Securing Protocol Layers   «Prev  Next»

Lesson 3 Physical/data link layers
Objective Physical and data link layers of network.

Physical and Data Link Layers

TCP/IP physical and data link layers

TCP/IP Protocol layers consisting of 1) Application Layer, 2) Transport Layer, 3) Internet Layer, 4) Network Layer
TCP/IP Protocol layers consisting of 1) Application Layer, 2) Transport Layer, 3) Internet Layer, 4) Network Layer

Securing the physical and data link layers

Network layer protocols

The protocols used at the network layers assist in host-to-host communication. Most security threats do not originate at this layer of the TCP/IP stack; however, you must know what protocols are used.
The Open Systems Interconnection (OSI) model is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system. It consists of seven layers, each providing specific network functions. While security threats can potentially occur at any layer, they are primarily concentrated at the following three layers:
  1. Application Layer (Layer 7): This is the most visible layer to end-users, where applications and services such as HTTP (web browsing), SMTP (email), and DNS (domain name resolution) operate. Given its high exposure and interaction with users and applications, this layer is a common target for security threats. Attacks such as Cross-Site Scripting (XSS), SQL Injection, DDoS, phishing, and malware often take place at this layer. Moreover, data breaches usually occur at this level when attackers exploit vulnerabilities in application software or intercept unencrypted data.
  2. Transport Layer (Layer 4): The Transport layer, responsible for end-to-end communication and data integrity, is another common layer where security threats occur. TCP and UDP protocol-based attacks, including SYN flood attacks, occur at this layer. Session hijacking, where attackers insert themselves into a legitimate communication session, also happens here.
  3. Network Layer (Layer 3): The Network layer, which handles routing and packet forwarding, is prone to threats like IP spoofing and certain types of Distributed Denial of Service (DDoS) attacks. In IP spoofing, an attacker sends packets from a false source address to make it appear as if the packet is from a trusted source, thereby gaining unauthorized access to a device.

t's crucial to note that comprehensive network security must consider all layers of the OSI model. The adoption of a defense-in-depth approach, which involves implementing security controls across multiple OSI layers, is widely recognized as an effective strategy to protect against a range of network-based threats. This strategy acknowledges that while certain layers are targeted more frequently, threats can and do occur at every level of the model.

[1]Network topology :The type of network (ethernet or token ring), the IP address range, the subnet mask, and the naming scheme. The most common network topologies are the star, bus, ring and hybrid.

[2]Packet sniffer: A device or program that is used to monitor traffic on a network, can be installed anywhere in a networked system, and is virtually undetectable. Sniffers are used for legitimate network management functions or for stealing information off a network.

[3]Encryption: The process of disguising a message to make it unreadable by humans. The resulting data is called ciphertext.