WEBVTT

00:04.279 --> 00:07.455
>> After the network and
the transport layer,

00:07.455 --> 00:08.955
coming of the OSI model,

00:08.955 --> 00:11.910
we're now at Layer 5, which
is the session layer.

00:11.910 --> 00:14.190
The session layer is
all about the setup,

00:14.190 --> 00:16.620
maintenance and tear-down
of the connection.

00:16.620 --> 00:18.555
Quite honestly, it's
about the setup,

00:18.555 --> 00:20.445
maintenance and tear
down of a session,

00:20.445 --> 00:22.500
that seems a little redundant.

00:22.500 --> 00:24.600
When I see a session is

00:24.600 --> 00:26.490
about when your web
browser or client

00:26.490 --> 00:29.985
system uses a web browser
to connect to a web server.

00:29.985 --> 00:33.175
That's an application
to application session.

00:33.175 --> 00:35.540
You communicate
throughout that session,

00:35.540 --> 00:36.965
you close out the session.

00:36.965 --> 00:38.060
You connect again ten minutes

00:38.060 --> 00:40.400
later and you have
a new session.

00:40.400 --> 00:42.815
That session layer is the setup,

00:42.815 --> 00:44.780
maintenance and
tear-down of the session

00:44.780 --> 00:47.255
between one application
and another.

00:47.255 --> 00:50.645
It is a client piece
and server piece.

00:50.645 --> 00:53.335
There are a couple of
protocols that work there.

00:53.335 --> 00:57.290
RPC is referred to as
Remote Procedure Call.

00:57.290 --> 00:59.390
When you're performing
an operation that's

00:59.390 --> 01:01.970
actually happening
on another system,

01:01.970 --> 01:03.890
that's a remote procedure call.

01:03.890 --> 01:07.850
SIP stands for Session
Initiation Protocol.

01:07.850 --> 01:09.410
This is used with VoIP,

01:09.410 --> 01:10.700
and as a matter of fact,

01:10.700 --> 01:13.565
it's this protocol that
makes the VoIP phones ring.

01:13.565 --> 01:15.110
If it makes sense, you dial a

01:15.110 --> 01:17.765
number and that session
has to be setup.

01:17.765 --> 01:20.840
The receiving end has to
have that ringing say,

01:20.840 --> 01:22.280
"Okay, we're connecting."

01:22.280 --> 01:26.570
That's set. SQL, which
is database language,

01:26.570 --> 01:28.130
but it's also is a protocol.

01:28.130 --> 01:29.390
It's layer 5 base from

01:29.390 --> 01:32.490
the database client to
the database server.

01:32.570 --> 01:35.090
As we continue to head them up,

01:35.090 --> 01:38.105
when we go to Layer 6, which
is the presentation layer,

01:38.105 --> 01:41.150
three big things happen at
the presentation layer;

01:41.150 --> 01:44.119
formatting, compression
and encryption.

01:44.119 --> 01:45.860
When we talk about formatting,

01:45.860 --> 01:47.060
we're talking about presenting

01:47.060 --> 01:49.295
the data in a universal format.

01:49.295 --> 01:51.800
That's why you can sit
at Mac and I can be in

01:51.800 --> 01:53.630
a Windows PC and you send

01:53.630 --> 01:55.765
me a message that I
can read perfectly.

01:55.765 --> 01:57.965
That's because at
some point in time,

01:57.965 --> 01:59.930
that message has to
be translated to

01:59.930 --> 02:01.610
a universal format set

02:01.610 --> 02:03.530
regardless of where
the message is going,

02:03.530 --> 02:06.215
it will present correctly
when it arrives.

02:06.215 --> 02:09.260
Formatting happens
here at Layer 6.

02:09.260 --> 02:13.355
What compression does is
remove redundancy from files.

02:13.355 --> 02:15.500
That allows the file
to be smaller as

02:15.500 --> 02:17.530
it's being transported
across the network,

02:17.530 --> 02:19.085
so it doesn't take as long.

02:19.085 --> 02:22.465
It doesn't take as much
space in order to transmit.

02:22.465 --> 02:25.185
Of course, we have encryption.

02:25.185 --> 02:27.080
I'll mention
encryption happens in

02:27.080 --> 02:29.270
many places on the OSI model.

02:29.270 --> 02:32.480
At Layer 1, there's
hardware-based encryption.

02:32.480 --> 02:34.990
At Layer 3, we have IPsec,

02:34.990 --> 02:36.670
which secures IP traffic,

02:36.670 --> 02:38.540
which we can use encryption.

02:38.540 --> 02:40.265
At Layer 4 through seven,

02:40.265 --> 02:42.110
we have SSL and TLS,

02:42.110 --> 02:43.535
which we haven't
talked about yet,

02:43.535 --> 02:45.970
but that secures web traffic.

02:45.970 --> 02:48.650
Here at Layer 6,
the encryption that

02:48.650 --> 02:51.785
happens at this level is
within the filing system.

02:51.785 --> 02:53.900
If you're using EFS and you're

02:53.900 --> 02:55.850
going to send a file
that's encrypted,

02:55.850 --> 02:57.580
that happens at this layer,

02:57.580 --> 02:59.150
or if you're going to store

02:59.150 --> 03:00.800
the file encrypted format

03:00.800 --> 03:02.615
somewhere within
the filing system,

03:02.615 --> 03:04.675
that also happens here.

03:04.675 --> 03:06.765
For multimedia formatting,

03:06.765 --> 03:09.220
whether you have a GIF, a JPG,

03:09.220 --> 03:12.710
or an MP4, or really
any type of multimedia,

03:12.710 --> 03:15.245
that formatting
happens at this layer.

03:15.245 --> 03:18.020
Interestingly enough, this
is the only layer the

03:18.020 --> 03:21.275
entire OSI model that
has no protocols.

03:21.275 --> 03:22.700
That's probably worth a look

03:22.700 --> 03:24.860
from a test-taking perspective.

03:24.860 --> 03:27.380
Man, if you want to get
to the layer where you

03:27.380 --> 03:29.620
get the most
intelligence, it's here.

03:29.620 --> 03:31.455
Remember, down at Layer 1,

03:31.455 --> 03:32.900
we said that those
were the devices

03:32.900 --> 03:34.415
that don't really know much.

03:34.415 --> 03:36.560
They don't know what
data is traversing.

03:36.560 --> 03:38.930
A cable doesn't know what
data is going across it,

03:38.930 --> 03:40.585
and a cable doesn't care.

03:40.585 --> 03:43.655
But if you really want
intelligence with your devices,

03:43.655 --> 03:45.455
you go all the way
up to the top,

03:45.455 --> 03:48.820
which is the application
layer. Layer 7.

03:48.820 --> 03:51.110
These are the
protocols that drive

03:51.110 --> 03:53.630
the applications
users are using.

03:53.630 --> 03:55.760
These protocols
have to be really

03:55.760 --> 03:59.095
smart because they have
direct access to your data.

03:59.095 --> 04:00.455
When we're thinking about

04:00.455 --> 04:02.255
the things that we
can do at Layer 7,

04:02.255 --> 04:04.925
this is where you'll see
certificate services.

04:04.925 --> 04:06.650
To tell you the truth, a lot of

04:06.650 --> 04:08.400
these things we
haven't talked about.

04:08.400 --> 04:10.070
What I'm going to
encourage you to do is

04:10.070 --> 04:11.900
later on come back and review

04:11.900 --> 04:13.880
this session on the OSI model

04:13.880 --> 04:15.140
>> after we talked about what

04:15.140 --> 04:17.150
>> a web application firewall is

04:17.150 --> 04:19.835
and what certificate
services are.

04:19.835 --> 04:22.220
For now we're just
going to suffice to say

04:22.220 --> 04:24.860
that certificate services
happen at this layer.

04:24.860 --> 04:27.170
Certificates are used
in order to provide

04:27.170 --> 04:30.080
authentication for
individuals or for systems.

04:30.080 --> 04:32.270
That's going to be important.

04:32.270 --> 04:34.610
Proxy servers, which are

04:34.610 --> 04:37.790
high-end deep packet
inspection devices give

04:37.790 --> 04:40.070
us a really good understanding
and inspection of

04:40.070 --> 04:42.855
the content of traffic
and other information.

04:42.855 --> 04:46.570
A web application firewall
is specific to web traffic,

04:46.570 --> 04:48.775
but provides a good
degree of protection,

04:48.775 --> 04:53.270
specifically focusing
in on HTTP and HTTPS.

04:53.270 --> 04:55.300
When it comes to any
attacks that are

04:55.300 --> 04:57.895
specifically geared
towards web servers,

04:57.895 --> 05:01.480
a WAF is a really good
defensive mechanism.

05:01.480 --> 05:03.160
Your email applications are

05:03.160 --> 05:05.090
going to use digital signatures.

05:05.090 --> 05:07.875
Digital signing
happens up at Layer 7.

05:07.875 --> 05:09.340
There's a lot of really good,

05:09.340 --> 05:11.170
very important stuff
that happens here

05:11.170 --> 05:14.090
in just a ton of protocols.

05:14.120 --> 05:19.330
SNMP, Simple Network
Management Protocol, FTP,

05:19.330 --> 05:21.100
TFTP, by the way,

05:21.100 --> 05:23.260
let me just mention you see FTP

05:23.260 --> 05:25.369
>> and TFTP mentioned here.

05:25.369 --> 05:28.390
>> Most people have heard
of File Transfer Protocol,

05:28.390 --> 05:32.150
but there's also Trivial
File Transfer Protocol.

05:32.150 --> 05:33.920
The only difference
between the two,

05:33.920 --> 05:35.105
if you remember earlier,

05:35.105 --> 05:36.350
we talked about TCP and

05:36.350 --> 05:39.545
UDP and that upper layer
services, piggyback.

05:39.545 --> 05:42.604
FTP piggybacks on TCP,

05:42.604 --> 05:45.140
TFTP, piggybacks on UDP.

05:45.140 --> 05:46.670
Which one do you think is

05:46.670 --> 05:48.820
going to provide
better performance?

05:48.820 --> 05:52.025
TFTP, because UDP is fast,

05:52.025 --> 05:56.160
FTP is going to provide
more reliable delivery.

05:56.870 --> 06:01.040
What are our key takeaways
from the OSI model?

06:01.040 --> 06:03.710
The OSI model is
conceptual model

06:03.710 --> 06:04.640
>> that was brought to us

06:04.640 --> 06:06.410
>> from the International
Organization

06:06.410 --> 06:07.869
>> for Standardization.

06:07.869 --> 06:09.910
>> It essentially
breaks down networking

06:09.910 --> 06:12.130
into seven categories
called layers.

06:12.130 --> 06:14.525
You see the layers
in front of us here.

06:14.525 --> 06:16.630
This is a really good
chart and I would

06:16.630 --> 06:18.220
certainly recommend
screenshotting it

06:18.220 --> 06:19.090
and printing it out.

06:19.090 --> 06:20.740
Because this hits the gist of

06:20.740 --> 06:22.880
what's going on
with the OSI model.

06:22.880 --> 06:24.969
Gives you a look at
network processes

06:24.969 --> 06:26.650
to the application Layer 7,

06:26.650 --> 06:28.060
data representation,

06:28.060 --> 06:29.860
inter-host communication,

06:29.860 --> 06:32.334
>> end-to-end path
determination.

06:32.334 --> 06:34.630
>> Down layer by layer gives

06:34.630 --> 06:37.195
you a quick view of what
happens at each layer.

06:37.195 --> 06:40.405
It also gives you some of the
more important protocols.

06:40.405 --> 06:42.385
But you can go back
and add to this,

06:42.385 --> 06:44.590
you know that cable
is at Layer 1.

06:44.590 --> 06:47.305
Switches and MAC
addresses are at Layer 2,

06:47.305 --> 06:50.735
at Layer 3 we have routers
and Layer 3 switches.

06:50.735 --> 06:52.205
If there's anything missing,

06:52.205 --> 06:54.200
you can go back and re-listen.

06:54.200 --> 06:55.955
But know your layers,

06:55.955 --> 06:58.700
know the gist of what happens
at each layer and know

06:58.700 --> 07:01.580
any protocols or any
specific hardware devices,

07:01.580 --> 07:05.130
because you can bet this is
going to be on your exam.