5.Segmentation and VLANs

  • Dividing a network into different VLANs. For example, employee network, guest network, server network, IoT devices network.
  • Preventing threats from moving from one segment to others if a segment is compromised.

6.NAC (Network Access Control)

  • Checks devices before they connect to the network: patch level, antivirus, compliance with required policies, etc.
  • Thus, only clean devices that do not introduce risks are allowed onto the network.

8 of 40

OSI model

The reference model for the interoperation of open systems (OSI – Open Systems Interconnection Reference Model) is a theoretical model designed to allow network devices and software from different manufacturers to communicate with each other. The OSI model divides the data transmission process in a network into 7 layers. Each layer performs its specific functions, and the higher layers use these services. Thus, the complex process occurs step by step, layer by layer.

Below are the 7 layers of the OSI model and their main functions:

9 of 40

10 of 40

1. Physical layer (Physical layer) – Layer 1

  • Function: Transmit data bits (0 and 1) in the form through a physical medium (e.g., optical fiber cable, copper cable, wireless wave).
  • Electrophysical characteristics: Signal level, frequency, transmission speed, connection types (RJ-45, optical connector) are defined within this layer.
  • Examples: Ethernet (physical level), USB, Bluetooth, Wi‑Fi (radio level).

2. Data Link layer (channel / data link) – Layer 2

  • Function: Transmit data frames (frame), perform error control (CRC), and work with nodes' physical addresses (MAC address).
  • Frame structure: Address (MAC address), control information, error detection code and other control headers.
  • Examples: Ethernet (MAC layer), Wi‑Fi (802.11), PPP (Point-to-Point Protocol), VLAN (802.1Q), ARP.
  • Point-to-Point Protocol (PPP) is a data-link layer (Layer 2) protocol used to create a direct connection between two network nodes and carry network-layer traffic (most often IP) over that link.

11 of 40

3. Network layer – Layer 3

  • Purpose: Transmit data between networks via packets (packet), providing addressing and routing.
  • Routing: Use IP addresses to send a packet to the appropriate network segment.
  • Examples: IP (Internet Protocol)

4. Transport layer – Layer 4

  • Purpose: Segments / Datagrams in the form of reliable or unreliable transport. Manage port numbers (application addresses).
  • Reliability: TCP is a reliable transport protocol that guarantees complete, ordered and error‑free delivery of data.
  • Fast but less reliable: UDP (User Datagram Protocol) is used for real‑time applications (video/audio, online games).
  • Examples: TCP, UDP, SCTP, QUIC (a new‑generation transport protocol built on top of UDP).

12 of 40

5. Session layer – Layer 5

  • Function: Establishing, managing and terminating sessions between network applications.
  • Operation: Session initiation, temporary pause, re‑establishment, and recovery mechanisms in case of failure.
  • Examples: In technologies such as NetBIOS and RPC (Remote Procedure Call) the specific mechanisms of the session layer are embodied (however modern protocols often combine the functions of layers 5, 6 and 7 into a single layer).

6. Presentation layer – Layer 6

  • Function: Encoding, encrypting, and compressing data. Transforming application data into a form suitable for transmission over the network or vice versa.
  • Examples: SSL/TLS encryption, ASN.1, MIME‑type data formats.
  • Note: In practice the functions of this layer are often performed together with the Application layer.

7. Application layer – Layer 7

  • Function: Providing interaction between applications, users and the network. The part that the user “sees” or that applications invoke.
  • Examples: HTTP/HTTPS (web), FTP, SMTP/POP3/IMAP (email), DNS, SSH, Telnet, SNMP, etc.

13 of 40

Importance of the OSI model

  1. Standardization: Ensures compatibility among different manufacturers. They design their solutions to align with the OSI model layers.
  2. Modularity: Each layer performs its function independently. Therefore, if a change is made in one layer (e.g., a new transport protocol appears), the impact on other layers is minimized.
  3. Troubleshooting: If there is an error or fault in the network, it becomes easier to quickly identify which layer (physical, network, or application) the problem occurred in.

Below are the most common types of network protocols. They differ in the layers they operate on in the OSI and TCP/IP models, their functions, and areas of practical application.

14 of 40

1. IP (Internet Protocol)

  • Function: To deliver packets to the required destination at the network layer (the third layer in the OSI model), i.e., routing and addressing.
  • Key features:
    • IPv4: 32-bit address (4 × 8 bits), e.g., 192.168.0.1.
    • IPv6: 128-bit address (8 × 16 bits), e.g., 2001:0db8:85a3::8a2e:0370:7334.
  • Practical usage: Packet exchange on the Internet and any local network is carried out based on the IP protocol. An IP packet consists of a header and a data portion.

Below are the most common types of network protocols. They differ in the layers they operate on in the OSI and TCP/IP models, their functions, and areas of practical application.

15 of 40

4. HTTP / HTTPS (HyperText Transfer Protocol / Secure)

  • Purpose: In the application layer (OSI layer 7), the exchange of web pages (HTML, CSS, JS, etc.) between web browsers and web servers.
  • HTTPS: HTTP protected with TLS/SSL. Data is transmitted encrypted.
  • Versions:
    • HTTP/1.1: Traditional version, sequential requests over a single connection.
    • HTTP/2: Efficient with multiplexing, multiple request/response exchanges over a single TCP connection.
    • HTTP/3: Built on QUIC, designed for high speed and low latency using UDP instead of TCP.

16 of 40

  • HTTPS does not use just one encryption algorithm.�It uses a combination of algorithms inside TLS (Transport Layer Security).
  • HTTPS = HTTP + TLS
  • 🔐 Main Encryption Algorithms Used in HTTPS (TLS)
  • 1️⃣ Asymmetric Encryption (Public Key Cryptography)
  • Used during the handshake phase (key exchange).
  • Common algorithms:
  • RSA
  • Diffie-Hellman
  • Elliptic Curve Diffie-Hellman (ECDHE – very common today)
  • 📌 Purpose:
  • Securely exchange a symmetric session key
  • Authenticate the server
  • 2️⃣ Symmetric Encryption (Fast Data Encryption)
  • After handshake, symmetric encryption protects the actual data.
  • Common algorithms:
  • AES (most common today)
  • ChaCha20 (used in mobile / fast software)
  • 📌 Purpose:
  • Encrypt actual communication
  • Much faster than asymmetric encryption
  • 3️⃣ Hash Functions (Integrity & Authentication)
  • Used for message integrity and digital signatures.
  • Common algorithms:
  • SHA-256
  • SHA-384
  • 📌 Purpose:
  • Ensure data is not modified
  • Used in digital certificates

17 of 40

About google.com

  • About 7+ years ago, many websites (including Google services) were accessible over HTTP, not only HTTPS.
  • However, an important detail:
  • 🔹 Google started using HTTPS much earlier than most websites.
  • In 2010, Google enabled HTTPS by default for Gmail.
  • By 2014, Google announced HTTPS would be a ranking factor in search results.
  • Around 2018, browsers like Google Chrome began marking HTTP sites as “Not Secure.”
  • 📌 What changed over time?
  • Before 2015:
  • Many websites still used HTTP
  • HTTPS was mostly used for:
    • Banking
    • Login pages
    • Payments
  • After 2016–2018:
  • HTTPS became standard
  • Free SSL certificates (like Let’s Encrypt) made it easy
  • Browsers started warning users about HTTP

18 of 40

2. TCP (Transmission Control Protocol)

  • Function: To deliver data sequentially and reliably at the transport layer (OSI layer 4).
  • Characteristics:
    • Three-way handshake: Has a connection establishment process (SYN → SYN/ACK → ACK).
    • Reliability: Provides retransmission if packets are lost or corrupted.
    • Congestion control: Adjusts the speed according to network load (congestion control).
  • Practical use: Most protocols such as the Web (HTTP/HTTPS), email (SMTP, IMAP, POP3), file transfer (FTP) operate over TCP.

19 of 40

3. UDP (User Datagram Protocol)

  • Purpose: Fast data exchange at the transport layer (OSI layer 4), but without guaranteeing reliability.
  • Characteristics:
    • Short header: Less overhead on the network.
    • No reliability guarantee: Packets may be delayed, corrupted, or lost, but the protocol does not control this.
  • Practical applications: Services that require speed such as video streaming (IPTV), online games, real‑time audio/video (VoIP), where occasional loss of a single packet is not a major problem.

20 of 40

5. FTP (File Transfer Protocol) / SFTP (Secure File Transfer Protocol)

  • Function: File sharing (upload and transfer) at the Application layer (OSI Layer 7).
  • FTP:
    • Two ports are used: port 21 (control) and port 20 (data transfer).
    • It is reliable, but since there is no encryption, confidentiality is not provided.
  • SFTP: a protected FTP variant that operates over SSH; encrypted channel via port 22.

21 of 40

6. SSH (Secure Shell)

  • Purpose: Secure access to a remote server (bash or other command console) and file transfer.
  • Security: Encrypted connection, authentication (based on password or key).
  • Port: Default 22 port.
  • Use cases: Remote server management, file transfer (SCP, SFTP), tunneling.

22 of 40

7. Telnet

  • Purpose: Remote access to a distant device or server, sending commands.
  • Disadvantage: Data (including passwords) is not encrypted, so it is often not recommended from a security standpoint.
  • Port: Default 23 port.
  • Current status: Instead of Telnet, SSH is used almost always (because SSH provides an encrypted connection).

23 of 40

8. SMTP / POP3 / IMAP (Email protocols)

  • SMTP (Simple Mail Transfer Protocol): Protocol for sending electronic letters (or transferring them from one server to another). Default port 25 (or 587, 465 – encrypted).
  • POP3 (Post Office Protocol v3): Protocol for downloading letters (default port 110 or 995 – encrypted). Usually, once the letters reach the client, they are deleted from the server.
  • IMAP (Internet Message Access Protocol): Protocol for remote management of letters (default port 143 or 993 – encrypted). Letters are stored on the server and appear synchronized on multiple devices.

24 of 40

9. DNS (Domain Name System)

  • Purpose: Convert domain names (example.com) to IP addresses (93.184.216.34) or vice versa.
  • Structure: Hierarchical system; root servers, TLD (Top-Level Domain) servers, authoritative DNS servers.
  • Protocol: Primarily UDP port 53 (usually faster for queries/responses), but sometimes TCP port 53 is also used (for transferring larger DNS zones).

25 of 40

10. DHCP (Dynamic Host Configuration Protocol)

  • Purpose: To automatically provide a network device (computer, phone, etc.) with an IP address, subnet mask, gateway, DNS and other network settings.
  • Application: Very convenient for obtaining automatic IP settings on a local network (LAN).
  • Protocol process: DHCPDISCOVER → DHCPOFFER → DHCPREQUEST → DHCPACK.
  • Ports: UDP 67 (server) and UDP 68 (client).

26 of 40

11. ARP (Address Resolution Protocol)

  • Purpose: To map an IP address to a MAC address in an IPv4 network. That is, to associate “192.168.1.10” with the MAC address of the device on the network.
  • Layer: It can be said to operate between layer 3 (Network) and layer 2 (Data Link) of the OSI model, but formally it is considered part of the Network layer.
  • Operation: In a network segment, an “ARP request” is broadcast, and the owner of the corresponding IP address replies with its MAC address in an “ARP reply”.

27 of 40

12. ICMP (Internet Control Message Protocol)

  • Function: Exchange of organizational and diagnostic messages at the network level.
  • Examples:
    • ping: Check if the destination is reachable and measure latency (ICMP Echo Request/Reply).
    • traceroute/tracert: Determine the list of routers along the path to the destination (sequence of ICMP messages).
  • Layer: Operates at OSI Layer 3 together with IP.

28 of 40

13. SNMP (Simple Network Management Protocol)

  • Function: Remote management of network devices (router, switch, printer, etc.) and monitoring their status.
  • Device agent: The SNMP agent is installed on the device and replies to queries from the management station (manager).
  • Security: SNMPv1 and SNMPv2 transmit data in cleartext, while SNMPv3 supports encryption and authentication.

29 of 40

14. QUIC (Quick UDP Internet Connections)

  • Purpose: Created as a fast, low‑latency transport protocol based on UDP instead of TCP.
  • Developer: Google, but now the standard has been developed by the IETF.
  • HTTP/3: The next‑generation HTTP protocol that runs on QUIC, reducing TCP handshake processes and providing faster connections.

30 of 40

15. MPLS (Multiprotocol Label Switching)

  • Function: Routing packets with labels (label switching) between the 2nd and 3rd layers of the network.
  • Application area: Large corporate networks, provider networks, systems that require fast and consistent (QoS) packet delivery.
  • Advantage: It can operate faster than IP routing because intermediate routers forward packets based on the label rather than the IP address.

31 of 40

Network protocols are operating at several layers a set of rules that work. Each protocol has its specific function. The main purpose:

  1. Network communication coordination (routing, addressing).
  2. At the transport layer reliable or fast data exchange (TCP vs UDP).
  3. At the application layer providing various practical services (HTTP, FTP, SMTP, DNS).

In modern networks these protocols work together to ensure the Internet and any other local networks operate stably and reliably. In the future QUIC, HTTP/3, IPv6 new protocols and versions such as these will expand, serving to further increase speed, security and efficiency.

32 of 40

TCP/IP (Transmission Control Protocol / Internet Protocol) model – this forms the practical basis of modern Internet communications. It is often also called the “Internet model” or the “DoD (Department of Defense) model.” This model was originally classified as 4 layers, but some sources also present it in a 5‑layer form. Below both classifications are explained, along with information about the main protocols and capabilities of each layer.

1. TCP/IP model layers

The most common four‑layer representation of the TCP/IP model is as follows:

  1. Network Interface (Link / Network Access) layer
  2. Internet layer
  3. Transport layer
  4. Application layer

1.1. Alternative five‑layer classification

Some sources separate the Physical layer and the Data Link layer as distinct, presenting a five‑layer model. In practice, however, these two are merged into the Network Interface (Link / Network Access) layer.

33 of 40

2. Layer functions and protocols

2.1. Network interface layer (Link / Network Access)

  • Functions:
    • Transmission of data through the physical medium (wired or wireless);
    • Address and error control at the frame level (MAC address, CRC);
    • Local area network (LAN) protocols, lower‑level logical (VLAN) segmentations.
  • Protocols:
    • Ethernet (802.3), Wi‑Fi (802.11), PPP, SLIP, ATM, and so on.
    • ARP (Address Resolution Protocol) – mapping an IP address to a MAC address (operates as a bridge between layers 2 and 3).

Capabilities:

  • Use of lower‑level (physical + data link) transmission technologies;
  • Filtering at the MAC level, dividing the network with VLANs, etc.

34 of 40

2.2. Internet layer (Internet layer)

  • Functions:
    • Routing and addressing at the packet level;
    • Transmission of packets in an inter‑network form;
    • Ensuring that addresses are globally unique (IP addresses).
  • Protocols:
    • IP (Internet Protocol): Main protocol, currently IPv4 and IPv6 are widely used;
    • ICMP (Internet Control Message Protocol): Network diagnostics (ping, traceroute) and transmission of error messages;
    • IGMP (Internet Group Management Protocol): Managing multicast groups;
    • ARP (Address Resolution Protocol): Works with the second layer to find IP → MAC mapping (in a local network segment).

Capabilities:

  • Inter‑network addressing (IP), routing protocols, and being “connected” to the global Internet;
  • Fragmentation of messages into blocks and reassembly (defragmentation).

35 of 40

2.3. Transport Layer (Transport layer)

  • Tasks:
    • Establish sessions (connections) between applications (via ports);
    • Choose a reliable (or fast but relatively less reliable) data transmission method;
    • Control exchange in the form of segments/datagrams.
  • Protocols:
    • TCP (Transmission Control Protocol): Reliable, error checking and retransmission, stream transmission, congestion control;
    • UDP (User Datagram Protocol): Simpler, faster, low latency, but packet loss probability is not controlled;
    • SCTP (Stream Control Transmission Protocol): A protocol used in telecommunications, provides multi‑streaming and more reliable transport;
    • QUIC: Although built on UDP, it performs transport functions (reliability, stream transmission, encryption). New‑generation web protocols (HTTP/3) operate on this basis.

Capabilities:

  • Convert incoming network data packets into application‑level streams (TCP);
  • Manage error, latency, and retransmission policies;
  • Address different applications within a device via ports (e.g., 80 – HTTP, 443 – HTTPS, 22 – SSH, etc.).

36 of 40

2.4. Application layer

  • Functions:
    • Providing specific services to the user or application (web, email, file sharing, etc.);
    • Managing high‑level protocols that interact directly with the network.
  • Protocols (most popular):
    • HTTP/HTTPS: Web services;
    • FTP / SFTP: File sharing;
    • SMTP, IMAP, POP3: Email;
    • DNS: Mapping domain names to IP addresses;
    • SSH: Remote server management and encrypted connections;
    • Telnet: Remote access (but unencrypted);
    • SNMP: Monitoring and managing network devices;
    • and many other application‑layer protocols.

Capabilities:

  • Accessing network services through user‑friendly interfaces (web browsers, email clients, remote management programs);
  • Additional protection with encryption (TLS/SSL) and authentication;
  • Standard‑based data exchange between different applications (JSON, XML, HTML, MIME formats, etc.).

37 of 40

3. Opportunities and Advantages of the TCP/IP Model

  1. Modular architecture
    1. Each layer performs its function independently, which makes it easy to understand the network structure and to troubleshoot errors.
    2. Physical-layer changes or new application protocols (e.g., HTTP/3) have little impact on other layers.
  2. The Internet's advantage
    • Currently, the global Internet used worldwide operates based on this model.
    • Network devices (routers, switches, servers), operating systems (Windows, Linux, macOS, Android, iOS, etc.) – all support the TCP/IP stack (set of protocols).
  3. Scalability and flexibility
    • As IPv4 runs out, IPv6 is being introduced, but TCP/UDP and other upper‑layer protocols continue to operate almost unchanged.
    • New transport protocols (such as QUIC) or application‑layer innovations (HTTP/3) emerge, yet the concept of the TCP/IP model remains preserved.

38 of 40

4.Modern security measures

    • TCP/IP was originally based on an unencrypted “open” principle, but now encryption methods are widely used at the application layer (HTTPS, SSH, TLS) or at the tunnel level (VPN).
    • At the IP layer, protocols such as IPsec (compatible with IPv6) enable encryption and authentication at the network level.

5.Simplicity and efficiency of protocols

    • TCP – reliable, includes functions such as retransmission of corrupted packets, flow control, reducing delays;
    • UDP – its function is simpler, but very efficient for real‑time applications.

39 of 40

  • What is the difference between TCP/IP and OSI model
  • TCP/IP and OSI are both layered models for networking, but they differ in purpose and structure.
  • Main differences
  • 1) Purpose
  • OSI model: a conceptual reference model (used for teaching, design, troubleshooting).
  • TCP/IP model: a practical implementation model (based on the protocols that actually run the Internet).
  • 2) Number of layers
  • OSI: 7 layers
    • Physical
    • Data Link
    • Network
    • Transport
    • Session
    • Presentation
    • Application
  • TCP/IP: usually 4 layers
    • Link (Network Access)
    • Internet
    • Transport
    • Application
  • 3) Layer mapping
  • TCP/IP Application = OSI Application + Presentation + Session
  • TCP/IP Transport = OSI Transport
  • TCP/IP Internet = OSI Network
  • TCP/IP Link = OSI Data Link + Physical
  • 4) Real protocols
  • OSI is not tied to specific protocols (it’s a model).
  • TCP/IP is built around real protocols:
    • IP, TCP, UDP, ICMP, ARP, HTTP, DNS, etc.
  • 5) Separation of “Presentation/Session”
  • OSI separates:
    • Session (managing sessions)
    • Presentation (format, encryption, compression)
  • TCP/IP merges these into the Application layer.
    • Example: TLS encryption is “presentation-like” but is treated as part of the application stack in TCP/IP.
  • 6) Use in practice
  • Engineers often think in OSI when diagnosing (“Is it Layer 2 or Layer 3 problem?”).
  • Networks actually operate with TCP/IP protocols.
  • Quick analogy
  • OSI = blueprint/education diagram
  • TCP/IP = real machine that runs the Internet

40 of 40

Thank you for your attention