ssl in presentation layer

The Cisco Learning Network

Muyengu asked a question.

Imagine that you are accessing a secure web page, you immediately notice that you are using HTTPS (HTTP is an application layer protocol) ( which uses TCP port 443 at the transport layer). But, if i am not mistaken, HTTPS runs over a Secure Sockets Layer or Transport Layer Security (SSL or TSL) tunnel, now regarding these two (SSL and TLS) i am not quite sure at which layer of the OSI model they run on.

Help me understand please.

Thanks in advance.

CCNA Certification Community

It's sometimes not easy for parts of networkprotocols above layer4, to tell to which networklayer something belongs. In this case, it is surely layer5 or above, because it runs on top of tcp, which itself is layer4. The reason for the fact, that it is not always easy to say, to which networklayer something belongs, is that the OSI model is just a model, which does not always match the real world very well ...

raymondcoward

Ill second that Juergen.

The OSI model is not an exact science, its a guideline.

OSI: Securing the Stack, Layer 6 -- Encryption

Based on the operations that each level of the OSI model perform

then it would seem that TLS & SSL belong to the level that encrypts the application level data.

This level is the Presentation layer or level 6

In the concepts of the OSI Seven Layer Model ..., SSL

sits between the Application layer and the Transport layer, traditionally seen as part of the Presentation layer."

Secure Sockets Layer (SSL) | Understanding Application Layer Protocols | InformIT

SSL/TLS do not only encryption, but also establish a n (encrypted) communication session. So isn't it also possible to see SSL/TLS as part of session layer (layer5 of the OSI model)? It is relatively easy to tell what networklayer something is for layer1 to layer4, but above layer4 it is (in my eyes) not always so easy and unique ... And i hate it to answer questions, where the answer is not always unique ...

Hello,folks! How are you doing

I have found some references for our discussion, see bellow

Source BEAST attack on SSL/TLS explained

It seems the presentation layer of ISO/OSI suites better for TLS/SSL functions.

Source BEAST attack on SSL/TLS explained

But as i can understand, it is best suited in Layers 5 and 6 of the ISO/OSI model. As of TCP/IP it is application layer.

Cheers!

Since you have provided a link stating, that SSL/TLS is layer6, i will present a link saying, that it is layer5: https://security.stackexchange.com/questions/19681/where-does-ssl-encryption-take-place

lol, this is why defining technologies in layers is difficult. You will find some saying its one layer and others saying its another.

Btw.: i found also ther links stating, that SSL/TLS is layer5 (session layer) and wikipedia (which is one of the sites stating that SSL/TLS is presentation layer) is wrong:

tls - How valid is this statement "SSL sit between application layer and network layer" - Information Security Stack Exc…

https://www.answers.com/Q/What_layer_of_OSI_model_does_SSL_operate

Indeed very murky this book states tha t "you implement SSL at the transport Layer"

this one says Presentation and Session Layer ie 5 & 6

Reference Chart: OSI Model and TCP/IP Model – Cisco Path

Bojan Landekic

It doesn't matter what one book says, what matters is how things are.

At layer 4, information is exchanged via segments. TCP/IP creates segments for transport, this is why it is called the transport layer. SSL doesn't create segments, it doesn't deal with acknowledgements, nor does it deal with IP numbering. SSL needs something beneath it to have accomplished this task already, namely layer 4, therefore it is on a higher layer. A book can claim whatever the author wants it to claim, but it doesn't change reality. Furthermore, as SSL provides several services, it is a group of functions all under one name. It provides data between hosts, therefore it is layer 5. But it also encrypts, therefore the encryption mechanism is layer 6. SSL doesn't sit on a layer because it is an umbrella of technologies I think, however I am not an SSL expert. To know which aspects of SSL are on what layer you'd need to study SSL intricately. The real question is what do you answer on the exam if Cisco asks? Most people associate SSL with encryption of data, and that is layer 6. I would answer layer 6.

Hi sir, Thanks for your contribution.

But the link you shared sates that SIP is an application layer protocol. Well, i used to think it belonged to Session Layer. Now i need some explanation on it as well, if you dont mind.

Thanks in advance,

Ha good question my friend Wassamba

"SIP is an OSI Model Layer 5-Session protocol because it .. is used to establish a “communications session or connection” such as a telephone call" What is SIP Trunking Really? How Does SIP Operate?

However our good friends at wiki state "SIP is an application layer protocol designed to be independent of the underlying transport layer . It is a text-based protocol, incorporating many elements of the Hypertext Transfer Protocol (HTTP) and the Simple Mail Transfer Protocol (SMTP). [1] "

Session Initiation Protocol - Wikipedia, the free encyclopedia

So for exam purposes it would be the case of accepting whatever Cisco states but for real life it is a Juergen and other write more complicated because of the nature of what SIP and SSL do.

here is a definition from Internetworking Basics

The application

Note how it states interact directly in this case users do not directly interact with SIP so the case is made for it to not be in the Layer 7 OSI

I would also say "maybe layer5" (because of its name: SIP stands for "Session Initiation Protocol" ). In reality, it may be a controverse subject, to which layer it belongs to. It's just as i wrote in my first answer: "which network layer" can be answered relatively easy for network layers 1 to 4, but in most cases it is very difficult to give an answer for layers above layer4. I like TCP/IP network layers more than OSI network layers, because in the TCP/IP model, you don't have to bother with "what layer above layer 4 is it?" ...

since TLS is transport layer security why its not considered Layer4 protocol?

also for SSH since its work with 443 TCP why its not considered Layer4 protocol?

It does not do "addressing", it uses an already established connection to create an (encrypted) session on top of TCP.

On this website (i mentioned it before in this thread), there is a comment, which (maybe) answers your question:

tls - Where does SSL encryption take place? - Information Security Stack Exchange

While all network models are imperfect, this question can only be answered by looking at what SSL (TLS really) does. (1) On top of a reliable network stream (TCP at OSI layer 4) it provides an encrypted bidirectional stream and (almost always) guarantees the identity of the server and (optionally) the client. The authenticating client can be a process, user or some other entity which can properly answer the required authentication challenges.

TLS means Transport Layer Security. However since it does implement session identity, integrity, start up, tear down and management it very much belongs in the session layer. The Wikipedia page states that this belongs to the OSI presentation layer. This is probably wrong. The presentation layer is more concerned with marshalling data into non-network-dependent formats and interpreting it on the host side through the appropriate application.

At-rest encryption (say in a database field or email message) might be a candidate for the presentation layer, but I would suggest that it's closer to a form of OS or application security.

So in reality TLS is mostly session-layer as it provides point-to-point session security for the transport (TCP). In other ways it provides authentication functions which are clearly application layer (OS, utility or user app).

So it's a lot of layer 5 and a little of layer 7.

Thank you very much guys but since i am preparing for my exam which is on the 18th of August, just tell me what is the Cisco answer to this?

Daniel Larsson

There is no "cisco" answer to this question.

HTTP - uses Layer 7.

SSL/TLS - uses Layer 5 & 6

TCP - uses Layer 4

IP - uses Layer 3

Ethernet+other technologies - uses Layer 2

Physical medium - uses Layer 1

Those are the required layers for this to work in a bi-directional stream.

If you would get a question specifically about SSL/TLC you should probably look at any option specifying that it uses TCP as the underlying transport-protocol. I would not worry too much about Cisco asking questions that they know have no specific answer like this.

They will ask tricky questions and use the some words to confuse you, but they will not ask a question without a specific answer.

For what it's worth - this question would not have proper answer, since the OSI-model was not invented or designed to support protocols that operate in multiple layers. It was just designed and engineered to help multiple vendors categorize their networking devices so that everybody in the industry would know if they would be compatible with each other or not. So if Vendor A claims that they sell a Layer 4 device, then vendor B can also say that our product uses Layer 4 information so it would be able to interoperate with Vendor A.

It was not designed to say that "ip operates at Layer 3". It was designed to say that if you claim to support Layer 3 protocols (such as IP) you must also support layer 1 and layer 2 protocols. So that if Vendor A sells routers and Vendor B sell switches, you should be able to connect these two together. And since Vendor A is considered a L3 device, while Vendor B is considered a L2 device - they should work together since Vendor A also supports L2-protocols.

Of course this also meant that we had to try and categorize which layers certain protocols would mainly operate within, but the purpose of the OSI-model was not to classify where protocols operate!

And as such, HTTPS would use multiple layers and would not have a single best answer!

I think you are threading into deep water here because in general depending on how you look at things, you will get different answers to a question like that.

My personal oppinion is that if we really must be able to match a specific protocol to a specific layer in the OSI-model (it's just a model, nothing is written in stone) then we need to consider at which layer the forwarding decision is made. Wherever that decision is made, that's the layer it will be operating within.

The problem with your question then becomes - how to identify where the forwarding decision is made?

Well, there's just a lot to consider when using multiple protocols and tunnel them over a transport-protocol.

This is just one of those examples which will help you realize that the OSI-model is just a model and is actually....pretty bad when it comes to placing real production networks in any specific layer. It just doesn't work that way.

In this specific example about TLS/SSL here are some points to consider:

-SSL/TLS could arguably belong to Layer 4 (transport layer) because it sets up a session and sends data bidirectional by using an underlying transport protocol.
-These session messages would have to contain some handshaking stuff that is required for the session to be setup. This could arguably make SSL/TLS belong to Layer 5 (session layer).
-SSL/TLS can arguably be called a Transport protocol for the "application data" that the webbrowser is trying to display to the end-user. This puts it at around Layer 6-7 depending on how you want to argue for "presentation" vs "application" layer.

As you can see, we have a lot of information to consider here that would place it at anything between Layer 4 and 7.

If i would have to pick one layer to place this in (and i think it's wrong to place it in a single layer), i would pick Layer 5.

Because that's where the forwarding decision is made.

To break it down ( Juergen correct me if im wrong ) :

-Layer 5 would be where the session handshake starts and is negotiated.
-Layer 6 would be where the encrypted tunnel is completed after a success full negotiation at Layer 5.
-HTTPS (L7) would use SSL. (L5&6)
-SSL would use TCP. (L4)

But without a successfull negotiation and handshake at the Session layer, there would be no encryption and the tunnel would never be setup.

It all ties together and depends on a successfull L5 handshake.

That's why i would place it at L5 if i would have to pick a single layer, but it's actually using both Session and Presentation layer (TLS/SSL).

It runs on top of TCP.

So when HTTPs is using TSL/SSL we would need layers 4-7 to actually be getting anything out of HTTPS.

Hi Wassamba

i feel your pain

here is an extract from our beloved Cisco that should put your mind at rest about the exam

Foundation Topics > The TCP/IP and OSI Networking Models

Protocols and Specifications

Application, presentation, session (Layers 5–7)

Telnet, HTTP, FTP, SMTP, POP3, VoIP, SNMP

Firewall, intrusion detection systems, hosts

Transport (Layer 4)

Hosts, firewalls

Network (Layer 3)

Data link (Layer 2)

Ethernet (IEEE 802.3), HDLC, Frame Relay, PPP

LAN switch, wireless access point, cable modem, DSL modem

Physical (Layer 1)

RJ-45, EIA/TIA-232, V.35, Ethernet (IEEE 802.3)

LAN hub, LAN repeater, cables

Besides remembering the basics of the features of each OSI layer (as in Table 2-4), and some example protocols and devices at each layer (as in Table 2-5), you should also memorize the names of the layers. You can simply memorize them, but some people like to use a mnemonic phrase to make memorization easier. In the following three phrases, the first letter of each word is the same as the first letter of an OSI layer name, in the order specified in parentheses:

All People Seem To Need Data Processing (Layers 7 to 1)
Please Do Not Take Sausage Pizzas Away (Layers 1 to 7)
Pew! Dead Ninja Turtles Smell Particularly Awful (Layers 1 to 7)

If i get such an answer (and i would not be sure which layer), i would try to eliminate the answers, that are most unsuitable and continue that process until only one answer remains. With multiple choice questions, that is often possible and in my opinion a good strategy for exams.

Or to say it with the words of sherlock holmes:

[quote from "The Adventure of the Bery Coronet" according to wikipedia]

It is an old maxim of mine that when you have excluded the impossible, whatever remains, however improbable, must be the truth.

AustineNwankwo44555

The 7 layered OSI model will not answer this rather, The 4 layered TCP/IP Stack model . After the Transport layer, all the applications, and their encryption protocols are all mushed up.

The T ransport L ayer S ecurity protocol. is in the transport Layer.

Introduction

OSI Security Architecture
Active and Passive attacks in Information Security
Types of Security Mechanism
A Model for Network Security

Cyber Technology

Basics of Wi-Fi
The Internet and the Web
What is a Website ?
Cryptography and Network Security Principles
Public Key Infrastructure
What is Electronic Signature?
Identity and Access Management
Cloud Computing

Cyber Ethics

Intellectual Property Rights
Fundamental Rights (Articles 12-35): A Comprehensive Guide
Introduction to Ethical Hacking
What is a Scam?

Cyber Crimes

Psychological Profiling in Cybersecurity
Social Engineering - The Art of Virtual Exploitation
Cyber Stalking
How to Defend Against Botnets ?
Emerging Attack Vectors in Cyber Security
Malware and its types
What is Phishing?
Cyber Crime - Identity Theft
What is Cyber Terrorism?
What is Proxy Server?

Cyber Crime Techniques

Worms, Viruses and beyond !!
Trojan Horse in Information Security

Keyloggers and Spyware

Types of SQL Injection (SQLi)
Buffer Overflow Attack with Example
Reverse Engineering - Software Engineering
Difference Between Vulnerability and Exploit
Basic Network Attacks in Computer Network
Kali Linux - Hacking Wi-Fi
Web Server and its Types of Attacks
Types of VoIP Hacking and Countermeasures
How to Spoof SMS Message in Linux ?
Difference between Backup and Recovery
Manual Code Review : Security Assessment
Penetration Testing - Software Engineering

Prevention and Protection

What is Vulnerability Assessment?
Secure coding - What is it all about?
Chain of Custody - Digital Forensics
Digital Forensics in Information Security
Introduction of Computer Forensics
What is Network Forensics?

Cyber Forensics

Cybercrime Causes And Measures To Prevent It
Digital Evidence Collection in Cybersecurity
Digital Evidence Preservation - Digital Forensics
Computer Forensic Report Format
How to Stop Phishing

Cyber Crime Investigation

Intellectual Property in Cyberspace
Cyber Security Policy
History of Cyber Security
What is Internet? Definition, Uses, Working, Advantages and Disadvantages
Cyber Security Metrics
What is Cybersecurity Framework?
Cyber Security, Types and Importance

Cyber security Evolution

Substitution Cipher
Difference between Substitution Cipher Technique and Transposition Cipher Technique
Difference between Block Cipher and Transposition Cipher

Cyber security Objectives

Data encryption standard (DES) | Set 1
Strength of Data encryption standard (DES)
Differential and Linear Cryptanalysis

Classical Encryption Techniques

Difference between AES and DES ciphers
Advanced Encryption Standard (AES)

Block Ciphers and the Data Encryption Standard

Implementation of RC4 algorithm
Introduction to Chinese Remainder Theorem
Discrete logarithm (Find an integer k such that a^k is congruent modulo b)
Public Key Encryption

Advanced Encryption Standard

Key Management in Cryptography
Implementation of Diffie-Hellman Algorithm

Moreon Symmetric Ciphers

Message Authentication Requirements
How message authentication code works?
Hash Functions in System Security

Introduction to Number Theory

Whirlpool Hash Function in Python
HMAC Algorithm in Computer Network

Public-Key Cryptography and RSA

Types of Authentication Protocols
Digital Signature Standard (DSS)

Key Management:OtherPublic-Key Cryptosystems

X.509 Authentication Service
PGP - Authentication and Confidentiality

Message Authentication and Hash Functions

IP security (IPSec)
IPSec Architecture
Internet Protocol Authentication Header

Hashand MAC Algorithms

Web Security Considerations

Secure Socket Layer (SSL)

Transport Layer Security (TLS)

Digital Signatures and Authentication Protocols

Intruders in Network Security
Password Management in Cyber Security

Authentication Applications

Electronic mail security, ip security, web security, malicious software.

Secure Socket Layer (SSL) provides security to the data that is transferred between web browser and server. SSL encrypts the link between a web server and a browser which ensures that all data passed between them remain private and free from attack.

Secure Socket Layer Protocols:

SSL record protocol
Handshake protocol
Change-cipher spec protocol
Alert protocol

SSL Protocol Stack:

SSL Record Protocol:

SSL Record provides two services to SSL connection.

Confidentiality
Message Integrity

In the SSL Record Protocol application data is divided into fragments. The fragment is compressed and then encrypted MAC (Message Authentication Code) generated by algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is appended. After that encryption of the data is done and in last SSL header is appended to the data.

Handshake Protocol:

Handshake Protocol is used to establish sessions. This protocol allows the client and server to authenticate each other by sending a series of messages to each other. Handshake protocol uses four phases to complete its cycle.

Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this IP session, cipher suite and protocol version are exchanged for security purposes.
Phase-2: Server sends his certificate and Server-key-exchange. The server end phase-2 by sending the Server-hello-end packet.
Phase-3: In this phase, Client replies to the server by sending his certificate and Client-exchange-key.
Phase-4: In Phase-4 Change-cipher suite occurs and after this the Handshake Protocol ends.

SSL Handshake Protocol Phases diagrammatic representation

Change-cipher Protocol:

This protocol uses the SSL record protocol. Unless Handshake Protocol is completed, the SSL record Output will be in a pending state. After the handshake protocol, the Pending state is converted into the current state. Change-cipher protocol consists of a single message which is 1 byte in length and can have only one value. This protocol’s purpose is to cause the pending state to be copied into the current state.

Alert Protocol:

This protocol is used to convey SSL-related alerts to the peer entity. Each message in this protocol contains 2 bytes.

The level is further classified into two parts:

Warning (level = 1): This Alert has no impact on the connection between sender and receiver. Some of them are:

Bad certificate: When the received certificate is corrupt. No certificate: When an appropriate certificate is not available. Certificate expired: When a certificate has expired. Certificate unknown: When some other unspecified issue arose in processing the certificate, rendering it unacceptable. Close notify : It notifies that the sender will no longer send any messages in the connection.

Unsupported certificate: The type of certificate received is not supported.

Certificate revoked: The certificate received is in revocation list.

Fatal Error (level = 2):

This Alert breaks the connection between sender and receiver. The connection will be stopped, cannot be resumed but can be restarted. Some of them are :

Handshake failure: When the sender is unable to negotiate an acceptable set of security parameters given the options available. Decompression failure : When the decompression function receives improper input. Illegal parameters: When a field is out of range or inconsistent with other fields. Bad record MAC: When an incorrect MAC was received. Unexpected message: When an inappropriate message is received.

The second byte in the Alert protocol describes the error.

Salient Features of Secure Socket Layer:

The advantage of this approach is that the service can be tailored to the specific needs of the given application.
Secure Socket Layer was originated by Netscape.
SSL is designed to make use of TCP to provide reliable end-to-end secure service.
This is a two-layered protocol.

SSL 1 – Never released due to high insecurity. SSL 2 – Released in 1995. SSL 3 – Released in 1996. TLS 1.0 – Released in 1999. TLS 1.1 – Released in 2006. TLS 1.2 – Released in 2008. TLS 1.3 – Released in 2018.

SSL (Secure Sockets Layer) certificate is a digital certificate used to secure and verify the identity of a website or an online service. The certificate is issued by a trusted third-party called a Certificate Authority (CA), who verifies the identity of the website or service before issuing the certificate.

The SSL certificate has several important characteristics that make it a reliable solution for securing online transactions:

Encryption : The SSL certificate uses encryption algorithms to secure the communication between the website or service and its users. This ensures that the sensitive information, such as login credentials and credit card information, is protected from being intercepted and read by unauthorized parties.
Authentication : The SSL certificate verifies the identity of the website or service, ensuring that users are communicating with the intended party and not with an impostor. This provides assurance to users that their information is being transmitted to a trusted entity.
Integrity : The SSL certificate uses message authentication codes (MACs) to detect any tampering with the data during transmission. This ensures that the data being transmitted is not modified in any way, preserving its integrity.
Non-repudiation : SSL certificates provide non-repudiation of data, meaning that the recipient of the data cannot deny having received it. This is important in situations where the authenticity of the information needs to be established, such as in e-commerce transactions.
Public-key cryptography: SSL certificates use public-key cryptography for secure key exchange between the client and server. This allows the client and server to securely exchange encryption keys, ensuring that the encrypted information can only be decrypted by the intended recipient.
Session management : SSL certificates allow for the management of secure sessions, allowing for the resumption of secure sessions after interruption. This helps to reduce the overhead of establishing a new secure connection each time a user accesses a website or service.
Certificates issued by trusted CAs : SSL certificates are issued by trusted CAs, who are responsible for verifying the identity of the website or service before issuing the certificate. This provides a high level of trust and assurance to users that the website or service they are communicating with is authentic and trustworthy.

In addition to these key characteristics, SSL certificates also come in various levels of validation , including Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV). The level of validation determines the amount of information that is verified by the CA before issuing the certificate, with EV certificates providing the highest level of assurance and trust to users.For more information about SSL certificates for each Validation level type, please refer to Namecheap .

Overall, the SSL certificate is an important component of online security, providing encryption, authentication, integrity, non-repudiation, and other key features that ensure the secure and reliable transmission of sensitive information over the internet.

Refer to the difference between Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Please Login to comment...

Node.js 21 is here: What’s new
Zoom: World’s Most Innovative Companies of 2024
10 Best Skillshare Alternatives in 2024
10 Best Task Management Apps for Android in 2024
30 OOPs Interview Questions and Answers (2024)

Improve your Coding Skills with Practice

What kind of Experience do you want to share?

The OSI Model and You Part 6: Stopping Threats at the OSI Presentation Layer

Our travels through the OSI seven layers of networking have shown that each layer has specific weaknesses and angles of attack. In turn, each has its best defenses. Now, we’ve come to the OSI presentation layer. Here translation, encryption and compression all happen.

What Is the Presentation Layer?

The simplest way to describe the OSI presentation layer is as follows: it is where machine-readable code gets processed into something the end user can use later in the application layer. This layer is where formatting, conversion and encryption happen. Without it, unless you’re a developer, you likely won’t know what you’re looking at.

Attacks and Threats

If you are using an HTTPS website, encryption would happen at the presentation layer. That means getting your encryption right matters here. Therefore threat actors look for exploits in encryption flaws within the OSI presentation layer. One of the most common tactics is SSL hijacking or sniffing.

Like we said in previous entries, man-in-the-middle (MitM) attacks are one of the go-to moves for threat actors. In conjunction with malware, SSL hijacking can be damaging at the OSI presentation layer. If an attacker has already installed malware on a machine, the MitM would use a proxy to serve as an untrusted certificate authority. If this is the case, the browser will trust the wrong certificate authority and now the attacker will be able to read all messages. For this reason, it is important that your antivirus is up to date and you are doing what you can to stop malware from entering your devices.

As mentioned in the previous piece on the session layer , attackers will take advantage of bad coding practices . That’s true at this layer as well. Keep this in mind when you choose and add software into your enterprise.

The Journey Through the OSI Seven-Layer Model

We’re almost done with the journey through the OSI seven-layer model. After the OSI presentation layer, we’ll look at the application layer. By far, this is where the widest range of attacks and breaches can occur. Therefore, it’s very important to understand.

The post The OSI Model and You Part 6: Stopping Threats at the OSI Presentation Layer appeared first on Security Intelligence .

The OSI Model – The 7 Layers of Networking Explained in Plain English

This article explains the Open Systems Interconnection (OSI) model and the 7 layers of networking, in plain English.

The OSI model is a conceptual framework that is used to describe how a network functions. In plain English, the OSI model helped standardize the way computer systems send information to each other.

Learning networking is a bit like learning a language - there are lots of standards and then some exceptions. Therefore, it’s important to really understand that the OSI model is not a set of rules. It is a tool for understanding how networks function.

Once you learn the OSI model, you will be able to further understand and appreciate this glorious entity we call the Internet, as well as be able to troubleshoot networking issues with greater fluency and ease.

All hail the Internet!

Prerequisites

You don’t need any prior programming or networking experience to understand this article. However, you will need:

Basic familiarity with common networking terms (explained below)
A curiosity about how things work :)

Learning Objectives

Over the course of this article, you will learn:

What the OSI model is
The purpose of each of the 7 layers
The problems that can happen at each of the 7 layers
The difference between TCP/IP model and the OSI model

Common Networking Terms

Here are some common networking terms that you should be familiar with to get the most out of this article. I’ll use these terms when I talk about OSI layers next.

A node is a physical electronic device hooked up to a network, for example a computer, printer, router, and so on. If set up properly, a node is capable of sending and/or receiving information over a network.

Nodes may be set up adjacent to one other, wherein Node A can connect directly to Node B, or there may be an intermediate node, like a switch or a router, set up between Node A and Node B.

Typically, routers connect networks to the Internet and switches operate within a network to facilitate intra-network communication. Learn more about hub vs. switch vs. router.

Here's an example:

For the nitpicky among us (yep, I see you), host is another term that you will encounter in networking. I will define a host as a type of node that requires an IP address. All hosts are nodes, but not all nodes are hosts. Please Tweet angrily at me if you disagree.

Links connect nodes on a network. Links can be wired, like Ethernet, or cable-free, like WiFi.

Links to can either be point-to-point, where Node A is connected to Node B, or multipoint, where Node A is connected to Node B and Node C.

When we’re talking about information being transmitted, this may also be described as a one-to-one vs. a one-to-many relationship.

A protocol is a mutually agreed upon set of rules that allows two nodes on a network to exchange data.

“A protocol defines the rules governing the syntax (what can be communicated), semantics (how it can be communicated), and synchronization (when and at what speed it can be communicated) of the communications procedure. Protocols can be implemented on hardware, software, or a combination of both. Protocols can be created by anyone, but the most widely adopted protocols are based on standards.” - The Illustrated Network.

Both wired and cable-free links can have protocols.

While anyone can create a protocol, the most widely adopted protocols are often based on standards published by Internet organizations such as the Internet Engineering Task Force (IETF).

A network is a general term for a group of computers, printers, or any other device that wants to share data.

Network types include LAN, HAN, CAN, MAN, WAN, BAN, or VPN. Think I’m just randomly rhyming things with the word can ? I can ’t say I am - these are all real network types. Learn more here .

Topology describes how nodes and links fit together in a network configuration, often depicted in a diagram. Here are some common network topology types:

What is Network Topology? Best Guides to Types & Diagrams - DNSstuff

A network consists of nodes, links between nodes, and protocols that govern data transmission between nodes.

At whatever scale and complexity networks get to, you will understand what’s happening in all computer networks by learning the OSI model and 7 layers of networking.

What is the OSI Model?

The OSI model consists of 7 layers of networking.

First, what’s a layer?

No, a layer - not a lair . Here there are no dragons.

A layer is a way of categorizing and grouping functionality and behavior on and of a network.

In the OSI model, layers are organized from the most tangible and most physical, to less tangible and less physical but closer to the end user.

Each layer abstracts lower level functionality away until by the time you get to the highest layer. All the details and inner workings of all the other layers are hidden from the end user.

How to remember all the names of the layers? Easy.

Please | Physical Layer
Do | Data Link Layer
Not | Network Layer
Tell (the) | Transport Layer
Secret | Session Layer
Password (to) | Presentation Layer
Anyone | Application Layer

Keep in mind that while certain technologies, like protocols, may logically “belong to” one layer more than another, not all technologies fit neatly into a single layer in the OSI model. For example, Ethernet, 802.11 (Wifi) and the Address Resolution Protocol (ARP) procedure operate on >1 layer.

The OSI is a model and a tool, not a set of rules.

OSI Layer 1

Layer 1 is the physical layer . There’s a lot of technology in Layer 1 - everything from physical network devices, cabling, to how the cables hook up to the devices. Plus if we don’t need cables, what the signal type and transmission methods are (for example, wireless broadband).

Instead of listing every type of technology in Layer 1, I’ve created broader categories for these technologies. I encourage readers to learn more about each of these categories:

Nodes (devices) and networking hardware components. Devices include hubs, repeaters, routers, computers, printers, and so on. Hardware components that live inside of these devices include antennas, amplifiers, Network Interface Cards (NICs), and more.
Device interface mechanics. How and where does a cable connect to a device (cable connector and device socket)? What is the size and shape of the connector, and how many pins does it have? What dictates when a pin is active or inactive?
Functional and procedural logic. What is the function of each pin in the connector - send or receive? What procedural logic dictates the sequence of events so a node can start to communicate with another node on Layer 2?
Cabling protocols and specifications. Ethernet (CAT), USB, Digital Subscriber Line (DSL) , and more. Specifications include maximum cable length, modulation techniques, radio specifications, line coding, and bits synchronization (more on that below).
Cable types. Options include shielded or unshielded twisted pair, untwisted pair, coaxial and so on. Learn more about cable types here .
Signal type. Baseband is a single bit stream at a time, like a railway track - one-way only. Broadband consists of multiple bit streams at the same time, like a bi-directional highway.
Signal transmission method (may be wired or cable-free). Options include electrical (Ethernet), light (optical networks, fiber optics), radio waves (802.11 WiFi, a/b/g/n/ac/ax variants or Bluetooth). If cable-free, then also consider frequency: 2.5 GHz vs. 5 GHz. If it’s cabled, consider voltage. If cabled and Ethernet, also consider networking standards like 100BASE-T and related standards.

The data unit on Layer 1 is the bit.

A bit the smallest unit of transmittable digital information. Bits are binary, so either a 0 or a 1. Bytes, consisting of 8 bits, are used to represent single characters, like a letter, numeral, or symbol.

Bits are sent to and from hardware devices in accordance with the supported data rate (transmission rate, in number of bits per second or millisecond) and are synchronized so the number of bits sent and received per unit of time remains consistent (this is called bit synchronization). The way bits are transmitted depends on the signal transmission method.

Nodes can send, receive, or send and receive bits. If they can only do one, then the node uses a simplex mode. If they can do both, then the node uses a duplex mode. If a node can send and receive at the same time, it’s full-duplex – if not, it’s just half-duplex.

The original Ethernet was half-duplex. Full-duplex Ethernet is an option now, given the right equipment.

How to Troubleshoot OSI Layer 1 Problems

Here are some Layer 1 problems to watch out for:

Defunct cables, for example damaged wires or broken connectors
Broken hardware network devices, for example damaged circuits
Stuff being unplugged (...we’ve all been there)

If there are issues in Layer 1, anything beyond Layer 1 will not function properly.

Layer 1 contains the infrastructure that makes communication on networks possible.

It defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating physical links between network devices. - Source

Fun fact: deep-sea communications cables transmit data around the world. This map will blow your mind: https://www.submarinecablemap.com/

And because you made it this far, here’s a koala:

OSI Layer 2

Layer 2 is the data link layer . Layer 2 defines how data is formatted for transmission, how much data can flow between nodes, for how long, and what to do when errors are detected in this flow.

In more official tech terms:

Line discipline. Who should talk for how long? How long should nodes be able to transit information for?
Flow control. How much data should be transmitted?
Error control - detection and correction . All data transmission methods have potential for errors, from electrical spikes to dirty connectors. Once Layer 2 technologies tell network administrators about an issue on Layer 2 or Layer 1, the system administrator can correct for those errors on subsequent layers. Layer 2 is mostly concerned with error detection, not error correction. ( Source )

There are two distinct sublayers within Layer 2:

Media Access Control (MAC): the MAC sublayer handles the assignment of a hardware identification number, called a MAC address, that uniquely identifies each device on a network. No two devices should have the same MAC address. The MAC address is assigned at the point of manufacturing. It is automatically recognized by most networks. MAC addresses live on Network Interface Cards (NICs). Switches keep track of all MAC addresses on a network. Learn more about MAC addresses on PC Mag and in this article . Learn more about network switches here .
Logical Link Control (LLC): the LLC sublayer handles framing addressing and flow control. The speed depends on the link between nodes, for example Ethernet or Wifi.

The data unit on Layer 2 is a frame .

Each frame contains a frame header, body, and a frame trailer:

Header: typically includes MAC addresses for the source and destination nodes.
Body: consists of the bits being transmitted.
Trailer: includes error detection information. When errors are detected, and depending on the implementation or configuration of a network or protocol, frames may be discarded or the error may be reported up to higher layers for further error correction. Examples of error detection mechanisms: Cyclic Redundancy Check (CRC) and Frame Check Sequence (FCS). Learn more about error detection techniques here .

Example of frames, the network layer, and the physical layer

Typically there is a maximum frame size limit, called an Maximum Transmission Unit, MTU. Jumbo frames exceed the standard MTU, learn more about jumbo frames here .

How to Troubleshoot OSI Layer 2 Problems

Here are some Layer 2 problems to watch out for:

All the problems that can occur on Layer 1
Unsuccessful connections (sessions) between two nodes
Sessions that are successfully established but intermittently fail
Frame collisions

The Data Link Layer allows nodes to communicate with each other within a local area network. The foundations of line discipline, flow control, and error control are established in this layer.

OSI Layer 3

Layer 3 is the network layer . This is where we send information between and across networks through the use of routers. Instead of just node-to-node communication, we can now do network-to-network communication.

Routers are the workhorse of Layer 3 - we couldn’t have Layer 3 without them. They move data packets across multiple networks.

Not only do they connect to Internet Service Providers (ISPs) to provide access to the Internet, they also keep track of what’s on its network (remember that switches keep track of all MAC addresses on a network), what other networks it’s connected to, and the different paths for routing data packets across these networks.

Routers store all of this addressing and routing information in routing tables.

Here’s a simple example of a routing table:

A routing table showing the destination, subnet mask, and interface

The data unit on Layer 3 is the data packet . Typically, each data packet contains a frame plus an IP address information wrapper. In other words, frames are encapsulated by Layer 3 addressing information.

The data being transmitted in a packet is also sometimes called the payload . While each packet has everything it needs to get to its destination, whether or not it makes it there is another story.

Layer 3 transmissions are connectionless, or best effort - they don't do anything but send the traffic where it’s supposed to go. More on data transport protocols on Layer 4.

Once a node is connected to the Internet, it is assigned an Internet Protocol (IP) address, which looks either like 172.16. 254.1 (IPv4 address convention) or like 2001:0db8:85a3:0000:0000:8a2e:0370:7334 (IPv6 address convention). Routers use IP addresses in their routing tables.

IP addresses are associated with the physical node’s MAC address via the Address Resolution Protocol (ARP), which resolves MAC addresses with the node’s corresponding IP address.

ARP is conventionally considered part of Layer 2, but since IP addresses don’t exist until Layer 3, it’s also part of Layer 3.

How to Troubleshoot OSI Layer 3 Problems

Here are some Layer 3 problems to watch out for:

All the problems that can crop up on previous layers :)
Faulty or non-functional router or other node
IP address is incorrectly configured

Many answers to Layer 3 questions will require the use of command-line tools like ping , trace , show ip route , or show ip protocols . Learn more about troubleshooting on layer 1-3 here .

The Network Layer allows nodes to connect to the Internet and send information across different networks.

OSI Layer 4

Layer 4 is the transport layer . This where we dive into the nitty gritty specifics of the connection between two nodes and how information is transmitted between them. It builds on the functions of Layer 2 - line discipline, flow control, and error control.

This layer is also responsible for data packet segmentation, or how data packets are broken up and sent over the network.

Unlike the previous layer, Layer 4 also has an understanding of the whole message, not just the contents of each individual data packet. With this understanding, Layer 4 is able to manage network congestion by not sending all the packets at once.

The data units of Layer 4 go by a few names. For TCP, the data unit is a packet. For UDP, a packet is referred to as a datagram. I’ll just use the term data packet here for the sake of simplicity.

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are two of the most well-known protocols in Layer 4.

TCP, a connection-oriented protocol, prioritizes data quality over speed.

TCP explicitly establishes a connection with the destination node and requires a handshake between the source and destination nodes when data is transmitted. The handshake confirms that data was received. If the destination node does not receive all of the data, TCP will ask for a retry.

TCP also ensures that packets are delivered or reassembled in the correct order. Learn more about TCP here .

UDP, a connectionless protocol, prioritizes speed over data quality. UDP does not require a handshake, which is why it’s called connectionless.

Because UDP doesn’t have to wait for this acknowledgement, it can send data at a faster rate, but not all of the data may be successfully transmitted and we’d never know.

If information is split up into multiple datagrams, unless those datagrams contain a sequence number, UDP does not ensure that packets are reassembled in the correct order. Learn more about UDP here .

TCP and UDP both send data to specific ports on a network device, which has an IP address. The combination of the IP address and the port number is called a socket.

Learn more about sockets here .

Learn more about the differences and similarities between these two protocols here .

How to Troubleshoot OSI Layer 4 Problems

Here are some Layer 4 problems to watch out for:

Blocked ports - check your Access Control Lists (ACL) & firewalls
Quality of Service (QoS) settings. QoS is a feature of routers/switches that can prioritize traffic, and they can really muck things up. Learn more about QoS here .

The Transport Layer provides end-to-end transmission of a message by segmenting a message into multiple data packets; the layer supports connection-oriented and connectionless communication.

OSI Layer 5

Layer 5 is the session layer . This layer establishes, maintains, and terminates sessions.

A session is a mutually agreed upon connection that is established between two network applications. Not two nodes! Nope, we’ve moved on from nodes. They were so Layer 4.

Just kidding, we still have nodes, but Layer 5 doesn’t need to retain the concept of a node because that’s been abstracted out (taken care of) by previous layers.

So a session is a connection that is established between two specific end-user applications. There are two important concepts to consider here:

Client and server model: the application requesting the information is called the client, and the application that has the requested information is called the server.
Request and response model: while a session is being established and during a session, there is a constant back-and-forth of requests for information and responses containing that information or “hey, I don’t have what you’re requesting.”

Sessions may be open for a very short amount of time or a long amount of time. They may fail sometimes, too.

Depending on the protocol in question, various failure resolution processes may kick in. Depending on the applications/protocols/hardware in use, sessions may support simplex, half-duplex, or full-duplex modes.

Examples of protocols on Layer 5 include Network Basic Input Output System (NetBIOS) and Remote Procedure Call Protocol (RPC), and many others.

From here on out (layer 5 and up), networks are focused on ways of making connections to end-user applications and displaying data to the user.

How to Troubleshoot OSI Layer 5 Problems

Here are some Layer 5 problems to watch out for:

Servers are unavailable
Servers are incorrectly configured, for example Apache or PHP configs
Session failure - disconnect, timeout, and so on.

The Session Layer initiates, maintains, and terminates connections between two end-user applications. It responds to requests from the presentation layer and issues requests to the transport layer.

OSI Layer 6

Layer 6 is the presentation layer . This layer is responsible for data formatting, such as character encoding and conversions, and data encryption.

The operating system that hosts the end-user application is typically involved in Layer 6 processes. This functionality is not always implemented in a network protocol.

Layer 6 makes sure that end-user applications operating on Layer 7 can successfully consume data and, of course, eventually display it.

There are three data formatting methods to be aware of:

American Standard Code for Information Interchange (ASCII): this 7-bit encoding technique is the most widely used standard for character encoding. One superset is ISO-8859-1, which provides most of the characters necessary for languages spoken in Western Europe.
Extended Binary-Coded Decimal Interchange Code (EBDCIC): designed by IBM for mainframe usage. This encoding is incompatible with other character encoding methods.
Unicode: character encodings can be done with 32-, 16-, or 8-bit characters and attempts to accommodate every known, written alphabet.

Learn more about character encoding methods in this article , and also here .

Encryption: SSL or TLS encryption protocols live on Layer 6. These encryption protocols help ensure that transmitted data is less vulnerable to malicious actors by providing authentication and data encryption for nodes operating on a network. TLS is the successor to SSL.

How to Troubleshoot OSI Layer 6 Problems

Here are some Layer 6 problems to watch out for:

Non-existent or corrupted drivers
Incorrect OS user access level

The Presentation Layer formats and encrypts data.

OSI Layer 7

Layer 7 is the application layer .

True to its name, this is the layer that is ultimately responsible for supporting services used by end-user applications. Applications include software programs that are installed on the operating system, like Internet browsers (for example, Firefox) or word processing programs (for example, Microsoft Word).

Applications can perform specialized network functions under the hood and require specialized services that fall under the umbrella of Layer 7.

Electronic mail programs, for example, are specifically created to run over a network and utilize networking functionality, such as email protocols, which fall under Layer 7.

Applications will also control end-user interaction, such as security checks (for example, MFA), identification of two participants, initiation of an exchange of information, and so on.

Protocols that operate on this level include File Transfer Protocol (FTP), Secure Shell (SSH), Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP), Domain Name Service (DNS), and Hypertext Transfer Protocol (HTTP).

While each of these protocols serve different functions and operate differently, on a high level they all facilitate the communication of information. ( Source )

How to Troubleshoot OSI Layer 7 Problems

Here are some Layer 7 problems to watch out for:

All issues on previous layers
Incorrectly configured software applications
User error (... we’ve all been there)

The Application Layer owns the services and functions that end-user applications need to work. It does not include the applications themselves.

Our Layer 1 koala is all grown up.

Learning check - can you apply makeup to a koala?

Don’t have a koala?

Well - answer these questions instead. It’s the next best thing, I promise.

What is the OSI model?
What are each of the layers?
How could I use this information to troubleshoot networking issues?

Congratulations - you’ve taken one step farther to understanding the glorious entity we call the Internet.

Learning Resources

Many, very smart people have written entire books about the OSI model or entire books about specific layers. I encourage readers to check out any O’Reilly-published books about the subject or about network engineering in general.

Here are some resources I used when writing this article:

The Illustrated Network, 2nd Edition
Protocol Data Unit (PDU): https://www.geeksforgeeks.org/difference-between-segments-packets-and-frames/
Troubleshooting Along the OSI Model: https://www.pearsonitcertification.com/articles/article.aspx?p=1730891
The OSI Model Demystified: https://www.youtube.com/watch?v=HEEnLZV2wGI
OSI Model for Dummies: https://www.dummies.com/programming/networking/layers-in-the-osi-model-of-a-computer-network/

Chloe Tucker is an artist and computer science enthusiast based in Portland, Oregon. As a former educator, she's continuously searching for the intersection of learning and teaching, or technology and art. Reach out to her on Twitter @_chloetucker and check out her website at chloe.dev .

Transport Layer Security (TLS)

Transport Layer Security (TLS) , formerly known as Secure Sockets Layer (SSL) , is a protocol used by applications to communicate securely across a network, preventing tampering with and eavesdropping on email, web browsing, messaging, and other protocols. Both TLS and SSL are client / server protocols that ensure communication privacy by using cryptographic protocols to provide security over a network. When a server and client communicate using TLS, it ensures that no third party can eavesdrop or tamper with any message.

All modern browsers support the TLS protocol, requiring the server to provide a valid digital certificate confirming its identity in order to establish a secure connection. It is possible for both the client and server to mutually authenticate each other, if both parties provide their own individual digital certificates.

Note: All major browsers began removing support for TLS 1.0 and 1.1 in early 2020; you'll need to make sure your web server supports TLS 1.2 or 1.3 going forward. From version 74 onwards, Firefox will return a Secure Connection Failed error when connecting to servers using the older TLS versions ( Firefox bug 1606734 ).

Transport Layer Security (Wikipedia)
RFC 8446 (The Transport Layer Security Protocol, Version 1.3)
RFC 5246 (The Transport Layer Security Protocol, Version 1.2)
Transport Layer Security
OWASP: Transport Layer Protection Cheat Sheet

Layer 6 Presentation Layer

De/Encryption, Encoding, String representation

The presentation layer (data presentation layer, data provision level) sets the system-dependent representation of the data (for example, ASCII, EBCDIC) into an independent form, enabling the syntactically correct data exchange between different systems. Also, functions such as data compression and encryption are guaranteed that data to be sent by the application layer of a system that can be read by the application layer of another system to the layer 6. The presentation layer. If necessary, the presentation layer acts as a translator between different data formats, by making an understandable for both systems data format, the ASN.1 (Abstract Syntax Notation One) used.

OSI Layer 6 - Presentation Layer

The presentation layer is responsible for the delivery and formatting of information to the application layer for further processing or display. It relieves the application layer of concern regarding syntactical differences in data representation within the end-user systems. An example of a presentation service would be the conversion of an EBCDIC-coded text computer file to an ASCII-coded file. The presentation layer is the lowest layer at which application programmers consider data structure and presentation, instead of simply sending data in the form of datagrams or packets between hosts. This layer deals with issues of string representation - whether they use the Pascal method (an integer length field followed by the specified amount of bytes) or the C/C++ method (null-terminated strings, e.g. "thisisastring\0"). The idea is that the application layer should be able to point at the data to be moved, and the presentation layer will deal with the rest. Serialization of complex data structures into flat byte-strings (using mechanisms such as TLV or XML) can be thought of as the key functionality of the presentation layer. Encryption is typically done at this level too, although it can be done on the application, session, transport, or network layers, each having its own advantages and disadvantages. Decryption is also handled at the presentation layer. For example, when logging on to bank account sites the presentation layer will decrypt the data as it is received.[1] Another example is representing structure, which is normally standardized at this level, often by using XML. As well as simple pieces of data, like strings, more complicated things are standardized in this layer. Two common examples are 'objects' in object-oriented programming, and the exact way that streaming video is transmitted. In many widely used applications and protocols, no distinction is made between the presentation and application layers. For example, HyperText Transfer Protocol (HTTP), generally regarded as an application-layer protocol, has presentation-layer aspects such as the ability to identify character encoding for proper conversion, which is then done in the application layer. Within the service layering semantics of the OSI network architecture, the presentation layer responds to service requests from the application layer and issues service requests to the session layer. In the OSI model: the presentation layer ensures the information that the application layer of one system sends out is readable by the application layer of another system. For example, a PC program communicates with another computer, one using extended binary coded decimal interchange code (EBCDIC) and the other using ASCII to represent the same characters. If necessary, the presentation layer might be able to translate between multiple data formats by using a common format. Wikipedia

Data conversion
Character code translation
Compression
Encryption and Decryption

The Presentation OSI Layer is usually composed of 2 sublayers that are:

CASE common application service element

Sase specific application service element, layer 7 application layer, layer 6 presentation layer, layer 5 session layer, layer 4 transport layer, layer 3 network layer, layer 2 data link layer, layer 1 physical layer.

Encyclopedia of Cryptography and Security pp 1135–1139 Cite as

Secure Socket Layer (SSL)

Clemens Heinrich 3
Reference work entry

766 Accesses

Related Concepts

Cryptographic Protocol ; HTTPS ; Security Standards Activities ; Web Security

Secure Socket Layer (SSL) denotes the predominant communication security protocol of the Internet particularly for World Wide Web (WWW) services relating to electronic commerce or home banking.

The majority of web servers and browsers support SSL as the de facto standard for secure client-server communication. The Secure Socket Layer protocol builds up point-to-point connections that allow private and unimpaired message exchange between strongly authenticated parties.

In the ISO/OSI reference model [ 8 ], SSL resides in the session layer between the transport layer (4) and the application layer (7); with respect to the Internet family of protocols, this corresponds to the range between TCP/IP and application protocols such as HTTP, FTP, Telnet, etc. SSL provides no intrinsic synchronization mechanism; it relies on the data link layer below.

Netscape...

This is a preview of subscription content, log in via an institution .

Buying options

Available as PDF
Read on any device
Instant download
Own it forever
Available as EPUB and PDF
Durable hardcover edition
Dispatched in 3 to 5 business days
Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Author information

Authors and affiliations.

Francotyp-Postalia GmbH, Triftweg 21-26, 16547, Birkenwerder, Germany

Clemens Heinrich

You can also search for this author in PubMed Google Scholar

Editor information

Editors and affiliations.

Department of Mathematics and Computing Science, Eindhoven University of Technology, 5600 MB, Eindhoven, The Netherlands

Henk C. A. van Tilborg

Center for Secure Information Systems, George Mason University, Fairfax, VA, 22030-4422, USA

Sushil Jajodia

Rights and permissions

Reprints and permissions

Copyright information

About this entry

Cite this entry.

Heinrich, C. (2011). Secure Socket Layer (SSL). In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_223

Download citation

DOI : https://doi.org/10.1007/978-1-4419-5906-5_223

Publisher Name : Springer, Boston, MA

Print ISBN : 978-1-4419-5905-8

Online ISBN : 978-1-4419-5906-5

eBook Packages : Computer Science Reference Module Computer Science and Engineering

Share this entry

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Publish with us

Policies and ethics

Find a journal
Track your research

--------------------------------

Cyber Risks & Threats

Using the OSI Model to Understand Cybersecurity Threats, Part Two

Jeffrey edwards.

Cyber Risks & Threats | May 02, 2023

In our previous post , we covered the first three layers of the OSI model–the physical, data link, and network layers and discussed the vulnerabilities and best practices for securing each layer. Now, in part two of our series, we’ll explore the remaining four layers: the transport, session, presentation, and application layers. Let’s dive in!

Table of Contents

OSI Layer 4: The Transport Layer

From the network layer, we arrive next at the fourth layer of the OSI model: The Transport Layer. The transport layer’s job is to ensure that there is reliable and efficient data delivery and communication between applications on different hosts while also providing error-checking and flow-control mechanisms for that communication. Transport layer protocols like TCP (transmission control protocol) and UDP (User Datagram Protocol) break down data from the session layer into smaller packets for transmission and ensures that they are delivered error-free and in the correct order.

In a sense, the transport layer is like a post office that receives large shipments ( data from the session layer) and separates them into smaller packets for delivery. It ensures that these packets are delivered accurately and in the right order and regulates the flow of deliveries so that the post office–i.e., your network–doesn’t get too congested and handle the traffic.

Layer 4 Attacks

The transport layer is not frequently an outright target for attackers, but it can be targeted by certain DDoS techniques, notably smurf attacks and SYN floods. In a smurf attack, attackers flood a targeted network with a large volume of ICMP (Internet Control Message Protocol) echo requests, which are diagnostic messages sent from one computer to another to test whether it is reachable and responding.

These requests carry the spoofed IP address of the target network and are sent by malware to a third-party network’s IP broadcast address, which then responds to them, flooding the target network with requests. When thousands of these requests are sent simultaneously, it can create a virtually infinite feedback loop of requests, and as a result, the target network can be overwhelmed and may not be able to process legitimate traffic.

In an SYN flood attack, the attacker exploits a vulnerability in the TCP protocol by sending a large volume of SYN packets to a target system, each of which establishes a half-open connection to a node, which then responds with an attempt to establish a connection. But the client never responds, instead leaving the target with high volumes of “connections” that remain in the half-open state until they time out. With sufficient volume, an SYN flood attack can easily tie up server resources and prevent legitimate traffic from accessing the server.

Reconnaissance and Information Gathering at Layer 4

Direct attacks on the transport layer may be uncommon, but that doesn’t mean it’s ignored by attackers altogether. By examining the responses received from different types of probes or scans, attackers can make valuable use of the transport layer to perform reconnaissance on the rest of your network. For example, sending SYN packets to various ports on a target system and monitoring the responses can let an attacker know which ports are open or closed, which services are running, and what operating system the target is running. Packet sniffing may also be used to capture and analyze layer 4 network traffic.

Securing the Transport Layer

In order to prevent attacks like the smurf attack and SYN flood, or simply prevent attackers from scouting your network, it’s important to limit access to the transport layer as much as possible. The best practice to achieve this is to use a combination of encryption and access controls.

Encryption protocols such as SSL/TLS can protect data in transit from eavesdropping and interception, while access controls like firewalls and network segmentation can help limit access to sensitive resources and prevent unauthorized users or devices from gaining access to the network. Monitoring network traffic for unusual behavior–like an increase in packet rates or anomalous traffic patterns–can also help detect and prevent malicious activity targeting the transport layer. It is also important to keep software and hardware up to date with the latest security patches and firmware updates to ensure that known vulnerabilities are addressed.

OSI Layer 5: The Session Layer

The session layer is the fifth layer of the OSI model and is responsible for managing (setting up and taking down) communication connections between two endpoints on different network hosts. Like a switchboard operator connects and manages calls between different parties, the session layer manages and establishes communication between different applications or processes running on different devices in a network. For example, when a user visits a website, it is the session layer that creates a session between the user’s computer and the web server and allows for the exchange of data between the computer and the web server, including the web pages and other files that you request. The session layer manages this exchange of data, ensuring that it is properly organized, error-free, and secure. Once the session is complete, the session layer terminates the session and closes the connection between the computer and the web server.

Session Hijacking Attacks

Now that we understand how the session layer operates, let’s look at session hijacking attacks, the preeminent security threat on the session layer.

Session hijacking attacks occur when an attacker gains unauthorized access to a legitimate user’s session on a network by gaining access to a user’s session ID (an identifier that lets users stay logged in to an application or website) and using it to impersonate the user and gain access to their account.

This can be achieved by intercepting the user’s traffic to steal the session ID (known as a man-in-the-middle (MITM) attack) or by tricking the user into using a specific session ID that the attacker has picked in advance ( a session fixation attack ). The latter can be attempted via phishing emails that contain links with predetermined session IDs in the URLs or via malicious scripts that victims download and execute.

Preventing Session Layer Attacks

To prevent session hijacking and other session layer attacks, it’s important to use secure session management techniques. First and foremost, all communications between the client and server should be encrypted–especially where sensitive data like passwords, credit card numbers, or personally identifiable information is concerned.. Using SSL/TLS encryption is the industry standard to prevent attackers from intercepting session traffic and stealing sensitive information. It is likewise important to use strong and unpredictable session IDs. The longer and more complex the session ID, the more difficult it is for attackers to guess or brute-force the value. Session timeouts should also be set to automatically log out inactive users after a certain period of time, thus preventing attackers from hijacking inactive sessions.

Finally, implementing multi-factor authentication can add an extra layer of security to user logins and help prevent attackers from gaining access to user accounts, even if they have stolen session IDs or login credentials. By following these best practices, organizations can significantly improve the security of their session layer and protect against various types of attacks.

OSI Layer 6: The Presentation Layer

The sixth layer of the OSI model, the Presentation Layer, is responsible for ensuring that data from the seventh layer (the application layer) can be understood by disparate systems and easily transmitted over a network. At the presentation layer, data is encoded and formatted into a standardized format, such as ASCII or Unicode, that can be easily interpreted by different systems, as well as the compression, encryption, and de-encryption of that data. You can think of the presentation layer as a translator or interpreter. Just as a translator takes a message in one language and converts it into a form that someone speaking another language can understand, the presentation layer takes data from the application layer and translates it into a form that can be understood by the network layer.

Threats at the Presentation Layer

When it comes to secure communication over the web, encryption happens at the presentation layer, which is why it’s important to get it right. Unfortunately, attackers can target encryption flaws at the presentation layer using various techniques, such as SSL hijacking or sniffing. In these attacks, the attacker intercepts traffic between the client and server, allowing them to access sensitive data transmitted over HTTPS.

Other potential threats include injection attacks, in which an attacker injects code that is then executed by the receiving system; cross-site scripting (XSS) attacks , which inject malicious scripts into a web page; and format string attacks, which exploit vulnerabilities in the way that certain programming languages handle format strings, and buffer overflow attacks exploit vulnerabilities in programs that do not properly validate input, allowing an attacker to inject more data than the program can handle, potentially allowing the attacker to execute arbitrary code or crash the system.

Securing the Presentation Layer

One of the most important ways to protect your presentation layer is to use secure coding practices to ensure that all data transmitted through the presentation layer is properly sanitized and validated to prevent malicious code injection. Additionally, using encryption protocols like SSL/TLS can help protect against man-in-the-middle attacks and other forms of interception. Another important step is to restrict access to sensitive resources and ensure that only authorized users have access to the presentation layer.

OSI Layer 7: The Application Layer

The application layer is seventh and topmost layer of the OSI model, and is the layer closest to the end-user, where applications and services interact with the underlying network. It serves as an interface between the user and the network, allowing users to access network resources and services such as email, file sharing, and remote login.

To facilitate this, the application layer includes a variety of protocols that enable different types of applications to communicate with each other, including HTTP, FTP, SMTP, and Telnet. It also provides services such as authentication, data transformation, and data representation to ensure that applications can communicate effectively across different platforms and operating systems.

How Attackers Target the Application Layer

As the layer where most user interactions with software occur, the application layer makes a valuable target for attackers. The aforementioned techniques like data injection and cross-site scripting are common ways of exploiting applications, but attackers also leverage that most notoriously insecure of all network components: the end user.

Take Cross-site request forgery (CSRF) attacks for example: In a CSRF attack, an attacker tricks a victim into unknowingly performing an action on a website that the victim is currently authenticated with. This can allow an attacker to perform unauthorized actions, such as transferring funds or changing a password.

Protecting the Application Layer

When it comes to protecting the application layer, there are a few key things to keep in mind. First, always make sure your software is up-to-date and patched with the latest security fixes. Outdated software can contain vulnerabilities that attackers can exploit to gain access to your system.

Next, be wary of phishing and other social engineering attacks that can trick users into giving away sensitive information or downloading malicious software. These attacks often exploit human error rather than technical vulnerabilities, so training employees on how to identify and avoid these scams is crucial.

Another important practice is to use strong authentication and access controls to limit who can access your applications and data. This can include things like multi-factor authentication, password policies, and role-based access control.

Client-side security is also an important aspect of protecting the application layer. One common threat is cross-site scripting (XSS), where attackers inject malicious code into a legitimate website that is then executed by unsuspecting visitors. To prevent this, developers can implement input validation and sanitization techniques, which help prevent users from entering malicious input into fields that could be used to execute code. Content Security Policy (CSP) headers can also be used to restrict which resources a browser can load, and prevent the execution of inline scripts. Other techniques such as using secure cookies and ensuring that HTTPS is used throughout the application can also help improve client-side security. Regular security assessments and penetration testing can also help identify vulnerabilities in the application layer and prevent successful attacks.

Content Marketing Manager

Jeff is the resident content marketing expert at CHEQ. He has several years of experience as a trained journalist, and more recently in his career found a knack for communicating complex cybersecurity topics in an approachable yet detailed manner.

Unveiling the state of fake traffic 2024: insights, trends, and solutions, the bad actors awards: celebrating the most disruptive bots.

Subscribe to our newsletter!

How Retailers Can Use Holiday Shopping Findings to Fuel Growth in 2024

What is Click Fraud? How it Works, Examples, and Red Flags

Price Scraping Exposed: Who is at Risk and How to Prevent it?

Top 7 Ways to Detect Account Takeover Fraud

OTP Bots: The Achilles’ Heel of Your Digital Defense

How to target bottom of funnel customers with PPC content

Webinar Recap: How Junk Leads Impact Revenue Teams

How Bots and Bad Actors Bypass Web Application Firewalls (WAFs)

Don’t Fall Victim: How to Detect Bot Attack on Your Website

Comparing reCAPTCHA and hCAPTCHA: Are CAPTCHA still worth it?

Ready to secure your go-to-market efforts.

Computer Network

Operating Systems
Computer Fundamentals
Interview Q

Physical Layer

Data link layer, network layer, routing algorithm, transport layer, application layer, application protocols, network security.

Interview Questions

Send your Feedback to [email protected]

Help Others, Please Share

Learn Latest Tutorials

Transact-SQL

Reinforcement Learning

R Programming

React Native

Python Design Patterns

Python Pillow

Python Turtle

Preparation

Verbal Ability

Company Questions

Trending Technologies

Artificial Intelligence

Cloud Computing

Data Science

Machine Learning

B.Tech / MCA

Data Structures

Operating System

Compiler Design

Computer Organization

Discrete Mathematics

Ethical Hacking

Computer Graphics

Software Engineering

Web Technology

Cyber Security

C Programming

Control System

Data Mining

Data Warehouse

IMAGES

SSL & TLS Best Practices
SSL and TLS Explained
Application Transport Record Ssl Layer
How to use SSL/TLS to Secure Your Communications: The Basics
PPT
"TLS vs. SSL"

VIDEO

6-6 FR
power2max TYPE S
The Life and Times of Edmund Burke Part 1
Retrospective Masterclass
Cadbury Animals with Freddo
NodeJS : How to convert IBM DB2 hexadecimal data in proper format (CCSID 37) at connection level wit

COMMENTS

tls
SSL operates at the presentation layer in the OSI model (Layer6). See reference The TCP/IP guide, M. Kozierok, page 111. "Protocols at this layer take care of manipulation tasks that transform data from one representation to another, such as translation, compression and encryption. One of the most popular encryption schemes usually associated ...
Which layer of the OSI model do SSL and TLS belong to?
This could arguably make SSL/TLS belong to Layer 5 (session layer). -SSL/TLS can arguably be called a Transport protocol for the "application data" that the webbrowser is trying to display to the end-user. This puts it at around Layer 6-7 depending on how you want to argue for "presentation" vs "application" layer.
Presentation Layer in OSI model
Introduction : Presentation Layer is the 6th layer in the Open System Interconnection (OSI) model. This layer is also known as Translation layer, as this layer serves as a data translator for the network. ... Secure Socket Layer (SSL): The Secure Socket Layer protocol provides security to the data that is being transferred between the web ...
The OSI Model and You Part 6: Stopping Threats at the OSI Presentation
In conjunction with malware, SSL hijacking can be damaging at the OSI presentation layer. If an attacker has already installed malware on a machine, the MitM would use a proxy to serve as an ...
What is SSL (Secure Sockets Layer)?
What is SSL? SSL, or Secure Sockets Layer, is an encryption -based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. SSL is the predecessor to the modern TLS encryption used today.
A Guide to the Presentation Layer
The presentation layer is the sixth layer in the OSI model. Known as a translator, the presentation layer converts data into an accurate, ... SSL (Secure Socket Layer): SSL is an Internet security protocol that safeguards sensitive data transferred between web browsers and servers. Its sole purpose is to encrypt Internet connections and link ...
The TCP/IP Guide
The presentation layer is the sixth layer of the OSI Reference Model protocol stack, and second from the top. It is different from the other layers in two key respects. ... For example, one of the most popular encryption schemes that is usually associated with the presentation layer is the Secure Sockets Layer (SSL) protocol. Not all encryption ...
networking
SSL is a Protocol that could be implemented in the 6th layer (Presentation layer) of the OSI Model. SSH has its own transport protocol independent from SSL, so that means SSH DOES NOT use SSL under the hood. Cryptographically, both Secure Shell and Secure sockets Layer are equally secure.
What is Secure Sockets Layer?
Secure Sockets Layer (SSL) is a computer networking protocol for securing connections between network application clients and servers over an insecure network, such as the internet. Due to numerous protocol and implementation flaws and vulnerabilities , SSL was deprecated for use on the internet by the Internet Engineering Task Force ( IETF ) ...
Secure Socket Layer (SSL)
Secure Socket Layer was originated by Netscape. SSL is designed to make use of TCP to provide reliable end-to-end secure service. This is a two-layered protocol. Versions of SSL: SSL 1 - Never released due to high insecurity.SSL 2 - Released in 1995.SSL 3 - Released in 1996.TLS 1.0 - Released in 1999.TLS 1.1 - Released in 2006.TLS 1.2 ...
How does SSL work?
What is SSL? SSL stands for Secure Sockets Layer, and it refers to a protocol for encrypting, securing, and authenticating communications that take place on the Internet. Although SSL was replaced by an updated protocol called TLS (Transport Layer Security) some time ago, "SSL" is still a commonly used term for this technology.. The main use case for SSL/TLS is securing communications between ...
The OSI Model and You Part 6: Stopping Threats at the OSI Presentation
The simplest way to describe the OSI presentation layer is as follows: it is where machine-readable code gets processed into something the end user can use later in the application layer. ... In conjunction with malware, SSL hijacking can be damaging at the OSI presentation layer. If an attacker has already installed malware on a machine, the ...
The OSI Model
Layer 6: presentation layer. The presentation layer is primarily responsible for presenting data so that the recipient will understand the data. ... Secure Socket Layer (SSL) Layer 7: application layer. The topmost layer of the OSI model is the application layer. On computer systems, applications display information to the user via the UI. ...
OSI Model
In order to ensure the privacy and security of the data being transferred, the presentation layer uses SSL or TSL protocol. 9. Application Layer. The application layer is the last layer in the OSI model, and it is very close to the software application. It acts as a window between a software application and an end-user.
The OSI Model
The Session Layer initiates, maintains, and terminates connections between two end-user applications. It responds to requests from the presentation layer and issues requests to the transport layer. OSI Layer 6. Layer 6 is the presentation layer. This layer is responsible for data formatting, such as character encoding and conversions, and data ...
Transport Layer Security (TLS)
Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL), is a protocol used by applications to communicate securely across a network, preventing tampering with and eavesdropping on email, web browsing, messaging, and other protocols. Both TLS and SSL are client / server protocols that ensure communication privacy by using cryptographic protocols to provide security over a ...
Presentation Layer
The presentation layer is the lowest layer at which application programmers consider data structure and presentation, instead of simply sending data in the form of datagrams or packets between hosts. This layer deals with issues of string representation - whether they use the Pascal method (an integer length field followed by the specified ...
Secure Socket Layer (SSL)
The Secure Socket Layer protocol builds up point-to-point connections that allow private and unimpaired message exchange between strongly authenticated parties. In the ISO/OSI reference model [ 8 ], SSL resides in the session layer between the transport layer (4) and the application layer (7); with respect to the Internet family of protocols ...
Using the OSI Model to Understand Cybersecurity Threats, Part Two
Encryption protocols such as SSL/TLS can protect data in transit from eavesdropping and interception, while access controls like firewalls and network segmentation can help limit access to sensitive resources and prevent unauthorized users or devices from gaining access to the network. ... The Presentation Layer. The sixth layer of the OSI ...
Presentation Layer in OSI Model
The presentation layer is the 6 th layer from the bottom in the OSI model. This layer presents the incoming data from the application layer of the sender machine to the receiver machine. It converts one format of data to another format of data if both sender and receiver understand different formats; hence this layer is also called the ...
What is TLS (Transport Layer Security)?
Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other ...

The Cisco Learning Network

Related Questions

Introduction

Cyber Technology

Cyber Ethics

Cyber Crimes

Cyber Crime Techniques

Keyloggers and Spyware

Prevention and Protection

Cyber Forensics

Cyber Crime Investigation

Cyber security Evolution

Cyber security Objectives

Classical Encryption Techniques

Block Ciphers and the Data Encryption Standard

Advanced Encryption Standard

Moreon Symmetric Ciphers

Introduction to Number Theory

Public-Key Cryptography and RSA

Key Management:OtherPublic-Key Cryptosystems

Message Authentication and Hash Functions

Hashand MAC Algorithms

Secure Socket Layer (SSL)

Digital Signatures and Authentication Protocols

Authentication Applications

SSL Protocol Stack:

SSL Record Protocol:

Handshake Protocol:

Change-cipher Protocol:

Alert Protocol:

Salient Features of Secure Socket Layer:

Please Login to comment...

Improve your Coding Skills with Practice

What kind of Experience do you want to share?

The OSI Model and You Part 6: Stopping Threats at the OSI Presentation Layer

What Is the Presentation Layer?

Attacks and Threats

The Journey Through the OSI Seven-Layer Model

The OSI Model – The 7 Layers of Networking Explained in Plain English

Prerequisites

Learning Objectives

Common Networking Terms

What is the OSI Model?

OSI Layer 1

How to Troubleshoot OSI Layer 1 Problems

OSI Layer 2

How to Troubleshoot OSI Layer 2 Problems

OSI Layer 3

How to Troubleshoot OSI Layer 3 Problems

OSI Layer 4

How to Troubleshoot OSI Layer 4 Problems

OSI Layer 5

How to Troubleshoot OSI Layer 5 Problems

OSI Layer 6

How to Troubleshoot OSI Layer 6 Problems

OSI Layer 7

How to Troubleshoot OSI Layer 7 Problems

Learning Resources

Transport Layer Security (TLS)

Layer 6 Presentation Layer

OSI Layer 6 - Presentation Layer

CASE common application service element

Secure Socket Layer (SSL)

Related Concepts

Buying options

Recommended Reading

Author information

Editor information

Rights and permissions

Copyright information

About this entry

Download citation

Share this entry

Using the OSI Model to Understand Cybersecurity Threats, Part Two

OSI Layer 4: The Transport Layer

Layer 4 Attacks

Reconnaissance and Information Gathering at Layer 4

Securing the Transport Layer

OSI Layer 5: The Session Layer

Session Hijacking Attacks