Securing Protocol Layers   «Prev  Next»

Lesson 6Application layer
Objective Identify application layer and its weaknesses

Network Application Layer

Identify the application layer and its weaknesses.
The application layer is the most difficult to secure.
Together, the TCP and UDP ports allow more than 130,000 possible applications to be used over the TCP/IP suite. Protecting a network on a per-application basis is difficult; a better approach is to allow only particular applications to communicate through the network.

TCP/IP application layer

  1. Application Layer
  2. (TCP/UDP) Transport Layer
  3. (IP) Internet Layer
  4. (ARP) Network Layer

Client applications

Hosts use a client-side application to initiate communication with other hosts. When a client establishes a TCP session with a server, it will use an ephemeral port to initiate the session.
Ephemeral port numbers are normally between 1025 and 5000. The client will address all its TCP traffic to TCP port 80 of the Web server, the port for HTTP.
The Web server will address all its traffic to the ephemeral port of the client.

Services or daemons

The server side of a TCP/IP application is similar to the client side, except that the server application is always running. When the host is first started, all the server applications that are configured to automatically start will begin listening for any requests addressed to their specific TCP or UDP port numbers.
For example, a user must load his or her Internet mail application to receive and send email. However, the mail server itself must always be running to allow the client to access the email application. Microsoft Windows NT calls its server applications services and UNIX calls them daemons[1].

Server applications

Server applications are often the target of hacker attacks. As new ones are released or current ones are modified, hackers will try to exploit weaknesses in the application. To best protect your servers from attack, know exactly which server applications are running so that you can monitor and filter inbound traffic.
A common hacker technique is to load an illicit server application on a host. The server application is designed to defeat the security structure of the host and/or network. Many tools, particularly application layer tools, are available to defeat illicit servers and services. Security at the application layer is implemented through application-level gateways known as proxy servers and will be discussed a later module.
[1] Daemon:A process that performs a specified operation at a predefined time or in response to certain events. Daemon is a UNIX term. In other operating systems such as Windows, daemons are referred to as services.