The 7 Layers of Cyber Security : Attacks on OSI model

Source : wallarm
The OSI network  communications model is made of  7 layers. Each layer  handles a specific process to enable reliable communication between two or more devices. When the Internet was designed, its focus was on ensuring of reliable communications. The challenges of communication security emerged later.  These 7 layers act like a chain of links. If one lnk breaks, the whole chain of communication breaks. Hence security threat can happen at any of the 7 layers. 


These layers are named as Application, Presentation, Session, Transport, Network, Data link and Physical layer. The application layer is your email application, physical layer is your communication cable, and everything else is in between help you communicate.

In abstract the application layer provides user interface, while presentation layer handle formating, encoding and encryption. The session layer manages connections. The transport layer handles segmentation, sequencing, and establishing virtual circuits. The network layer provides logical network addressing and routing, while the data Link layer provides framing and placing the data on the network medium. Finally the physical layer encodes 1s and 0s into a digital signal for transmission. The attackers aims to distrupt these processes.

When a user enters a message in to the application layer,  it moves  outward through presentation, session. transport, network, data link to physical layer transforming to a data packet made of ones and zeros . Then it goes to the destination through the wire. Finally  moves up from the physical layer to application layer to present the message to the recipient.


Your message, be coming a data packet get encapsulated, at each layer using layer level protocols and communication mechanisms. The data moves up and down between layers. There is no single security layer in OSI model. The security of the OSI model is subject to the security of each layer, which requires multi-layer security. 


1  Application layer threats:

The threats on communication begin at the Application layer. It is the most vulnerable layer because users interface with the network with various applications. Humans can cause costly errors due to their inherent weaknesses can be exploited by hackers with social engineering and malware attacks.


Ransomware, viruses, Trojans, worms, root kits, backdoors and various types of phishing attacks can happen due to the negligence of  users. The recent Uber attack initiated through WhatApp. 


In addition, cyber criminals can perform  distributed denial-of-service attacks (DDoS) attacks, HTTP floods, SQL injections, cross-site scripting,  parameter tampering, XSS attacks, key loggers, zero day exploits, software bugs at the application layer. Therefore, application layer is the hardest to protect. The malacious attackers know users are the best path to intrude into networks. Secure software engineering , web application firewalls (WAFs), and secure web gateway services can help mitigate some attacks. However, user awareness training is the most crusial factor to mitigate attacks targeting application layer. Therefore, monitoring application layer is essauntial to detect attacks promptly and mitigate risks.


2. Presentation layer threats:

This layer performs data formatting, conversion and encryption. The attackers look for encryption flaws in this layer. SSL hijacking or sniffing with man-in-the-middle (MitM) attack is a common occurence in the presentation layer. The attacker will first install a malware in victims machine, and use it as a proxy to serve as an untrusted certificate authority. The victims browser will trust the wrong certificate authority allowing attacker to read the messages transmitted. The best solution is to stop malware from entering your device, by making sure your virus guard is up to date. Malformed SSL requests are to most prevalent threats at the presentation layer. 


Session layer threats:

This layer establishes a connection session to enable communication  between two applications. Session hijacking, cookie theft like attacks happen here through cross-site scripting. Force HTTPS communication to ensure end to end encryption,  and prevent cookie access from client-side scripts, as well as regenerate the session key after establishing the  authentication. Use SFTP instead of FTP to prevent FTP sniffing.  


Transport layer threats:

The role of this layer is handling the transfer of data. It  uses connection oriented Transmission Control Protocol (TCP) and connectionless User Datagram Protocol (UDP) to perform data transfers. The transport layer breaks data passed by sessiin layer into different size packets before transfering. Transport layer is prone to attacks on ports and protocols. It also suffer Distributed denial of services (DDoS) attacks such as SYN floods and Smurf attacks. The solution is to configure your firewall to close  unused ports. Use Transport Layer Security (TLS) to secure all communications between web server and browsers, including instant messaging, e-mail and voice over IP.


Network layer threats:

The Network layer communicate with network-to-network using routers. Routers make the data packets travel.  Once it receives a packet from the transport layer, it adds an internet protocol (IP) address and tells the packet where to go. Network layer keeps track of packets and manage all the traffic using IPv4 and IPv6 protocols. Most common attacks in the Network layer are router-related. They include reconnaissance, sniffing, spoofing, and distributed denial of service (DDoS). Protecting routers require router and proper firewall configurations. Use firewalls between your network and other networks. Make sure that your router operating system is up to date on all security patches. Disable all unused interfaces, block unused ports and enable packet filtering,  and onduct regular auditing with logging data. 


Data link layer threats:

In this layer it's the 0s and 1s travel between physically connected nodes  though wires or wireless medium. Data link layer keeps an eye out for errors in data transmission. This layer has two sub layers where, the Media Access Control (MAC) sub layer is the unique identifier of the device, and the  Logical Link Control (LLC) sub layer is  the interface between the device and the network layer.  The LLC sublayer handles  multiplexing of network layer protocols. The MAC sublayer is responsiible for physical addressing.  

The data link layer is responsible for reliable transmission of frames across a physical link with error notification, ordered delivery of frames, and flow control.  Each frame has a header, body and trailer. 

The  attackers can view or manipulate these frames to compromise your data. Attackers will perform MAC address spoofing, MAC address flooding, broadcast storms, virtual local area network (LAN) circumvention and ARP poisoning and DHCP Attacks. 


Physical layer threats 

This layer is made of physical components or electro magnetic waves which travels through wires, cables, wireless connections, routers, endpoints, and sockets etc. They have standards which include transmission timing, travel distances, voltage levels etc. Most common threats of physically this layer involve human vandalism, natural disasters,  electrical failures etc. Using fail-over and redundend connections and uninterrupted power supplies are mitigation measures.

The hubs and repeaters operating physical layer only see bits, but other devices work in higher layers. The switches and bridges are data link layer devices which  make decisions based on network layer addresses. Routers deal with network layer addresses. The workstations operate on application layer, handling application layer protocols. Any physical distruption the divices affect their layer functions.

Every network connected to internet is potential for attacks on one or more of the OSI 7 layers to disrupt and disable your operations. A good information security risk management system can help you mitigate these risks and protect your network from intrusions and your data against breaches.


ISO 27001 ISMS compliance provides you a framework for information security risk management to ensure confidentiality, integrity and availability of your data, system and network to guarantee business continuity.


Niranjan Meegammana


Comments

Popular posts from this blog

Best Practices for secure Software Development

ISO 27001 ISMS in a Nutshell