OSI model and SSH, TCP, etc

Discussion in 'Computer Security' started by Joe Plowman, Jan 13, 2005.

  1. Joe Plowman

    Joe Plowman Guest

    I am studying for the CISSP cert. and am having trouble with the OSI model.
    Does TCP reside at the application level or the network level? How about
    SSH and SSL? Are they at the data layer?

    I have seen conflicting information. Some places say SSH and SSL are data
    layer protocols and other say they are network layer. Any info and
    explainations are appreciated.


    TKS
     
    Joe Plowman, Jan 13, 2005
    #1
    1. Advertising

  2. Joe Plowman

    donnie Guest

    On Wed, 12 Jan 2005 17:18:15 -0700, "Joe Plowman"
    <> wrote:

    >I am studying for the CISSP cert. and am having trouble with the OSI model.
    >Does TCP reside at the application level or the network level? How about
    >SSH and SSL? Are they at the data layer?
    >
    >I have seen conflicting information. Some places say SSH and SSL are data
    >layer protocols and other say they are network layer. Any info and
    >explainations are appreciated.
    >
    >
    >TKS

    ########################
    Isn't the data layer also called the data link layer and isn't that
    the cables, switches, hubs, etc? I would say that SSH and SSL are
    not at the data layer. Take all that w/ a grain of salt because I
    haven't studies the OSI model in a long time.
    donnie.
     
    donnie, Jan 13, 2005
    #2
    1. Advertising

  3. Joe Plowman

    Mark Guest

    donnie wrote:
    > On Wed, 12 Jan 2005 17:18:15 -0700, "Joe Plowman"
    > <> wrote:
    >
    >
    >>I am studying for the CISSP cert. and am having trouble with the OSI model.
    >>Does TCP reside at the application level or the network level? How about
    >>SSH and SSL? Are they at the data layer?
    >>
    >>I have seen conflicting information. Some places say SSH and SSL are data
    >>layer protocols and other say they are network layer. Any info and
    >>explainations are appreciated.
    >>
    >>
    >>TKS

    >
    > ########################
    > Isn't the data layer also called the data link layer and isn't that
    > the cables, switches, hubs, etc? I would say that SSH and SSL are
    > not at the data layer. Take all that w/ a grain of salt because I
    > haven't studies the OSI model in a long time.
    > donnie.


    Here are the layers, since we seem to be missing some in the above examples.

    Application
    Presentation
    Session
    Transport
    Network
    Data Link
    Physical

    TCP would be the transport layer, IP the network layer. Some of the
    confusion may come from the fact that so many lump them together as TCP/IP.

    People could argue all day about what layer SSH belongs in (it really
    doesn't fit in just one) but I believe when dealing with the (ISC)2 your
    best best would probably be session.

    As far as SSL, SSL version 3 is A.K.A. TLS (transport layer security)
    version 1 so you can probably guess that one.

    Hope that helps. As always, I'm open to any questions/corrections.

    Mark
     
    Mark, Jan 13, 2005
    #3
  4. Joe Plowman

    sh4d03 Guest

    Mark wrote:
    > donnie wrote:
    >
    >> On Wed, 12 Jan 2005 17:18:15 -0700, "Joe Plowman"
    >> <> wrote:
    >>
    >>
    >>> I am studying for the CISSP cert. and am having trouble with the OSI
    >>> model. Does TCP reside at the application level or the network
    >>> level? How about SSH and SSL? Are they at the data layer?
    >>>
    >>> I have seen conflicting information. Some places say SSH and SSL are
    >>> data layer protocols and other say they are network layer. Any info
    >>> and explainations are appreciated.
    >>>
    >>>
    >>> TKS

    >>
    >>
    >> ########################
    >> Isn't the data layer also called the data link layer and isn't that
    >> the cables, switches, hubs, etc? I would say that SSH and SSL are
    >> not at the data layer. Take all that w/ a grain of salt because I
    >> haven't studies the OSI model in a long time.
    >> donnie.

    >
    >
    > Here are the layers, since we seem to be missing some in the above
    > examples.
    >
    > Application
    > Presentation
    > Session
    > Transport
    > Network
    > Data Link
    > Physical
    >
    > TCP would be the transport layer, IP the network layer. Some of the
    > confusion may come from the fact that so many lump them together as TCP/IP.
    >
    > People could argue all day about what layer SSH belongs in (it really
    > doesn't fit in just one) but I believe when dealing with the (ISC)2 your
    > best best would probably be session.
    >
    > As far as SSL, SSL version 3 is A.K.A. TLS (transport layer security)
    > version 1 so you can probably guess that one.
    >
    > Hope that helps. As always, I'm open to any questions/corrections.
    >
    > Mark


    I'm going to go with Mark - just to mention that the layer referring to
    the cables etc is the physical layer - as would make sense - it's
    PHYSICALLY tangible part of the networking.

    I realise you're asking about OSI, just be ofcourse warned that if
    you're taking Mark's advice that the 'session' layer is not a part of
    the TCP/IP stack - only the OSI stack. Possibly very redundant
    information but thought I'd remind you.

    Sh4d03

    --
    If you require more assistance or if my suggestion works please E-mail me at
    sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
    assistance to me and wish to E-mail me directly please also feel free to
    contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
    in the
    subject line. Please pay attention to the capitilisation. Emails sent to
    this the above address which do NOT contain "Newsgroup_sh4d03" in the
    subject line will fail to reach me.
    Thanks,
    Sh4d03
     
    sh4d03, Jan 13, 2005
    #4
  5. Joe Plowman

    wimbo Guest

    Mark wrote:
    > donnie wrote:
    >
    >> On Wed, 12 Jan 2005 17:18:15 -0700, "Joe Plowman"
    >> <> wrote:
    >>
    >>
    >>> I am studying for the CISSP cert. and am having trouble with the OSI
    >>> model. Does TCP reside at the application level or the network
    >>> level? How about SSH and SSL? Are they at the data layer?
    >>>
    >>> I have seen conflicting information. Some places say SSH and SSL are
    >>> data layer protocols and other say they are network layer. Any info
    >>> and explainations are appreciated.
    >>>
    >>>
    >>> TKS

    >>
    >>
    >> ########################
    >> Isn't the data layer also called the data link layer and isn't that
    >> the cables, switches, hubs, etc? I would say that SSH and SSL are
    >> not at the data layer. Take all that w/ a grain of salt because I
    >> haven't studies the OSI model in a long time.
    >> donnie.

    >
    >
    > Here are the layers, since we seem to be missing some in the above
    > examples.
    >
    > Application
    > Presentation
    > Session
    > Transport
    > Network
    > Data Link
    > Physical
    >
    > TCP would be the transport layer, IP the network layer. Some of the
    > confusion may come from the fact that so many lump them together as TCP/IP.
    >
    > People could argue all day about what layer SSH belongs in (it really
    > doesn't fit in just one) but I believe when dealing with the (ISC)2 your
    > best best would probably be session.
    >
    > As far as SSL, SSL version 3 is A.K.A. TLS (transport layer security)
    > version 1 so you can probably guess that one.
    >
    > Hope that helps. As always, I'm open to any questions/corrections.
    >
    > Mark


    As far as I can remember, telnet, smtp, snmp, http etc. belong in the
    application layer. Since SSH is a secure telnet (I know, it's a rough
    comparison) it would also belong to the application layer.
    But since it encrypts the entire dataflow it could also be part of the
    lower layers.
    I think one has to seperate the telnet part of SSH and the encryption
    part and spread it over the OSI layers (part transport, part application).

    The problem is that at the time I learned about the OSI model, SSH and
    even SSL wasn't that wide-spread. I guess I have some catching up to do

    /W
     
    wimbo, Jan 13, 2005
    #5
  6. Joe Plowman wrote:

    > I am studying for the CISSP cert. and am having trouble with the OSI
    > model.
    > Does TCP reside at the application level or the network level? How about
    > SSH and SSL? Are they at the data layer?
    >
    > I have seen conflicting information. Some places say SSH and SSL are data
    > layer protocols and other say they are network layer. Any info and
    > explainations are appreciated.
    >
    >
    > TKS


    TCP is located on the Transport level. The reason is that TCP handles Host
    to Host communication needs (restransmissions, flow control, etc). IP is
    located on the network layer.

    All applications (well mostly) reside on the application level. That
    includes SSH, Telnet, Sendmail, etc. Now, many applications implement
    multiple layers. An example of this would be SAMBA. It is on the
    Application, Presentation and session layers since it implements code on
    all three.

    I hope that helps,
    Michael
     
    Michael J. Pelletier, Jan 13, 2005
    #6
  7. Joe Plowman

    Mark Guest

    wimbo wrote:
    > Mark wrote:
    >
    >> donnie wrote:
    >>
    >>> On Wed, 12 Jan 2005 17:18:15 -0700, "Joe Plowman"
    >>> <> wrote:
    >>>
    >>>
    >>>> I am studying for the CISSP cert. and am having trouble with the OSI
    >>>> model. Does TCP reside at the application level or the network
    >>>> level? How about SSH and SSL? Are they at the data layer?
    >>>>
    >>>> I have seen conflicting information. Some places say SSH and SSL
    >>>> are data layer protocols and other say they are network layer. Any
    >>>> info and explainations are appreciated.
    >>>>
    >>>>
    >>>> TKS
    >>>
    >>>
    >>>
    >>> ########################
    >>> Isn't the data layer also called the data link layer and isn't that
    >>> the cables, switches, hubs, etc? I would say that SSH and SSL are
    >>> not at the data layer. Take all that w/ a grain of salt because I
    >>> haven't studies the OSI model in a long time.
    >>> donnie.

    >>
    >>
    >>
    >> Here are the layers, since we seem to be missing some in the above
    >> examples.
    >>
    >> Application
    >> Presentation
    >> Session
    >> Transport
    >> Network
    >> Data Link
    >> Physical
    >>
    >> TCP would be the transport layer, IP the network layer. Some of the
    >> confusion may come from the fact that so many lump them together as
    >> TCP/IP.
    >>
    >> People could argue all day about what layer SSH belongs in (it really
    >> doesn't fit in just one) but I believe when dealing with the (ISC)2
    >> your best best would probably be session.
    >>
    >> As far as SSL, SSL version 3 is A.K.A. TLS (transport layer security)
    >> version 1 so you can probably guess that one.
    >>
    >> Hope that helps. As always, I'm open to any questions/corrections.
    >>
    >> Mark

    >
    >
    > As far as I can remember, telnet, smtp, snmp, http etc. belong in the
    > application layer. Since SSH is a secure telnet (I know, it's a rough
    > comparison) it would also belong to the application layer.
    > But since it encrypts the entire dataflow it could also be part of the
    > lower layers.
    > I think one has to seperate the telnet part of SSH and the encryption
    > part and spread it over the OSI layers (part transport, part application).
    >
    > The problem is that at the time I learned about the OSI model, SSH and
    > even SSL wasn't that wide-spread. I guess I have some catching up to do
    >
    > /W
    >


    I should probably clarify my comments about SSH. If we are strictly
    talking about the OSI model, then I believe it spans the session,
    presentation and application layers. However, since Joe was asking
    about the CISSP cert I decided to simplify it in to what I thought
    (ISC)2 would expect.

    Since the key 'service' that SSH provides over other similar protocols
    is confidentiality (encryption) I felt the ISC would basically be asking
    for the lowest level this service is provided at. Since the transport
    layer (TCP), network layer (IP) and those below aren't encrypted. And,
    the Diffie-Hellman key exchange that helps pass either the password or
    pre-shared key is. I was guessing they would be looking for the session
    layer if the question came up on the test.

    I'm tired... I hope that makes sense. :)

    Mark
     
    Mark, Jan 14, 2005
    #7
  8. Joe Plowman

    Nick Roberts Guest

    "Joe Plowman" <> wrote:

    > I am studying for the CISSP cert. and am having trouble with the OSI
    > model. Does TCP reside at the application level or the network level? How
    > about SSH and SSL? Are they at the data layer?
    >
    > I have seen conflicting information. Some places say SSH and SSL are data
    > layer protocols and other say they are network layer. Any info and
    > explainations are appreciated.


    For the purposes of an exam, I think the answers by other repliers are very
    good. I wish you (Joe) the best of luck. But I feel it is necessary to point
    out the problems endemic in these kinds of examinations.

    The fact is -- and I suspect that the other repliers would agree with me --
    that technologies such as TCP and SSL have been introduced by people (and
    companies) with widely varying motivations, constraints, and levels of
    knowledge, resources, and professionalism. The result is, one that is
    tacitly acknowledged throughout the industry, that the OSI model has been
    largely ignored by almost everyone. It's really only some standards
    institutes that pay lip service to the OSI model.

    Many people use it as a rough guide -- after all, the various layers are
    almost 'common sense' -- but implement their own layer structure according
    their own ideas or needs, for which the OSI model is often inadequate
    anyway. Remember that IP and TCP long predate the OSI model, and the various
    'stacks' of protocols on top of IP have never been especially aligned with
    the OSI model.

    I gather the CISSP exam is a big multiple choice. So I suspect that you
    (Joe), if asked, will just have to pick the answer the examiner is most
    likely to think correct. There may be an element of random luck in your
    choice. Good luck!

    I've tried to relate part of a typical stack to the OSI model here:

    SSH - Application, touching on Presentation
    SSL - Presentation, touching on Application and Session
    TCP - Session and Transport, touching on Network
    IP and UDP - Network
    IEEE 802.3 - Data Link and Physical

    You can see how difficult it is. HTH
    --
    Nick Roberts
     
    Nick Roberts, Jan 17, 2005
    #8
  9. "Joe Plowman" <> writes:
    > I am studying for the CISSP cert. and am having trouble with the OSI
    > model. Does TCP reside at the application level or the network
    > level? How about SSH and SSL? Are they at the data layer?
    >
    > I have seen conflicting information. Some places say SSH and SSL
    > are data layer protocols and other say they are network layer. Any
    > info and explainations are appreciated.


    one of the problems was that the OSI model was done independent of
    TCP/IP ... claim is by a lot of copper-wire, telco oriented people.
    ISO compounded the problem with edicts that ISO and ISO chartered
    standards organizations couldn't standardize stuff that violated
    the OSI model.

    in the circa 1990, we were involved in trying to get HSP (high-speed
    protocol) into (ISO chartered) ANSI x3s3.3 for standardization (this
    was in the era that numerous govs. had mandated the elimination of
    tcp/ip and everything migrating to osi ... things like federal gosip,
    etc). HSP went directly from the transport layer to LAN/MAC
    interface, supporting internetworking protoctol along the way
    (i.e. IP).

    because of ISO edit about conformance with OSI model ... HSP couldn't
    be considered because:

    1) it went directly from transport interface to LAN/MAC interface,
    bypassing layer3/layer4 network/transport interface ... violating
    the OSI model.

    2) it supported IP. IP doesn't exist in the OSI model (it is an
    internetworking layer ... somewhat sitting in an non-existant
    layer between the bottom of transport (layer4) and the top
    of network (layer3) ... IP violates the OSI model and therefor
    anything supporting the OSI model violates the OSI model

    3) it went to LAN/MAC interface .... LAN/MAC interface sits somewhere
    in the middle of layer3/network ... and therefor violates the OSI
    model ... and therefore anything that supports LANs also violates the
    OSI model.

    misc. past osi and hsp posts:
    http://www.garlic.com/~lynn/subnetwork.html#xtphsp

    to the extent that TCP is a transport type of protocol ... it somewhat
    corresponds to layer4/transport ... however, TCP (now) interfaces to
    internetworking protocol (IP) ... which doesn't exist in OSI model.

    SSH and SSL are transport-like protocols ... although implemented at
    the application layer (and they tend to utilize TCP as the lower level
    transport mechanism).

    TCP predates the 1/1/83 great change over to internetworking protocol,
    having been originally implemented on the old arpanet ... which
    somewhat more corresponded to OSI model ... lacking an internetworking
    layer.

    I've frequently claimed that major reason that the internal network
    had larger number of nodes that arpanet/internet from just about the
    start up thru about mid-85 was because majority of the internal
    network nodes had gateway-like capability built in (which the
    arpanet/internet didn't get until the great 1/1/83 switchover to
    internetworking protocol).

    misc. past internal network posts:
    http://www.garlic.com/~lynn/subnetwork.html#internalnet

    --
    Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
     
    Anne & Lynn Wheeler, Jan 17, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Raimond Alpers

    OSI-Model

    Raimond Alpers, Dec 17, 2003, in forum: Cisco
    Replies:
    5
    Views:
    1,026
    Kirk Goins
    Dec 19, 2003
  2. Kerry
    Replies:
    3
    Views:
    621
    Kerry
    Jan 20, 2004
  3. OSI model question

    , Mar 21, 2006, in forum: Computer Support
    Replies:
    3
    Views:
    406
  4. AlejandroArias

    Model OSI

    AlejandroArias, Aug 28, 2007, in forum: Computer Security
    Replies:
    1
    Views:
    554
    Todd H.
    Aug 28, 2007
  5. J. Q. Etuo,  MSCE 2003,  A+ 2003

    DoD model Vs OSI

    J. Q. Etuo, MSCE 2003, A+ 2003, May 19, 2004, in forum: A+ Certification
    Replies:
    1
    Views:
    1,922
    Chris E
    May 20, 2004
Loading...

Share This Page