The OSI model, short for Open Systems Interconnection model, is a 7-layer model that describes a data communication architecture in computer networks.
The OSI reference model was developed in the late 1970s. However, due to its late invention, it was not implemented and remained simply a reference model. The model currently implemented on the Internet is the TCP/IP model.
1 Layers of the OSI model
1.1 Application Level | 7
1.2 Presentation Level | 6
1.3 Session Level | 5
1.4 Transport layer | 4
1.5 Network Layer | 3
1.6 Data Link Layer | two
1.7 Physical Layer | 1
2 Types of attacks per layer in the OSI model
2.1 Exploration at the application level
2.2 Phishing attacks at the presentation layer
2.3 Session Layer Hijacking Attacks
2.4 Reconnaissance or reconnaissance and DoS attacks at the transport layer
2.5 Network-level man-in-the-middle attack
2.6 Data Link Layer Forgery Attacks
2.7 Physical layer man-in-the-middle attacks
Layers of the OSI model
The OSI model defines seven levels of abstraction that computer systems use to communicate over a network, to facilitate communication between users. Each layer of the OSI model has specific functions, which communicate and interact with the layers immediately above and below.
Levels are classified into two categories:
Host layers: application layer, presentation layer, session layer, and transport layer.
Intermediate layers: the network layer, the data link layer and the physical layer.
Application Layer | 7
The application layer, also known as the “desktop layer”, is responsible for communicating with applications, both host-based and user-facing. This is the level closest to the user.
Activates application services and allows users to receive information. It also specifies the shared communication protocols and interface methods used by hosts in communication networks.
This layer of the OSI model communicates and interacts with: the presentation layer.
The most common security attack at the application layer is: an exploit.
Presentation Layer | 6
The presentation layer, also known as the “syntax layer,” is responsible for formatting and translating data into the format specified by the application layer. That is, it functions as a network data translator to ensure that the application layer of the receiving system is able to read the information sent by the application layer of the sending system.
This layer of the OSI model communicates and interacts with: the application layer and the session layer.
The most common security attack at the presentation level is a phishing attack.
Session Level | 5
The session layer is responsible for opening, managing, and closing sessions between end-user application processes. Establishes, manages and terminates connections between local and remote applications.
This host layer creates the configuration, controls the connection, terminates decoupling between computers, and verifies and restores sessions.
This layer of the OSI model communicates and interacts with: the presentation layer and the transport layer.
The most common session-level security attack is a hijacking attack.
Transport Layer | 4
The transport layer is responsible for providing the means to transfer data sequences of variable length from a source host to a destination host. Protocols at this host layer provide end-to-end communication services for applications.
It supports two modes, online and offline, to provide reliable transmission between points in a network.
This layer of the OSI model communicates and interacts with: the session layer and the network layer.
The most common security attacks at the transport layer are: reconnaissance attack and DoS attack.
Network Layer | 3
The network layer is responsible for providing a means to transfer packets between nodes connected across one or more networks. Structure and manage multi-node networks, using routers and switches to manage your traffic.
This layer of the OSI model communicates and interacts with: the transport layer and the data link layer.
The most common security attack at the network layer is the man-in-the-middle attack.
Data Link Layer | two
The data link layer is responsible for transferring data frames between two directly connected nodes within the same local network. Packets of raw physical layer bits in frames. You can also perform review and error correction.
This layer of the OSI model communicates and interacts with: the network layer and the physical layer.
The most common security attack at the data link layer is: a spoofing attack.
Physical layer | 1
The physical layer is responsible for transmitting and receiving unstructured raw data between devices and physical transmission media. It can be implemented using various hardware technologies.
This layer of the OSI model communicates and interacts with: the data link layer. It translates logical communication requests from the data link layer into specific hardware operations for transmitting and receiving signals.
The most common security attack at the physical layer is the man-in-the-middle attack.
Types of attacks by layer in the OSI model
These are the different types of attacks that can target each specific layer of the OSI model.
Explore at the application level
An exploit involves exploiting vulnerabilities in a software application to gain unauthorized access and take control of a system, as well as performing various types of attacks, such as a denial of service attack.
Presentation layer phishing attacks
Phishing attacks involve tricking people into revealing sensitive data using various techniques. It is one of the most used cyber attacks today and includes many types of attacks.
Session layer hijacking attacks
Hijacking attacks involve intercepting and taking control of an established communication session to access sensitive data or gain unauthorized access to the targeted user’s computer or account.
Reconnaissance or reconnaissance and DoS attacks at the transport layer
Reconnaissance or reconnaissance attacks involve gathering information about a system to identify vulnerabilities. While it was originally used as an ethical hacking technique to identify security flaws and improve them, it has also become a mechanism for identifying vulnerabilities before launching a cyberattack.
DoS attacks, or Denial of Service attacks, consist of making a resource unavailable to users by flooding the target with superfluous requests that aim to prevent requests from being completed legitimately. The interruption may be temporary or indefinite. When the attack originates from multiple points at the same time, it is called a distributed denial of service attack or DDoS attack.
Network-level man-in-the-middle attack
Man-in-the-middle attacks, abbreviated as “MitM attacks,” involve an attacker placing himself between two communicating parties to monitor, transmit, and even alter the content of messages. Although both parties believe they are communicating directly and confidently.
Spoofing attacks at the data link layer
Spoofing attacks involve a person or program falsifying information to identify itself as an authorized user or device. By impersonating authorized users or devices, attackers can bypass system access control, steal data, and spread malware.
Physical man-in-the-middle attacks
Man-in-the-middle or sniffing attacks involve intercepting data using an application designed to capture network packets (a packet sniffer). Therefore, if the captured packets are not encrypted, you can use the packet sniffer to read them. This allows attackers to analyze the network and obtain information to corrupt it or even cause it to crash.
This 7-layer network model and the common cyber attacks associated with each highlight the importance of assessing risks and vulnerabilities to protect enterprise security at all levels. Cyber threats are commonplace today and cannot be ignored. As a result, rigorous security approaches such as Zero Trust and Disaster Recovery solutions are increasingly used by organizations to ensure business continuity.