OSI model: 7 layers & common security attacks | Stackscale

The OSI model, short for Open Systems Interconnection model, is a 7-layer model that describes an architecture of data communications in computer networking.

The OSI reference model was developed in the late 1970s. However, due to its late invention, it was not implemented and has only remained as a reference model. The current model implemented on the Internet is the TCP/IP model (Internet Protocol Suite).

OSI model layers

The OSI model defines seven abstraction layers computer systems use to communicate over a network, in order to enable the communication between users. Each OSI model layer has specific functions, which communicate and interact with the layers immediately above and below.

Layers are classified into two categories:

  • Host layers: the application layer, the presentation layer, the session layer and the transport layer.
  • Media layers: the network layer, the data link layer and the physical layer. 

Application layer | 7

The application layer, also known as the “desktop layer”, is responsible for communicating with applications, both host-based and user-facing. This is the layer closest to the user.

It enables network access to application services and allows users to receive data. Besides, it specifies the shared communications protocols and interface methods hosts use in communication networks.

This OSI model layer communicates and interacts with: the presentation layer.

The most common security attack on the application layer is: an exploit attack.

Presentation layer | 6

The presentation layer, also known as the “syntax layer”, is responsible for formatting and translating data into the format the application layer specifies. It is to say, it acts as the network’s data translator to ensure that the data sent out by the application layer is readable by the receiving system’s application layer.

This OSI model layer communicates and interacts with: the application layer and the session layer.

The most common security attack on the presentation layer is: a phishing attack. 

Session layer | 5

The session layer is responsible for opening, managing and closing sessions between end-user application processes. It establishes, manages and terminates the connections between local and remote applications.

This host layer creates the setup, controls the connection, ends the teardown between computers, and checkpoints and recovers sessions.

This OSI model layer communicates and interacts with: the presentation layer and the transport layer.

The most common security attack on the session layer is: a hijacking attack.

Transport layer | 4

The transport layer is responsible for providing means of transferring variable-length data sequences from a source host to a destination host. The protocols on this host layer provide end-to-end communication services for applications.

It recognizes two modes, connection-oriented and connectionless, to provide reliable transmission between points on a network.

This OSI model layer communicates and interacts with: the session layer and the network layer.

The most common security attacks on the transport layer are: reconnaissance and DoS attacks.

Network layer | 3

The network layer is responsible for providing means of transferring packets between connected nodes, via one or several networks. It structures and manages multi-node networks, using routers and switches to manage its traffic.

This OSI model layer communicates and interacts with: the transport layer and the data link layer.

The most common security attack on the network layer is: a man-in-the-middle attack.

Data link layer | 2

The data link layer is responsible for transferring data frames between two directly connected nodes, within the same local area network. It packages raw bits from the physical layer into frames. It might also perform error checking and correction.

This OSI model layer communicates and interacts with: the network layer and the physical layer.

The most common security attack on the data link layer is: a spoofing attack. 

Physical layer | 1

The physical layer is responsible for transmitting and receiving unstructured raw data between devices and physical transmission media. It can be implemented through diverse hardware technologies.

This OSI model layer communicates and interacts with: the data link layer. It translates logical communications requests from the data link layer into hardware-specific operations in order to transmit and receive signals.

The most common security attack on the physical layer is: a sniffing attack. 

OSI model layers and common cyberattacks

Types of attacks in the OSI model by layer

These are the different types of attacks that can affect each particular layer of the OSI model.

OSI model layer Type of attack
Application layer Exploit
Presentation layer Phishing
Session layer Hijacking
Transport layer Reconnaissance / DoS
Network layer Man-in-the-middle
Data link layer Spoofing
Physical layer Sniffing

Exploit on the application layer

An exploit consists of taking advantage of vulnerabilities in software applications to gain unauthorized access and take control over a system, and perform diverse types of attacks, such as a denial-of-service attack.

Phishing attacks on the presentation layer

Phishing attacks consist of deceiving individuals into revealing sensitive data through diverse techniques. It is one of the most commonly used cyberattacks nowadays and includes many types of attacks.

Hijacking attacks on the session layer

Hijacking attacks consist of intercepting and taking control of an established communication session either to access sensitive data or to gain unauthorized access to the targeted user’s computer or account.

Reconnaissance and DoS attacks on the transport layer

Reconnaissance attacks consist of gathering information about a system in order to identify its vulnerabilities. Although it was originally used as an ethical hacking technique to identify security loopholes and improve security, it has also become a mechanism to identify vulnerabilities before launching a cyberattack.

DoS attacks, short for “Denial-of-service attacks”, consist of making a resource unavailable to users by flooding the target with superfluous requests that intend to prevent legitimate requests from being fulfilled. The disruption can be either temporary or indefinite. When the attack originates from numerous sources at a time, it is known as Distributed denial-of-service attack or DDoS attack. 

Man-in-the-middle attacks on the network layer

Man-in-the-middle attacks, abbreviated as “MitM attacks”, consist of an attacker placing himself between two communicating parties to monitor, relay and even alter the content of messages. While both parties believe to be communicating with each other directly and securely.

This attack is also known under many other names, such as:

  • Machine-in-the-middle attack.
  • Manipulator-in-the-middle attack.
  • Meddler-in-the-middle attack. 

Spoofing attacks on the data link layer

Spoofing attacks consist of a person or program falsifying data to identify as an authorized user or device. By impersonating authorized users or devices, attackers can bypass access control to systems, steal data and spread malware.

Sniffing attacks on the physical layer

Sniffing attacks consist of intercepting data using a packet sniffer application. Then, if the captured packets are not encrypted, the packet sniffer can be used to read them. This allows attackers to analyze the network and gain information to corrupt it or even cause it to crash.

This 7-layers networking model and the common cyberattacks associated with each of them highlight the importance of assessing risks and vulnerabilities to protect corporate security at all levels. IT threats are commonplace nowadays and cannot be overlooked. As a result, strict approaches to security such as Zero Trust and Disaster Recovery solutions are becoming widely used among organizations to ensure business continuity.