Is it possible (or even feasible) to have a universal security system at one layer in the protocol stack? Could you, for example, have S/MIME and XML with IPsec operating all in one layer?
It is possible to build security systems that reside within a single layer of the OSI model, but I'm not quite sure why you would want to limit yourself. The OSI model is really a theoretical device used to help explain how the network and Internet functions. When you secure Web communications using SSL, you're technically using a single layer of the OSI model since SSL works at the transport layer. The security paradigm of
defense in depth
dictates that more should be done to protect the infrastructure. For example, use a firewall operating at the network layer to limit the traffic reaching the Web server. To block known malicious traffic, you probably also want to implement an intrusion prevention system working at all layers from network through application..
Your question points at this paradigm as well. You mentioned the use of three different technologies in your security system: XML with S/MIME and IPsec. Each of these operates at a different layer of the OSI model: S/MIME runs at the application layer, IPsec runs at the network layer and XML is a presentation layer protocol.
This was last published in April 2009
Dig Deeper on VPN security
Examine the important differences between stateful and stateless firewalls, and learn when each type of firewall should be used in an enterprise ...
Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires.
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ...