This is the third day of my participation in Gwen Challenge

OSI divides networks into seven layers: application layer, presentation layer, session layer, transport layer, network layer, link layer, and physical layer. (Open Systems Internet Reference model, so just a reference, actually using TCP/IP)

TCP/IP divides the network into five layers: application layer, transport layer, network layer, link layer, and physical layer. (Key words)

Why layering?

To simplify network complexity, software modification or replacement at one layer does not affect other layers as long as the interfaces between layers remain unchanged.

  • Application layer: Applications communicate with each other using protocols such as HTTP.
  • Transport layer: TCP three-way handshake.
  • Network layer: The DNS server resolves domain names into IP addresses.
  • Link layer: for example, different interfaces (LAN, WAN, WLAN, VLAN) in the wireless router are used.
  • Physical layer: physical media such as optical fiber and wire should be used in real life.

LAN, WAN, WLAN, VLAN

  • LAN: Local Area Network (LAN)
  • WAN: Wide Area Network (WAN)
  • WLAN: Wireless LAN
  • VLAN: Virtual Local Area Network

Broadband router is actually an integrated structure of routing + switch. We can regard the broadband router as an integrated machine of two devices. The WAN port connects to an external IP address and forwards IP packets from the LAN interface. A LAN interface connects to an internal IP address. A LAN is a switch. We can use the router as a common switch without connecting to the WAN port. WIFI is a protocol that implements WLAN (actually a handshake protocol).

The domain name

  • Jd.com (top-level domain)
  • www.jd.com m.jd.com study.jd.com(secondary domain name)
  • E.m.jd.com (Level 3 domain)

With the increase of website service type, different secondary or tertiary domain name corresponding to different business, assigned to multiple servers, so no longer need to use WWW to mark the home page, but will still do DNS resolution WWW, because users used to enter WWW to access the site home page

One domain name corresponds to one IP address, and one IP address can correspond to multiple domain names

The DNS server

  • Local domain name DNS server: three major operators (China Telecom, China Unicom and China Mobile)
  • Root DNS server :(us, UK, Sweden, Japan)
  • Top-level domain name DNS server: all.com,.net…… Suffix does domain name resolution server

HTTP Request Process

  1. Enter www.baidu.com/
  2. The server communicates with the client without recognizing the domain name. Therefore, the domain name must be resolved into an IP address
  3. First check whether the browser has the DNS cache of the domain name (cache a small part of the corresponding table of domain name IP), if there is cache, directly get the domain name IP address
  4. If the browser has no cache, it will go to the local hosts file to see if it has configured an IP address for the domain name
  5. If the local hosts file is not configured, a DNS request is sent to obtain the IP address of the domain name
  6. The application layer (DNS request) = > transport layer (UDP) = > network layer (IP) = > link layer (WLAN) = > physical layer (optical, electrical, etc.)
  7. Reach the next physical medium, physical layer (router)=> Link layer (WLAN)=> Network layer (IP)
  8. Reach the next physical medium, physical layer (local domain name DNS server (telecom, Unicom, mobile))=>… The network layer (IP)
  9. Reach the next physical medium, physical layer (root domain DNS server (US, UK, Sweden, Japan))=>… The network layer (IP)
  10. Reach the next physical medium, physical layer (.com top-level domain name DNS server)=>… The network layer (IP)
  11. Reach the next physical medium, physical layer (baidu.com domain DNS server)=>… The network layer (IP)
  12. Get the IP and go back the same way
  13. Make an HTTP request based on the IP
  14. Application layer (HTTP request)=> Transport layer (TCP, three-way handshake, and TLS handshake for HTTPS)=> Network layer (IP protocol)=> Link layer (WLAN)=> Physical layer (optical fiber and cable)
  15. Reach the next physical medium, physical layer (router)=> Link layer (WLAN)=> Network layer (IP)
  16. Reach the next physical medium, physical layer (local carrier server (Telecom, Unicom, mobile))=>… The network layer (IP)
  17. Reach the next physical medium, physical layer (request IP server)=>… The network layer (IP)
  18. Get the data and backtrack

TCP, IP, HTTP, UDP

  • IP: Internet Protocol Address

  • TCP: Transmission Control Protocol

    TCP is connection-oriented, and the two parties receiving data must establish a reliable connection (three-way handshake), but this three-way handshake mechanism can be easily exploited (DOS, DDOS attacks).

    TCP relies on IP, so the TCP/IP protocol group provides point-to-point connection

  • HTTP: HyperText Transfer Protocol

  • HTTPS: HyperText Transfer Protocol Secure

  • UDP: UDP, User Datagram Protocol

How does Https ensure data security

  • First, since the data can be easily modified during transmission, the client and server can encrypt the data using symmetric encryption algorithms that only the client (public key) and server (key) know, so as long as the secret key is not disclosed, the data can not be modified.

  • This will lead to a problem, everyone can get a symmetric encryption algorithm public key, and then hijack the message, so the client and the server can negotiate the encryption process, and the negotiation encryption process how to ensure security?

  • Negotiation encryption adopts asymmetric encryption algorithm to negotiate symmetric encryption algorithm.

    The asymmetric encryption algorithm has the following features: The ciphertext encrypted with the private key can be decrypted as long as the public key is used. However, only the private key can decrypt the ciphertext encrypted with the public key. A private key is available to only one person, while a public key is available to all.

  • Now that the negotiation process problem is solved, how can we ensure the security of public key transmission?

  • A digital certificate issued by a third-party organization is used to encrypt the public key delivered by the server to the third-party organization, and then the public key is decrypted by the client.

  • However, it is impossible for a third-party organization to make a certificate for only one company. All certificates with certificates can be decrypted using the public key of a third-party organization. Therefore, digital signature is required to solve the problem of tampering with different certificates issued by the same organization

First of all, the use of asymmetric encryption to negotiate the secret key, client using the public key to encrypt (third party digital certificate), with the private key to decrypt, exchange of the session key generated by the random number, then the private key encryption, public key to decrypt the digital signature, the follow-up only to the session the secret key to symmetric encryption and digital signature data exchange.