OSI Layer

The OSI (Open Systems Interconnection) Model is a conceptual framework developed by the ISO to standardize the functions of telecommunication and computing systems. It ensures communication between different systems and devices, promoting interoperability across a wide range of networking technologies. The OSI model divides network communication into seven abstraction layers, each representing a specific functionality.

The seven layers are:

  • Physical Layer: Deals with the transmission of raw bit streams over a physical medium (e.g., cables, WiFi).

  • Data Link Layer: Ensures error-free data transfer between adjacent network nodes by managing frames.

  • Network Layer: Handles routing and forwarding of data packets across different networks (e.g., IP).

  • Transport Layer: Ensures reliable data transfer between hosts, handling error correction and flow control (e.g., TCP/UDP).

  • Session Layer: Manages sessions or connections between applications.

  • Presentation Layer: Translates data formats between applications and the network (e.g., encryption, data compression).

  • Application Layer: Provides network services directly to end-user applications (e.g., HTTP, SMTP).

Each layer performs a unique role and communicates with the layers directly above and below it, ensuring smooth data exchange across diverse systems.

Function & Usage

Layer
Function
Example

Application

Provides services and interfaces for end-user applications to access the network. It handles high-level protocols like file transfers and email.

HTTP, FTP, SMTP, DNS, Telnet

Presentation

Ensures data is in a usable format for the application layer by handling translation, encryption, and compression.

Encryption (TLS/SSL), JPEG, PNG, ASCII

Session

Manages and controls connections between computers, ensuring proper start, maintenance, and termination of sessions.

Session management, RPC, NetBIOS

Transport

Ensures reliable data transfer between hosts, managing error detection, retransmissions, and flow control.

TCP, UDP, SPX

Network

Responsible for routing and forwarding packets between different networks, ensuring they reach their destination.

IP, ICMP, IPX, Routers

Data Link

Handles node-to-node data transfer by framing data, detecting errors, and controlling how devices share the physical medium.

Ethernet, Wi-Fi (802.11), Switches, MAC, ARP

Physical

Transfers raw bits over a physical medium (cables, wireless), ensuring electrical or optical signals are transmitted correctly.

Cables (Ethernet, Fiber Optic), Wi-Fi

Security on Each Layer

Layer
Security Defenses
Common Attacks

Application

  • Web Application Firewalls (WAF)

  • Secure Socket Layer (SSL)/Transport Layer Security (TLS)

  • Regular software updates and patch management

  • Input validation and sanitization

  • SQL Injection

  • Cross-Site Scripting (XSS)

  • Cross-Site Request Forgery (CSRF)

  • Buffer Overflow

Presentation

  • Encryption (e.g., AES, RSA)

  • Data Integrity Checks (e.g., hashes)

  • Secure data format conversions

  • Data Interception (Man-in-the-Middle attacks)

  • Data Tampering

  • Format String Attacks

Session

  • Secure Session Management

  • Use of Session Tokens

  • Regular monitoring and session timeouts

  • Session Hijacking

  • Session Fixation

  • Man-in-the-Middle Attacks (session interception)

Transport

  • Transport Layer Security (TLS)

  • Secure protocols (e.g., TCP with proper configurations)

  • Port filtering and monitoring

  • TCP SYN Flood

  • UDP Flood

  • Session Hijacking

  • Man-in-the-Middle Attacks (e.g., packet sniffing)

Network

  • IPsec

  • Network Firewalls

  • Network Segmentation

  • Routing Protocol Security (e.g., BGP)

  • IP Spoofing

  • Routing Attacks (e.g., BGP Hijacking)

  • DDoS Attacks

  • Packet Sniffing

Data Link

  • MAC Address Filtering

  • VLANs (Virtual Local Area Networks)

  • Network Access Control (NAC)

  • Frame Relay Security

  • MAC Spoofing

  • ARP Spoofing

  • VLAN Hopping

  • Frame Injection

Physical

  • Physical Security Measures (e.g., secure access to facilities)

  • Network Segregation

  • Monitoring and Surveillance

  • Cable Tapping

  • Physical Theft of Equipment

  • Signal Interception

  • Electromagnetic Interference (EMI)

The OSI model serves as a guideline for developing and understanding network protocols by organizing the complex task of network communication into manageable and structured layers. It is a conceptual model that helps in breaking down network functions into seven distinct layers, each responsible for specific aspects of communication.

While the OSI model provides a framework for understanding and designing network architectures, it is not a strict blueprint for every networking system. Instead, it acts as a reference model that guides the development and implementation of network protocols and systems, promoting a standardized approach to network communication.

Last updated