What is the network layer in Network Security?

The network layer is the third layer in the TCP/IP model – it provides host-to-host communication services. Segments from the transport layer are received by the network layer, which encapsulates them into packets to be sent to the nearest router. Routers then forward the packets from their input links to output links on the path towards the receiving system.

Therefore, the network layer is responsible for sending data packets from source to destination, and it uses intermediate routers to do so. It performs both forwarding and routing to achieve this.

Forwarding

Forwarding is a function of the router. A packet received at an input link needs to be forwarded to the appropriate output link so that it reaches the destination. Hence, forwarding is implemented individually in each router. A forwarding table is used to determine which output link the data is to be sent to.

Routing

The complete path from source to destination is determined by routing algorithms that try to find the path with minimum distance and least traffic. It is these routing algorithms that determine the values to be fed into the forwarding tables of routers.

Virtual circuit vs. datagram networks

Just like the transport layer, the network layer provides connectionless and connection-oriented data transfer.

Virtual circuit

Virtual circuit (VC) provides connection-oriented services for data transfer. A connection is established between the source and destination and, for the transmission of data, the entire path is reserved for this connection. No other packets can use the links in this path. Therefore, the guaranteed transmission of all packets in order, without any delay, is provided. It also provides congestion control such that when a lot of traffic is detected, new connections are not allowed to be set up.

Datagram network

A datagram network provides connectionless data transfer service. Every time a packet is to be sent, the destination address is added to the packet’s header and it is sent through the network. No connection setup is required, and no path is reserved for this transfer. Intermediate routers use forwarding to send the packet from an incoming link to an outgoing one. Since the forwarding table can be modified at any time, packets may not follow the same route and may not arrive in order.

The internet protocol

Let’s look at how the network layer works, specifically on the internet.

IPv4 datagram format

An IP address is a unique identifier of the hosts that communicate using the internet protocol. It is 32-bits long, and each byte is separated by a period, as follows:

194.13.16.1

This IP address is divided into two parts, a subnet mask and the device within the subnet.

A subnet is a sub-network within a larger network.

An example of IP addressing in a subnet. Here 0/24 indicates that the first 24 bits are reserved for the subnet, and the last 8 bits represent the devices within the subnet.

DHCP - Dynamic Host Configuration Protocol

Inside a subnet, individual IP addresses of devices are assigned using the dynamic host configuration protocol. When a device joins the network, the following procedure is followed:

  1. The new device sends a DHCP discover message to all nodes in the subnet (this message is a broadcast message since the new device does not know the IP address of the DHCP server)
  2. The DHCP server responds with an offer of an IP address that is not yet allocated to any other device in the network. This message is also broadcast since the DHCP server does not know where the request came from (the new device did not have an IP address at the time).
  3. The new device sends a DHCP request with the IP address that the server allocated. This time the message is sent directly to the DHCP server instead of being broadcast because the offer sent by DHCP has its IP address as the source.
  4. Finally, the DHCP server sends an acknowledgment, and the IP address is allocated to the new device.

Network address translation

As we have seen earlier, the IP address is comprised of 32-bits, meaning that there can only be around 4 million unique addresses. However, the number of devices using the internet is much more than this. To cater to this, private networks can re-use IP addresses that are already allocated, but these addresses are only used within the private network.

The router has a NAT table. When a private device wants to connect to another host via the internet, it sends the packet to the router, which changes the source IP address from the private to public one. It maintains a table in which the original IP address and port number is mapped to the new one. When the destination host sends a response, the router looks up the entry in the NAT table and sends the response to the appropriate device.

Network layer security threats

  1. IP Spoofing Attack: An attacker gains access to a server using a trusted IP address instead of its own.
  2. Packet Sniffing: Data passing through a network being intercepted by an attacker.
  3. Blackhole Attack: Attacker captures the packets being sent towards a destination and discards them instead of forwarding them.

Free Resources