Skip to main content
Milav
  1. Resources/
  2. Study Materials/
  3. Information & Communication Technology Engineering/
  4. ICT Semester 5/
  5. Cyber Security (4353204)/

2 mins· ·
Milav Dabgar
Author
Milav Dabgar
Experienced lecturer in the electrical and electronic manufacturing industry. Skilled in Embedded Systems, Image Processing, Data Science, MATLAB, Python, STM32. Strong education professional with a Master’s degree in Communication Systems Engineering from L.D. College of Engineering - Ahmedabad.
OSI Model Security

OSI Model Security

Security Attacks, Mechanisms, and Services

Layer-by-Layer Security Analysis

OSI Model Complete Security
OSI Model Security
OSI Model Complete Security

Security Attack Classification

Two Main Categories:

  • Passive Attacks: Monitor and eavesdrop
  • Active Attacks: Modify or disrupt data
Security Attacks Mechanisms Services

Layer 1: Physical Layer

Security Attacks:

  • Eavesdropping on physical media
  • Physical damage to hardware
  • Cable tapping

Security Mechanisms:

  • Shielded cables
  • Physical security controls
  • Surveillance systems

Layer 2: Data Link Layer

Security Attacks:

  • MAC spoofing
  • Switching attacks
  • MAC flooding

Security Mechanisms:

  • MAC address filtering
  • Port security
  • Link encryption

Layer 3: Network Layer

Security Attacks:

  • IP spoofing
  • Routing attacks
  • DDoS attacks

Security Mechanisms:

  • Firewalls
  • Intrusion Detection Systems
  • IPsec

Layer 4: Transport Layer

Security Attacks:

  • Port scanning
  • Session hijacking
  • TCP flooding

Security Mechanisms:

  • Transport Layer Security (TLS)
  • TCP wrappers
  • Port filtering

Layer 5: Session Layer

Security Attacks:

  • Session hijacking
  • Session fixation
  • Session replay

Security Mechanisms:

  • Session tokens
  • Session timeouts
  • Secure session management

Layer 6: Presentation Layer

Security Attacks:

  • Man-in-the-Middle (MitM)
  • Data interception
  • Encryption attacks

Security Mechanisms:

  • Encryption/Decryption
  • Data compression
  • Digital certificates

Layer 7: Application Layer

Security Attacks:

  • Malware
  • Phishing
  • SQL injection
  • Cross-site scripting (XSS)

Security Mechanisms:

  • Antivirus software
  • Web Application Firewalls
  • Authentication systems

Security Services by Layer

  • Physical: Physical protection
  • Data Link: Link encryption
  • Network: Secure routing
  • Transport: End-to-end encryption
  • Session: Session management
  • Presentation: Data encryption
  • Application: Authentication & authorization

OSI Layers Memory Aid

"Please Do Not Throw Sausage Pizza Away"

  • Physical
  • Data Link
  • Network
  • Transport
  • Session
  • Presentation
  • Application

Layered Security Strategy

  • Defense in Depth: Security at multiple layers
  • Layer Coordination: Integrated security approach
  • Complementary Controls: Different mechanisms per layer
  • Comprehensive Coverage: Address all attack vectors

Real-World Examples

  • HTTPS: Multiple layer security (3,4,6,7)
  • VPN: Network and transport layer protection
  • WiFi Security: Physical and data link protection
  • Email Security: Application layer protection

OSI Security Best Practices

  • Implement security at multiple layers
  • Match security mechanisms to threats
  • Regular security assessments per layer
  • Monitor all layer activities
  • Keep security mechanisms updated

Key Takeaways

  • Each OSI layer has specific security concerns
  • Different attack types require different defenses
  • Layered security provides comprehensive protection
  • Understanding layers helps in threat modeling
  • Security mechanisms must work together
Remember: Layer-by-layer security = Defense in depth

Thank You

Questions & Discussion

Next: Cryptography Basics and Fundamentals