I've heard people say that SSL "sits" between the network layer and application layer? What does that mean?
This is a very good question, and I think the best way to answer it is to start by examining the purpose of a protocol. In the computing world, a protocol is a set of rules governing how data is transferred between two endpoints. The rules cover the syntax, semantics and synchronization of connection, communication and actual data exchange. Most communications and networking protocols don't function in isolation, however. They are layered together in what's called a protocol stack, a specific combination of protocols that work together, where each protocol in the stack performs specialized tasks.
Secure Sockets Layer, or SSL, is a standards-based cryptographic protocol that offers encryption and authentication services. It is widely used to provide secure communications over the Internet. By far the most common use of SSL is within Web browsers via an application-protocol hybrid known as HTTPS. SSL, however, is a transparent protocol, basically invisible to the user, and it is available to any TCP/IP-based application.
As you can imagine, trying to ensure that a protocol stack can actually fulfill its intended role, and that the different protocols all work together, is very complex. Various models have been developed to help engineers conceptualize protocol stacks, and each provides an abstract description of how network protocols should work. The OSI (Open System Interconnection) model is probably the best known and uses seven layers to group the services that a protocol can offer. An earlier model, the TCP/IP model, uses four or five layers. The layers near the top of both models are logically closer to the user, while those near the bottom are logically closer to the physical transmission of the data.
Under the OSI model, the application layer, Layer 7, performs common application services for the application processes; the network layer, Layer 3, solves the problem of getting packets from one place to another across a network. The SSL protocol is quite unusual, as it doesn't just operate at one layer. SSL is neither a network layer protocol nor an application layer protocol. It is one that "sits" between both layers.
Because of its position, SSL gives the client machines the ability to selectively apply security protection on individual applications, rather than set forth encryption on an entire group of applications. The procedure can be done without concerning Layer 3, the network layer. For these reasons, when SSL is used for encrypting network traffic, only the application layer data is actually encrypted. This differs from, say, the IPsec protocol, which operates at the network layer and encrypts all traffic data right down to the IP layer.
- Learn how the network can be used to secure Layer 7.
- Is SSL still useful? Mike Chapple certainly thinks so.
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Michael Cobb
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading