OSI Model and Security Attacks at Each Layer

Boni Yeamin
Cyber Security Engineer
Akij Group,
Bangladesh
[email protected]
akijgroup.co
Table of Contents

1. Introduction

2. Overview of the OSI Model

3. Security Attacks and Prevention at Each Layer

o Physical Layer (Layer 1)

o Data Link Layer (Layer 2)

o Network Layer (Layer 3)

o Transport Layer (Layer 4)

o Session Layer (Layer 5)

o Presentation Layer (Layer 6)

o Application Layer (Layer 7)

4. Best Practices for Securing an organization

5. Conclusion

Introduction

This document provides an overview of the OSI Model, outlines security attacks that may occur at each layer, and
presents methods for preventing these attacks. Understanding the risks and mitigation strategies for each OSI layer
helps in building a secure network architecture for your organization.

Overview of the OSI Model

The OSI (Open Systems Interconnection) model is a framework that categorizes communication protocols into seven
distinct layers. Each layer serves a specific function in the process of transmitting data over a network, from the
physical transmission of signals to the presentation of data to end users.

The 7 layers are:

1. Physical Layer – Deals with the physical transmission of data over network media.

2. Data Link Layer – Handles data frame transmission between adjacent nodes.

3. Network Layer – Manages packet forwarding, routing, and addressing.

4. Transport Layer – Ensures reliable data transfer and error recovery.

5. Session Layer – Establishes, manages, and terminates communication sessions.

6. Presentation Layer – Translates, encrypts, or compresses data for the application layer.

7. Application Layer – Provides services for network applications to function.

 OSI Layer Attack Types Prevention Techniques
- Cable Tapping: Unauthorized access
- Secure physical access to cables and devices.
to cables for eavesdropping.
1. Physical Layer - Jamming: Disrupting wireless signals. - Use encrypted communication.
- Hardware Tampering: Physically - Regular inspections of physical
altering network devices. infrastructure.
- MAC Spoofing: Attacker changes
- Implement Port Security on switches to limit
MAC address to impersonate another
the number of MAC addresses.
device.
- ARP Spoofing: Manipulating ARP - Use Dynamic ARP Inspection (DAI) and ARP
2. Data Link Layer
tables to reroute network traffic. filtering.
- Switch Spoofing: Attacker
- VLAN segmentation to isolate network
impersonates a network switch to
traffic.
reroute traffic.
- IP Spoofing: Sending packets with a
forged IP address to masquerade as - Use firewalls with anti-spoofing rules.
another host.
- Routing Attacks: Modifying routing - Implement Intrusion Detection/Prevention
3. Network Layer
tables to divert traffic (e.g., Man-in- Systems (IDS/IPS) and regularly update
the-Middle attack). routing tables.
- DDoS: Overloading the network with - Rate limiting, DDoS protection tools, and
excessive traffic. firewalls to filter excessive traffic.
- SYN Flood: Overwhelms the server
- Use SYN Cookies to handle connection
by sending many partial connection
requests.
4. Transport Layer requests.
- Session Hijacking: Intercepting and - Secure connections with SSL/TLS and enforce
taking control of an existing session. session timeouts.
- Session Fixation: Attacker forces a
- Rotate session tokens frequently and use
user to use a known session ID, then
short session lifetimes.
5. Session Layer hijacks it.
- Session Hijacking: Stealing session - Use Multi-factor Authentication (MFA) and
tokens to gain unauthorized access. session encryption.
- SSL/TLS Vulnerabilities: Exploiting
flaws in outdated or misconfigured - Regularly update SSL/TLS configurations and
SSL/TLS protocols (e.g., POODLE, SSL use strong ciphers.
6. Presentation
Stripping).
Layer
- Code Injection: Manipulating
- Implement proper input validation and
encoding/decoding processes to inject
secure data translation processes.
malicious code.
- SQL Injection: Inserting malicious
- Apply input sanitization and use
SQL commands into web form inputs
parameterized queries.
to manipulate databases.
- Cross-Site Scripting (XSS): Injecting - Implement input validation and output
malicious scripts into websites, which encoding. Use a Web Application Firewall
7. Application Layer
are executed by other users. (WAF).
- Phishing: Deceptive attempts to steal
sensitive information by - Conduct regular phishing awareness training
impersonating a trusted entity and use email filtering tools.
through emails or websites.
Security Attacks and Prevention at Each Layer

1. Physical Layer (Layer 1)

Attacks:

• Cable Tapping: Unauthorized physical access to cables to intercept communications.

• Jamming: Disrupting wireless communication with interference.

• Hardware Tampering: Physically altering network hardware.

Prevention:

• Secure physical access to network devices (e.g., server rooms, switches).

• Use encrypted communication to mitigate data interception.

• Regularly inspect and protect network infrastructure.

2. Data Link Layer (Layer 2)

Attacks:

• MAC Spoofing: Attacker impersonates another device by changing its MAC address.

• ARP Spoofing: Manipulating ARP tables to reroute traffic through an attacker’s machine.

Prevention:

• Enable Port Security on switches to limit MAC addresses.

• Implement Dynamic ARP Inspection (DAI) to detect ARP spoofing.

• Use VLANs to segment network traffic and isolate sensitive devices.

3. Network Layer (Layer 3)

Attacks:

• IP Spoofing: Attacker sends packets with a forged IP address.

• Routing Attacks: Manipulation of routing tables to reroute traffic.

Prevention:

• Use firewalls and anti-spoofing rules to filter out unauthorized traffic.

• Deploy Intrusion Detection Systems (IDS) to monitor suspicious routing behaviors.

• Implement DDoS protection mechanisms to avoid network overload.

4. Transport Layer (Layer 4)

Attacks:

• SYN Flooding: Overwhelms a server with partial connection requests.

• Session Hijacking: Taking control of a user's session after it’s established.

Prevention:

• Use SYN Cookies to prevent SYN Flood attacks.

• Encrypt sessions using SSL/TLS.

• Monitor and log session activity for anomalies.

5. Session Layer (Layer 5)

Attacks:

• Session Fixation: Attacker sets a known session ID, then hijacks the session.

• Session Hijacking: Stealing or manipulating session tokens.

Prevention:

• Use secure session tokens with short time-to-live (TTL) values.

• Rotate session IDs after successful login.

• Implement Multi-factor Authentication (MFA) to enhance session security.

6. Presentation Layer (Layer 6)

Attacks:

• SSL/TLS Attacks: Exploiting vulnerabilities in outdated or misconfigured SSL/TLS protocols.

• Code Injection: Attacker manipulates data during encoding/decoding phases.

Prevention:

• Regularly update SSL/TLS configurations and use strong ciphers.

• Validate all user inputs to prevent code injection attacks.

• Use encryption to protect sensitive data being transmitted.

7. Application Layer (Layer 7)

Attacks:

• SQL Injection: Inserting malicious SQL queries through application inputs.

• Cross-Site Scripting (XSS): Attacker injects malicious scripts into web applications.

• Phishing: Deceptive emails or websites to trick users into giving away credentials.

Prevention:

• Use Web Application Firewalls (WAF) to monitor and block malicious requests.

• Employ secure coding practices, such as input sanitization and parameterized queries.

• Conduct user awareness training to detect and report phishing attempts.

Best Practices for Securing an organization

 1. Network Segmentation:

o Isolate critical assets by creating separate VLANs or subnets to reduce the spread of attacks.

2. Multi-layered Defense:

o Implement multiple security solutions such as firewalls, IDS/IPS, and endpoint protection at various
OSI layers.

3. Regular Audits and Patching:

o Conduct regular vulnerability scans and penetration tests. Ensure all software and hardware are up
to date with the latest security patches.

4. Employee Training:

o Train employees to recognize social engineering and phishing attacks, use strong passwords, and
apply security protocols.

5. Zero Trust Architecture:

o Adopt a Zero Trust model, where every user and device must be authenticated and verified before
being granted access to any resource.

6. Incident Response Planning:

o Develop a comprehensive incident response plan to quickly respond to security breaches.

Conclusion

By understanding the different types of attacks at each layer of the OSI model and implementing the appropriate
preventive measures, organizations can build robust defenses against various cybersecurity threats. A well-rounded
strategy that combines technology, employee training, and security policies will ensure that your organization
remains protected from malicious actors.