Network stacks are complex, multi-layered systems that map application-layer data structures to bits transferred over physical media and back again. The Open Systems Interconnection (OSI) Model is a conceptual framework that provides a protocol-agnostic description of how the various layers of a network stack combine to enable network communications. The goal of the OSI model is to enable diverse communication systems to better interoperate using standard communication protocols.
The OSI model takes a complex system and breaks it into several discrete layers based upon the various tasks fulfilled by networking protocols. This abstraction makes it easier to troubleshoot issues, identify security risks, and describe network-layer attacks.
As a theoretical model, the OSI model is not necessary for modern networking protocols to operate. However, it does make it easier to identify security risks and analyze the capabilities of cybersecurity solutions, making it an invaluable tool for network security.
The OSI model is broken up into seven layers. Each layer fulfills an important role within the networking stack and communicates with other layers by exchanging protocol data units (PDUs).
The layers in the OSI model are commonly referred to by name or number (1-7). From lowest-level to highest-level they are:
The physical layer is where the raw bitstream is physically transmitted over a physical medium. The Layer 1 PDU is the “symbol”. This includes translating bits to electricity, light, or radio signals and controlling the rates at which they are sent over the chosen medium.
The data link layer breaks data to be transmitted into frames for transmission at the physical layer. It also manages connections between two different nodes, including setting up the connection, identifying and correcting any bit errors that occur at the physical layer, and terminating the connection once the session is complete.
At the network layer, the focus expands from a point-to-point link to include many interconnected nodes within a network. Network-layer devices operate on packets and are responsible for routing traffic to its destination based on IP addresses.
The transport layer is the first of four “host” layers with the rest referred to as “media” layers. The transport layer PDU is the “segment” or “datagram”. This layer manages the transmission of data between nodes, including ensuring that data arrives in the correct sequence and that any errors are corrected. The Transmission Control Protocol (TCP) operates at Layer 4
The session layer manages sessions between nodes and acts on the “data” PDU. Session management includes setup, authentication, termination, and reconnections.
The presentation layer is primarily responsible for translating data from network data to the formats expected by an application. For example, data encodings and encryption are managed at Layer 6.
The application layer includes protocols designed for end-users. For example, HTTP is a Layer 7 protocol designed to transmit data between a web server and a client.
The OSI model is only one networking model. Another is the TCP/IP model, which predates the OSI model and maps more closely to the protocols that implement the networking stack.
The TCP/IP model breaks the network stack into four layers:
The OSI model is more theoretical, describing the various tasks that must be accomplished to enable application-layer data to be transmitted via electricity, light, or radio waves. The TCP/IP model is more practical and maps closely to actual network protocols.
OSI provides a mental model for how networking works, including describing all of the various functions that are performed to make network communications possible. This model makes it easier to troubleshoot issues with network protocols, to examine the security of networking protocols, and discuss various network-level attacks.
Network attacks can occur at varying levels of the OSI model. For example, Distributed Denial of Service (DDoS) attacks can attempt to exhaust network bandwidth (layers 3/4) or overwhelm a particular application with more requests than it can handle (layer 7).
An enterprise network security architecture should have the ability to view and analyze data at all of the “host” layers (4-7) of the OSI model. To learn more about expanding your organization’s network visibility through the OSI model, you’re welcome to request a free demo of Check Point Quantum Network Security.