An overview of the OSI model and its security threats

The Open Systems Interconnection (OSI) model is a conceptual framework developed by the International Standards Organization (ISO). It has been in use for over 40 years, and is cited in every computer network book. It is also a favorite resource for just about every cybersecurity exam. The OSI model is represented in seven layers that help us understand how communications between computer systems occur. This is beneficial in troubleshooting network-related issues, since it exclusively separates protocols, services, and interfaces of each layer, and for manufacturers to maintain compatibility with other brands when defining technologies.

Through the progression of technology, threat actors have found many complex methods to compromise networks. With an understanding of the functions of each OSI layer and their vulnerabilities, many network attacks could be prevented.

This layer is responsible for the transmission and reception of raw bit streams (the binary 1 and 0) over physical mediums such as cables, wires, and wireless signals. It can establish, maintain, and deactivate the physical connection. It synchronizes the data bits and defines the data transmission rate and the data transmission modes, such as full-duplex and half-duplex modes. The devices that are used in the physical layer are cables such as Ethernet, coaxial, fiber-optic, and other connectors.

Denial of Service (DoS) attacks are targeted at the physical layer, as this is the hardware, the tangible layer of the system. DoS attacks halt all network functions. A DoS attack can be accomplished by physically cutting or unplugging network cables. Physical layer vulnerabilities can be mitigated with physical security measures, such as access control, video surveillance, tamper-proof electromagnetic interference shields, and the use of redundant links.

This layer works with information flows that are encapsulated in "frames". This layer detects and corrects errors in data, ensuring reliable transmission between network devices over a physical link. It is responsible for sequential and consistent data exchange, error control, and flow control. Cyclic Redundancy Check (CRC) monitors against lost frames, which can then be retransmitted. Devices such as bridges, switches, and Network Interface Controllers (NICs) and protocols such as Address Resolution Protocol (ARP), Point-to-Point Protocol (PPP) Spanning Tree Protocol (STP), Link Aggregation Control Protocol (LACP) belong to this layer.

Data link layer attacks originate from the internal LAN (Local Area Network), some of these attacks are:

The network layer operates on "packets", routing them across devices and networks. It manages logical device identification and addressing, and performs routing by choosing the shortest, and most logically efficient path to forward the packets. Routers and switches are the most common devices associated with this layer. The protocols that function at this layer include Internet Protocol (IP), Internet Control Message Protocol (ICMP), Routing Information Protocol (RIP), and Open Shortest Path First (OSPF).

Attacks in the network layer are performed over the internet, such as DDoS attacks, where a router is targeted and overwhelmed with illegitimate requests, subsequently rendering it unable to accept genuine requests. Packet filtering controls, and security mechanisms such as Virtual Private Networks (VPNs), IPsec, and firewalls are common methods to limit the chance of network layer attacks.

This layer establishes a point-to-point connection between the source and the destination, ensuring that the data is transmitted in the correct order. It also performs flow control, error control, data reassembly, and segmentation. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are examples of transport layer protocols.

Attacks in this layer are often conducted through vulnerable open ports identified by port scanning.

This layer is responsible for establishing, maintaining, and terminating sessions between a local and remote device. It`s responsible for synchronization and recovery, it adds checkpoints during the transmission of data. If there are any During any instance transmission errors, the transmission will resume from the last good checkpoint.

Common attacks in this layer include:

This layer is responsible for translating data from a sender-dependent format to a common format that is understood by the application layer. For example, the translation of different character sets, such as ASCII to EBCDIC. Most importantly from a cybersecurity perspective, this layer handles the encryption and decryption of data. Data compression for network transmission is also managed at the Presentation layer. Secure Sockets Layer (SSL) hijacking, also known as session hijacking attacks occur in the presentation layer. Encryption technologies ensures the confidentiality and integrity of data during transmission.

This layer provides services for the end user, such as mail services, directory services, file transfer, access, and management (FTAM). File Transfer Protocol (FTP), Simple Network Management Protocol (SNMP), Domain Name System (DNS), Hypertext Transfer Protocol (HTTP), and email protocols (SMTP, POP3, IMAP) are some examples of application layer protocols.

Application layer attacks are the hardest to defend against because many vulnerabilities are encountered here since it`s the layer that is most exposed to the outer world. Employing application monitoring technologies to detect layer 7 and zero-day attacks, and updating the applications regularly are best practices to secure the application layer.

The most common cyberattacks occur at this layer, including viruses, worms, Trojan horses, phishing attacks, DDoS attacks, HTTP floods, SQL injections, cross-site scripting, and many more.

The OSI model is a representation of how communications between devices occur. The conceptual model makes it easier to understand how data is transmitted. In its complex process, threat actors have found ways to exploit and compromise systems. It is very important to identify the kind of attacks and vulnerabilities available on each layer and implement proper defense strategies to protect a network.

Dilki Rathnayake is a Cybersecurity student studying for her BSc (Hons) in Cybersecurity and Digital Forensics at Kingston University. She is also skilled in Computer Network Security and Linux System Administration. She has conducted awareness programs and volunteered for communities that advocate best practices for online safety. In the meantime, she enjoys writing blog articles for Bora and exploring more about IT Security.

Editor's Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.