CISSP_Candidate
08-30-2006, 08:22 AM
I just want to make sure which layer does SSL operate, here is one of the question I found in cccure:
26. What are the two layers of OSI/ISO model within which SSL is designed to operate?
A Application/Presentation layer
B Application/Session Layer
C Application/Transport
D Application/Network
The answer is B and here is the explanation:
The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. According to the cited source, it is operating at the Application/Session layer.
Reference: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, page 173.
But what I've found in CISSP Prep Guide P.89 it said that "SSH-2, SSL and SKIP provide security services at the Transport Layer"
For the level of the exam CISSP is, this kind of question is unlikely to be asked but if they do the correct choice would hopefully be available - Session and Transport.
Anyhow, from ISC2, the answer will be Transport.
SQL a session layer protocal
I'm studying using Shon Harris 3rd Edition (which in general I find excellent) and I have a query regarding her statement about SQL being a session layer protocol (pages 423 & 429).
Now the last time I looked SQL was used to query databases - it's a language. There are protocols for connecting to databases over networks of course which may well live at the session layer, but this will be proprietary to the database vendor.
I think a strong argument could also be made that technologies that enable database connectivity such as ODBC and JDBC are presentation layer or even application layer.
26. What are the two layers of OSI/ISO model within which SSL is designed to operate?
A Application/Presentation layer
B Application/Session Layer
C Application/Transport
D Application/Network
The answer is B and here is the explanation:
The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL. According to the cited source, it is operating at the Application/Session layer.
Reference: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, page 173.
But what I've found in CISSP Prep Guide P.89 it said that "SSH-2, SSL and SKIP provide security services at the Transport Layer"
For the level of the exam CISSP is, this kind of question is unlikely to be asked but if they do the correct choice would hopefully be available - Session and Transport.
Anyhow, from ISC2, the answer will be Transport.
SQL a session layer protocal
I'm studying using Shon Harris 3rd Edition (which in general I find excellent) and I have a query regarding her statement about SQL being a session layer protocol (pages 423 & 429).
Now the last time I looked SQL was used to query databases - it's a language. There are protocols for connecting to databases over networks of course which may well live at the session layer, but this will be proprietary to the database vendor.
I think a strong argument could also be made that technologies that enable database connectivity such as ODBC and JDBC are presentation layer or even application layer.