The OSI Model's Role In Building A Secure Network Architecture

Uploaded on 2023-12-05 in TECHNOLOGY--Resilience, FREE TO VIEW

Brought to you by Renelis Mulyandari    
  
The Open Systems Interconnection (OSI) model is a framework that is commonly cited in computer networking and cybersecurity discussions. Interestingly, it was developed by the International Standards Organization (ISO).

It serves as a guide for troubleshooting network problems, as well as in understanding and implementing security measures related to network communication.

While the OSI model is not an essential factor in the operation of networking protocols nowadays, it serves as an important tool in understanding and identifying security risks. It also helps in meaningfully analyzing the capabilities of cybersecurity solutions. The OSI model and cybersecurity share a strong affinity, and this relationship is something organizations should consider exploring as they aim to build secure network architecture.

Layer-by-layer Approach To Security

Before discussing the role of the OSI model in building a secure architecture, it’s important to get acquainted with its layers. Network stacks are not as straightforward as they may seem. They are complex and involve multiple layers. The OSI model pierces into this complexity by providing an abstraction to facilitate a better understanding of the network communication process and its impact on the emergence of security risks, the troubleshooting of problems, and the dynamics of network-layer attacks.

There are seven layers under the OSI model, namely the physical, data link, network, transport, session, presentation, and application layers. These layers present the structure by which data moves regardless of the protocol used. 

As the name suggests, the physical layer is the point where the physical transmission of raw data happens over a physical medium. The data link layer is where raw data is transmitted into frames to be transmitted at the physical layer. The network layer is responsible for routing traffic to its intended destination according to the indicated IP addresses. 

Meanwhile, the transport layer, the first of the so-called host layers, is responsible for managing data transmission between nodes. The session layer, another host layer, is where sessions between nodes are managed and protocol data units (PDU) are handled. Next, the presentation layer translates data from network data into formats that are usable for the destination applications. Lastly, the application layer is where data is served to end users, including the exchange of data between a web server and a client app.

These layers enable network connections in a systematic and standardized manner. They facilitate interoperability for protocols and various network devices. Being familiar with these layers supports the formulation of comprehensive network security solutions.

When More Is Better

The seven layers of the OSI model are notably more than the four (application, transport, internet, and network access) in the TCP/IP model, an older model that approximates the flow of networking protocols. This may appear counterintuitive given the trend of simplification in cybersecurity and tighter technology stacks, but having more layers has the benefit of a better representation of all the functions involved in network communications.

The OSI model provides a more intuitive way of examining network operations, which makes it easier to resolve issues affecting network protocols. The seven layers provide a clearer way to discuss different network-level attacks. Also, it allows the security team to have a more thorough scrutiny of the security of networking protocols. 

The TCP/IP model is a practical representation of the network stack because it presents the layers in a way that is more structurally similar to the network protocols in real-world settings. In contrast, the OSI model is largely an abstraction of actual network protocols. It is a theoretical model that presents descriptions of the different tasks undertaken to enable data transmission.

How The OSI Model Fosters Security

The OSI model serves as a good basis for building a secure network infrastructure. Here’s a quick rundown of how the model influences security considerations.

Layer 1 or the physical layer is viewed as the soft underbelly of cybersecurity. This is because of the various attacks aimed at the hardware or physical devices of a network. These attacks are often overlooked because security strategies often focus on the software side. The OSI model makes it clear that ample attention should be given to defending the physical layer.

On the other hand, the processes at the data link and network layers highlight man-in-the-middle attacks (MiTM). These layers are responsible for routing, addressing, and detecting errors, which can be the subject of eavesdropping or attempts to alter the communication between two parties. As such, it is important to implement security measures such as firewalls, network segmentation, and the use of secure protocols such as IPsec.

When it comes to the transport layer, the biggest concern is the handling of sensitive information. If the data that reaches this layer is not encrypted, it can be easily sniffed or tampered with. That’s why it is crucial to implement encryption here. The use of encryption protocols like Transport Layer Security (TLS) is a must to ensure data confidentiality and integrity while it is in transit.

Layers 5 and 6 or the session and presentation layers are not directly related to security protocols. However, they also demonstrate the importance of indirect security mechanisms. The session layer involves session management tasks such as setup, termination, and reconnections. The presentation layer is about making data usable to the next layer (application). There are no direct security solutions that can be applied to these layers but organizations need to ensure the establishment of properly managed sessions and correct data formatting to prevent attacks that may exploit vulnerabilities involving session and presentation functions.

Lastly, the application layer is the point where user interactions take place. Hence, it is the top priority for security solutions. This is the layer where security mechanisms such as user authentication and authorization are implemented. Also, development teams should pay attention to the code security of the application to make sure that it does not contain weaknesses that threat actors can exploit. 

In-depth Defense

The OSI model encourages the establishment of a security strategy that is robust, comprehensive, and in-depth. By incorporating direct and indirect security tools, measures, and solutions across the seven layers of OSI, organizations can ensure that threat actors will have a hard time spotting opportunities for an attack. 

In a way, the OSI model serves as a foundational framework for network operation and security. Every layer contributes something towards a thorough understanding of network threats and the formulation of suitable and viable solutions.

The cyber threat landscape may evolve ceaselessly, but data transmission and network operation tend to abide by a relatively standardized framework in the long run, so it helps to refer to the OSI model in building a secure network architecture.

Image: bru-no

You Might Also Read

Why DNS Protection Should Be A Crucial Part In Building Cyber Defense:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Trouble At Three
The End Of Crypto Currency »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

Czech Accreditation Institute

Czech Accreditation Institute

Czech Accreditation Institute is the national accreditation body for the Czech Republic. The directory of members provides details of organisations offering certification services for ISO 27001.

Digi International

Digi International

Digi is a leading global provider of mission-critical and business-critical machine-to-machine (M2M) and Internet of Things (IoT) connectivity products and services.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

Grant Thornton

Grant Thornton

Grant Thornton is one of the world’s leading networks of independent assurance, tax and advisory firms.

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

Archon Secure

Archon Secure

Archon GoSilent Cube delivers a CSfC-certified, plug-and-play security solution for classified and unclassified communication when using the public Internet.

Synagex

Synagex

Synagex Modern IT is a simple IT and cybersecurity solution for businesses.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

FearsOff

FearsOff

FearsOff is a global information security company serving clients worldwide. White hat operators with a black hat mindset to emulate real world attacks and everchanging threat vectors.

Qryptonic

Qryptonic

Qryptonic pioneers next-generation cybersecurity by leveraging the unparalleled capabilities of quantum computing to defend against evolving threats.

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (LHC)

Luxembourg House of Cybersecurity (formerly SecurityMadeIn.lu) is the backbone of leading-edge cyber resilience in Luxembourg.