Ready to Start Your Career?

OSI Model Refresher

foxpro 's profile image

By: foxpro

August 29, 2016

I have met so many people in the software industry that don’t understand the OSI model. It's only when you understand the OSI model, you can say that you now understand how the Internet works. There are many examples and explanations on this topic, but none of them paint a simple picture that you can memorize and recall at will. This is my attempt at providing that picture for you.

OSI model stands for Open System Interconnection model. It was created by the International Standards Organization (ISO) and was brought about to build a common set of standards and reference, providing interoperability among different vendors manufacturing devices and developing the various communication protocols for computer and telecommunication systems.

osi model sketch by foxpro at

7. Application Layer     

The application layer is concerned with the type of services used for communication with user applications. This is the layer that directly interacts with the end user and has the biggest surface area for an attack. The best example of an application layer object is of the web browser. The browser is able to open what was sent to it or create content and send to intended recipient. The common protocols at this layer are HTTP, HTTPS, FTP, TFTP, SMTP, etc.


Virus, Worms, Trojan Horse, Phishing, Malware attacks, Advanced Persistent Threat (APT), Logic bomb, backdoor programs, etc.

Best security practices:

  • Code inspection and review
  • Static and dynamic code analysis
  • User education – safe browsing habits
  • Security policies
  • Anti-virus
  • Follow OWASP best practices

6. Presentation Layer     

The presentation layer is concerned with the format of data that is being exchanged and the translation between different formats. This layer includes encryption, compression and encapsulation of data. There is no specific protocol associated with the presentation layer. You will observe that some protocols overlap across the first three layers. The languages like HTML, CSS, XML, JASON, etc. and formats like ASCII, MIDI, MPEG, GIF, etc. are relevant to this layer.


Malformed SSL Requests, Various HTTP attacks, Unicode attack, Attack using steganography techniques

Best security practices:

  • Use industry proven algorithms for encryption rather than custom solutions
  • Validate all input
  • Apply principles of least privilege to the system users and hide functionality from unauthorized subjects.
  • Follow OWASP best practices
  • 5. Session layer     

    The session layer is concerned with setting up, coordinating, terminating data exchange between applications at each end. The session layer brings order to chaos. The best example is a web browser session that is initiated at login, maintained and then terminated after a predefined period or at an event like logout by user. The common protocols at this layer are Sockets, NFS, SQL, RPC, NetBIOS, DNS, L2TP, SSH, PGP, SDP, etc.


    DNS poisoning, SIP attack, Session hijack - CSRF

    Best security practices:

  • Use strong authentication techniques
  • Implement firewall to control network traffic
  • Follow OWASP best practices
  • 4.Transport Layer     

    The transport layer is concerned with reliable delivery of messages, error tracking and retransmission, and data flow. The end to end transport of data and the logical connection is done at the transport layer. The common protocols are: TCP, UDP, FTP, SSL/TLS etc.


    SYN Flood attack, Smurf attack, Fraggle attack

    Best security practices:

  • Using IDS, IPS and firewall to stop, detect or monitor traffic and early alert
  • ISP’s use blackholding to stop all traffic
  • 3.Network Layer     

    The network layer is concerned with routing of traffic to various nodes on the network. It translates the logical address (IP) into Physical address (MAC) and provides broadcast isolation. ICMP is the most popular protocol used at this layer. Other common protocols are: IP, IGMP, IPSec, IKE, ISAKMP, IGRP, OSPF, ARP


    ICMP flood, LOKI, Ping of death, ping flood, Smurf attack

    Best security practices:

  • VPN
  • IDS
  • Content filtering – limit or block ICMP traffic
  • 2.Data link Layer     

    The data link layer is concerned with enabling and maintaining the transfer of data over the physical layer and provides error detection and physical addressing. This is the first level of intelligence applied to raw binary data. The most common protocols are ARP, RARP, ATM, CDP, FDP, Token ring, etc.


    ARP poisoning, MAC flooding, Replay attack

    Security best practice:

  • MAC address authentication and then subsequent filtering
  • 1.Physical Layer     

    This is the layer that is concerned with converting data packets into electrical signals that can pass over cables and devices used to connect the network interface card (NIC) to the cables.


    Power outage, Theft, vandalism, interference, emanation, open wall ports

    Security best practices:

  • Uninterrupted power source, generators
  • Restricted access
  • Shutdown open ports

  • Here are links that I referenced for the above information and for your further reading:

    ·        Design and Implementation Guidelines for Web Clients-

    ·        DDoS Quick Guide-

    ·        Understanding Security Using the OSI Model-

    ·        Session Initiation Protocol Attacks and Challenges


    ·        OWASP -

    Schedule Demo