Physical and Data Link Layers

Describe the physical and data link layers of a network.
The physical layer is composed of the electronic signals transmitted over fiber, coaxial cable, twisted pair wires, modem lines and infrared. The physical layer is always present whenever data is transmitted over any medium. The data link layer defines how the signals from the physical layer are reassembled into a usable format.

To maintain security in these layers, you must understand the network topology^[1] that you are protecting. Common hacker methods for attacking and penetrating a network are to install a packet sniffer^[2] onto one of the company's internal machines or to attach a wiretap to the physical media. Using the techniques of encryption^[3], data labels, and traffic padding make it very difficult for a hacker to successfully use any information obtained from a sniffer.

The protocols used at the network layers assist in host-to-host communication. Most security threats do not originate at this layer of the TCP/IP stack; however, you must know what protocols are used.
The Open Systems Interconnection (OSI) model is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system. It consists of seven layers, each providing specific network functions. While security threats can potentially occur at any layer, they are primarily concentrated at the following three layers:

1. Application Layer (Layer 7): This is the most visible layer to end-users, where applications and services such as HTTP (web browsing), SMTP (email), and DNS (domain name resolution) operate. Given its high exposure and interaction with users and applications, this layer is a common target for security threats. Attacks such as Cross-Site Scripting (XSS), SQL Injection, DDoS, phishing, and malware often take place at this layer. Moreover, data breaches usually occur at this level when attackers exploit vulnerabilities in application software or intercept unencrypted data.
2. Transport Layer (Layer 4): The Transport layer, responsible for end-to-end communication and data integrity, is another common layer where security threats occur. TCP and UDP protocol-based attacks, including SYN flood attacks, occur at this layer. Session hijacking, where attackers insert themselves into a legitimate communication session, also happens here.
3. Network Layer (Layer 3): The Network layer, which handles routing and packet forwarding, is prone to threats like IP spoofing and certain types of Distributed Denial of Service (DDoS) attacks. In IP spoofing, an attacker sends packets from a false source address to make it appear as if the packet is from a trusted source, thereby gaining unauthorized access to a device.

t's crucial to note that comprehensive network security must consider all layers of the OSI model. The adoption of a defense-in-depth approach, which involves implementing security controls across multiple OSI layers, is widely recognized as an effective strategy to protect against a range of network-based threats. This strategy acknowledges that while certain layers are targeted more frequently, threats can and do occur at every level of the model.

[1]Network topology :The type of network (ethernet or token ring), the IP address range, the subnet mask, and the naming scheme. The most common network topologies are the star, bus, ring and hybrid.

[2]Packet sniffer: A device or program that is used to monitor traffic on a network, can be installed anywhere in a networked system, and is virtually undetectable. Sniffers are used for legitimate network management functions or for stealing information off a network.

[3]Encryption: The process of disguising a message to make it unreadable by humans. The resulting data is called ciphertext.