6 Types of Network Security Protocols

Network protocols are used to carry different types of data over the network. For example, HTTP is used for web traffic, while DNS is used to convert domain names to IP addresses. However, many of the network protocols used by the modern Internet are insecure, lacking encryption, authentication, or data integrity protections.

Network security protocols are designed to address these security gaps. These protocols may augment or replace existing protocols to enhance their network security and reliability.

Read the Frost & Sullivan Report Request a Demo

The Use of Network Security Protocols

Network security protocols are used to provide vital protections for data flowing over a network. For example, many early network protocols were implemented without data encryption, allowing anyone who eavesdropped on the network traffic to read potentially sensitive data.

Implementing network security protocols helped to address these potential security risks. For example, Transport Layer Security (TLS) encloses unencrypted connections in an encrypted wrapper, protecting them against potential eavesdroppers.

The OSI Model

Network protocols are implemented using multiple layers with varying purposes. While multiple frameworks have been developed to model this ecosystem, the most widely used is the Open Systems Interconnection (OSI) model.

 

The OSI model breaks the network protocol stack into seven layers based on their purpose. These seven layers include:

  1. Physical Layer: Layer 1 is the physical connection between systems, such as electrons moving over a cable.
  2. Data Link Layer: Layer 2 encodes traffic in bits and sends it over the physical layer while performing error correction for the physical layer.
  3. Network Layer: Layer 3 routes packets from their source to their destination.
  4. Transport Layer: Layer 4 ensures that the complete packet is delivered to its destination, handling size, sequencing, and error correction.
  5. Session Layer: Layer 5 establishes, manages, and ends connections between two applications.
  6. Presentation Layer: Layer 6 performs the translation of data between network packets and the format used by the higher-level application.
  7. Application Layer: Layer 7 implements the services and tools used by a high-level application to communicate over the network.

Types of Network Security Protocols

In general, network security protocols are designed to provide confidentiality, integrity, and authentication or some combination of the three for network traffic. The following are some examples of widely used network security protocols.

IPsec and Virtual Private Networks (VPNs)

 

Virtual private networks (VPNs) can operate at different layers of the OSI model. For example, IPsec, a common VPN protocol, runs at Layer 3. However, it’s also possible to implement VPNs using HTTPS, which is a Layer 7 protocol.

 

Regardless of their implementation method, VPNs are used to create an encrypted tunnel for traffic to flow over. Like with SSL/TLS, VPNs often begin with a handshake designed to set up the encryption key used to protect the network traffic. Then, all future traffic is encrypted by the sender before being sent over the network to the recipient, who decrypts it.

 

VPNs can be used in one of two paradigms. Remote access VPNs are designed to connect a user’s computer to a remote server located on a corporate network. Site-to-site VPNs, on the other hand, are designed to connect two geographically distributed networks over the untrusted public Internet.

SSL/TLS

 

Secure Sockets Layer and Transport Layer Security (SSL/TLS) are a network security protocol that operates at Layer 5 of the OSI model. This protocol offers several benefits for network traffic, including data encryption, authentication, and integrity protection.

 

SSL/TLS connections begin with a handshake designed to set up a secure connection between the client and the server. During this handshake, the communicating parties agree on the cryptographic algorithms to be used during the session for encryption, authentication, and integrity checking.

 

Authentication also is performed during this initial handshake. At a minimum, the server will provide an X.509 digital certificate to the client that verifies the server’s identity. However, the two systems may also perform mutual authentication during this handshake.

 

The role of SSL/TLS is to wrap other, less secure protocols in an encrypted, authenticated, and integrity-checked wrapper. For example, the HTTPS protocol runs the insecure HTTP protocol within an SSL/TLS tunnel.

Datagram Transport Layer Security (DTLS)

 

SSL/TLS is designed to work with the Transmission Control Protocol (TCP), which establishes stable, reliable connections. However, the User Datagram Protocol (UDP) is another commonly used protocol that offers connectionless transmission.

 

The Datagram Transport Layer Security (DTLS) protocol operates at Layer 5 of the OSI model and is derived from SSL/TLS but designed for use with connectionless, unreliable datagrams. This protocol helps to ensure data integrity and privacy for applications that require low latency and lag, including video conferencing, VoIP, and online gaming.

Kerberos

 

Kerberos is a widely used Layer 7 protocol for authenticating service requests. It is designed to authenticate requests between trusted systems over untrusted public networks.

 

Kerberos is built around the concept of tickets, which are used to provide proof of identity and authentication. A centralized authentication server is used to verify the user’s identity and generate these tokens. Then, each system or application that trusts this server can verify the user’s right to make a particular request.

 

Kerberos is supported by most operating systems, including Windows, Mac, and Linux. However, it is the default authentication protocol for Windows and is a core component of its Active Directory (AD) service.

SNMPv3

 

The Simple Network Management Protocol (SNMP) is a Layer 7 network protocol for monitoring and managing an organization’s devices. The SNMP manager can query devices, and an agent on the device provides responses to these requests or performs the requested actions.

 

Early versions of SNMP were insecure, lacking encryption, authentication, and integrity protection. SNMPv3 is an updated version of the protocol introduced in 2004 that offers all of these features using modern, secure cryptographic algorithms.

HTTPS

 

HTTP is a Layer 7 network protocol used for web browsing. HTTP is one of the earliest network protocols and was implemented as an unencrypted, human-readable protocol.

 

Anyone eavesdropping on network traffic has the ability to read and modify HTTP traffic en route to its destination. As the Internet increasingly was used to transmit sensitive data, such as payment card information or login credentials, this introduced a significant security risk.

 

HTTPS is a secure version of the HTTP protocol that offers data encryption, integrity protection, and authentication. Rather than rewriting the protocol from scratch, HTTPS was implemented by running HTTP within an SSL/TLS wrapper. After an SSL/TLS tunnel is established, it provides the necessary encryption, authentication, and integrity protection for the HTTP traffic used to carry data between the client’s browser and the web server.

Network Security Protection with Quantum

Network security protocols are designed to help protect data as it flows over the network. However, some of these protocols require specialized hardware, and none of them provide protection against common threats such as malware or data exfiltration.

Network security tools are essential for implementing common network security protocols (such as VPNs) and identifying and blocking malicious traffic from reaching an organization’s systems. Check Point has long been a leader in the network security space. Over thirty years of network security innovation has earned Check Point the title of Frost & Sullivan’s Firewall Company of the Year and a designation of a Leader in the 2022 Gartner® Magic Quadrant™ for Network Firewalls.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK