The Open Systems Interconnect (OSI) model is a standard reference model for the communication between two end users. Seven different layers make up the OSI model: physical, data link, network, transport, session, presentation, and application. This paper will cover the type of security that is associated with each level of the OSI model.
Physical Layer
The physical layer is where the actual communication occurs between devices. The security of the physical layer pertains to the actual hardware. The vulnerabilities of the physical layer include:
Power outage
Environmental control loss
Hardware theft, damage or destruction
Unauthorized hardware changes (i.e.; removable media, data connections)
Detachment of the physical data links
Unnoticeable Data Interception
Keystroke Logging Certain measures can be implemented to ensure the physical layer is secure. This would be done by storing all hardware in a locked environment. The use of electronic locks would control and log all access to the room containing the hardware. The electronic locks could be a PIN and password or fingerprint scanner (biometrics). The use of video and audio surveillance would provide physical proof of unauthorized access that could compromise the hardware.
Data Link Layer The second layer of the OSI model is the data link layer. This is the layer that transports the data between network nodes in a wide area network (WAN) or on the same local area network (LAN) between nodes. The data link layer makes available the procedural and functional means to move data between network devices and could provide the measures to find and possibly correct errors that may occur in the physical layer. The security vulnerabilities associated with the data link layer are:
One device may claim to be a different device by spoofing the MAC address
Spanning Tree errors could be introduced either accidental or on purpose causing packets to transmit in infinite loops.
Switches could flood all traffic to the VLAN ports and not forward to the proper port. This could result in data being intercepted by any device that is connected to the VLAN.
Stations could be force direct communication with other stations which ends up bypassing subnets and firewalls.
Weak authentication and encryption on a wireless network could allow for unauthorized connections to the network, data and devices. Data link layer controls can be implemented to ensure the security of the transmissions. By using MAC address filtering the stations are identified by not only the MAC address but are cross-referenced with the logical access or physical port. Firewalls should be between layers, ensuring physical isolation from one another. Wireless application must be monitored consistently and carefully for unauthorized access. In order to secure the wireless network, the use of the built-in encryption, authentication, and MAC filtering must be implemented with strong passwords.
Network Layer
The third layer of the OSI model is the network layer. This layer is responsible for end to end packet delivery. The network layer issues request to the data link layer and responds to requests from the transport layer and issues requests to the data link layer. The procedural and functional process of sending different length data sequences from a source to a destination by one or more networks while ensuring the quality of service and error control functions are all processed by the network layer. Since the network layer handles the transmission of data some securities issues are present. Three securities are:
Route spoofing
IP Address Spoofing
Identity and Resource ID Vulnerability By ensuring strong route policy controls and the use of strict anti-spoofing and route filters the network is protected route spoofing. A firewall should be set up not only between the network and the outside world but also between the different VLANs. The firewall will filter out route and IP address spoofing. The network should also have ARP/Broadcast monitoring software and configured to minimize the ability to abuse protocol features.
Transport Layer The transport layer is the fourth layer of the OSI model and is involved with transporting data streams. The transport layer receives the data streams from the upper layers of the model, packages the streams for transport and transmits them to the lower layer. When data is received from the lower layers, the packets are reassembled and passed back into a stream for the upper layers. Transport protocols are designed to ensure data was completely received at the destination using the TCP protocol. If the reduction of overhead is required and best efforts of delivery is needed then the UPD protocol is used. Since the transport layer deals with the transportation of the data streams some security weaknesses to keep in mind are (Reed, 2003):
Mishandling of undefined, poorly defined, or "illegal" conditions
Differences in transport protocol implementation allow "fingerprinting ' and other enumeration of host information
Overloading of transport-layer mechanisms such as port numbers limit the ability to effectively filter and qualify traffic.
Transmission mechanisms can be subject to spoofing and attack based on crafted packets and the educated guessing of flow and transmission values, allowing the disruption or seizure of control of communications. In order to close off these weaknesses, certain rules and processes needs to be implemented. Within the firewall, rules should be set limiting access to a certain number of transmission protocol and sub-protocol information. This information includes TCP/UDP port number or ICMP type. At the firewall layer, stateful inspection is used to prevent out-of-state packets, "illegal" flags, and other fake packet profiles from entering the network. Also, strong transmission and layer session identification methods are needed to stop attacks.
Session Layer The fifth layer of the OSI model is the session layer. This layer covers the organization of the data communication into logical processes. The session layer receives the send data requests from the higher layers and organizes the beginning and ending of communication with the receiving host. The session layer then hands over its data process to the transport layer where the transmission starts. Session protocols deal with a number of different issues including access accessibility, permitting local applications to discover and connect to remote services, and advertising services to remote clients with successive requests to connect. Some security issues with the session layer is:
Weak or nonexistent authentication mechanisms
Clear text transfer of session credentials including user ID and password.
Failed authentication attempts could lead to information being leaked.
Brute-force attack on accounts To prevent the above security issues encrypted password exchange and storage should be used. All accounts should be set up to expire after a certain amount of time and a time out mechanism for failed session attempts.
Presentation Layer
The presentation layer deals with the organization of data passed from the application layer to the network. This layer allows for the standardization of data and the communication of data between different hosts. The presentation layer can also control network-layer enhancements such as compression or encryption. Some vulnerabilities with regard to the presentation layer are (Reed, 2003):
Poor handling of unexpected input can lead to application crashes or surrender of control to execute arbitrary instructions.
Unintentional or ill-advised use of externally supplied input in control contexts may allow remote manipulation or information leakage.
Cryptographic flaws may be exploited to circumvent privacy protections Steps to ensure the security of the presentation layer can be achieved by carefully checking the receipt of incoming input in applications. Input should be checked before being transferred into any function that uses input to control processes. To prevent cryptographic flaws, the constant review of solutions must be performed to guarantee the security.
Application Layer
The seventh and final layer of the OSI model is the application layer. This layer works with the programs which uses the network and the resources. The application layer is what the user sees and interacts with when working on the network. Any and all functions that do not directly pertain to the network happen at this layer. Some of the security issues that can occur at the application layer are (Reed, 2003):
Open design issues allow free use of application resources by unintended parties
Backdoors and application design flaws bypass standard security controls
Inadequate security controls force "all-or-nothing" approach, resulting in either excessive or insufficient access.
Overly complex application security controls tend to be bypassed or poorly understood and implemented.
Program logic flaws may be accidentally or purposely used to crash programs or cause undesired behavior.
To control issues that could arise at the application layer, access controls should be defined and enforced for application resources. The controls should be well defined and straightforward to prevent any complexity issues. There should also be a standard for testing and review of application code. This is done with a baseline to measure the application implementation. Finally, by setting up a host-based firewall system that can regulate traffic based on the application. This is to stop any unauthorized use of the network.
Conclusion
In conclusion, the information covered in this paper shows the different types of security that is associated with each level of the standard OSI model. From the physical layer to the application layer, each layer has a different type of security which must be applied at each layer to prevent any security leaks, spoofing, and infinite loops. These are just a few of the different vulnerabilities that must be protected on a WLAN or LAN.
References
Reed (November 21, 2003). Applying the OSI seven layer model to Information Security. Retrieved on January 11, 2008, from SANS Institute. Website: http://www.sans.org/reading_room/whitepapers/protocols/1309.php
Haden (2008). The OSI Model. Retrieved on January 11, 2008, from Data Network Resource. Website: http://www.rhyshaden.com/osi.htm
References: Reed (November 21, 2003). Applying the OSI seven layer model to Information Security. Retrieved on January 11, 2008, from SANS Institute. Website: http://www.sans.org/reading_room/whitepapers/protocols/1309.php Haden (2008). The OSI Model. Retrieved on January 11, 2008, from Data Network Resource. Website: http://www.rhyshaden.com/osi.htm
You May Also Find These Documents Helpful
-
Studying the seven layers of the OSI design, a decision to be taken is that the layer three, also referred to as the network layer is the one which WAN protocols operates on. The network layer carries out regular tasks as well as pinpoints end-to-end addressing and routing datagrams (Regan, 2004). There exists a unit known as brouter that some layers incorporate which works like a router and a bridge. Routers and switches work on layers 2-4 (data link layer, network layer as well as transport layer). As mentioned earlier, on layer two of the OSI model, network layer, is the place where the addressing and routing is carried out. On the transport layer of the OSI model is the place where the flow control and mistake handling works. Lastly, on layer four the synchronizations and assemblies are completed.…
- 254 Words
- 1 Page
Satisfactory Essays -
The 7 layers can be split logically into two subgroups. Layers 7 thru 4 focus on the end to end communication of data source and destinations. Layers 3 thru 1 are provide consistent communication between the network devices. An easier way of looking at the OSI model is dividing the upper layers (7, 6, 5) from the lower layers (4, 3, 2, 1). The upper layers deal with application issues and are implemented only in software. The highest layer, the application layer, is the closest to the end user. The lower layers are responsible for the transportation of the data. The physical layer and the data link layer are implemented in hardware and software. The lowest layer, the physical layer, is closest to the physical network medium (the wires, for example) and is responsible for placing data on the medium.…
- 1266 Words
- 6 Pages
Powerful Essays -
With security mechanisms for the new network, management has asked for a report describing how the basics of a network operate and how two nodes communicate. With this we are going to break down the OSI model (Open Systems Interconnection) which is seven layers along with the TCP/IP (Transmission Control Protocol/Internet Protocol). After this the management team will know the difference between the two models along with some other key information.…
- 3788 Words
- 16 Pages
Better Essays -
Interconnection (OSI) Model - is a conceptual and logical layout that defines network communication used by systems open to interconnection and communication with other systems.…
- 559 Words
- 3 Pages
Powerful Essays -
Here goes: When it comes to developing security protocols for your organization the OSI model will play a critical role in determining what risks are present to each area of the network, by evaluating each layer of the OSI model and protecting each vulnerability found. The physical layer shows us that the physical network and resources need to be protected. Doors to server rooms need to be kept under lock and key, and only authorized personnel need to have access to these resources. Another important part of the physical layer would be the actual data storage and recovery. It is important to have a source for information backup kept offsite, in the case of an environmental disaster on location. The next layer, the data-link layer, exposes a vulnerability in the exposure of datagrams on the network. At the data-link layer there are threats such as MAC flooding,, ARP and Spanning-Tree attacks, or MAC spoofing to gather traffic destined for a different machine. Hackers use these methods to grab data from the network which can include usernames and passwords to even more sensitive information. It is important to disable untrusted Layer 2 ports. This will limit traffic between hosts and close up any vulnerabilities. Layer 2 switches can also establish Virtual Local Area Networks, which separate networks logically on the same physical network. QoS protocols can also provide additional protection by providing better bandwidth utilization. At the network layer, which is responsible for addressing and routing frames, the best path is determined for…
- 1894 Words
- 8 Pages
Good Essays -
| Method for utilizing electrical, light, energy, or radio waves to convey data in between networked computers.…
- 552 Words
- 3 Pages
Satisfactory Essays -
This week we covered some additional information in regards to the data layer, more specifically the MAC layer, and went into the network layer of the OSI model. As part of that we discussed different routing protocols and systems.…
- 866 Words
- 4 Pages
Good Essays -
Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 2 Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure …
- 1232 Words
- 14 Pages
Satisfactory Essays -
Bibliography: Kim, David and Michael G. Solomon. “Fundamentals of Information Systems Security.”, 15-42. Sunbury, MA: jones and Bartlett Learning, 2012.…
- 517 Words
- 3 Pages
Satisfactory Essays -
____ presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.…
- 760 Words
- 4 Pages
Satisfactory Essays -
Cerf, V. G., & Cain, E. (1983). The DoD internet architecture model. Computer Networks (1976), 7(5), 307-318. doi:10.1016/0376-5075(83)90042-9…
- 2271 Words
- 10 Pages
Best Essays -
Abstract The purpose of this paper is to identify common application layer security holes, describe common fixes of these problems and discuss the importance of application layer security in development of software. This paper will also discuss common practices for securing applications. The three main aspects of information security include: confidentiality, integrity and availability. These aspects of data security are at risk by three main categories of vulnerabilities that will be discussed in this paper. They are design vulnerabilities, development vulnerabilities, and deployment vulnerabilities. In beginning my research on this topic I anticipated learning about encryption on and authentication on software applications, but as the paper indicates those are only a small part of security. Acknowledgments I would like to thank and acknowledge Ms. Edie Dille from York Technical College for the use of her presentation on the OSI Model, Dr. Garrison from Winthrop University for the opportunity to research software security and Ms. Valerie Chantry from MassMutual for access to Symantec security documents and presentations. Background The OSI (Open Systems Interconnect) model is a reference model for how data should be transmitted between any two devices in a network. It was developed to guide implementers in standardizing their products so that communications can occur between different bands of equipment, different protocols, different media types, and different operating systems. The OSI model simplifies the networking process for…
- 3346 Words
- 14 Pages
Best Essays -
In order to perform described Data Link layer attacks, we'll be using a tool called…
- 6295 Words
- 26 Pages
Powerful Essays -
OSI stands for Open Source Interconnection. It is an essential element of computer network design. The concept of how a modern network operates can be understood by dissecting it into seven layers. The important thing to realise is that OSI model doesn’t define a network standard, but rather provides a guidelines for the creation of network standards.…
- 2890 Words
- 12 Pages
Powerful Essays -
This is the layer that actually interacts with the operating system or application whenever the user chooses to transfer files, read messages or perform other network related activities. This layer deals with networking applications.…
- 1291 Words
- 6 Pages
Good Essays