The Importance of OSI Model To Information Security: The Modern Threat Surface
With the advent of mobility and the coming Internet of Things, the enterprise threat surface has never been larger, nor the avenues through which criminals can gain access to essential files so varied. In the past, network-level controls were all you really needed to keep your data safe. But times have changed – and if your approach to security doesn’t change with it, then you’ve only yourself to blame when you suffer a breach.
What a lot of administrators tend to forget is that protections like firewalls and authentication controls are only part of the equation. Such network-level protections only guard against a very narrow scope and set of attacks. If you want to truly protect your organization, you need to take a multi-tiered approach to security.
And that’s where the OSI model emerges as extremely valuable. We’ll skip the introductions, since I’m certain it’s something you’ve already heard about. Let’s get straight down to explanations.
The Physical Layer
The first layer of the OSI model is related to the physical devices that run a network – power boxes, routers and modems, endpoints, et-cetera. Attackers targeting this layer could cause a disruption of service through power interruption, disconnection, physical damage, or outright theft. To protect this layer, employ security staff, video and audio surveillance, and access control.
The Data Link Layer
The data link layer is responsible for managing the packets of information that are sent across a physical network. Designed for functionality and practicality before security, there are multiple protocols in this layer that are vulnerable – and since it’s often neglected when seeing to information security, the layer’s a prime target. Some modes of attack you’ll need to guard against include MAC address spoofing, VLAN circumvention, and ARP Cache Poisoning.
To protect this layer, filter MAC addresses, don’t rely solely on VLANs for security, and make sure any wireless applications have encryption and authentication baked in.
The Network Layer
The network layer is probably the layer you’ve already done the most work securing, as controls at this layer include routing policy, firewalls, and ARP/broadcast monitoring. Just make sure you’re not reliant upon addressing for resource identification, and that you’re aware of attempts to spoof any IP addresses or network routes.
The Transport Layer
The transport layer is a bit unusual in that it communicates directly with lower layers in the OSI model, ensuring the reliable transmission of data streams between them. The Transport Control Protocol and the User Datagram Protocol are both essential components of this layer – and they can also be used by an attacker to infiltrate or block off your network. Ensuring your firewall has rules to limit specific transmission protocols and that you’re regularly monitoring said firewall is essential.
The Session Layer
The session layer manages communication between endpoints. It comprises the protocols responsible for handling network sessions – like the network layer, there’s a good chance you’ve at least a few security controls in place at this level. Password encryption, authentication protocols, and limitation on brute-forcing attempts are all security measures you’ll want in place here to protect against spoofing, information leakage, and session hijacking.
The Presentation Layer
The presentation layer is basically what it sounds like – it ‘presents’ information to the user at an endpoint, transferring data between the application layer (the layer at which the user interacts) and the other network layers. Savvy users can abuse Unicode vulnerabilities at this level to break into your network, and someone looking to deny service can topple your house of cards through unexpected input.
Separation of user input and program control is essential, and constant sanity checks are a must.
The Application Layer
Last but not least, the application layer includes features such as the GUI and high-level application functions. It’s the most open-ended of all the layers, and hence the most difficult to protect – especially with the advent of SaaS applications on mobile devices. Luckily, there are a few measures you can take to significantly reduce your risk of attack:
- Sandboxing. This ensures that potentially-vulnerable applications don’t have access to sensitive data.
- Malware scans. Ransomware is on the rise, and malicious software remains one of the chief modes of attack by cyber-criminals.
- Review and test application code.
On the topic of cloud and mobility, there’s actually a lot more to information security that needs to be covered. But that’s a subject for another day. For now, best see to it that your network’s secure, first.