test me

Site Search:

SSH, SSL, IPSec OSI model layer

SSH, is an OSI model application layer protocol use cryptographic to allow remote login and other network services to operate securely over an unsecured network.  SSL runs inside TCP and encrypts the data inside the TCP packets. IPsec replaces IP with an encrypted version of the IP layer.

An example linux command line program that implement ssh protocol is ssh, an example linux command line program that implement tls/ssl protocol is openssl. IPsec protocol is usually implemented in kernel as library and exposed to programs as API library, there is no famous linux command line program implementing IPSec protocol.

In practice, SSL and SSH are typically used for different purposes: SSH is most often used for remote log-in, SSL for encrypted web access. On the other hand, IPsec is predominately used in VPNs. When used in application-level security or routing security, IPsec is not a complete solution and must be coupled with other security measures to be effective, hindering its deployment in these domains.

SSL and SSH are two protocols with very similar functionality -- they both provide the cryptographic elements to build a tunnel for confidential data transport with checked integrity. They differ on the things which are around the tunnel. SSL traditionally uses X.509 certificates for announcing server and client public keys; SSH has its own format. Also, SSH comes with a set of application layer feature for what goes inside the tunnel such as multiplexing several transfers, performing password-based authentication within the tunnel, terminal management..., while there is no such thing in SSL.

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as 'SSL', are cryptographic protocols that provide communications security over a computer network. SSL is a layer that fits in between HTTP and TCP. A normal TCP connection is made and then a key exchange is negotiated within that layer. After the key exchange, all traffic inside the TCP layer is encrypted so that only the intended recipient can decrypt it. SSL also encompasses a system of trust that allows you to verify that you are actually communicating with who they claim to be in the form of SSL certificates that are signed by one of several central authorities. Although SSL can be used to secure any protocol that runs above TCP, the most common application of it is in HTTPS. 

IPsec is a layer that fits in between TCP and the physical layer. It enhances the IP layer by adding encryption to the data inside it, including the TCP layer if that is what is being sent in the IP packets. IPsec also allows for authentication of both parties communicating and provides methods for secure key exchange. IPsec support is a mandatory part of IPv6


Compare to TLS/SSL and SSH which operate in the upper layers (between application layer and transport layer), only IPsec protects all application traffic over an IP network. Applications can be automatically secured by IPsec at the IP layer.



No comments:

Post a Comment