Day 57: Presentation Layer Protocols and Known Security Issues

Description

Unlike the lower layers, which are mostly concerned with moving bits around, the presentation layer handles the syntax and semantics of the information transmitted. To make it possible for computers with different internal data representations to communicate, the data structures to be exchanged can be defined abstractly, along with a standard encoding to be used ‘‘on the wire.’’ The presentation layer manages these abstract data structures and allows higher-level data structures (e.g., banking records) to be defined and exchanged.

Network Data Unit

Data

Main Security Issues

• Decryption Attacks
• Encryption Downgrade Attacks
• Parsing/Character/Uncompress Exploits
• Encoding Attacks
• Type Confusion

Services

• Data conversion[2]
• Character code translation[2]
• Compression[2]
• Encryption and Decryption[2]

Protocol Examples

Other protocols sometimes considered at this level (though perhaps not strictly adhering to the OSI model) include:

• Apple Filing Protocol (AFP)
• Independent Computing Architecture (ICA), the Citrix system core protocol
• Lightweight Presentation Protocol (LPP)
• NetWare Core Protocol (NCP)
• Network Data Representation (NDR)
• Telnet (a remote terminal access protocol)
• Tox, The Tox protocol is sometimes regarded as part of both the presentation and application layer
• eXternal Data Representation (XDR)
• X.25 Packet Assembler/Disassembler Protocol (PAD)

Presentation Layer OpSec

Layer 6 OpSec is quite in-depth and will be covered in a unique blog on securing later 6.