On the web today, information can be transmitted to the other side of the globe in a few milliseconds. Most users do not understand how this works, nor do they need to do so. However, some people need to interact with and influence web traffic in one way or another—for example, those who administer web application security for their organization. For them, it is important to understand what happens when a user visits a website, securely uses an API, or performs other related activities.
However, the modern web can seem bewildering in its complexity, and with everything that is required for it to run smoothly. Therefore, it is useful to conceive of the web (and indeed, many other networks) as a series of layers. This divides the infrastructure and information transmission into a set of concepts that are much easier to understand individually.
The Open Systems Interconnection Model or “OSI Model” is an attempt to make it easier to comprehend and categorize the technological layers that interact with one another within a given computing system. The end result is a series of abstract layers that can be analyzed and considered separately. This can be very helpful when building and maintaining a cybersecurity strategy.
What Is the Open Systems Interconnection Model or “OSI Model”?
The OSI model describes the path of communication in a computing system across seven distinct layers. Within each layer, mechanisms may communicate with the layer above and the layer below. You can conceptualize this as a kind of bucket brigade, in which information is transmitted like a bucket of water from one layer to the next.
Of course, the real interactions are more complex than this; in many cases, the data is transformed or translated into a new form.
What Are the OSI Layers?
In the current OSI model, there are seven layers, defined with assigned numbers. Layer 1 is the lowest layer in the system, and Layer 7 is the highest. The first three layers (1-3) are described as media layers, and the remaining four layers (4-7) are described as host layers.
We’ll describe each of these layers in more detail below. For cybersecurity, layers 3, 4, and 7 are especially important.
What Is Layer 1 of the OSI Model?
The first layer of the OSI model is the physical layer, and it’s where the transmission and reception of raw data occurs. This takes place between a device and a physical transmission medium. In this layer, digital bits are converted into a different type of signal, like an electrical signal or an optical signal. The properties of this layer consist of parameters such as voltage levels, physical data rates, and signal timing. Design constraints include things like clock speeds, heat dissipation, and chip pin layouts.
What Is Layer 2 of the OSI Model?
The second layer of the OSI model is the data link layer. This layer provides node-to-node data transference, and includes a link between two connected nodes. Here, the layer can proactively detect and fix errors that arose from the physical layer.
There are two sublayers defined here, including the medium access control (MAC) layer, which controls how devices get permissions and access, and the logical link control (LLC) layer, which synchronizes frames and handles error checking.
What Is Layer 3 of the OSI Model?
Next is the third layer of the OSI model, which is the network layer. This comes into play when you’re managing a network that contains many different nodes. In this layer, the primary responsibility is controlling and directing variable length data sequences called “packets.” For example, if a packet is too large to be transmitted from one node to another, this layer may split the packet into multiple smaller fragments, to be reassembled upon delivery.
Layer 3 is important when considering a cybersecurity strategy. Packet filtering firewalls operate on this level, and can (for example) deny access to specific ports or specific protocols. Also, some DDoS attacks focus on this layer.
What Is Layer 4 of the OSI Model?
Layer 4 of the OSI model is the transport layer, and it’s the first host layer in the model. In this layer, you’ll find the transmission of data segments between different points on a network, with the help of segmentation, acknowledgment, and multiplexing.
Some of the foundational structure of the web is found at Layer 4; for example the TCP protocol (used for HTTP web browsing) is found at this layer. This also means that some web attacks are waged over this layer, as hackers try to abuse its functionality for their own purposes. For example, along with Layer 3, Layer 4 is also a common target for volumetric DDoS attacks. Cybersecurity tools include Layer 4 firewalls, which add stateful packet inspection to a Layer 3 firewall’s capabilities.
What Is Layer 5 of the OSI Model?
Layer 5 of the OSI model is the session layer, which controls different exchanges between computers. It’s capable of initiating, maintaining, and eventually terminating connections between a local and remote application. In this layer, you’ll also see session checkpointing and recovery.
What Is Layer 6 of the OSI Model?
In layer 6 of the OSI model—the presentation layer—data is serialized (if necessary), translated, and formatted for delivery between different application-layer entities. It allows different entities to communicate, even if they use different data formats internally (for example, ASCII and EBCDIC).
What Is Layer 7 of the OSI Model?
Lastly, the seventh layer of the OSI model is the application layer. This is the layer that’s closest to the end user. It allows a user to interact with software applications directly, using their communication components as necessary. A variety of protocols that are crucial to the web operate on this level, including DNS, FTP, HTTP/S, IMAP, and SSH. Thus, it is also the layer where the widest diversity of cyberattacks occur. A modern WAF (especially a next-generation WAF) will have much of its functionality dedicated to detecting and preventing specific forms of application exploits on this layer.