O'Reilly logo

Windows Vista Security: Praxisorientierte Sicherheit für Profis by Marcus Nasarek

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

502
|
Chapter 14: Setting Up Your Network
OSI layer 4 controls the transfer of data among users, and provides reliable data
transfer to the layers above itself. Layer 4 controls flow as well as errors. This layer
controls the retransmit of packets lost in transport among users. TCP uses this layer
as the control portion of the protocol. Layer 4 also converts data into the User Data-
gram Protocol (UDP) and Stream Control Transmission Protocol (SCTP) formats.
OSI layer 5 controls the networked communications between computers. This
includes managing and terminating connections among machines. Layer 5 controls
duplex modes on network traffic, which includes full- and half-duplex operations.
TCP uses layer 5 to control the flow of data and to terminate connections.
OSI layer 6 provides a standard interface to transform data into the correct format
for the application layer. Standard uses of layer 6 include data encryption, compres-
sion, and specific types of encoding, including Multipurpose Internet Mail Exten-
sion (MIME) encoding. Layer 6 also allows for the transformation into and out of the
eXtensible Markup Language (XML) format.
OSI layer 7 controls the means a user needs to access network resources through an
application. Programs that use layer 7 include Simple Mail Transfer Protocol
(SMTP), HTTP, FTP, Telnet, IPSec, IM, and other applications.
Each layer of the OSI model handles different portions of the networking process
and helps to define the process of finding errors, or just understanding how the com-
plex process of networking actually works. Armed with the information from the
OSI model, we can begin to truly understand, create, and even fix networks as well
as the protocols used to transmit data across networks.
Introducing IPSec
IPSec offers the ability to encrypt network transmissions at the adapter level. IPSec
varies from Secure Sockets Layer (SSL) in terms of the OSI layer it encrypts. SSL typi-
cally encrypts at the application/protocol layer (OSI layer 7), and IPSec encrypts data
at the transport layer (OSI layers 4–7). Since SSL works only at the application proto-
col layer, if you transmit data over any other port or use any application other than
the one bound to the SSL protocol, that data is not encrypted. IPSec, however,
encrypts all of the data transmitted from the network adapter at the transport layer.
IPSec includes two encryption mechanisms: transport and tunneling. Most imple-
mentations use the tunneling version, which encapsulates the entire packet. This fea-
ture allows for routable information to other hosts to be unencrypted while the
internal header and the rest of the data stay encrypted. This makes it possible to use
Network Address Translation (NAT), which lets you use a single device to allow traf-
fic into and out of the network using internal IP addressing—something your Ether-
net router does for you automatically.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required