Application of Osi Seven-Layer Network Model to Information Security
Order ID# 45178248544XXTG457 Plagiarism Level: 0-0.5% Writer Classification: PhD competent Style: APA/MLA/Harvard/Chicago Delivery: Minimum 3 Hours Revision: Permitted Sources: 4-6 Course Level: Masters/University College Guarantee Status: 96-99%
Networking is a prime concern for information security. A great deal of formalized study has been devoted to the science and methodology of designing and maintaining networks. One formal system that network engineers discuss and apply frequently is the OSI Seven Layer Model for Networking, developed by the ISO (International Standards Organization) to define a standardized method for designing networks and the functions that support them. This model describes seven layers of interaction for an information system communicating over a network.
Layer One – the Physical Layer
The physical layer is responsible for the physical communication between end Stations. It is concerned with the actual encoding and transmission of data in electromechanical terms. It is also the most vulnerable and changeable, not depending upon the logic and organization of the electronic world, but on the vagaries of physics. Denial of Service is a mere circuit breaker or lead pipe away when dealing with the physical layer. Something as simple as unplugging the power or removing a network cable can cause untraceable havoc on a network. Tempest project, was used to develop application for use of electromagnetic eavesdropping as well as protections against such intrusions. This means that critical assets must be behind strong locks, with strict controls on who may pass those locks, and constant monitoring, logging, and review of that access. Such monitoring may include video surveillance, card–lock logging of entry and exit with PIN.
Layer Two – Data Link Layer
It is concerned with the logical elements of transmissions between two directly connected stations. It deals with issues of local topology where many stations may share a common local media. This is the layer where data packets are prepared for transmission by the physical layer. The data link layer is the realm of MAC addresses and VLANs as well as WAN protocols such as ATM . As a newly emergent battleground, the threats tend to outweigh the controls on the link-layer, with the only strong tools being manual MAC filtering to enforce an explicit layer two policy, and strong network design to minimize exposure from the outset. The inherent design of most layer two communication imposes a layer of involuntary trust. Layer Three – Network Layer
The Network layer is concerned with the global topology of the internet work – it is used to determine what path a packet would need to take to reach a final destination over multiple possible data links and paths over numerous intermediate hosts. This layer typically uses constructs such as IP addresses to identify nodes, and routing tables to identify overall paths through the network and the more immediate next-hop that a packet may be forwarded to. Layer three is the last layer that has a rough physical correspondence to the real world. A given host will typically have a single layer three address or single layer three address per interface. On the Internet, Route Registries and the Routing Arbiter Database (RADB) offer the means to register route announcements. The RADB also provides filter information that allows building of local policies to validate foreign route announcement.
Layer Four – Transport Layer
The Transport Layer is concerned with the transmission of data streams into the lower layers of the model, taking data streams from above and packaging them for transport, and with the reassembly and passing of incoming data packets back into a coherent stream for the upper layers of the model. Transport protocols may be designed for high reliability and use mechanisms to ensure data arrives complete at its destination. The Transport Layer is the first purely logical layer in the model. It is the primary point where multiple data conversations from or to a single host are multiplexed. Some transport protocols. Some of the key vulnerabilities found at the transport layer come from poor handling of undefined conditions. Stronger mechanisms are possible in layer four implementations to make session hijacking more difficult as well. Recent improvements in TCP sequence number assignment based on random number generation rather than arbitrary and predictable sequences have made the blind takeover of TCP sessions much more difficult.
Layer Five- Session Layer
The Session Layer is concerned with the organization of data communications into logical flows. It takes the higher layer requests to send data and organizes the initiation and cessation of communication with the far end host. As the Session Layer deals with the creation and control of access to the higher level applications, the issue of authorization and access is a natural weakness in this layer. To prevent brute-force or focused guessing of session credentials, failed attempts can be properly logged and limited to a fixed amount of failures before an account or service is locked out. This approach is a two-edged sword in that legitimate users may be locked out by illicit access attempts either inadvertently or as the basis for a denial-of-service attack. A safer possible approach is to limit connection attempts on a time basis such as only once every 30 seconds, or temporary lockout on failure with a brief enough duration that legitimate user access will recover in a practical amount of time, but a brute force attack would be rendered impractical.
Layer Six- Presentation Layer
It deals with the organization of data passed from the application layer into the network. This layer allows for the standardization of data and the communication of data between dissimilar hosts, such as platforms with different binary number representation schemes or character sets. Presentation Layer protocols typically rely upon a standardized data format for use on the network, and various conversion schemes to convert from the standardized format into and out of specific local formats. Vulnerabilities at this layer often originate from weaknesses or shortcomings in the implementation of the presentation layer functions. Control, Careful specification and checking of received input incoming into applications or library functions Separation of user input and program control functions- input should be sanitized and sanity checked before being passed into functions that use the input to control operation Careful and continuous review of cryptography solutions to ensure current security versus know and emerging threats.
Layer Seven- Application Layer
The Application Layer deals with the high-level functions of programs that may utilize the network. User interface and primary function live at this layer. All functions not pertaining directly to network operation occur at this layer. Vulnerabilities; Open design issues allow free use of application resources by unintended parties. Backdoors and application design flaws bypass standard security controls. Inadequate security controls force “all-or-nothing” approach, resulting in either excessive or insufficient access. Program logic flaws may be accidentally or purposely used to crash programs or cause undesired behavior. Controls Application level access controls to define and enforce access to application resources. Controls must be detailed and flexible, but also straightforward to prevent complexity issues from masking policy and implementation weakness Standards, testing, and review of application code and functionality-A baseline is used to measure application implementation and recommend improvements IDS systems to monitor application inquiries and activity. Some host-based firewall systems can regulate traffic by application, preventing unauthorized or covert use of the network.
Chan, A. C. M. (2016). Service-learning and research scheme: the Lingnan model. Hong
Kong: Office of Service-Learning (OSL), Lingnan University.
Blumer, B. E. (2018). An application of Osl dating to test the perched-dune model on
coastal dunes at Arcadia, Michigan.