Application Layer

Definition of Application Layer

The application layer is a layer in the Open Systems Interconnection Model (OSI) seven-layer model and in the TCP/IP protocol suite. It consists of protocols that focus on process-to-process communication across an IP Network and provides a firm communication interface and end-user services.[1]

An application layer is an abstraction layer that specifies the shared communications protocols and interface methods used by hosts in a communications network. The application layer abstraction is used in both of the standard models of computer networking: the Internet Protocol Suite (TCP/IP) and the OSI model. Although both models use the same term for their respective highest level layer, the detailed definitions and purposes are different. In TCP/IP, the application layer contains the communications protocols and interface methods used in process-to-process communications across an Internet Protocol (IP) computer network. The application layer only standardizes communication and depends upon the underlying transport layer protocols to establish host-to-host data transfer channels and manage the data exchange in a client-server or peer-to-peer networking model. Though the TCP/IP application layer does not describe specific rules or data formats that applications must consider when communicating, the original specification (in RFC 1123) does rely on and recommend the robustness principle for application design. In the OSI model, the definition of the application layer is narrower in scope. The OSI model defines the application layer as the user interface responsible for displaying received information to the user. In contrast, the Internet Protocol Suite does not concern itself with such detail. OSI also explicitly distinguishes additional functionality below the application layer, but above the transport layer at two additional levels: the session layer, and the presentation layer. OSI specifies a strict modular separation of functionality at these layers and provides protocol implementations for each layer.[2]

Application Layer Protocols[3]

1. TELNET: Telnet stands for telephone network.It helps in terminal emulation.It allows Telnet client to access the resources of Telnet server.It is used for managing the files on the internet.It is used for initial set up of devices like switches.Telnet command is a command that uses the Telnet protocol to communicate with a remote device or system.
2. FTP: FTP stands for file transfer protocol. It is the protocol that actually lets us transfer files.It can facilitate this between any two machines using it. But FTP is not just a protocol but it is also a program.FTP promotes sharing of files via remote computers with reliable and efficient data transfer
3. TFTP: The Trivial File Transfer Protocol (TFTP) is the stripped-down, stock version of FTP, but it’s the protocol of choice if you know exactly what you want and where to find it. It’s a technology for transferring files between network devices, and is a simplified version of FTP
4. NFS: It stands for network file system.It allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally. This enables system administrators to consolidate resources onto centralized servers on the network.
5. SMTP: It stands for Simple Mail Transfer Protocol. It is a part of TCP/IP protocol.Using a process called “store and forward,” SMTP moves your email on and across networks. It works closely with something called the Mail Transfer Agent (MTA) to send your communication to the right computer and email inbox.
6. LPD: It stands for Line Printer Daemon. It is designed for printer sharing.It is the part that receives and processes the request. A “daemon” is a server or agent.
7. X window: It defines a protocol for the writing of graphical user interface–based client/server applications. The idea is to allow a program, called a client, to run on one computer. It is primarily used in networks of interconnected mainframes.
8. SNMP: It stands for Simple Network Management Protocol.It gathers data by polling the devices on the network from a management station at fixed or random intervals, requiring them to disclose certain information.It is a way that servers can share information about their current state, and also a channel through which an administer can modify pre-defined values.
9. DNS: It stands for Domain Name Service. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name might translate to
10. DHCP: It stands for Dynamic Host Configuration Protocol (DHCP).It gives IP addresses to hosts.There is a lot of information a DHCP server can provide to a host when the host is registering for an IP address with the DHCP server.

Functions of Application Layer[4]

1. Mail Services : This layer provides the basis for E-mail forwarding and storage.
2. Network Virtual Terminal : It allows a user to log on to a remote host. The application creates software emulation of a terminal at the remote host. User’s computer talks to the software terminal which in turn talks to the host and vice versa. Then the remote host believes it is communicating with one of its own terminals and allows user to log on.
3. Directory Services : This layer provides access for global information about various services.
4. File Transfer, Access and Management (FTAM) : It is a standard mechanism to access files and manages it. Users can access files in a remote computer and manage it. They can also retrieve files from a remote computer.

Application Layer Functions
source: Amit Dangarh

Application Layer Threats[5]

The open-ended nature of the Application Layer may present threats. Some of the threats can be summarized as follows:

  • One of the prime threats at the Application Layer is poor or nonexistent security design of the basic function of an application.
  • Some applications may insecurely handle sensitive information by placing it in publicly accessible files or encoding it in “hidden” areas which are trivially displayed, such as in the HTML code of a web form.
  • Programs may have well-known backdoors or shortcuts that bypass otherwise secure controls and provide unauthorized access.
  • Applications with weak or no authentication are prime targets for unauthorized use and abuse over the network.
  • The TFTP protocol is extensively used for booting of diskless workstations and network device management, but does not require any sort of username or password authentication to use its file access ability, giving an intruder possible access to configuration and access information without challenge other than the need to guess filenames.
  • Applications may rely upon untrustworthy channels to establish identity or set privilege.
  • Overly complex access controls may seem to protect access but fail to prevent unauthorized activity due to poorly understood or written access rules.

Providing Security at the Application Layer[6]

The following steps have been in practice to make the application layer safer.
A. Use methods from applications: From the higher levels outside of the model, user input is a significant threat from both deliberate and accidental standpoints. Users may provide unexpected input into the application environment, which if not handled properly could lead to crashes or other unexpected behavior. The unsuspecting hapless user may cause his application to crash or otherwise fail. A malicious user may be able to use bugs and program flaws to attack and gain access to resources or data. Some of the most prevalent controls at the application layer relate to strong design practices in application design and implementation. Applications should make use of the secure facilities available to them in the lower network layers, carefully check incoming and outgoing data, and assume that communications can and will be subject to attack, requiring the use of strong authentication and encryption to validate and protect data as it travels across the network. Applications should also implement their own security controls, allowing for fine-grained control of privilege to access resources and data, ideally using a mechanism that is straightforward and strikes a balance between usability and effectiveness. Detailed logging and audit capability should be a standard feature of any application that handles sensitive or valuable data. Testing and review is also critical as a control for the application layer. Given the wide variety of both problems and solutions, standards and practices will not be able to capture all possible twists and turns in the application environment. Developers will often have conflicting motivations and agendas regarding their applications, and in a structured programming environment, mandated code security review and application security testing are critical parts of a secure Software Development Life Cycle (SDLC).
B. Use hardware security: On the hardware front, Intrusion Detection Systems (IDS) can observe data traffic for known profiles of network activity that can indicate probes for vulnerable applications or an imminent or ongoing attack, as well as detecting the presence of undesirable application traffic. Many current host-based firewall systems also include the means to control the access of applications to the network. This control is useful in preventing the unauthorized or covert use of network resources by local programs, as well as providing the conventional layer three and four control functions of a firewall. Many also include basic IDS functionality as well.
C. Role of radius protocol: Authentication, Authorization and Accounting (AAA) protocols such as TACACS [TACACS] and RADIUS [RADIUS] were initially deployed to provide dial-up PPP [PPP] and terminal server access. Over time, with the growth of the Internet and the introduction of new access technologies, including wireless, DSL, Mobile IP and Ethernet, routers and network access servers (NAS) have increased in complexity and density, putting new demands on AAA protocols. RADIUS provides the following advantages:

  • Tight security : RADIUS allows user information to be stored on one host, minimizing the risk of security loopholes.
  • Flexibility: Using modifiable "stubs," RADIUS can be adapted to work with existing security systems and protocols.
  • The RADIUS server may be adapted to your network, rather than adjusting your network to work with RADIUS.
  • Simplified management: Security information is stored in text files at a central location, the RADIUS server. Adding new users to the database or modifying existing user information can be easily accomplished by editing these text files.
  • Extensive logging capabilities: RADIUS provides extensive audit trail capabilities, referred to as RADIUS accounting. Information collected in a log file can be analyzed for security purposes, or used for billing.

D. Role of diameter protocol: All data delivered by the diameter protocol is in the form of an Attribute-Value Pair. Some of these AVP values are used by the Diameter protocol itself, while others deliver data associated with particular applications that employ Diameter. AVPs may be added arbitrarily to Diameter messages, so long as the required AVPs are included and AVPs that are explicitly excluded are not included. A security association which is an association between two endpoints in a Diameter session is used for security. It allows the endpoints to communicate with integrity and confidentially, even in the presence of relays and/or proxies. Diameter base protocol also provides End-to-End Security Framework. End-to-end security services include confidentiality and message origin authentication. These services are provided by supporting AVP integrity and confidentiality between two peers, communicating through agents. The circumstances requiring the use of end-to-end security are determined by policy on each of the peers. Security policies, which are not the subject of standardization, may be applied by next hop Diameter peer or by destination realm. For example, where TLS or IPsec transmission-level security is sufficient, there may be no need for end-to-end security. Diameter requires transmission level security to be used on each connection (TLS or IPsec). Therefore, each connection is authenticated, replay and integrity protected and confidential on a per-packet basis. In addition to authenticating each connection, each connection as well as the entire session MUST also be authorized. Before initiating a connection, a Diameter Peer MUST check that its peers are authorized to act in their roles. For example, a Diameter peer may be authentic, but that does not mean that it is authorized to act as a Diameter Server advertising a set of Diameter applications.

See Also

Gartner's PACE Layered Application Strategy
Application Architecture
Application Portfolio Management (APM)
Application Control
Application Integration
Application Lifecycle Management (ALM)
Application Lifecycle Framework


  1. Definition - What does Application Layer Mean? Techopedia
  2. What is Application Layer? Wikipedia
  3. Application Layer Protocols Geeks for Geeks
  4. Functions of Application Layer Study Tonight
  5. Application Layer Threats Raghavendra K, Sumith Nireshwalya
  6. Steps to Providing Security at the Application Layer Raghavendra K et al

Further Reading

  • Security Think Tank: Three ways to safeguard against application layer vulnerabilities Computerweekly
  • Securing the Application Layer Sean Malone