Cyber Security Network Transport

🚚 Cyber Security Network Transport (Layer 4) In-Depth

The Cyber Security Network Transport (Layer 4 of the OSI Model) is the heart of communication security because it controls ports, sessions, and data delivery.

👉 Most real-world hacking, scanning, and DDoS attacks target this layer.

 What is the Transport Layer?

The Transport Layer is responsible for:

  • End-to-end communication

  • Data segmentation & reassembly

  • Port numbers

  • Flow control

  • Error control

📌 In simple words:

Transport Layer decides how data is delivered safely and in order

 Key Responsibilities (Security View)

1️⃣ Port Addressing

Ports identify applications/services.

Port Service
80 HTTP
443 HTTPS
21 FTP
22 SSH
25 SMTP

📌 Hackers use port scanning to find vulnerable services.

2️⃣ Segmentation & Reassembly

  • Large data → split into segments

  • Segments sent separately

  • Reassembled at destination

⚠️ Attackers exploit segmentation to confuse firewalls.

3️⃣ Flow Control

Prevents sender from overwhelming receiver.

🛡 Prevents system crash & buffer overflow

4️⃣ Error Control

Ensures data arrives correctly using:

  • Acknowledgements (ACK)

  • Retransmission

 Transport Layer Protocols

🔵 TCP (Transmission Control Protocol)

  • Connection-oriented

  • Reliable

  • Slower but secure

✔ Used for: Web, Email, File transfer

🟠 UDP (User Datagram Protocol)

  • Connectionless

  • Faster

  • No guarantee of delivery

✔ Used for: Video calls, DNS, gaming

 TCP vs UDP (Cyber Security View)

Feature TCP UDP
Connection Yes No
Reliability High Low
Speed Slower Faster
Used In HTTPS, SSH DNS, VoIP
Attacks SYN Flood UDP Flood

 TCP Three-Way Handshake (Very Important)

1️⃣ SYN
2️⃣ SYN-ACK
3️⃣ ACK

📌 This process creates a session

⚠️ Attackers exploit this using SYN Flood attacks

🔴 Transport Layer Attacks (In-Depth)

1️⃣ Port Scanning

Finding open ports to identify services.

🛠 Example:

  • TCP Scan

  • UDP Scan

📌 First step of hacking

2️⃣ SYN Flood Attack

Attacker sends many SYN requests but never completes handshake.

🎯 Result:

  • Server resources exhausted

  • Legit users blocked

🛡 Defense:

  • SYN cookies

  • Rate limiting

  • Firewalls

3️⃣ UDP Flood Attack

Sending massive UDP packets.

🎯 Result:

  • Bandwidth exhaustion

🛡 Defense:

  • Traffic filtering

  • IDS/IPS

4️⃣ Session Hijacking

Taking over an active TCP session.

🎯 Used to:

  • Steal login sessions

  • Bypass authentication

🛡 Defense:

  • Encryption (TLS)

  • Secure session handling

5️⃣ Replay Attacks

Captured packets resent to gain access.

🛡 Defense:

  • Timestamps

  • Nonces

  • Encryption

 Transport Layer Firewalls

Filters traffic based on:

  • Port number

  • Protocol (TCP/UDP)

  • Connection state

📌 Faster than application firewalls but less intelligent

Transport Layer vs Network Layer (Quick View)

Network Layer Transport Layer
IP Address Port Number
Routing End-to-end delivery
Routers Firewalls
IP Spoofing Port Scanning

📌 Hackers move Layer 3 → Layer 4

Important Commands (Layer 4 Focus)

netstat -an # View open ports
ss -tuln # Linux port info
nmap -sT target # TCP scan
nmap -sU target # UDP scan

🎯 Why Transport Layer is CRITICAL in Cyber Security

✔ Controls applications
✔ Main target of DDoS
✔ Basis of scanning & exploitation
✔ Determines service exposure

📌 Open port = open risk

You may also like...