Ask the Expert

Can S/MIME, XML and IPsec operate in one protocol layer?

Is it possible (or even feasible) to have a universal security system at one layer in the protocol stack? Could you, for example, have S/MIME and XML with IPsec operating all in one layer?

    Requires Free Membership to View

It is possible to build security systems that reside within a single layer of the OSI model, but I'm not quite sure why you would want to limit yourself. The OSI model is really a theoretical device used to help explain how the network and Internet functions. When you secure Web communications using SSL, you're technically using a single layer of the OSI model since SSL works at the transport layer. The security paradigm of defense in depth dictates that more should be done to protect the infrastructure. For example, use a firewall operating at the network layer to limit the traffic reaching the Web server. To block known malicious traffic, you probably also want to implement an intrusion prevention system working at all layers from network through application..

Your question points at this paradigm as well. You mentioned the use of three different technologies in your security system: XML with S/MIME and IPsec. Each of these operates at a different layer of the OSI model: S/MIME runs at the application layer, IPsec runs at the network layer and XML is a presentation layer protocol.

This was first published in April 2009

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: