The Open Systems Interconnect (OSI) model is a standard reference model for the communication between two end users. Seven different layers make up the OSI model: physical, data link, network, transport, session, presentation, and application. This paper will cover the type of security that is associated with each level of the OSI model.
The physical layer is where the actual communication occurs between devices. The security of the physical layer pertains to the actual hardware. The vulnerabilities of the physical layer include: Power outage
Environmental control loss
Hardware theft, damage or destruction
Unauthorized hardware changes (i.e.; removable media, data connections) Detachment of the physical data links
Unnoticeable Data Interception
Certain measures can be implemented to ensure the physical layer is secure. This would be done by storing all hardware in a locked environment. The use of electronic locks would control and log all access to the room containing the hardware. The electronic locks could be a PIN and password or fingerprint scanner (biometrics). The use of video and audio surveillance would provide physical proof of unauthorized access that could compromise the hardware.
Data Link Layer
The second layer of the OSI model is the data link layer. This is the layer that transports the data between network nodes in a wide area network (WAN) or on the same local area network (LAN) between nodes. The data link layer makes available the procedural and functional means to move data between network devices and could provide the measures to find and possibly correct errors that may occur in the physical layer. The security vulnerabilities associated with the data link layer are: One device may claim to be a different device by spoofing the MAC address Spanning Tree errors could be introduced either accidental or on purpose causing packets to transmit in infinite loops. Switches could flood all traffic to the VLAN ports and not forward to the proper port. This could result in data being intercepted by any device that is connected to the VLAN. Stations could be force direct communication with other stations which ends up bypassing subnets and firewalls. Weak authentication and encryption on a wireless network could allow for unauthorized connections to the network, data and devices.
Data link layer controls can be implemented to ensure the security of the transmissions. By using MAC address filtering the stations are identified by not only the MAC address but are cross-referenced with the logical access or physical port. Firewalls should be between layers, ensuring physical isolation from one another. Wireless application must be monitored consistently and carefully for unauthorized access. In order to secure the wireless network, the use of the built-in encryption, authentication, and MAC filtering must be implemented with strong passwords.
The third layer of the OSI model is the network layer. This layer is responsible for end to end packet delivery. The network layer issues request to the data link layer and responds to requests from the transport layer and issues requests to the data link layer. The procedural and functional process of sending different length data sequences from a source to a destination by one or more networks while ensuring the quality of service and error control functions are all processed by the network layer. Since the network layer handles the transmission of data some securities issues are present. Three securities are: Route spoofing
IP Address Spoofing
Identity and Resource ID Vulnerability
By ensuring strong route policy controls and the use of strict anti-spoofing and route filters the network is protected route spoofing. A firewall should be set up not only between the network and the outside world but also between the different VLANs. The...