OSI Layers 5, 6, 7 and Summary

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:04
>> After the network and the transport layer,
00:04
coming of the OSI model,
00:04
we're now at Layer 5, which is the session layer.
00:04
The session layer is all about the setup,
00:04
maintenance and tear-down of the connection.
00:04
Quite honestly, it's about the setup,
00:04
maintenance and tear down of a session,
00:04
that seems a little redundant.
00:04
When I see a session is
00:04
about when your web browser or client
00:04
system uses a web browser to connect to a web server.
00:04
That's an application to application session.
00:04
You communicate throughout that session,
00:04
you close out the session.
00:04
You connect again ten minutes
00:04
later and you have a new session.
00:04
That session layer is the setup,
00:04
maintenance and tear-down of the session
00:04
between one application and another.
00:04
It is a client piece and server piece.
00:04
There are a couple of protocols that work there.
00:04
RPC is referred to as Remote Procedure Call.
00:04
When you're performing an operation that's
00:04
actually happening on another system,
00:04
that's a remote procedure call.
00:04
SIP stands for Session Initiation Protocol.
00:04
This is used with VoIP,
00:04
and as a matter of fact,
00:04
it's this protocol that makes the VoIP phones ring.
00:04
If it makes sense, you dial a
00:04
number and that session has to be setup.
00:04
The receiving end has to have that ringing say,
00:04
"Okay, we're connecting."
00:04
That's set. SQL, which is database language,
00:04
but it's also is a protocol.
00:04
It's layer 5 base from
00:04
the database client to the database server.
00:04
As we continue to head them up,
00:04
when we go to Layer 6, which is the presentation layer,
00:04
three big things happen at the presentation layer;
00:04
formatting, compression and encryption.
00:04
When we talk about formatting,
00:04
we're talking about presenting
00:04
the data in a universal format.
00:04
That's why you can sit at Mac and I can be in
00:04
a Windows PC and you send
00:04
me a message that I can read perfectly.
00:04
That's because at some point in time,
00:04
that message has to be translated to
00:04
a universal format set
00:04
regardless of where the message is going,
00:04
it will present correctly when it arrives.
00:04
Formatting happens here at Layer 6.
00:04
What compression does is remove redundancy from files.
00:04
That allows the file to be smaller as
00:04
it's being transported across the network,
00:04
so it doesn't take as long.
00:04
It doesn't take as much space in order to transmit.
00:04
Of course, we have encryption.
00:04
I'll mention encryption happens in
00:04
many places on the OSI model.
00:04
At Layer 1, there's hardware-based encryption.
00:04
At Layer 3, we have IPsec,
00:04
which secures IP traffic,
00:04
which we can use encryption.
00:04
At Layer 4 through seven,
00:04
we have SSL and TLS,
00:04
which we haven't talked about yet,
00:04
but that secures web traffic.
00:04
Here at Layer 6, the encryption that
00:04
happens at this level is within the filing system.
00:04
If you're using EFS and you're
00:04
going to send a file that's encrypted,
00:04
that happens at this layer,
00:04
or if you're going to store
00:04
the file encrypted format
00:04
somewhere within the filing system,
00:04
that also happens here.
00:04
For multimedia formatting,
00:04
whether you have a GIF, a JPG,
00:04
or an MP4, or really any type of multimedia,
00:04
that formatting happens at this layer.
00:04
Interestingly enough, this is the only layer the
00:04
entire OSI model that has no protocols.
00:04
That's probably worth a look
00:04
from a test-taking perspective.
00:04
Man, if you want to get to the layer where you
00:04
get the most intelligence, it's here.
00:04
Remember, down at Layer 1,
00:04
we said that those were the devices
00:04
that don't really know much.
00:04
They don't know what data is traversing.
00:04
A cable doesn't know what data is going across it,
00:04
and a cable doesn't care.
00:04
But if you really want intelligence with your devices,
00:04
you go all the way up to the top,
00:04
which is the application layer. Layer 7.
00:04
These are the protocols that drive
00:04
the applications users are using.
00:04
These protocols have to be really
00:04
smart because they have direct access to your data.
00:04
When we're thinking about
00:04
the things that we can do at Layer 7,
00:04
this is where you'll see certificate services.
00:04
To tell you the truth, a lot of
00:04
these things we haven't talked about.
00:04
What I'm going to encourage you to do is
00:04
later on come back and review
00:04
this session on the OSI model
00:04
>> after we talked about what
00:04
>> a web application firewall is
00:04
and what certificate services are.
00:04
For now we're just going to suffice to say
00:04
that certificate services happen at this layer.
00:04
Certificates are used in order to provide
00:04
authentication for individuals or for systems.
00:04
That's going to be important.
00:04
Proxy servers, which are
00:04
high-end deep packet inspection devices give
00:04
us a really good understanding and inspection of
00:04
the content of traffic and other information.
00:04
A web application firewall is specific to web traffic,
00:04
but provides a good degree of protection,
00:04
specifically focusing in on HTTP and HTTPS.
00:04
When it comes to any attacks that are
00:04
specifically geared towards web servers,
00:04
a WAF is a really good defensive mechanism.
00:04
Your email applications are
00:04
going to use digital signatures.
00:04
Digital signing happens up at Layer 7.
00:04
There's a lot of really good,
00:04
very important stuff that happens here
00:04
in just a ton of protocols.
00:04
SNMP, Simple Network Management Protocol, FTP,
00:04
TFTP, by the way,
00:04
let me just mention you see FTP
00:04
>> and TFTP mentioned here.
00:04
>> Most people have heard of File Transfer Protocol,
00:04
but there's also Trivial File Transfer Protocol.
00:04
The only difference between the two,
00:04
if you remember earlier,
00:04
we talked about TCP and
00:04
UDP and that upper layer services, piggyback.
00:04
FTP piggybacks on TCP,
00:04
TFTP, piggybacks on UDP.
00:04
Which one do you think is
00:04
going to provide better performance?
00:04
TFTP, because UDP is fast,
00:04
FTP is going to provide more reliable delivery.
00:04
What are our key takeaways from the OSI model?
00:04
The OSI model is conceptual model
00:04
>> that was brought to us
00:04
>> from the International Organization
00:04
>> for Standardization.
00:04
>> It essentially breaks down networking
00:04
into seven categories called layers.
00:04
You see the layers in front of us here.
00:04
This is a really good chart and I would
00:04
certainly recommend screenshotting it
00:04
and printing it out.
00:04
Because this hits the gist of
00:04
what's going on with the OSI model.
00:04
Gives you a look at network processes
00:04
to the application Layer 7,
00:04
data representation,
00:04
inter-host communication,
00:04
>> end-to-end path determination.
00:04
>> Down layer by layer gives
00:04
you a quick view of what happens at each layer.
00:04
It also gives you some of the more important protocols.
00:04
But you can go back and add to this,
00:04
you know that cable is at Layer 1.
00:04
Switches and MAC addresses are at Layer 2,
00:04
at Layer 3 we have routers and Layer 3 switches.
00:04
If there's anything missing,
00:04
you can go back and re-listen.
00:04
But know your layers,
00:04
know the gist of what happens at each layer and know
00:04
any protocols or any specific hardware devices,
00:04
because you can bet this is going to be on your exam.
Up Next