[MUSIC] Layer 5 is kind of interesting because at one point, layer 5, there were calls for reviewing whether layer 5 needed to exist or not. Do we really need the session there? If you've got TCP forming a logical connection, do we need layer 5? Well, layer 5 became really popular at a point in time and it was around the time that IP based communication took off voice-over IP. From back in the days of Microsoft Messenger through to Zoom, Microsoft Teams, Skype, all those different products which use a logical form of connection. And what we need to make that work really well is the idea of a session, a logical session that needs establishing managing and tearing down. So one of the most important protocols here, I think, is SIP, Session Initiation Protocol. This is the backbone of most IP communications and voice-over IP, which is now the dominant form of telephony. Password Authentication Protocol, PAP. Very old protocol going back to the days of dial up modems. Again, these older protocols, they're not so secure. PAP for exchanging passwords does not support encryption. How crazy is that? Something which is exchanging password data does not support encryption. It's pretty alarming. RPC, Remote Procedure Calls. Remote Procedure Calls are a way of conducting an execution of a command on a remote system. You're remotely executing something and this is really popular on networks. You right click a computer and try to list its log files or what to list some of its services. This is using RPC, so it's very commonly used. However, massive security concern, there is no encryption. So here we got two protocols at layer 5 without encryption. Is this a theme? Well, the ISO standard states that there are no security services running at layer 5. This is why layer 5, from a security perspective, is particularly of interest. The actual ISO standard states that we don't have security services running here. We have to borrow that security or use security from one of the other layers. Where do we get that from? Well, we talked about where encryption occurs. Most encryption occurs at layer 6, the presentation layer. So this is a good way of encrypting. This is a good place for encrypting your data. This is very close to the application layer. This is where a lot of the security occurs. There is a notable exception, IPSec occurs at layer 3. So IPSec, as a form of network encryption, can be very useful sometimes because it works at a different layer. Your application may not know the data is being encrypted if it's happening at layer 3. It's so far below the application it's not aware. And this can be useful if we've got some really old legacy applications. IPSec can be encrypting the data as it moves across the network, the application won't even know. So we want to get our data into the correct format. Think about this as a metaphor's dressing up for the right occasion. You're going to a gala event, you're going to the Oscars, you dress up, you have a particular form of presentation, versus going out to meet friends. Same is true of our data. We need to make sure it's in the right format as it moves up to the application there. This is getting data in the right format. Most commonly what we see here actually isn't encryption. What we see here is encoding, getting the data into the right format. Encoding is different from encryption. Encryption is a security function, we need a key to encrypt or decrypt, as we'll see in the next chapter. Encoding is the correct format, encoding standards are open standards. It may not be easily readable but there is typically software that can encode or decode for us. At layer 7 then, this isn't the application itself, it is called the application layer. This isn't the application itself, it's quite an important point to remember. But this is how the application gains access to the network. Here, we have a web application firewall as an example of a security service running at layer 7. Web application firewall is different to the firewalls we talked about at layers 3 and 4, and that it's much more application aware. So it focuses on the content of the traffic and will be aware of different application protocols. So, for example, at layer 3 and 4 firewall, we talked about allowing and denying based on ports and IP addresses. Here at layer 7, the web application firewall, sometimes called a WAF, W-A-F, is less concerned with ports and IP addresses. It's more concerned with the content of the traffic. You have a database language like SQL, web application firewall can be very good at spotting things like SQL injection attacks, looking at the misuse of that protocol. So this layer is the closest to the end user. And here we just see what we've talked about, that idea of encapsulation. Our session data has a header put on with the port information, the source and destination ports. Then that's encapsulated in a packet with IP address to and from, and then the packet is encapsulated in a frame. And then as that's transmitted in zeros and ones, when it gets to the destination host, that process is reversed. The frame has its header and footer stripped off the packet the same until we get back to our payload data. So this is how the OSI model works. As I said right at the start of this module, I would, if this isn't completely, not completely, comfortable with this, re-watch, re-read because it's important. It's such an important foundation set of knowledge for networking and for security. I think for both of those reasons, it's worthwhile investing a little bit of time. And it's great professional knowledge to have. You hear people talking about security at layer 3 and layer 7, this is common conversation in technology communities, security communities. [MUSIC]
