Lecture 2 – Application Layer

MIS 4363

1
Agenda
2.1 Hardware
2.2 Software Application Architectures
2.3 Web
2.4 Email
2.5 Implications for Cyber Security

2
2.1 Hardware
CLIENT - GETS THE STUFF SERVER – HAS THE STUFF

- PC - PC- Mainframe
- laptop - Clusters of RC’s
- terminal
- device

3
2.2 Software Application Architectures
2.2.1 Architecture Components

Presentation Logic User interface – what the user interacts with

Application Logic Business logic - payroll

Data Access Logic Database software

Data Storage Logic Data itself

SAA = the way how I split the logic between the Client and the Server
4
 2.2.2 Host-Based Architecture 1960s Mainframes Talent
Client Server - Host

No CPU:
“dumb”

Presentation
Application
Data Access
Data Storage Logic
2.2.3 Client-Based Architecture 1980s
Client Server
CPU

VB programming

Presentation logic Data Storage Logic

Application logic
Data Access logic

5
 2-tier
2.2.4 Client-Server 1990s – most popular today (ex. Web)
Client Server
Database server
SSMS
Thick Client

Presentation Logic Data Access Logic

Application Logic Data Storage Logic

Client Browser Server

Thin Client Database server

Presentation Logic Application

Data Access Logic
Data Storage Logic

6
3-tier Client-Server Architecture
Client App Server Server
DB Server

Presentation Application Data Access

Data Storage

4-tier Client-Server Architecture

Web Server App Server
Client Server

DB Server

Presentation Application Application Data Access

Data Storage

7
2.2.5 Cloud Computing Architecture
Client

Cloud

Software as a server Platform …. Infrastructure ….

SaaS PaaS IaaS
Application
Data Access
Data Storage
OS
Virtualization
Server HW
Storage HW Outsourced
multitenancy
Network HW Rented

8
2.2.6 Pros & Cons
HOST-BASED CLIENT-BASED CLIENT-SERVER CLOUD COMP

Pros: Pros: Pros: Pros:

Cheap Client Cheaper Server Reduced network Easy to use
traffic
Light network load Simpler Server Cheap (pay as go)
Fast
Scalable
Cons:
Cons: Cons: Cons:
Complexity
Expensive host Loads network Security
Expensive
Server overload

9
 2.3 Web 2-tier client server
architecture

2.3.1 How It Works

Client Server
HTTP
Request
HTTP
Response
Thin client
Application
Presentation Data Access
Data Storage

10
 App
Trans
Net
2.3.2 HTTP REQUEST 2.3.3 HTTP RESPONSE DL
Physical

 Request Line Command, URL,  Response Status Code (200 or 404)

Required* HTTP version Required*

Request Header Response Header Info about Web Server

Infos and
Optional Optional
browsers
Request Body Response Body Content HTML
Form infos Optional
Optional

11
 SMTP – Simple Mail IMAP (POP) – Internet
Transport Protocol Map Application
2.4 Email Protocol

2.4.1 2-Tier Email

SMTP packet

Header To, from, date,

subject,
message id
Body:
Data [text]

MIME

12
 3-tier architecture

2.4.2 Web Mail

Web Server
HTTP Mail Server
Thin SMTP
client IMAP
Application Data Access
Presentation
Data Storage

Mail Server
Web Server
SMTP
HTTP
IMAP
Data Access
Presentation Application Data Storage
13
2.5 Implications for Cyber Security
 Secure network is not enough
◦ We must secure all the applications too - - Tech Update!

SQL
 SQL injection – Tech Update!

Email
 Email spoofing & phishing - - Tech Update!

14
Wrap-up
2.1 Hardware
2.2 Software Application Architectures
2.3 Web
2.4 Email
2.5 Implications for Cyber Security

15