OSI Layers

Application layer(7) Recognized as the top layer of the OSI model, this layer serves as the window for application services. home of email programs, FTP, Telnet, web browsers, and office productivity suites, a viruses, worms, Trojan horse programs,

Presentation layer(6) The Presentation layer is responsible for taking data that has been passed up from lower levels and putting it into a format that Application layer programs can understand. The most critical process handled at this layer is encryption and decryption.

Session layer(5) Its functionality is put to use when creating, controlling, or shutting down a TCP session. Items such as the TCP connection establishment and TCP connection occur here. Session-layer protocols include items such as Remote Procedure Call and SQLNet from Oracle. The Session layer is vulnerable to attacks such as session hijacking. A session hijack can occur when a legitimate user has his session stolen by a hacker.

Transport layer(4) ensures completeness by handling end-to-end error recovery and flow control. Transport-layer protocols include TCP, a connection-oriented protocol. TCP provides reliable communication through the use of handshaking, acknowledgments, error detection, and session teardown, as well as User Datagram Protocol (UDP), a connectionless protocol. UDP offers speed and low overhead as its primary advantage. Security concerns at the transport level include Synchronize (SYN) attacks, Denial of Service (DoS), and buffer overflows.

Network layer(3). logical addressing and routing. The Network layer is the home of the Internet Protocol (IP), which makes a best effort at delivery of datagrams from their source to their destination. Security concerns at the network level include route poisoning, DoS, spoofing, and fragmentation attacks. Fragmentation attacks occur when hackers manipulate datagram fragments to overlap in such a way to crash the victim’s computer. IPSec is a key security service that is available at this layer.

Data Link layer(2). is responsible for formatting and organizing the data before sending it to the Physical layer. The Data Link layer organizes the data into frames. A frame is a logical structure in which data can be placed; it’s a packet on the wire. When a frame reaches the target device, the Data Link layer is responsible for stripping off the data frame and passing the data packet up to the Network layer. The Data Link layer is made up of two sub layers, including the logical link control layer (LLC) and the media access control layer (MAC). You might be familiar with the MAC layer, as it shares its name with the MAC addressing scheme. These 6-byte (48-bit) addresses are used to uniquely identify each device on the local network. A major security concern of the Data Link layer is the Address Resolution Protocol (ARP) process. ARP is used to resolve known Network layer addresses to unknown MAC addresses. ARP is a trusting protocol and, as such, can be used by hackers for ARP poisoning, which can allow them access to traffic on switches they should not have.

Physical layer(1). bit-level communication takes place. The bits have no defined meaning on the wire, but the Physical layer defines how long each bit lasts and how it is transmitted and received. From a security standpoint, you must be concerned anytime a hacker can get physical access. By accessing a physical component of a computer network—such as a computer, switch, or cable—the attacker might be able to use a hardware or software packet sniffer to monitor traffic on that network. Sniffers enable attacks to capture and decode packets. If no encryption is being used, a great deal of sensitive information might be directly available to the hacker.

from CEH