Part 10 - Layer 7 Application

Video Activity

This section brings us to the top of the OSI stack to the application layer. Layer 7 is the most complex of the 7 layers and it's where the creative work gets done by way of applications. It's also the most intelligent layer of the seven. The are tons of protocols in the application layer. Among just a few are the browser protocols of http, https, ...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 41 minutes
Video Description

This section brings us to the top of the OSI stack to the application layer. Layer 7 is the most complex of the 7 layers and it's where the creative work gets done by way of applications. It's also the most intelligent layer of the seven. The are tons of protocols in the application layer. Among just a few are the browser protocols of http, https, and ftp. Protocols at this level are what drive the apps! Other layer 7 protocols include SMTP, SNMP, and POP3 and others too numerous to mention in this video. Functions such as non-repudiation via certificates, time services, directory services (e.g. ActiveDirectory) application proxies, and smart firewalls all exist at the application layer. Smart firewalls are discussed in comparison to packet filtering firewalls at layer 4. Content inspection is possible at layer 7 and this opens up data filtering and deep packet inspection using time-aware filters and user permission levels obtained from a directory service. It is noted that all this intelligence comes with both a financial as well as time cost. Kernel-level firewalls are quite expensive and not nearly as fast as layer 4 packet filtering firewalls.

Video Transcription
Alright, here we are at layer Seventh and layer seven. The application layer is the layer that really drives wth e protocols that that drive the applications that the user would interface with. So, for instance, when we talk about your web browser,
you know, think about the protocols that you associate with your web browser.
Probably http HCPs maybe FTP and some of the others. But those air all layer seven protocols. So they're not the applications themselves, But they're the protocols that really drives the application that air underneath the application, making it all work
tons and tons. We could spend the day going through application layer protocols.
And here's a test tip at what layer does X Y Z operate? If you don't know, might as well guess the application layer because they're a bunch that function here.
All right, So we said http https ftp There's also T f T p, which we talked about in layer on layer four. SMTP s in MP. I'm at Pop three week. Like I said, network time protocol network news transfer protocol Just go on and on.
So those protocols that you would associate with user interaction
Ah, those were gonna be up later. Seven. Also, uh, Layer seven is where we really get the intelligence. This is where we get the really, really smart devices. So, for instance, if you think about layer seven, you know what what we get here
or things like E mail service is Okay, that's fine. But along with those email service is
we get an understanding of non repudiation. We get an awareness of data being mapped to a user. That kind of integration with active directory. I can, you know, associate information to a group. So what you see here, the second bullet point
application proxies?
What that really means is when we get up to lay your seven, we get some really smart firewalls, some very, very smart firewalls. So, for instance, it layer three if you go back and think about layer three for a minute,
Um, we said it layer three daddies refer to as a packet. So the firewall that exists that layer three is a packet filter,
which means it can look a layer three stuff. It can look at source and destination i p. It can also peek in the layer four stuff and look at port numbers. So where's we use in America? Identifiers To identify types of software service is like Web traffic or so on.
Ah, packet filtering firewall can look at that stuff and make its decisions.
So if I want a block, all traffic to the 10 network or violent allow all traffic to the 10 network or block traffic in Port 80.
The packet filtering firewall can do that. But let's say we want to block the sales group from accessing a specific website. Or let's say we want a time aware decision. So I'm gonna keep users from visiting certain sites after 5 p.m.
Right or again, you know, not just I p addresses, but users themselves that integration with active directory. Let's say I want to keep people from downloading files that haven't been digitally signed by a trusted authority. That's all layer seven stuff. So you get that really intelligence.
The other big thing you get here is you get content inspection, and that's not actually on this slide.
But content inspection is pretty significant because what that means is
not just making a decision to block you from certain I p address or even from a certain site by its name. But maybe I want to keep you from going toe. All sites with violent content. We have tohave deep packet inspection, which is exactly what happens that layer seven in order to really look at the content.
So when I talk about a male filter that examines the message for the words free offer,
that's layer seven.
So you can see we get a high degree of intelligence. We get really good decision making from our firewalls. We get active directory integration. We get all this good stuff, so why not just use that all the time? Well, as we go up the S I model and we get smarter, so to speak,
we lose performance. We lose, we lose speed. It's a lot like life. The smarter I get, the slower I move. And that's exactly what it is. So if you want very, very fast decision making, you gotta have packet filtering firewall.
If you want slow and steady wins the what race you go upto layer seven and get the greater capabilities.
Now, One exception there is we do have colonel level firewalls, and if you've got enough money, you can get application layer service is very quickly, and colonel level firewalls will build kind of have their own stack for examining each of the like the http and the SMTP an ftp
eso high end application proxies would be referred to sometimes generation five or jen five
or colonel proxies. But these are very expensive. You know, you might be looking at $25,000.30,000 dollars or even Maur, depending on the capabilities. But as a general rule, as you move up the OS I model, you trade speed, you'll lose speed. But you do tend to gain intelligence.
So when we look at firewalls in just a few minutes,
we're kind of just reemphasize that idea.
Up Next

Our free online CISSP (8 domains) training covers topics ranging from operations security, telecommunications, network and internet security, access control systems and methodology and business continuity planning.

Instructed By