Layer 4 – Transport and Layer 5 – Session

OSI Layer 4 Transport:

Protocols at layer 4 include:

• Transmission control protocol (TCP) – connection oriented for data management and reliable data transfer
• User datagram protocol (UDP) – connectionless data transfer with no error detection/correction

Vulnerabilities, threats, and mitigations at layer 4:

• SYN flood – protocol inspection for RFC conformance, anomaly detection, deep packet inspection
• Fraggle – prevent router from forwarding request to network directed broadcast address

OSI Layer 5 Session

The session layer is responsible for the establishing, maintaining, and ending of sessions between hosts.  No inherent security exists in this layer, but can be applied at a layer above or below. Risky protocols can be encrypted to reduce the risk.

Protocols:

• Password authentication protocol (PAP)
• Point-to-point tunneling protocol (P2PTP)
• Remote procedure protocol 

Termination refers to when the sending station completes a transfer. For those of you who don’t work in Domain 4, this is similar to the TCP handshake process to start a connection, but instead follows the FIN, AckFIN (or FINACK if it’s easier to remember it backwards), followed by ACK.