OSI Model Refresher

August 29, 2016 | Views: 8861

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I have met so many people in the software industry that don’t understand the OSI model. It’s only when you understand the OSI model, you can say that you now understand how the Internet works. There are many examples and explanations on this topic, but none of them paint a simple picture that you can memorize and recall at will. This is my attempt at providing that picture for you.

OSI model stands for Open System Interconnection model. It was created by the International Standards Organization (ISO) and was brought about to build a common set of standards and reference, providing interoperability among different vendors manufacturing devices and developing the various communication protocols for computer and telecommunication systems.

osi model sketch by foxpro at cybrary.it

7. Application Layer     

The application layer is concerned with the type of services used for communication with user applications. This is the layer that directly interacts with the end user and has the biggest surface area for an attack. The best example of an application layer object is of the web browser. The browser is able to open what was sent to it or create content and send to intended recipient. The common protocols at this layer are HTTP, HTTPS, FTP, TFTP, SMTP, etc.

Vulnerabilities:

Virus, Worms, Trojan Horse, Phishing, Malware attacks, Advanced Persistent Threat (APT), Logic bomb, backdoor programs, etc.

Best security practices:

  • Code inspection and review
  • Static and dynamic code analysis
  • User education – safe browsing habits
  • Security policies
  • Anti-virus
  • Follow OWASP best practices

6. Presentation Layer     

The presentation layer is concerned with the format of data that is being exchanged and the translation between different formats. This layer includes encryption, compression and encapsulation of data. There is no specific protocol associated with the presentation layer. You will observe that some protocols overlap across the first three layers. The languages like HTML, CSS, XML, JASON, etc. and formats like ASCII, MIDI, MPEG, GIF, etc. are relevant to this layer.

Vulnerabilities:

Malformed SSL Requests, Various HTTP attacks, Unicode attack, Attack using steganography techniques

Best security practices:

  • Use industry proven algorithms for encryption rather than custom solutions
  • Validate all input
  • Apply principles of least privilege to the system users and hide functionality from unauthorized subjects.
  • Follow OWASP best practices
  • 5. Session layer     

    The session layer is concerned with setting up, coordinating, terminating data exchange between applications at each end. The session layer brings order to chaos. The best example is a web browser session that is initiated at login, maintained and then terminated after a predefined period or at an event like logout by user. The common protocols at this layer are Sockets, NFS, SQL, RPC, NetBIOS, DNS, L2TP, SSH, PGP, SDP, etc.

    Vulnerabilities:

    DNS poisoning, SIP attack, Session hijack – CSRF

    Best security practices:

  • Use strong authentication techniques
  • Implement firewall to control network traffic
  • Follow OWASP best practices
  • 4.Transport Layer     

    The transport layer is concerned with reliable delivery of messages, error tracking and retransmission, and data flow. The end to end transport of data and the logical connection is done at the transport layer. The common protocols are: TCP, UDP, FTP, SSL/TLS etc.

    Vulnerabilities:

    SYN Flood attack, Smurf attack, Fraggle attack

    Best security practices:

  • Using IDS, IPS and firewall to stop, detect or monitor traffic and early alert
  • ISP’s use blackholding to stop all traffic
  • 3.Network Layer     

    The network layer is concerned with routing of traffic to various nodes on the network. It translates the logical address (IP) into Physical address (MAC) and provides broadcast isolation. ICMP is the most popular protocol used at this layer. Other common protocols are: IP, IGMP, IPSec, IKE, ISAKMP, IGRP, OSPF, ARP

    Vulnerabilities:

    ICMP flood, LOKI, Ping of death, ping flood, Smurf attack

    Best security practices:

  • VPN
  • IDS
  • Content filtering – limit or block ICMP traffic
  • 2.Data link Layer     

    The data link layer is concerned with enabling and maintaining the transfer of data over the physical layer and provides error detection and physical addressing. This is the first level of intelligence applied to raw binary data. The most common protocols are ARP, RARP, ATM, CDP, FDP, Token ring, etc.

    Vulnerabilities:

    ARP poisoning, MAC flooding, Replay attack

    Security best practice:

  • MAC address authentication and then subsequent filtering
  • 1.Physical Layer     

    This is the layer that is concerned with converting data packets into electrical signals that can pass over cables and devices used to connect the network interface card (NIC) to the cables.

     Vulnerabilities:

    Power outage, Theft, vandalism, interference, emanation, open wall ports

    Security best practices:

  • Uninterrupted power source, generators
  • Restricted access
  • Shutdown open ports

  • Here are links that I referenced for the above information and for your further reading:

    ·        Design and Implementation Guidelines for Web Clients- https://msdn.microsoft.com/en-us/library/ff647284.aspx

    ·        DDoS Quick Guide- https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf

    ·        Understanding Security Using the OSI Model- https://www.sans.org/reading-room/whitepapers/protocols/understanding-security-osi-model-377

    ·        Session Initiation Protocol Attacks and Challenges

    ·      https://arxiv.org/ftp/arxiv/papers/1205/1205.0480.pdf

    ·        OWASP – https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

    Share with Friends
    FacebookTwitterLinkedInEmail
    Use Cybytes and
    Tip the Author!
    Join
    Share with Friends
    FacebookTwitterLinkedInEmail
    Ready to share your knowledge and expertise?
    18 Comments
    1. wonderful explanation! Thank you.

    2. Nice explanation! Thank you.

    3. Great TY

    Page 3 of 3«123
    Comment on This

    You must be logged in to post a comment.

    Our Revolution

    We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

    Cybrary On The Go

    Get the Cybrary app for Android for online and offline viewing of our lessons.

    Get it on Google Play
     

    Support Cybrary

    Donate Here to Get This Month's Donor Badge

     
    Skip to toolbar

    We recommend always using caution when following any link

    Are you sure you want to continue?

    Continue
    Cancel