Basic Networking Concepts: The Open System Interconnection (OSI) Layers
Overview
The OSI is an abstract model of how data is transmitted and received in computer networks. This model is characterized by the following attributes:
1. There are seven layers.
2. Each layer has its distinct functions, and they communicate only with the layer directly above or below it.
3. Each unit of communication is called the protocol data unit (PDU).
4. When data is sent, it starts from the Application layer and moves downwards until the Physical layer, undergoing the encapsulation process.
5. When data is received, it starts from the Physical layer and moves upwards until the Application layer, undergoing the de-encapsulation process.
Figure 1: The Open Systems Interconnection (OSI) Model
Layer 1 Physical
Examples: Hubs, repeaters, connectors, network cables
Purpose:
1. Convert bits into signals and signals into bits
2. This layer specifies the encoding of ‘0’s and ‘1’s.
3. Defines how data is passed and received to and from the network , including the transmission methods such as using wired or wireless means.
Security Emphasis: Protect physical access to the devices and the network connections. The main risk is the hackers could connect a protocol analyzer or sniffer onto unprotected or exposed cabling, thus intercepting the bits during the network communication.
Layer 2 Data Link
Examples: Switches, Network Interface Cards (NICs), Wireless Network Access Points
Purpose:
1. Provides addressing to physical devices so as to identify the correct sender and recipient in a communication.
2. Layer 2 identifies devices through the Media Access Control (MAC) addresses, which interacts with the Layer 1 Physical.
3. The Logical Link Control (LLC) sublayer interacts with the Layer 3 Network.
4. The switch works intelligently by using a table to map each device to a MAC address. When the switch receives unicast traffic for a specific device, it sends the frames to that device only (via ports).
5. Performs errors checking such as examining the Frames using Cyclic Redundancy Check (CRC) to deal with invalid frames.
Security Emphasis: Collision and invalid frames or unsuitable network topology, poor network design can compromise the network. NIC driver issues or malfunctioned switches could also be a security flaw.
Layer 3 Network
Examples: Routers, Firewalls, Layer 3 switches
Purpose:
1. Manages addressing and translation.
2. Evaluates the fastest route and conducts path selection and routing in a network (hops).
3. Monitors data traffic in a network using a Access Control List (ACL) to permit or reject data packets based on criteria such as IP address, ports and protocols.
Security Emphasis: Problems can arise due to incorrect IP address, improper subnet mask, router configuration errors. For example, if the network administrator fails to reset the default SSID and password on a new router, a hacker can easily access the network since the default factory settings can be exploited. A network defender can use the router to reject packets coming from blacklisted sources to fend off a Denial or Service attack.
Layer 4 Transport
Examples: TCP and UDP
Purpose:
1. Facilitates reliable end to end communication.
2. Decomposes long data streams into smaller units called segments to satisfy the limits posed by maximum transmission unit (MTU).
3. Transmission Control Protocol (TCP) is a connection oriented protocol to ensure reliable data communication. This is achieved using a three-way handshake.
4. User Datagram Protocol (UDP) is a connectionless protocol which does not guarantee delivery, but is faster and commonly used in less mission critical situations and video streaming. UDP simply sends the segments and does not require any acknowledgement.
Figure 2: The Three-Way Handshake in TCP/IP
Source : https://www.mdpi.com/2076-3417/6/11/358
Security Emphasis: The three way handshake can be exploited to a half SYN attack (this is also known as a TCP SYN, TCP flood and TCP half open attack). This is commonly used in conjunction with a distributed denial of service (DDOS). In this attack, the hacker initiates the SYN, and the server responds with ACK-SYN. However the hacker withholds the last step (ACK), so the server continues to keep a session open which consumes resources. At the same time, the hacker can initiate new SYN, in fact hundreds of these could be sent in a short time especially when the hacker controls multiple computers through a trojan or bot. The server would be brought down, unable to deal with the new incoming SYN while waiting for the final ACK messages. A countermeasure is to configure the router to deal with black-listed sources, or using a bastion host.
Layer 5 Session
Purpose:
1. Establishes and maintains sessions between applications on local or remote devices
2. Differentiate and keep session information for each application.
3. Performs session setup before data transmission, and terminates when the exchange is completed.
4. Uses Remote Procedure Call (RPC) to request for a service from an application running on different computers.
5. Uses Domain Name System (DNS) to manage the user login and logoff as well as authentication process.
6. Manages “check-pointing” to synchronize process between two related data streams (e.g. video and audio data streams).
Security Emphasis: Layer 5 is vulnerable to session attacks. This includes session hijacking, session fixation and cross site request forgery (CSRF). Cookies are often used to maintain session. In this case, session cookies could be exploited by a hacker. The server sends the cookies, stored on a client computer, and thus vulnerable to a hacker who uses sniffing, cache poisoning and directory traversal to search for a cookie. Cookies that are sent not using HTTPS could also compromise the contents of the cookies. On the server and coding side, the administrator should configure the cookies securely (i.e. session duration). A recent case was Twitter, which used one cookie (auth-token) to validate the user, which is based on the user name and password. The problem was the token does not change from one login to the other, and does not expire when the user logouts. This means if a hacker steals the token, the hacker can access the account until the actual user changes the password.
Layer 6 Presentation
Purpose:
1. Standardizes the data presentation and formatting.
2. Translates data using standards such as ASCII (American Standard Code for Information Interchange), EBCDIC (Extended Binary Coded Decimal Interchange Code) and JPEG (Joint Picture Experts Group).
3. Compresses and decompresses data for more efficient transmission across networks.
4. Encrypts and decrypts data.
Security Emphasis: The software component ‘redirector’ functions at this layer which intercepts requests for service and redirect them if the local host cannot perform them. Improper server configurations can be exploited by a hacker at the redirection. Also, since Layer 6 performs encryption, the setting should be set at strong encryption protocols such as AES or SHA 256, and not weaker protocols such as DES.
Layer 7 Application
Examples: HTTP, HTTPS, Telnet, SSH, SMTP (refer to Figure A.1)
Purpose:
1. Implements specific web or user application
2. Handles errors recovery for applications
3. Provides services for communication across the network
4. Manages security features such as authentication, access control with mechanisms such as permissions, encryption for confidentiality, hashing for integrity, and digital signatures for non-repudiation.
Security Emphasis: Some applications such as Telnet and TFTP are not secure, passwords and contents could be sent in cleartext. Applications typically use specific ports. If the network administrator does not close unused ports or monitor the ports, these ports could be an avenue for a hacker to gain unauthorized access into the web server. Another vulnerability is database applications, which could be compromised using SQL injection. Poor client side scripting or programming such as weak user input validation results in injection attacks, XSS and CSRF.
Table 1: Vulnerabilities to Exploit the Protocols at Layer 7
Source : Systems Security Certified Practitioner (ISBN 978–1–25–958307–0)
In summary, this is a basic description of the OSI layer, a fundamental reference model widely used by tech professionals .It is also a must-know for cybersecurity as the exploitations and the solutions will revolve mainly at the different layers.
