Chapter 135: OSI Model - (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (2023)

OSI Model

Communication between computers over networks is made possible through protocols. ONEProtocolis a set of rules and restrictions that determine how data is transmitted over a network medium (eg twisted pair cable, wireless transmission). The International Organization for Standardization (ISO) developed the Open Systems Interconnection (OSI) reference model for protocols in the late 1970s.

History fon Mold OSI Model

TheOSI Report Model(more commonly calledOSIit was not the first or only attempt to create a common communication standard. In fact, the most widely used protocol today, TCP/IP (which is based on the Defense Advanced Research Projects Agency (DARPA) model and is also known today as the TCP/IP model), was developed in the early 1970s. OSI was not developed until the late 1970s (and not officially published as the ISO 7498 standard until 1984).

TheOSI Modelwas developed to create a common communication structure or standard for all computer systems. The OSI model serves as an abstract framework or theoretical model of how protocols should work in an ideal world on ideal hardware. The OSI model has become a common reference point.

OSI Functionality

The OSI model divides network operations into seven layers. Each layer is responsible for performing specific tasks or functions, with the ultimate goal of supporting data exchange (in other words, network communication) between two computers. They are listed either by their name or their shift number. The levels are specifically classified to show how information flows through the different levels of communication. Each layer communicates directly with the layers above and below.

IMAGE 11.1 The OSI Model

Encapsulation/Decapsulation

The OSI model represents a protocol stack, which is a layered collection of multiple protocols (ie, a multi-layer protocol). Communication between protocol layers is done through encapsulation and decapsulation.Encapsulationis the addition of a header and possibly a footer to the data that each layer receives from the layer above before passing it to the layer below. As the message is encapsulated at each layer, the header and payload of the previous layer become the payload of the current layer. The reverse action that occurs as data flows through the layers of the OSI model from the physical layer to the application is known as (note: sometimes the term decapsulation is used, but the Internet Engineering Task Force (IETF) uses the term decapsulation used. ) The encapsulation/decapsulation process proceeds as follows:

1. The application layer receives data from the software. The application layer encapsulates the message by adding information to it. The information is usually only added to the beginning of the message (called a header). However, some layers also add material to the end of the message (called a footer), as shown inImageThe application layer passes the encapsulated message to the presentation layer.

2. The process of routing the message and adding layer-specific information continues until the message reaches the physical layer.

3. At the physical level, the message is converted into electrical pulses representing bits and transmitted over the physical link.

4. The receiving computer captures the physical link bits, reconstructs the message at the physical layer, and sends the message at the data link layer.

5. The data link layer removes its information and sends the message to the network layer.

6. This decapsulation process is performed until the message reaches the application layer.

7.When the message reaches the application layer, the data in the message is sent to the intended software recipient.

IMAGE 11.2 OSI Model Encapsulation

The information extracted from each layer contains instructions, checksums, etc. that can only be understood by the peer that originally added or created the information (seeImageThis is known asPeer layer

IMAGE 11.3 The OSI Model Peer layer logically channels

Data sent in the application layer protocol stack (Layer 7) is encapsulated in a network container. TheProtocol Data Unit (PDU)it is then passed to the presentation layer (Layer 6), which in turn passes it to the session layer (Layer 5). This network container is called a PDU at layers 7, 6, and 5. Once the network container reaches the transport layer (Layer 4), it is referred to as aDepartment(TCP) or aDatagramm(User Data Protocol [UDP]). At the network layer (Layer 3) it says: At the data link layer (Layer 2) it says: At the physical layer (Layer 1) the network container becomesBitsfor transmission over the physical connection medium.Image 11.4Displays the label applied to the network container at each level.

IMAGE 11.4 OSI Model based on the mattress network Container names

OSI The law

By understanding the roles and responsibilities of each layer of the OSI model, you can better understand how network communications work, how attacks can occur, and how security can be applied to protect network communications.

I remember Mold OSI

Mnemonics can help you remember the layers of the OSI model in order: Application, Presentation, Session, Transport, Network, Data Link, and Physical (from top to bottom). Examples include: "Please Don't Teach Surly People Acronyms" (physical level to application level) and "Every President since Truman has never smoked pot" (application level to physical level).

Application layer

TheApplication layer (Layer 7)is responsible for connecting user applications, network services, or the operating system to the protocol stack. The software application is not at this level. Instead, it contains the protocols and services needed to transfer files, exchange messages, connect to remote terminals, etc.

presentation layer

Thepresentation layer (Layer 6)is responsible for converting data into a format that can be understood by any system that follows the OSI model. Defines common or standard structure and formatting rules for data. The presentation layer is also responsible for encryption and compression.

There is no real presentation layer in TCP/IP networks. Currently, there is no need to reshape data for network transport, and protocol stack compression is only done in conjunction with some encryption functions. Encryption associated with network communications can occur in at least five places:

•Encryption before the network, where software encrypts data before sending it to the application layer

•Transport layer encryption, typically performed by TLS

•VPN encryption, which can be level 2, 3 or 4 depending on the VPN technology used (eg L2TP, IPsec or OpenVPN).

•Wireless data link level encryption

•Physical layer bulk encryption (provided by a device outside the NIC)

meeting layer

Themeeting layer (Layer 5)is responsible for establishing, maintaining and terminating communication sessions between two computers. Manages dialog discipline or dialog control (simple, half-duplex, full-duplex), establishes checkpoints for grouping and recovery, and retransmits PDUs that have failed or been lost since the last checkpoint checked.

There is no real session layer in TCP/IP networks. Session layer functions are handled by TCP at the transport layer or not at all when UDP is used.

Communication sessions can be conducted in one of three different modes of discipline or control:

•Simplex:one-way communication

•Half duplex:Two-way communication, but only one direction can send data at a time

•Vollduplex:Two-way communication, where data can be sent in both directions at the same time

Transport layer

TheTransport layer (Layer 4)is responsible for maintaining the integrity of a connection and controlling the session. The transport layer establishes communication between nodes (also known as devices) and defines the rules of a session. Session rules determine how much data each segment can contain, how message integrity is checked, and how data loss is determined. Session rules are established through a handshake process. (For more information on TCP's three-way SYN/ACK handshake, see "Transport Layer Protocols" later in this chapter.)

The transport layer creates a logical connection between two devices and provides end-to-end transport services to ensure data delivery. This layer includes mechanisms for segmentation, sequencing, error control, data flow control, error correction, multiplexing, and optimization of network services. The following protocols operate within the transport layer:

•Transmission Control Protocol (TCP)

•Πρωτόκολλο User Datagram (UDP)

•Transport Layer Security (TLS)

network layer

Thenetwork layer (Layer 3)is responsible for logical addressing and routing. Logical addressing occurs when an address is assigned and used by software or protocol instead of being provided and controlled by hardware. The network layer packet header contains the source and destination IP addresses.

The network layer is responsible for providing routing or delivery instructions, but is not responsible for verifying guaranteed delivery. The network layer also manages debugging and node traffic (ie traffic control).

non ip, the Legacy, log

non IP logare protocols that serve as an alternative to IP at the OSI network layer (3). With the dominance and success of TCP/IP, non-IP protocols (ie.legacyhave become the purview of specialized networks such as IPX, AppleTalk, and NetBEUI. Because non-IP protocols are rare, most firewalls cannot perform header, address, or payload content filtering on these protocols. Also, non-IP protocols can be encapsulated in IP for Internet communication. Therefore, older protocols should be blocked.

A router is the primary network hardware device that operates at Layer 3. Routers determine the best logical path for packet transmission based on speed, hops, preferences, etc. Routers use the destination IP address to control the transmission of packets.

route guidance log

There are two major categoriesInternal route guidancedistance vector and link state.distance Vector route guidance logMaintain a list of destination networks along with direction and distance metrics, measured in hops (in other words, the number of routers you need to traverse to reach the destination).shortest way Condition route guidance logGather router characteristics such as speed, latency, error rates, and actual monetary cost of use. This information is tabulated to make a next-hop routing decision. Common examples of distance vector routing protocols are:route guidance Information Protocol (REST IN PEACE)AndInternal Tor route guidance ProtocolCommon examples of link state routing protocols are:Open shorter Away First (OSPF)Andintermediate System To intermediate SystemThere is also a widely used extended distance vector routing protocol that replaces IGRP:advanced Internal Tor route guidance Protocol

There is one main categoryOutside route guidance logthis is called the path vector.Away Vector route guidance logMake next-hop decisions based on the total remaining path (i.e. vector) to the destination. This differs from internal routing protocols, which make next-hop decisions based solely on information related to the immediate next hop. Internal routing protocols are myopic, while external routing protocols are far-sighted. The main example of a path vector protocol isBorder Tor Protocol

Route security can be enforced by configuring routers to accept route updates only from other authenticated routers. Administrative access to a router should be physically and logically limited to only certain authorized entities. It's also important to keep your router's firmware up to date.

Data shortest way layer

TheData shortest way layer (Layer 2)is responsible for formatting the packet for transmission. The correct format is determined by the network hardware, topology, and technology, such as Ethernet (IEEE 802.3).

Part of the processing performed on the network container within the data link layer involves adding the source and destination hardware addresses to the frame. TheUtensils, accessories Addressit's themedia Access control (MAC)This is a 6 byte (48 bit) binary address written in hexadecimal notation (eg 00-13-02-1F-58-F5). This address is also known asphysicallyMoldNICandEthernetThe first 3 bytes (24 bits) of the address are theorganizational unique IdentifierThis indicates the provider or manufacturer of the physical network interface. OUIs are registered with the Institute of Electrical and Electronics Engineers (IEEE), which controls their publication. The OUI can be used to identify the manufacturer of a NIC through the IEEE website at . The last 3 bytes (24 bits) of the MAC address represent a unique number assigned to this interface by the manufacturer. Some manufacturers encode information in these last 24 bits, which can represent the make, model, and production run along with a unique value. Therefore, some devices (eg, mobile devices, IoT devices, and embedded systems) that use a unique network card can be identified by their MAC address.

Among the protocols at the data link layer (Layer 2) of the OSI model, you should be familiar with the Address Resolution Protocol (ARP). See "ARP Concerns" later in this chapter for more information.

Network hardware devices that operate at layer 2, the data link layer, are switches and bridges. These devices support MAC-based traffic routing. Switches receive a frame on one port and forward it to another port based on the destination MAC address. Destination MAC addresses are used to determine whether a frame will be transmitted across the bridge from one network segment to another.

Physically layer

ThePhysically layer (Layer 1)converts a frame into bits for transmission over the physical link medium and vice versa for receiving communications.

Network hardware devices that operate at layer 1, the physical layer, are NICs, hubs, repeaters, concentrators, and amplifiers. These devices perform hardware-based signaling functions, e.g. B. Sending a signal from one connecting port to all other ports (a hub) or amplifying the signal to support longer transmission distances (a repeater).