Need 250 word response with 1 cited reference

Hello Everyone,

This week’s forum was a great topic and one that I enjoyed researching because not every day do I deal with the OSI model. In some sense, in regard to network, we utilize this each and every day but when it comes down to the different layers, most people only have general knowledge. It’s basically, I am connected, or I am not connected to the internet. The OSI model is broken down into seven different layers. When I was in training, I was told a way to remember it. “Please Do Not Touch Steve’s Pet Alligator” is the way I remember each layer and some of you may have heard the same way or different ways. Of course, each word is a layer starting with Physical, Data Link, Network, Transport, Session, Presentation, and Application. The primary risk I see in the model overall is the fact that each of the seven distinct layers (regardless of upper or lower) is that they are integrated and dependent upon secure interfaces between the layers (Jacobs, 2016). If I were attempting to penetrate a network it would make sense to focus on the interconnected nature of the layers where security may not be as strong. I state this because I believe it is human nature to focus on high priority items like data, storage, and network where we assume attacks will be coming. The idea of looking for cracks that we can slip through or take advantage of between layers on a network may not get the same scrutiny or investment when it comes to security.

By understanding the seven layers of the OSI model, security personnel can have a better understanding of the threats that their networks may encounter. By breaking the network down into the individual layers, security is able to be applied to create a defense in depth strategy instead of just one overall entity such as the network. This allows security personnel to individually manage each layer to understand if there are any new threats or vulnerabilities within the specific layer of the OSI model. This allows for a better chance at mitigating vulnerabilities before being exploit ensuring the organization’s network is protected. When looking over each layer and what threats can be associated, I would say that besides each layer being dependent on each other, the one common threat that I saw was a DoS attack. Of course, the OSI model is all about the network, and with that, a network attack such as a DoS would be able to occur if not properly protected.

I hope you all have a great week.

V/r

Kurtis

References

Allen, D. (2018, October 24). Guide to identifying and preventing OSI model security risks: Layers 4 to 7. Retrieved August 31, 2020, from https://searchcompliance.techtarget.com/tip/Guide-…

Hazell, L. (2014, September 26). Network Vulnerabilities and the OSI Model. Retrieved August 31, 2020, from https://cybersecuritynews.co.uk/network-vulnerabil…

Jacobs, S. (2016). Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance. Wiley-Blackwell.

Need 250 word response and 1 cited reference

Class,

Good afternoon. I hope you all are well. The OSI network model consists of the higher and lower layers. These two layers can help each further divide down. The lower layer consists of the physical layer, the data link layer, and the network layer. The higher layer consists of the transport layer, session layer, presentation layer, and application layer (Jacobs, 2016, pp 270). Like most things in network engineering, each of these layers presents specific vulnerabilities that must be considered.

LOWER LAYER

Physical Layer: This layer represents the electrical and physical layer of a system. This layer includes everything from the cable and wiring to the radio frequency links. This is also where most network issues occur, and the first place that network administrators go to check (Shaw, 2018).

Data Link Layer: This layer consists of the “node-to-node data transfer” within a system. The most common piece of hardware that operates in this layer switches. Finally, this layer handles error corrections from the physical layer (Shaw, 2018).

Network Layer: At its most function, this layer represents the packet forwarding layer of a system. This layer deals primarily with routing and how packets go from place to place. Network administrators need to understand this layer to know where to place monitoring devices strategically (Shaw, 2018).

HIGHER LAYER

Transport Layer: This layer deals with “the coordination of the data transfer between end systems and hosts” (Shaw, 2018). The best know aspect of this layer is TCP built on top of IP.

Session Layer: This layer is a higher layer which deals with hosts creating sessions with one another. DDoS attacks take place in this layer. Network administrators need to ensure that sessions are being deleted and established when they need to be and that shots are not being clogged up (Shaw, 2018).

Presentation Layer: This layer is perhaps the most theoretical. In general, “it represents the preparation or translation of application format to network format, or from network formatting to application format” (Shaw, 2018). The easiest way to think about this about is layer are problems dealing with encryption/decryption.

Application Layer: this is the layer that most layers see, and is closest to the end-user. Web browsers and applications exist in this layer and act as interfaces for users. When engineering systems, administrators need to make sure that this layer functions smoothly. Without this layer, most end users would not work with the data within the system (Shaw, 2018).

The central connecting tissue that I see between all of these layers enables this system to function correctly; each layer is dependent on the other. So if I am an attacker, I have a target-rich environment from which to choose from. For example, if I cut the power to a business, they cannot access the data within their system. Conversely, if I can corrupt the application layer, it will render all the sub-layer unusable by the end-user. The weakest point of this system is the interconnectedness of the system.

Anyway have a great week and letme know if you need anything else.

Rob

References

Jacobs, S. (2016). Chapter 4-5 In Engineering information security: The application of systems engineering concepts to achieve information assurance (Second ed., pp. 123-267). Hobokin, NJ: John Wiley & Sons.

Shaw, K. (2018, October 22). The OSI model explained: How to understand (and remember) the 7-layer network model. Retrieved August 31, 2020, from https://www.networkworld.com/article/3239677/the-o…