Today’s information technology is built on foundations built by industry giants. The foundation we utilize most frequently, today, is the OSI Model. The OSI Model breaks down network communication into seven unilateral layers. Each layer consists of protocol stacks and related technologies that allow information to be sent from a physical device to be received and decoded by software. Its implementation was necessary to align disparate networking methodologies across the globe.
Thorough cyber security coverage relies on measuring and addressing network vulnerabilities across every layer of the OSI Model to be comprehensive and effective. It is an unfortunate truth that the layer of the OSI Model most often overlooked during cyber security planning is the physical layer. This does need to be the case in your organization since software tools exist in the market that can be tailor built to fit perfectly into your organizational needs and limitations.
OSI Model Breakdown
Layer 7: Application Layer
This layer is the network layer where human and computer integration takes place. Despite the oversimplification, this layer consists of end nodes for network communication. For instance, an email client like Outlook, Thunderbird, or Canary mail would reside here. This layer consists of HTTP and SMTP protocols. Application code has the most impact on cyber security through this layer. By using this layer, threat actors may infect endpoints with malware or force SQL requests through the organization’s website.
Layer 6: Presentation Layer
The primary role of the presentation layer is the encapsulation of data being sent and the decapsulation of received data. Packets are prepared for their journey by the software that operates ion this level which includes data encryption and decryption. Files are encoded for their coming journey. Threat actors can utilize malformed SSL requests to attack this layer. They can then instantiate an attack by tunneling through HTTP into their target.
Layer 5: Session Layer
The session layer is responsible to establish and maintain connections between the terminal and a connected node or application. This includes setting the terms of communication such as connection speed, connection duration as well as the disconnection and reconnection procedures. In terms of cyber-security, this layer can be very problematic if not configured correctly and monitored. The allocation of network ports and sockets takes place here. Another threat worth mentioning is the vulnerability which is introduced by Telnet.
Layer 4: Transport Layer
Although TCP was part of the session layer, it is part of the suite that, at the transport layer, is responsible for breaking data down into packets. Any data that was not correctly transmitted can be re-requested by the receiving node. TLSL is an end-to-end encryption technology that resides on the Transport Layer Security (TLS) layer in cyber security. This prevents man-in-the-middle attacks from happening.
Layer 3: Network Layer
On the network layer, the address header information is added to each packet. The addresses include the source as well as the destination address. Many network tools, whether hardware or software-based, operate at this level. Take the router or L3 switch, for example, they can resolve the IP address from the packet by using the IP protocol which is part of the TCP/IP suite of protocols. All this information presents opportunities for threat actors to intercept and Sniff packets. It is here where cyber hygiene and vulnerability scanning are key to protecting the organization from attacks.
Layer 2: Data Link Layer
In contrast to the network layer, the data link layer is based on logical addressing. An IP address is transposed into a MAC address instead. On this layer, physical network topologies also play a role, primarily dealing with information flow. Protocols that are used include ARP and PPP. Among the cyber risks are ARP Spoofing, Network Storms, DDOS, and DHCP attacks.
Layer 1: Physical Layer
In the physical layer, data is sent over a physical medium. Copper cables, fiber backbones, and physical devices. Cyber security neglects this part of any network the most. Once an attacker gains access to your organization’s physical layer, rogue devices can be deployed and survive undetected while collecting and modifying data. Organizations should ensure that OSI Layer1 is also in their cyber security scope.
Also Read: The Most Common Cyber Security Threats Among Businesses
