Is it possible (or even feasible) to have a universal security system at one layer in the protocol stack? Could you, for example, have S/MIME and XML with IPsec operating all in one layer?
It is possible to build security systems that reside within a single layer of the OSI model, but I'm not quite sure why you would want to limit yourself. The OSI model is really a theoretical device used to help explain how the network and Internet functions. When you secure Web communications using SSL, you're technically using a single layer of the OSI model since SSL works at the transport layer. The security paradigm of
defense in depth
dictates that more should be done to protect the infrastructure. For example, use a firewall operating at the network layer to limit the traffic reaching the Web server. To block known malicious traffic, you probably also want to implement an intrusion prevention system working at all layers from network through application..
Your question points at this paradigm as well. You mentioned the use of three different technologies in your security system: XML with S/MIME and IPsec. Each of these operates at a different layer of the OSI model: S/MIME runs at the application layer, IPsec runs at the network layer and XML is a presentation layer protocol.
Dig Deeper on VPN security
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ...
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ...
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ...