Active, Most Current. Prices subject to change without notice. About Us. Contact Us. Sign In. Standards Store.
|Published (Last):||23 November 2017|
|PDF File Size:||15.11 Mb|
|ePub File Size:||18.95 Mb|
|Price:||Free* [*Free Regsitration Required]|
Page 1 of 2 - Groups 1 and 2. Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers  as defined by ITU-T X. This model is widely recognized  . Information security and Computer security are disciplines that are dealing with the requirements of Confidentiality, Integrity, Availability, the so-called CIA Triad, of information asset of an organization company or agency or the information managed by computers respectively.
There are threats that can attack the resources information or devices to manage it exploiting one or more vulnerabilities. The resources can be protected by one or more countermeasures or security controls.
So security services implement part of the countermeasures, trying to achieve the security requirements of an organization. In order to let different devices computers, routers, cellular phones to communicate data in a standardized way, communication protocols had been defined. The ITU-T organization published a large set of protocols. The general architecture of these protocols is defined in recommendation X.
The different means air, cables and ways protocols and protocol stacks to communicate are called a communication network. Security requirements are applicable to the information sent over the network.
The discipline dealing with security over a network is called Network security. This Recommendation extends the field of application of Recommendation X. According to X.
It is a set of data that is sent by a user of the services of a given layer, and is transmitted semantically unchanged to a peer service user. The added headers or footers are part of the process used to make it possible to get data from a source to a destination. The following are considered to be the security services which can be provided optionally within the framework of the OSI Reference Model. The authentication services require authentication information comprising locally stored information and data that is transferred credentials to facilitate the authentication:  .
The security services may be provided by means of security mechanism:   . Some of them can be applied to connection oriented protocols, other to connectionless protocols or both. Managed security service MSS are network security services that have been outsourced to a service provider. The Open Systems Interconnection model OSI model is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to its underlying internal structure and technology.
Its goal is the interoperability of diverse communication systems with standard communication protocols. The model partitions a communication system into abstraction layers. The original version of the model had seven layers. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that constitute the contents of that path.
Two instances at the same layer are visualized as connected by a horizontal connection in that layer. An Experimental Packet Switched system in the UK circa , also identified the need for defining higher level protocols. The NCC UK publication 'Why Distributed Computing' which came from considerable research into future configurations for computer systems, resulted in the UK presenting the case for an international standards committee to cover this area at the ISO meeting in Sydney in March In the late s, the International Organization for Standardization ISO conducted a program to develop general standards and methods of networking.
Both bodies developed documents that defined similar networking models. OSI had two major components, an abstract model of networking, called the Basic Reference Model or seven-layer model, and a set of specific protocols. The OSI reference model was a major advance in the teaching of network concepts. It promoted the idea of a consistent model of protocol layers, defining interoperability between network devices and software. The concept of a seven-layer model was provided by the work of Charles Bachman at Honeywell Information Systems.
The new design was documented in ISO and its various addenda. In this model, a networking system was divided into layers. Within each layer, one or more entities implement its functionality. Each entity interacted directly only with the layer immediately beneath it, and provided facilities for use by the layer above it. Not all are free of charge. OSI was hence an industry effort, attempting to get industry participants to agree on common network standards to provide multi-vendor interoperability.
It was common for large networks to support multiple network protocol suites, with many devices unable to interoperate with other devices because of a lack of common protocols. Communication protocols enable an entity in one host to interact with a corresponding entity at the same layer in another host. Service definitions, like the OSI Model, abstractly describe the functionality provided to an N -layer by an N-1 layer, where N is one of the seven layers of protocols operating in the local host.
At each level N , two entities at the communicating devices layer N peers exchange protocol data units PDUs by means of a layer N protocol. Data processing by two communicating OSI-compatible devices proceeds as follows:. The recommendation X.
Layer 1 is the lowest layer in this model. The physical layer is responsible for the transmission and reception of unstructured raw data between a device and a physical transmission medium.
It converts the digital bits into electrical, radio, or optical signals. Layer specifications define characteristics such as voltage levels, the timing of voltage changes, physical data rates, maximum transmission distances, modulation scheme, channel access method and physical connectors.
This includes the layout of pins, voltages, line impedance, cable specifications, signal timing and frequency for wireless devices. Bit rate control is done at the physical layer and may define transmission mode as simplex, half duplex, and full duplex. The components of a physical layer can be described in terms of a network topology.
Bluetooth, Ethernet, and USB all have specifications for a physical layer. The data link layer provides node-to-node data transfer—a link between two directly connected nodes. It detects and possibly corrects errors that may occur in the physical layer. It defines the protocol to establish and terminate a connection between two physically connected devices. It also defines the protocol for flow control between them. The Point-to-Point Protocol PPP is a data link layer protocol that can operate over several different physical layers, such as synchronous and asynchronous serial lines.
The network layer provides the functional and procedural means of transferring variable length data sequences called packets from one node to another connected in 'different networks'. A network is a medium to which many nodes can be connected, on which every node has an address and which permits nodes connected to it to transfer messages to other nodes connected to it by merely providing the content of a message and the address of the destination node and letting the network find the way to deliver the message to the destination node, possibly routing it through intermediate nodes.
If the message is too large to be transmitted from one node to another on the data link layer between those nodes, the network may implement message delivery by splitting the message into several fragments at one node, sending the fragments independently, and reassembling the fragments at another node. It may, but does not need to, report delivery errors. Message delivery at the network layer is not necessarily guaranteed to be reliable; a network layer protocol may provide reliable message delivery, but it need not do so.
These include routing protocols, multicast group management, network-layer information and error, and network-layer address assignment. It is the function of the payload that makes these belong to the network layer, not the protocol that carries them. The transport layer provides the functional and procedural means of transferring variable-length data sequences from a source to a destination host, while maintaining the quality of service functions.
Some protocols are state- and connection-oriented. This means that the transport layer can keep track of the segments and re-transmit those that fail delivery. The transport layer also provides the acknowledgement of the successful data transmission and sends the next data if no errors occurred. The transport layer creates segments out of the message received from the application layer.
Segmentation is the process of dividing a long message into smaller messages. OSI defines five classes of connection-mode transport protocols ranging from class 0 which is also known as TP0 and provides the fewest features to class 4 TP4, designed for less reliable networks, similar to the Internet.
Class 0 contains no error recovery, and was designed for use on network layers that provide error-free connections. Also, all OSI TP connection-mode protocol classes provide expedited data and preservation of record boundaries.
Detailed characteristics of TP classes are shown in the following table: . An easy way to visualize the transport layer is to compare it with a post office, which deals with the dispatch and classification of mail and parcels sent.
A post office inspects only the outer envelope of mail to determine its delivery. Higher layers may have the equivalent of double envelopes, such as cryptographic presentation services that can be read by the addressee only. While Generic Routing Encapsulation GRE might seem to be a network-layer protocol, if the encapsulation of the payload takes place only at the endpoint, GRE becomes closer to a transport protocol that uses IP headers but contains complete Layer 2 frames or Layer 3 packets to deliver to the endpoint.
The session layer controls the dialogues connections between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes procedures for checkpointing, suspending, restarting, and terminating a session. In the OSI model, this layer is responsible for gracefully closing a session, which is handled in the Transmission Control Protocol at the transport layer in the Internet Protocol Suite.
This layer is also responsible for session checkpointing and recovery, which is not usually used in the Internet Protocol Suite. The session layer is commonly implemented explicitly in application environments that use remote procedure calls. The presentation layer establishes context between application-layer entities, in which the application-layer entities may use different syntax and semantics if the presentation service provides a mapping between them.
If a mapping is available, presentation protocol data units are encapsulated into session protocol data units and passed down the protocol stack. This layer provides independence from data representation by translating between application and network formats.
The presentation layer transforms data into the form that the application accepts. This layer formats data to be sent across a network. It is sometimes called the syntax layer. The application layer is the OSI layer closest to the end user, which means both the OSI application layer and the user interact directly with the software application.
This layer interacts with software applications that implement a communicating component. Such application programs fall outside the scope of the OSI model. Application-layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication.
Provides a general description of security services and related mechanisms, which can be ensured by the Reference Model, and of the positions within the Reference Model where the services and mechanisms may be provided. Extends the field of application of ISO to cover secure communications between open systems. Adds to the concepts and principles included in ISO but does not modify them. Is no implementation specification, nor a basis for assessing the conformance of actual implementations. Check out our FAQs. Buy this standard.