Common network protocols 常見的網路協定
In this section of the course, you learned about network protocols and how they organize communication over a network. This reading will discuss network protocols in more depth and review some basic protocols that you have learned previously. You will also learn new protocols and discuss some of the ways protocols are involved in network security.
在本課程的這一部分中,您學習了網路協定以及它們如何組織網路上的通信。這篇閱讀材料將更深入地討論網路協定,並回顧您之前學過的一些基本協定。您還將學習新的協定,並討論協定在網路安全中涉及的一些方式。
Overview of network protocols
網路協定概述
A network protocol is a set of rules used by two or more devices on a network to describe the order of delivery and the structure of data. Network protocols serve as instructions that come with the information in the data packet. These instructions tell the receiving device what to do with the data. Protocols are like a common language that allows devices all across the world to communicate with and understand each other.
網路協定是一組由網路上兩個或多個設備使用的規則,用來描述資料的傳遞順序和結構。網路協定作為數據包中信息附帶的指令,這些指令告訴接收設備如何處理數據。協定就像是一種通用語言,使全球各地的設備能夠相互通信和理解。
Even though network protocols perform an essential function in network communication, security analysts should still understand their associated security implications. Some protocols have vulnerabilities that malicious actors exploit. For example, a nefarious actor could use the Domain Name System (DNS) protocol, which resolves web addresses to IP addresses, to divert traffic from a legitimate website to a malicious website containing malware. You’ll learn more about this topic in upcoming course materials.
即使網路協定在網路通信中執行著重要的功能,安全分析師仍然應該了解其相關的安全影響。有些協定存在漏洞,可能被惡意行為者利用。例如,惡意行為者可能利用域名系統(DNS)協定,該協定將網頁地址解析為 IP 地址,來將流量從合法網站轉向包含惡意軟體的惡意網站。您將在即將到來的課程材料中學到更多關於這個主題的內容。
Three categories of network protocols
三類網路協定
Network protocols can be divided into three main categories: communication protocols, management protocols, and security protocols. There are dozens of different network protocols, but you don’t need to memorize all of them for an entry-level security analyst role. However, it’s important for you to know the ones listed in this reading.
網路協定可以分為三個主要類別:通信協定、管理協定和安全協定。雖然有數十種不同的網路協定,但對於入門級安全分析師來說,您不需要記住所有的協定。然而,了解本閱讀材料中列出的協定是很重要的。
Communication protocols 通信協定
Communication protocols govern the exchange of information in network transmission. They dictate how the data is transmitted between devices and the timing of the communication. They also include methods to recover data lost in transit. Here are a few of them.
通訊協定管理網路傳輸中的信息交換。它們規範了數據在設備之間的傳輸方式以及通訊的時間安排。它們還包括恢復在傳輸過程中丟失數據的方法。以下是其中的一些協定。
Transmission Control Protocol (TCP) is an internet communication protocol that allows two devices to form a connection and stream data. TCP uses a three-way handshake process. First, the device sends a synchronize (SYN) request to a server. Then the server responds with a SYN/ACK packet to acknowledge receipt of the device's request. Once the server receives the final ACK packet from the device, a TCP connection is established. In the TCP/IP model, TCP occurs at the transport layer.
傳輸控制協定(TCP)是一種網際網路通訊協定,允許兩個設備建立連接並進行數據流傳輸。TCP 使用三次握手過程。首先,設備向伺服器發送同步(SYN)請求。然後,伺服器回應一個 SYN/ACK 封包以確認收到設備的請求。一旦伺服器收到來自設備的最終 ACK 封包,TCP 連接便建立。在 TCP/IP 模型中,TCP 發生在傳輸層。User Datagram Protocol (UDP) is a connectionless protocol that does not establish a connection between devices before a transmission. This makes it less reliable than TCP. But it also means that it works well for transmissions that need to get to their destination quickly. For example, one use of UDP is for sending DNS requests to local DNS servers. In the TCP/IP model, UDP occurs at the transport layer.
使用者資料包協定(UDP)是一種無連接協定,在傳輸之前不會在設備之間建立連接。這使得它比 TCP 不那麼可靠。但這也意味著它非常適合需要快速到達目的地的傳輸。例如,UDP 的一個用途是向本地 DNS 伺服器發送 DNS 請求。在 TCP/IP 模型中,UDP 位於傳輸層。Hypertext Transfer Protocol (HTTP) is an application layer protocol that provides a method of communication between clients and website servers. HTTP uses port 80. HTTP is considered insecure, so it is being replaced on most websites by a secure version, called HTTPS that uses encryption from SSL/TLS for communication. However, there are still many websites that use the insecure HTTP protocol. In the TCP/IP model, HTTP occurs at the application layer.
超文本傳輸協定(HTTP)是一種應用層協定,提供客戶端與網站伺服器之間的通信方法。HTTP 使用端口 80。HTTP 被認為是不安全的,因此在大多數網站上被一種稱為 HTTPS 的安全版本所取代,該版本使用 SSL/TLS 的加密進行通信。然而,仍然有許多網站使用不安全的 HTTP 協定。在 TCP/IP 模型中,HTTP 位於應用層。Domain Name System (DNS) is a protocol that translates internet domain names into IP addresses. When a client computer wishes to access a website domain using their internet browser, a query is sent to a dedicated DNS server. The DNS server then looks up the IP address that corresponds to the website domain. DNS normally uses UDP on port 53. However, if the DNS reply to a request is large, it will switch to using the TCP protocol. In the TCP/IP model, DNS occurs at the application layer.
網域名稱系統(DNS)是一種將網際網路域名轉換為 IP 地址的協議。當客戶端電腦希望使用其網路瀏覽器訪問一個網站域名時,會向專用的 DNS 伺服器發送查詢。然後,DNS 伺服器查找與該網站域名對應的 IP 地址。DNS 通常使用 UDP 在端口 53 上運行。然而,如果 DNS 對請求的回應較大,則會切換為使用 TCP 協議。在 TCP/IP 模型中,DNS 發生在應用層。
Management Protocols 管理協議
The next category of network protocols is management protocols. Management protocols are used for monitoring and managing activity on a network. They include protocols for error reporting and optimizing performance on the network.
下一類網路協議是管理協議。管理協議用於監控和管理網路上的活動。它們包括用於錯誤報告和優化網路性能的協議。
Simple Network Management Protocol (SNMP) is a network protocol used for monitoring and managing devices on a network. SNMP can reset a password on a network device or change its baseline configuration. It can also send requests to network devices for a report on how much of the network’s bandwidth is being used up. In the TCP/IP model, SNMP occurs at the application layer.
簡單網路管理協議(SNMP)是一種用於監控和管理網路設備的網路協議。SNMP 可以重置網路設備上的密碼或更改其基線配置。它還可以向網路設備發送請求,以獲取網路帶寬使用情況的報告。在 TCP/IP 模型中,SNMP 發生在應用層。Internet Control Message Protocol (ICMP) is an internet protocol used by devices to tell each other about data transmission errors across the network. ICMP is used by a receiving device to send a report to the sending device about the data transmission. ICMP is commonly used as a quick way to troubleshoot network connectivity and latency by issuing the “ping” command on a Linux operating system. In the TCP/IP model, ICMP occurs at the internet layer.
網際網路控制訊息協定(ICMP)是一種網際網路協定,設備用來告知彼此在網路上數據傳輸錯誤。ICMP 由接收設備用來向發送設備發送有關數據傳輸的報告。ICMP 通常用作快速排除網路連接和延遲問題的方法,通過在 Linux 操作系統上發出“ping”命令。在 TCP/IP 模型中,ICMP 發生在網際層。
Security Protocols 安全協定
Security protocols are network protocols that ensure that data is sent and received securely across a network. Security protocols use encryption algorithms to protect data in transit. Below are some common security protocols.
安全協議是確保數據在網路上安全傳輸和接收的網路協議。安全協議使用加密算法來保護傳輸中的數據。以下是一些常見的安全協議。
Hypertext Transfer Protocol Secure (HTTPS) is a network protocol that provides a secure method of communication between clients and website servers. HTTPS is a secure version of HTTP that uses secure sockets layer/transport layer security (SSL/TLS) encryption on all transmissions so that malicious actors cannot read the information contained. HTTPS uses port 443. In the TCP/IP model, HTTPS occurs at the application layer.
超文本傳輸安全協議(HTTPS)是一種提供客戶端與網站伺服器之間安全通信的方法的網路協議。HTTPS 是 HTTP 的安全版本,使用安全套接層/傳輸層安全性(SSL/TLS)加密所有傳輸,以防止惡意行為者讀取其中的信息。HTTPS 使用端口 443。在 TCP/IP 模型中,HTTPS 發生在應用層。Secure File Transfer Protocol (SFTP) is a secure protocol used to transfer files from one device to another over a network. SFTP uses secure shell (SSH), typically through TCP port 22. SSH uses Advanced Encryption Standard (AES) and other types of encryption to ensure that unintended recipients cannot intercept the transmissions. In the TCP/IP model, SFTP occurs at the application layer. SFTP is used often with cloud storage. Every time a user uploads or downloads a file from cloud storage, the file is transferred using the SFTP protocol.
安全檔案傳輸協議(SFTP)是一種用於在網路上將檔案從一個設備傳輸到另一個設備的安全協議。SFTP 使用安全殼層(SSH),通常通過 TCP 端口 22。SSH 使用高級加密標準(AES)和其他類型的加密來確保未經授權的接收者無法攔截傳輸。在 TCP/IP 模型中,SFTP 發生在應用層。SFTP 經常用於雲端存儲。每當用戶從雲端存儲上傳或下載檔案時,檔案都是使用 SFTP 協議傳輸的。
Note: The encryption protocols mentioned do not conceal the source or destination IP address of network traffic. This means a malicious actor can still learn some basic information about the network traffic if they intercept it.
注意:所提到的加密協議並不隱藏網路流量的來源或目的地 IP 地址。這意味著如果惡意行為者攔截了流量,他們仍然可以獲得一些關於網路流量的基本資訊。
Key takeaways 關鍵要點
The protocols you learned about in this reading are basic networking protocols that entry-level cybersecurity analysts should know. Understanding how protocols function on a network is essential. Cybersecurity analysts can leverage their knowledge of protocols to successfully mitigate vulnerabilities on a network and potentially prevent future attacks.
您在這篇文章中學習到的協定是入門級網路安全分析師應該了解的基本網路協定。了解協定在網路上的運作方式是至關重要的。網路安全分析師可以利用他們對協定的知識來成功減輕網路上的漏洞,並有可能防止未來的攻擊。