IT Security 101: The Open Systems Interconnection (OSI) Model
Introduction
The Open Systems Interconnection (OSI) Model was developed by the International Organization for Standardization (ISO) in the 1970s to address the need for computer and network standards to ensure interoperability between disparate systems. In essence, it is a framework for how computers speak to each other.
The OSI Model comprises seven layers that coincide with different aspects of computer communication functionality:
L7 - Application
L6 -Presentation
L5 - Session
L4 - Transport
L3 - Network
L2 - Data Link
L1 - Physical
This is an important concept for defenders because each layer comprises different technologies with different potential points of failure and exploitation. Understanding this will determine where to look for issues, and where to apply appropriate controls.
I will provide a short description of each, and some examples of their associated technologies, protocols and standards.
The OSI Model
Physical Layer (Layer One)
The first layer deals with the hardware level of data transmission. Some examples of the technologies, protocols and standards at this level include data cables and jacks, and wireless antennas, etc.
Data Link Layer (Layer Two)
The second layer deals with establishing connections and ensuring reliability through error detection and correction. Some examples of the technologies, protocols and standards at this level include Ethernet, Wi-Fi, ARP, Network Interface Cards (NICs), L2 network switches, and Media Access Control (MAC), etc.
Network Layer (Layer Three)
The third layer deals routing and forwarding data packets. Some examples of the technologies, protocols and standards at this level include Internet Control Message Protocol (ICMP), Border Gateway Protocol (BGP), Internet Protocol (IP) v4 and v6, routers, L3 switches, Software Defined Wide Area Networks (SD-WAN), etc.
Transport Layer (Layer Four)
The fourth layer deals with end-to-end data deliver, and reliability through flow-control, and error and correction. Some examples of the technologies, protocols and standards at this level include firewalls, load balancers, Network Address Translation (NAT), Transmission Control Protocol (TCP), User Datagram, Protocol (UDP),etc.
Session Layer (Layer Five)
The fifth layer deals with session management between applications and authentication. Some examples of the technologies, protocols and standards at this level include Virtual Private Networks (VPNs), remote desktop software, NetBIOS, Remote Procedure Call (RPC), etc.
Presentation Layer (Layer Six)
The sixth layer deals with data formatting to align with requirements at layer seven, as well as managing encryption and compression. Some examples of the technologies, protocols and standards at this level include data compression tools, encryption libraries, file formats like JPEG and PNG, eXtensible Markup Language (XML), etc.
Application Layer (Layer Seven)
The seventh layer deals with providing network service to end-users. Some examples of the technologies, protocols and standards at this level include: email, file transfers, web browsers, Hyper-Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), etc.
Conclusion
The OSI Model is an important framework that has allowed communication technology to become as wide-spread as it is today. Knowing the different layers and their associated technologies, protocols and standards helps a defender understand how computer communication functions from its lowest level of electrical and light signal transmission, to the robust end-user applications used by organizations and individuals, and the interconnectivity between them.
Daily Cuppa
Today’s cup of tea is Tulsi Masala Chai provided by Organic India.
Full of aromatic spices that invigorate the mind and body.
If you found this article useful, or enjoy the site, you can buy the author a cup of tea.
The author is also available for work.