Part 08 - Layer 4 Transport TCP and UDP

Video Activity

We start off this section by revisiting the security threats covered previously for layer 3. Thwarting layer 3 attacks, as you'll recall, is a simple matter of blocking ICMP traffic coming into a network. These safeguards protect against smurf, ping, and DDoS attacks. Easy peasy! But it's nowhere near as simple when operating at the layer 4 transpo...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 41 minutes
Video Description

We start off this section by revisiting the security threats covered previously for layer 3. Thwarting layer 3 attacks, as you'll recall, is a simple matter of blocking ICMP traffic coming into a network. These safeguards protect against smurf, ping, and DDoS attacks. Easy peasy! But it's nowhere near as simple when operating at the layer 4 transport layer. The primary networking protocols at layer 4 are TCP nad UDP. A well-known layer 4 threat is the Fraggle attack which behaves similarly to attacks at layer 2 which exploit vulnerabilities with ICMP. However, simply blocking UDP traffic and TCP traffic for that matter, is usually not a prudent strategy. You'd might as well just disconnect your network from the Internet since it's next to impossible to get anything worthwhile accomplished without these vital protocols flowing both in and out of your network! We dig further into what TCP and UDP are in this section. The major distinction between the two is that TCP is a connection-oriented protocol with guaranteed delivery of data. Whereas, UDP is a connection-less protocol with unreliable data delivery. These two protocols are responsible for the end-to-end transport of data and are often referred to as the "Pony Express" protocols. We also point out that these protocols don't entirely live in layer 4, but in fact span layers 4-7. It should be noted, however, that for the exam, if they ask at which single layer TCP and UDP reside, then the answer is layer 4. We then examine how a TCP connection is established via a 3-way handshake: - SYN - SYN/ACK - ACK It is noted that this handshake is vulnerable to exploit by what is known as a SYN flood where excessive SYN requests are sent to a host without further acknowledgement. This is a form of DDoS attack that exhausts connection and memory resources on the host. The section concludes with mentioning the advantages and disadvantages of TCP and UDP along with the applications that employ them. A fast connection-less transport protocol in UDP is advantageous for applications such as real time gaming and instant messaging apps where speed takes precedence over reliability. Conversely, the slower connection-oriented transport protocol of TCP is required for apps where data loss is not tolerable such as email apps and transferring files using FTP. And finally, you'll want to be sure to watch all the way to the end for some great networking humor!

Video Transcription
okay, having talked about a Layer three Smurf attack which exploits Ping, among other things, among other vulnerabilities.
And we talked about how the Smurf
used to record broadcast in a spoofed source address to take down her to attack an unsuspecting target. Well, there's a very comparable attack called a fraggle attack, and I seriously, I don't make up these names. But the Fraggle attack, instead of using ICMP,
uses a protocol called UDP, which is Layer four protocol
all right, and the reason it works exactly the same way as a Smurf except using UDP packets. The reason UDP is more likely to be successful is if you'll remember. One of the ways of mitigating the Smurf attack was to just block ICMP. He'd only got a CMP coming into your network from outside. You can't it?
It's certainly not helpful to block U T P at your firewall. Many upper layer protocols use UDP User Data Grand Protocol, and it's necessary for things like D N S T h E p. Many trivial file transfer protocol. They're all sorts of upper layer service. Is that need UDP?
So where's the Smurf? Has a very easy solution. Just block ICMP. Aah! Fraggle
will rely on other names because it's just very difficult to block U T p at your firewall and still have the necessary service is that you want coming through.
All right, so now that we are at layer for the transport layer, um, the two main protocols will look at here Gonna be TCP and UDP. Both s S L T L s are also later for protocols. But we talked about those in the cryptography chapter, so Ah, don't forget there later for protocols,
but we won't go into depth as to what they do Now, quick, aside here
it is more accurate to say SS lt a less work from layers four through seven of the O S. I model. And I think I've mentioned this, you know, numerous times that very rarely does everything go in a nice, neat look box. But the exam, I think it's expanding, and rather than just forcing you to say this is layer four,
I think that they're doing a good job now saying across which layers does SSL
t. L s operate
from four through seven. So if they make you put it in a single layer for if they allow you to say S S L T L s focus of operates across multiple layers than its layers four through seven. Okay, don't talk about SS. Lt l s now. All right, this layer TCP and UDP these air kind of
the pony express
protocols, if you will. This is what gives us into in data transport and gets that connection between two computers.
So upper layer Service's and an application layer protocols are gonna piggyback on either TCP or UDP, and which one they pick you back on in A lot of ways really depends on what they need. T C, P and U T P
um TCP uses what's called guaranteed deliver during that delivery. It's connection or unit. It's guaranteed it's reliable. You know all those words that sound very good.
All right, So let's say that, um,
I work for Bob as an administrative assistant and Bob gets a phone call. I've got two ways that I could get that phone. Call the bomb. I can say now and pick up the phone and Paige and take Bob. You have a call on line one.
I can hang up the phone. Good lunch.
I've done what I'm supposed to do. I don't know Bob got the message or not, but I put it out there, right? That's fast, but it's not reliable. It's not guaranteed. If it is, you know, like when it's 4 59 in the afternoon, I'm much more likely to go. Bob Call line one CIA
and out the door, right?
But to be more diligent on with Dial Bob's extension, I'll take Bob. You have a call on line one. Can you take it?
He comes back and says, Yes, I can and I push it through.
And then because I'm so diligent, I'm gonna call back and say, Did you get that call? OK, because I've got another one coming.
So that's a handshake process. It slows things down, but it gives me guaranteed delivery, and that's exactly what TCP does. It is slower, but it uses a three way handshake process to guarantee delivery, and that three way handshake is sin
that says, I'm gonna send you something. Let's synchronize. Go ahead and open up an area of space in your memory so that you can process what I'm going to send you
you come back and say Cenac and I'll say
so since an ack ack
If I wanted to prank Bob, I could call Bob and said, Hey, Bob, you got a call on line one. Keep that open.
I'll keep that open, Bob. You got a call on line to keep that open for me,
Bob, it's a busy morning. Keep lying. Three open, too. And so what Bob does is he keeps his lines open or the equivalent would be me sending you ascend and you open a little area in memory. And then I send you another sin in the open, more Aryan memory and more sin and more sins and more. Since until eventually all your available memories tied up
with me promising descended things that never come that's called a sin flood. And of course, that's a layer four
attack. All right, now, the alternative to that if I don't need that reliable, connection oriented delivery and speed is more important to me than we're gonna go with you, T p user data Graham protocol, um, testable things that would benefit
streaming any type of media streaming is gonna benefit from using UDP gaming usually uses UDP because think about it. If I'm running down the hallway and the zombies, they're chasing me. I'm not too concerned that every bullet I fire register, I want send a hail of bullets at the zombies. Right? Um,
lifetime chat.
You know, instant messaging. If instant messaging weren't live time, it would be called me. Right? So we need that to be very fast, as close to real time as possible. So those elements that speak is most critical. They're gonna use you. TT
So you d p is connection, Lis.
There is no handshake, so sometimes it's called the best effort protocol. Could I give it my best? Hope you get it and that's it.
So, um,
there's no handshake. There's no flow control. There's It's just very fast. It's out there. Hope you get it
now. As I mentioned before, many Upper Layer Service's piggyback on Layer four service is everybody's familiar, I'm sure with FTP file transfer protocol. And if you're not, it's a protocol very commonly used for transfer files. Now
there's an alternative protocol called T F T P
Trivial file transfer protocol. All right, so we have FTP and T f T P
well, FTP has toe have guaranteed delivery and it's willing to sacrifice speed.
So FTP piggybacks on T c p
Trivial file transfer protocol has to be fast.
It piggybacks on UDP, and that's really the only difference between file transfer protocol and trivial thought transfer program.
Okay, so TCP reliable, guaranteed, connection oriented delivery, but slow. UDP is fast, but it does not guarantee delivery.
And the point of the video, the part of the video I wait for every class I teach.
What is the best thing about a UDP joke?
I don't care if you get it or not.
That's my favorite joke,
all right?
Up Next

Our free online CISSP (8 domains) training covers topics ranging from operations security, telecommunications, network and internet security, access control systems and methodology and business continuity planning.

Instructed By