Deals

Oneplus Bullets Z2 Bluetooth Wireless in Ear Earphones with Mic, Bombastic Bass - 12.4 mm Drivers, 10 Mins Charge - 20 Hrs Music, 30 Hrs Battery Life, IP55 Dust and Water Resistant (Magico Black) Tukzer Universal Stylus Pen for Smartphone/Tablet/iPad/Pro/Air/iPhone/iOS boAt Type-C C600 Tangle-Free, Sturdy Cable w/ 100W/5A Fast Charging & 10Gbps Data Transmission, 10000+ Bends Lifespan and Extended 1.5m Length JBL Go 4, Wireless Ultra Portable Bluetooth Speaker, Pro Sound, Vibrant Colors, Water & Dust Proof, Type C (Without Mic, Black) CELLBELL Desire C104 Mesh Mid Back Ergonomic Office Chair/Study Chair/Revolving Chair/Computer Chair for Work from Home Metal Base Seat Height Adjustable Chair (Grey)
Slide 2
Slide 3
Slide 4
Slide 5

OSI(Open Systems Interconnection) Model Layers and Layer-Wise Attacks

The OSI (Open Systems Interconnection) model is a conceptual framework used to understand and implement standard protocols in network communications. It divides network communication into seven layers, each with specific functions and potential vulnerabilities. Here's a detailed overview of the OSI layers, along with common layer-wise attacks:

OSI Model Layers and Layer-Wise Attacks


Layer 1: Physical Layer

Function: Transmits raw bit streams over a transmission medium (e.g., cables, radio waves).


Common Attacks:

  • Physical Tampering: Unauthorized access to network hardware.
  • Cable Tapping: Intercepting data by physically tapping into network cables.
  • Electromagnetic Interference (EMI): Disrupting signals through electromagnetic interference.


Security Measures:

  • Implement strict access controls and surveillance.
  • Use shielded cables and secure cable runs.
  • Regularly inspect hardware for tampering.


Layer 2: Data Link Layer

Function: Provides node-to-node data transfer and handles error detection and correction. 


Common Attacks:

  • MAC Address Spoofing: The attacker alters their MAC address to impersonate another device.
  • ARP Spoofing: Manipulating the ARP cache to redirect network traffic.
  • Switch Port Stealing: Gaining access to network traffic by exploiting switch vulnerabilities.


Security Measures:

  • Enable port security on switches.
  • Use dynamic ARP inspection and DHCP snooping.
  • Implement VLANs to segment network traffic.


Layer 3: Network Layer

Function: Handles logical addressing and routing of packets across networks. 


Common Attacks:

  • IP Spoofing: Sending packets with a forged source IP address.
  • Route Injection: Introducing malicious routes into routing tables.
  • Denial of Service (DoS): Flooding the network with excessive traffic to disrupt services.


Security Measures :

  • Use IPsec for secure IP communication.
  • Implement access control lists (ACLs) on routers.
  • Regularly update and patch routing protocols.


Layer 4: Transport Layer

Function: Ensures reliable data transfer through segmentation, reassembly, and error recovery. 


Common Attacks:

  • TCP SYN Flood: Overwhelming a server with TCP connection requests.
  • Session Hijacking: Taking over an active session by predicting or intercepting session tokens.
  • Port Scanning: Discovering open ports and services on a target system.


Security Measures:

  • Use firewalls and intrusion detection/prevention systems.
  • Implement TCP/IP stack hardening.
  • Use TLS for secure communication.


Layer 5: Session Layer

Function: Manages sessions between applications, including opening, closing, and maintaining sessions. 


Common Attacks:

  • Session Fixation: Forcing a user's session ID to a known value.
  • Session Hijacking: Intercepting or taking over a user session.
  • Token Stealing: Capturing session tokens to impersonate users.


Security Measures:

  • Use strong authentication mechanisms.
  • Implement session timeout and re-authentication policies.
  • Use encrypted tokens for session management.


Layer 6: Presentation Layer

Function: Translates data between the application layer and the network format, including encryption and compression. 


Common Attacks:

  • Data Injection: Inserting malicious data into the stream.
  • Man-in-the-Middle (MitM): Intercepting and potentially altering communication between two parties.
  • SSL/TLS Attacks: Exploiting weaknesses in SSL/TLS protocols (e.g., POODLE, Heartbleed).


Security Measures:

  • Use robust encryption standards (e.g., AES).
  • Regularly update and patch encryption libraries.
  • Implement secure coding practices.


Layer 7: Application Layer

Function: Provides network services directly to end-user applications (e.g., HTTP, FTP, SMTP). 


Common Attacks:

  • SQL Injection: Injecting malicious SQL queries into an application.
  • Cross-Site Scripting (XSS): XSS allows attackers to inject malicious Java scripts into a web page. These scripts execute in the victim's
  • Phishing: Tricking users into revealing sensitive information.
  • Buffer Overflow: Exploiting memory vulnerabilities to execute arbitrary code.


Security Measures

  • Perform regular code reviews and vulnerability assessments.
  • Implement web application firewalls (WAFs).
  • Provide training to users about phishing and social engineering attacks.

Subscribe to: Posts (Atom)

Popular Posts

  • AWS Guard duty | Initial access
    Initial access: This basically means how an attacker gets into your environment. its the first step where an attacker tries to gain entry in...
  • HIT CASE FILES
    Story Logs Townhall city Townhall city logs
  • AWS Guard Duty | Reconnaissance | Log Analysis
      Reconnaissance Some guard duty findings types related to reconnaissance are below. AWS GuardDuty detects a wide range of suspicious or mal...
  • Linux | Multiple Login failures
    For Linux Systems: SSH Failed Logins:  This gets triggered when someone tries to log into a Linux server via SSH (for  example, using PuTTY)...
  • Windows | Multiple Login Failures from a Single User Analysis
    Multiple Login Failures from a Single User Objective: The objective of this use case is to identify brute force attacks that could be dictio...
  • Multiple VPN Logins From Different Countries
    Multiple VPN Logins From Different Countries  means that the same user account is trying to log in from multiple geographical locations thro...
  • Malicious URL Access Detected
    Malicious URL access detected means  when a user or host attempts a connection to a malicious website, like phishing pages, malware, or comm...
  • AWS Guard duty | Execution
    Execution :  Adversaries/ Attacker run malicious code on target system, this is one of the most important tactic. It's a calm Tuesday e...
  • DNS Zones
    Zone files are plain text files that store information about a specific domain's DNS configuration. They are part of the Domain Name Sys...
  • LDAP
    The Problem Before LDAP Once upon a time, every organisation had many systems in the world of computers and networks. There were email syste...

Buy me coffee

Buy me coffee
#Fuel My Cybersecurity Journey with a Coffee!

Payment

click here