OSI Layer

The OSI (Open Systems Interconnection) Model is a conceptual framework developed by the ISO to standardize the functions of telecommunication and computing systems. It ensures communication between different systems and devices, promoting interoperability across a wide range of networking technologies. The OSI model divides network communication into seven abstraction layers, each representing a specific functionality.

The seven layers are:

Physical Layer: Deals with the transmission of raw bit streams over a physical medium (e.g., cables, WiFi).
Data Link Layer: Ensures error-free data transfer between adjacent network nodes by managing frames.
Network Layer: Handles routing and forwarding of data packets across different networks (e.g., IP).
Transport Layer: Ensures reliable data transfer between hosts, handling error correction and flow control (e.g., TCP/UDP).
Session Layer: Manages sessions or connections between applications.
Presentation Layer: Translates data formats between applications and the network (e.g., encryption, data compression).
Application Layer: Provides network services directly to end-user applications (e.g., HTTP, SMTP).

Each layer performs a unique role and communicates with the layers directly above and below it, ensuring smooth data exchange across diverse systems.

Function & Usage

Layer

Function

Example

Application

Provides services and interfaces for end-user applications to access the network. It handles high-level protocols like file transfers and email.

HTTP, FTP, SMTP, DNS, Telnet

Presentation

Ensures data is in a usable format for the application layer by handling translation, encryption, and compression.

Encryption (TLS/SSL), JPEG, PNG, ASCII

Session

Manages and controls connections between computers, ensuring proper start, maintenance, and termination of sessions.

Session management, RPC, NetBIOS

Transport

Ensures reliable data transfer between hosts, managing error detection, retransmissions, and flow control.

TCP, UDP, SPX

Network

Responsible for routing and forwarding packets between different networks, ensuring they reach their destination.

IP, ICMP, IPX, Routers

Data Link

Handles node-to-node data transfer by framing data, detecting errors, and controlling how devices share the physical medium.

Ethernet, Wi-Fi (802.11), Switches, MAC, ARP

Physical

Transfers raw bits over a physical medium (cables, wireless), ensuring electrical or optical signals are transmitted correctly.

Cables (Ethernet, Fiber Optic), Wi-Fi

Security on Each Layer

Layer

Security Defenses

Common Attacks

Application

Web Application Firewalls (WAF)
Secure Socket Layer (SSL)/Transport Layer Security (TLS)
Regular software updates and patch management
Input validation and sanitization

SQL Injection
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Buffer Overflow

Presentation

Encryption (e.g., AES, RSA)
Data Integrity Checks (e.g., hashes)
Secure data format conversions

Data Interception (Man-in-the-Middle attacks)
Data Tampering
Format String Attacks

Session

Secure Session Management
Use of Session Tokens
Regular monitoring and session timeouts

Session Hijacking
Session Fixation
Man-in-the-Middle Attacks (session interception)

Transport

Transport Layer Security (TLS)
Secure protocols (e.g., TCP with proper configurations)
Port filtering and monitoring

TCP SYN Flood
UDP Flood
Session Hijacking
Man-in-the-Middle Attacks (e.g., packet sniffing)

Network

IPsec
Network Firewalls
Network Segmentation
Routing Protocol Security (e.g., BGP)

IP Spoofing
Routing Attacks (e.g., BGP Hijacking)
DDoS Attacks
Packet Sniffing

Data Link

MAC Address Filtering
VLANs (Virtual Local Area Networks)
Network Access Control (NAC)
Frame Relay Security

MAC Spoofing
ARP Spoofing
VLAN Hopping
Frame Injection

Physical

Physical Security Measures (e.g., secure access to facilities)
Network Segregation
Monitoring and Surveillance

Cable Tapping
Physical Theft of Equipment
Signal Interception
Electromagnetic Interference (EMI)

The OSI model serves as a guideline for developing and understanding network protocols by organizing the complex task of network communication into manageable and structured layers. It is a conceptual model that helps in breaking down network functions into seven distinct layers, each responsible for specific aspects of communication.

While the OSI model provides a framework for understanding and designing network architectures, it is not a strict blueprint for every networking system. Instead, it acts as a reference model that guides the development and implementation of network protocols and systems, promoting a standardized approach to network communication.

PreviousPackets NextLayer 3: Network

Last updated 9 months ago

Function & Usage

Layer

Function

Example

Application

Provides services and interfaces for end-user applications to access the network. It handles high-level protocols like file transfers and email.

HTTP, FTP, SMTP, DNS, Telnet

Presentation

Ensures data is in a usable format for the application layer by handling translation, encryption, and compression.

Encryption (TLS/SSL), JPEG, PNG, ASCII

Session

Manages and controls connections between computers, ensuring proper start, maintenance, and termination of sessions.

Session management, RPC, NetBIOS

Transport

Ensures reliable data transfer between hosts, managing error detection, retransmissions, and flow control.

TCP, UDP, SPX

Network

Responsible for routing and forwarding packets between different networks, ensuring they reach their destination.

IP, ICMP, IPX, Routers

Data Link

Handles node-to-node data transfer by framing data, detecting errors, and controlling how devices share the physical medium.

Ethernet, Wi-Fi (802.11), Switches, MAC, ARP

Physical

Transfers raw bits over a physical medium (cables, wireless), ensuring electrical or optical signals are transmitted correctly.

Cables (Ethernet, Fiber Optic), Wi-Fi

Security on Each Layer

Layer

Security Defenses

Common Attacks

Application

Web Application Firewalls (WAF)
Secure Socket Layer (SSL)/Transport Layer Security (TLS)
Regular software updates and patch management
Input validation and sanitization

SQL Injection
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Buffer Overflow

Presentation

Encryption (e.g., AES, RSA)
Data Integrity Checks (e.g., hashes)
Secure data format conversions

Data Interception (Man-in-the-Middle attacks)
Data Tampering
Format String Attacks

Session

Secure Session Management
Use of Session Tokens
Regular monitoring and session timeouts

Session Hijacking
Session Fixation
Man-in-the-Middle Attacks (session interception)

Transport

Transport Layer Security (TLS)
Secure protocols (e.g., TCP with proper configurations)
Port filtering and monitoring

TCP SYN Flood
UDP Flood
Session Hijacking
Man-in-the-Middle Attacks (e.g., packet sniffing)

Network

IPsec
Network Firewalls
Network Segmentation
Routing Protocol Security (e.g., BGP)

IP Spoofing
Routing Attacks (e.g., BGP Hijacking)
DDoS Attacks
Packet Sniffing

Data Link

MAC Address Filtering
VLANs (Virtual Local Area Networks)
Network Access Control (NAC)
Frame Relay Security

MAC Spoofing
ARP Spoofing
VLAN Hopping
Frame Injection

Physical

Physical Security Measures (e.g., secure access to facilities)
Network Segregation
Monitoring and Surveillance

Cable Tapping
Physical Theft of Equipment
Signal Interception
Electromagnetic Interference (EMI)