What is the application layer in network security?

The OSI and TCP/IP models

The Open Systems Interconnection (OSI) model and the TCP/IP Model explain the functions performed for two computers to communicate over a network. These functions are divided into layers, as shown below:

The topmost layer in both cases is the application layer. A user interacts with the application layer. The application layer is used to display information to the user as well as receive information from the user. It allows application-to-application communication by using services of the layers that are below it.

For example, in a client-server architecture, the client sends a request to the web server running on a different host. The server will then send over the required information as a response.

Another example is a peer-to-peer architecture in which different hosts communicate with each other, and there is no assigned client or server. In this case, all the hosts will participate in sharing files, and, at one point, one host may be the client when it needs to download a file. At another point, the same host may be the server when it uploads a file.

Application layer protocols

As we have seen, applications can communicate with each other using requests and responses by sending messages to each other. These messages must be structured properly so that the end systems can understand them correctly. Application layer protocols describe the structure as well as the procedure in which these messages are sent. These protocols are responsible for:

  • defining the syntax as well as the meaning of messages sent
  • defining which type of message is received, e.g., request or response
  • describing the process followed when sending or receiving a message

Examples

1. HTTP

HyperText Transfer Protocol is the web’s application layer protocol. It is a client-server protocol in which browsers are the clients, and they request resources from web servers residing on different hosts.
The format of an HTTP request is as follows:

The format of an HTTP request

There are many different methods defined in HTTP (such as GET, POST, DELETE, PUT, and PATCH), but the one that is most commonly used is GET, which retrieves a resource from the host. There are also a variety of other headers that can be included in a request. These messages can also include any data that needs to be sent to the server.

The response message looks like this:

The format of a response message

The status code and message allow the client to understand whether or not their request was successful. Status 200 indicates a successful request, whereas 404 means that the resource was not found. There are other status codes as well that are understood by HTTP applications.

2. FTP

File Transfer Protocol (FTP) is used to share files between local and remote hosts. The first requirement is for the user to authenticate themselves, after which a control connection is established with the remote server. There are separate control and data connections between the server and client. Files can only be safely transmitted once a control connection is successfully established.

3. DNS

Identification of servers can be done in two ways:

  1. using hostname
  2. using IP Addresses

It is easier for humans to identify hosts using their hostnames instead of IP addresses. However, routers prefer to identify hosts using IP addresses since they are of fixed length and only contain digits that are easy to process. Domain Name System (DNS) is a protocol that provides the translation between hostnames and IP addresses.

Application layer security

As mentioned in the previous sections, the application layer is the closest to the user. Therefore, it is very dangerous if it’s to be attacked. In such a situation, performance may be degraded, data integrity may be compromised, user’s data stolen may be, or the network may break down.
Some application layer attacks include:

  • SQL injections
  • denial of service attacks
  • cross-site scripting
  • access to unauthorized data
  • parameter tampering

Mitigation of attacks

There should be security present at the application layer to ensure that attacks can be successfully be defended against.

Some methods to avoid these attacks are:

  • develop DDoS prevention and response plans
  • invest in web application firewalls
  • secure the network infrastructure