October 12th, 2001 11:38 AM
OSI Security Concern
I have a few questions based on the OSI model and security.
I am no where near an expert in the topic, but have begun to closley study the open-systems interface face model, and have been very interested in what I have found.
My first question would be, to any one who may be willing to participate in this open-ended discussion... What security risks/issues are commonly associated with what layers?
Thus far, I have found that data encryption resides @ the Layer 6 (Presentation) layer. This concerns me. While this is data manipulation is done very early on the system building the data frames, it is consequently not recognized or 'decrypted' until very late on the recieving system, or the system that is 'un-packing' the information.
I am interested in hearing if anyone is familiar with a Layer 1, or PHYSICAL device, that encrypts information @ lower layers, such as @ the bit level. If it were necessary for any computer to be able to recognize that a data 'group' was indeed a legitimate packet, then this device would not be able to be a layer 1 device, as fields, as well as data fields would be altered(processed) with the encryption algorithm. In this case, the device would need to be a physical, but 'thinking' device (i.e, a layer 2 device).
However, if individual computers were configured with similiar or corresponding devices, then the header fields, as well as data fields, could necesarily be included in the encryption process, and only the computer(s) fitted with the appropriate physical mechanisms would be able to comprehend that these 'information groups' were even legitimate packets. Anyone else, (i.e., unauthenticated or remote users), would simply discard the information, and if used under some sort of connectionless (say, udp-like) standards, would move on, as if the data were never recieved.
If this were so, the only hurdle we would be facing now would be actually using this system in a switched, or rather, routing orientated network topology, as the router interfaces, using the example above, if not fitted properly, would not be able to comprehend the encrypted header fields, and would discard the information.
Please let me hear any thoughts one may have on what I have said.
---....Loading: 1x 2x 3x