2.1 OSI model

The OSI model is a crucial framework for understanding network communication. It divides network functions into seven layers, from physical transmission to application-level interactions. This layered approach helps professionals design, troubleshoot, and secure networks by breaking down complex processes into manageable components.

Each layer of the OSI model serves a specific purpose, from handling raw data transmission to managing application-level protocols. Understanding these layers is essential for network security, as it allows professionals to implement targeted security measures at each level, creating a comprehensive defense strategy against various threats.

OSI model overview

• The OSI (Open Systems Interconnection) model is a conceptual framework that standardizes the communication functions of a computing system, regardless of its underlying internal structure and technology
• It divides network communication into seven abstraction layers, with each layer serving the layer above it and being served by the layer below
• Understanding the OSI model is essential for network security professionals as it provides a systematic way to troubleshoot, secure, and optimize network communications

Purpose of OSI model

• The OSI model was developed to promote interoperability between different network technologies and devices by providing a common language and framework for network communication
• It helps network professionals design, implement, and troubleshoot networks by breaking down complex network interactions into simpler, more manageable layers
• The model enables vendors to create network devices and software that can communicate with each other, regardless of their internal designs or manufacturers

Seven layers of OSI model

Physical layer

• The lowest layer of the OSI model deals with the physical transmission of raw data bits over a communication channel (copper wire, fiber optic cable, or wireless medium)
• It defines the mechanical, electrical, and functional specifications for the physical link between communicating devices, such as cable types, connectors, and signaling methods
• Examples of physical layer protocols include Ethernet (IEEE 802.3), USB, and Bluetooth

Data link layer

• The data link layer is responsible for the reliable transfer of data frames between two directly connected nodes on a network segment
• It provides error detection and correction mechanisms to ensure data integrity, such as checksums and cyclic redundancy checks (CRC)
• The data link layer is divided into two sublayers: the Media Access Control (MAC) sublayer, which handles physical addressing and channel access control, and the Logical Link Control (LLC) sublayer, which provides flow control and error notification services
• Examples of data link layer protocols include Ethernet (IEEE 802.3), Point-to-Point Protocol (PPP), and High-Level Data Link Control (HDLC)

Network layer

• The network layer is responsible for routing data packets between different network segments, based on logical addressing (IP addresses)
• It determines the best path for data packets to take from the source to the destination, considering factors such as network congestion, priority, and security policies
• The network layer also handles the fragmentation and reassembly of data packets when necessary, to accommodate different network media and maximum transmission unit (MTU) sizes
• Examples of network layer protocols include Internet Protocol (IP), Internet Control Message Protocol (ICMP), and Internet Group Management Protocol (IGMP)

Transport layer

• The transport layer ensures the reliable, efficient, and error-free delivery of data segments between the source and destination hosts
• It provides end-to-end communication services, such as connection establishment, flow control, congestion control, and error recovery
• The two primary transport layer protocols are Transmission Control Protocol (TCP), which provides reliable, connection-oriented communication, and User Datagram Protocol (UDP), which offers unreliable, connectionless communication
• The transport layer also handles the segmentation and reassembly of data, and the multiplexing and demultiplexing of data streams based on port numbers

Session layer

• The session layer establishes, manages, and terminates connections (sessions) between applications running on different network hosts
• It provides services such as dialog control (who can transmit data at a given time), token management (preventing two parties from performing the same critical operation simultaneously), and synchronization (adding checkpoints into data streams to allow for recovery in case of a crash or failure)
• Examples of session layer protocols include Remote Procedure Call (RPC), Session Initiation Protocol (SIP), and AppleTalk Session Protocol (ASP)

Presentation layer

• The presentation layer is responsible for translating data between the application layer and the network format, ensuring that data exchanged between hosts is in a readable format
• It handles tasks such as data compression, data encryption, and data formatting (converting between different character encodings or file formats)
• Examples of presentation layer formats include ASCII, EBCDIC, JPEG, MPEG, and SSL/TLS

Application layer

• The application layer is the topmost layer of the OSI model and is closest to the end-user, providing services directly to applications
• It defines protocols for specific applications, such as email (SMTP), file transfer (FTP), web browsing (HTTP), and remote access (Telnet)
• The application layer also handles user authentication, data privacy, and quality of service (QoS) requirements

Data encapsulation in OSI model

• Data encapsulation is the process of adding control information (headers and trailers) to data as it moves down the OSI layers, with each layer adding its own protocol-specific information
• The reverse process, known as decapsulation, occurs when data moves up the layers at the receiving end, with each layer removing its corresponding control information
• Encapsulation ensures that data is properly formatted, addressed, and routed through the network, while also providing a level of abstraction between layers

Protocol data units (PDUs)

• Protocol data units (PDUs) refer to the data format specific to each OSI layer, including the layer's payload and any headers or trailers added during encapsulation
• The PDU names for each layer are:
  • Application, presentation, and session layers: Data
  • Transport layer: Segment (TCP) or Datagram (UDP)
  • Network layer: Packet
  • Data link layer: Frame
  • Physical layer: Bits
• Understanding PDUs is crucial for network analysis and troubleshooting, as it allows professionals to identify and interpret the control information added by each layer

OSI model vs TCP/IP model

• The TCP/IP model is another conceptual framework for network communication, which is more concise and practical than the OSI model
• While the OSI model is a theoretical framework, the TCP/IP model is based on the actual protocols used in the Internet

Similarities of OSI and TCP/IP models

• Both models use a layered approach to network communication, with each layer responsible for specific functions and services
• The two models share similar concepts, such as encapsulation, data formatting, and error control
• The upper layers (application, presentation, and session) of the OSI model roughly correspond to the application layer in the TCP/IP model

Differences between OSI and TCP/IP models

• The TCP/IP model has four layers (application, transport, internet, and network access), while the OSI model has seven layers
• The OSI model is a theoretical framework, while the TCP/IP model is based on actual protocols used in the Internet
• The TCP/IP model does not have dedicated presentation and session layers, as these functions are typically handled by the application layer protocols
• The OSI model's network layer is equivalent to the TCP/IP model's internet layer, while the OSI model's data link and physical layers are combined into the TCP/IP model's network access layer

Advantages of OSI model

Standardization benefits

• The OSI model provides a standardized way to describe network communication, making it easier for vendors, network professionals, and educators to discuss and understand networking concepts
• It promotes interoperability between different network technologies and devices by providing a common language and framework
• Standardization helps reduce complexity and costs associated with network design, implementation, and maintenance

Troubleshooting with OSI model

• The OSI model's layered approach simplifies network troubleshooting by allowing professionals to isolate problems to specific layers
• By systematically examining each layer's functionality and interactions, network professionals can more easily identify and resolve issues
• The OSI model also helps in designing test cases and debugging tools that target specific layers or network functions

Limitations of OSI model

Lack of parallel processing

• The OSI model's strict layering approach does not account for parallel processing or the simultaneous execution of tasks across different layers
• In practice, many network protocols and implementations optimize performance by allowing some degree of cross-layer interaction and parallel processing
• The OSI model's rigid structure may not accurately reflect the complexity and flexibility of modern network architectures

Strict layer boundaries

• The OSI model enforces strict boundaries between layers, with each layer only interacting with the layers directly above and below it
• While this modular approach simplifies network design and troubleshooting, it can also lead to inefficiencies and redundancies in protocol implementations
• Some network protocols and architectures may benefit from a more flexible approach that allows for cross-layer optimization and information sharing

OSI model in network security

Security functions at each OSI layer

• Physical layer security measures include access control, physical barriers, and electromagnetic shielding to prevent unauthorized access or tampering with network hardware
• Data link layer security features include MAC address filtering, port security, and virtual LANs (VLANs) to control access and segment network traffic
• Network layer security mechanisms include firewalls, intrusion detection/prevention systems (IDS/IPS), and virtual private networks (VPNs) to monitor, filter, and encrypt network traffic
• Transport layer security protocols, such as SSL/TLS and IPsec, provide end-to-end encryption, authentication, and integrity for data in transit
• Session layer security controls include user authentication, session management, and access control to protect application sessions and prevent unauthorized access
• Presentation layer security features include data encryption, compression, and format validation to ensure the confidentiality and integrity of data exchanged between applications
• Application layer security measures include user authentication, authorization, and input validation to protect against application-specific threats and vulnerabilities

Applying OSI model in network design

Best practices for secure network architecture

• Use the OSI model as a framework to identify and address security requirements at each layer of the network stack
• Implement a defense-in-depth strategy by deploying security controls at multiple layers to create a layered security approach
• Segment networks using VLANs, subnets, and security zones to minimize the impact of a security breach and limit lateral movement within the network
• Apply the principle of least privilege by restricting access to network resources and services based on user roles and responsibilities
• Regularly update and patch network devices, operating systems, and applications to address known vulnerabilities and security weaknesses
• Implement strong authentication and access control mechanisms, such as multi-factor authentication and role-based access control, to prevent unauthorized access to network resources
• Monitor network traffic and logs using security information and event management (SIEM) tools to detect and respond to security incidents in a timely manner
• Conduct regular security assessments and penetration tests to identify and remediate vulnerabilities in the network architecture and configuration