OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Allan,Anthony (anthony.allan@gartner.com)
Date: Mon Nov 12 2001 - 05:01:15 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Here's a comparison of Internet Protocol Suite and OSI layers, based on
    definitions from RFC 2828...

      IPS OSI
     -------------- ---------------- ----------
      application 7 application HTTP
     -------------- ---------------- ----------
                     6 presentation
      socket ---------------- SSL
                     5 session
     -------------- ---------------- ----------
      transport 4 transport TCP
     -------------- ---------------- ----------
      internetwork IP IPsec
     -------------- 3 network ----------
      network
     -------------- ----------------
      data link 2 data link
     -------------- ----------------
      physical 1 physical
     -------------- ----------------

    I hope it's useful!

    Ant

    -----Original Message-----
    From: Eric [mailto:etong@hongkong.com]
    Sent: Monday, November 12, 2001 2:51 AM
    To: Jeff Newton
    Cc: cisspstudy_1@yahoogroups.com; cisspstudy@securityfocus.com;
    vancissp@yahoogroups.com
    Subject: Re: Encryption Protocols and OSI layers - inconsistancies

    For SSL:
    Provided the OSI model is only a reference model, there are implementations
    which are sometimes hard to fit into particular OSI layers. Imagine how
    TCP/IP compare to OSI, I would think SSL is implementing into all upper
    layers, i.e. session, presentation and application. However, my knowledge
    on SSL is really limited. I'd appreciate if some experts can fill in.

    For IPSec:
    Recalling the network architecture diagram of the OSI model:
    1. Network layer is thin and the sole purpose is to determine how packets
    are routed from source to destination;
    2. Protocols of layers from physical to network are point to point rather
    than end to end.
    I would consider IPSec falls into the transport layer.

    My 2 cents.

    Cheers,
    Eric

    Jeff Newton wrote:

    > With 3 days remaining before writing the exam, I need some
    > inconsistancies addressed. I'm concerned about where in the OSI model,
    > certain encryption protocols fall - specifically SSL and IPSec.
    >
    > SSL
    > ----
    >
    > Tipton ISHM 4th edition p.162 indicates the SSL is a session (layer 5)
    > protocol. Other online resources claim SSL is an application layer
    > protocol.
    >
    > Since SSL is typically implemented in browser applications, I would
    > lean towards placing SSL in layer 7. Anyone have the definitive answer?
    >
    > IPSec
    > ------
    >
    > Tipton ISHM 4th edition p.162 indicates IPSec is a transport (layer 4)
    > protocol. In the same book, chaper 14 "An Introduction to IPSec"
    > discusses IPSec as a network layer implementation. Other online
    > resources I've read indicate IPSec is a layer 3 protocol as well.
    >
    > The whole idea behind IPSec is that by working at layer 3, you can
    > secure any application regardless of the IP service or transport.
    >
    > Its difficult to pigeon-hole encryption protocols in different OSI
    > layers, especially when definitive resources conflict. Can oneone help
    > me address these inconsistancies?
    >
    > Cheers,
    >
    > --
    > Jeff Newton