Table of Contents 4 sections
What is the OSI Model?
The OSI (Open Systems Interconnection) model is a conceptual framework developed by the International Organization for Standardization (ISO) in 1984. It divides network communication into seven abstract layers, each responsible for a specific set of functions. By breaking down complex networking processes into discrete layers, the model provides a universal language for engineers, developers, and security professionals to discuss and troubleshoot network operations.
Each layer in the OSI model communicates only with the layers directly above and below it. Data travels down through the layers on the sending device, is transmitted across the network medium, and then travels back up through the layers on the receiving device. This encapsulation and de-encapsulation process ensures that each layer can function independently while still contributing to the overall communication process.
The Seven Layers Explained
The seven layers, from bottom to top, are: Physical (Layer 1), Data Link (Layer 2), Network (Layer 3), Transport (Layer 4), Session (Layer 5), Presentation (Layer 6), and Application (Layer 7). The lower layers (1-3) handle the physical transmission and routing of data, while the upper layers (5-7) manage application-level services such as session management and data formatting.
Layer 4, the Transport layer, acts as a critical bridge between the two groups. It is responsible for end-to-end communication, error recovery, and flow control. Protocols like TCP and UDP operate at this layer, determining how data is segmented, transmitted, and reassembled at the destination.
OSI Model and Network Security
Understanding the OSI model is essential for network security because different threats target different layers. For example, DDoS attacks often target Layers 3 and 4 (network and transport), while SQL injection and cross-site scripting attacks target Layer 7 (application). Firewalls, intrusion detection systems, and web application firewalls are designed to protect specific layers of this model.
By mapping security tools and threats to specific OSI layers, administrators can build a defence-in-depth strategy that provides comprehensive protection across the entire network stack. This layered approach ensures that a failure or breach at one layer does not automatically compromise the entire system.
OSI Model vs TCP/IP Model
While the OSI model is widely taught as a theoretical framework, the TCP/IP model is the practical standard used on the modern internet. The TCP/IP model consolidates the seven OSI layers into four layers: Network Access, Internet, Transport, and Application. Despite this difference, the OSI model remains invaluable as a teaching and troubleshooting tool.
Most real-world protocols do not map perfectly to a single OSI layer, but the model provides a shared vocabulary that makes it easier to discuss where in the networking stack a particular issue or technology applies.
FAQ
Frequently Asked Questions
The seven layers are Physical (1), Data Link (2), Network (3), Transport (4), Session (5), Presentation (6), and Application (7). Each layer handles a specific aspect of network communication.
The OSI model helps security professionals identify which layer a threat targets, enabling them to deploy the right defensive tools such as firewalls at Layer 3-4 or WAFs at Layer 7.
The OSI model has seven layers and is primarily a theoretical framework, while the TCP/IP model has four layers and is the practical standard used on the internet today.
Tags
Related Definitions
What is a denial-of-service (DoS) attack?
A denial-of-service (DoS) attack is a cyberattack that aims to make a computer, server, or network resource unavailable to legitimate users by overwhelming it with a flood of malicious traffic or exploiting vulnerabilities.
What is a Ping of Death (PoD) attack?
A Ping of Death (PoD) attack is a denial-of-service attack in which an attacker sends a malformed or oversized ICMP ping packet that exceeds the maximum allowed IP packet size, causing the target system to crash or freeze.
What is a WAF (Web Application Firewall)?
A Web Application Firewall (WAF) is a security solution that monitors, filters, and blocks HTTP/HTTPS traffic between a web application and the internet to protect against application-layer attacks.
What is blackhole routing?
Blackhole routing is a network defence technique where traffic destined for a specific IP address or range is silently dropped by routing it to a null interface, commonly used as an emergency response to DDoS attacks.