Security and the OSI Model Network security is a topic that reaches far beyond the realm of firewalls, passwords, and user ID accounts. For a network and data to remain secure there must be protective measures at each level in the OSI interconnect model. While each layer basically operates autonomously of the other it is important to ensure that the data being transmitted from the host to destination has not been tampered with or is being prevented from reaching its destination. There are seven level to the OSI interconnect model; each with its own special tasks, abilities, and weaknesses. There are seven layers in the OSI interconnect model; they are the Physical, Datalink, Network, Transport, Session, Presentation, and Application layers. Layer one the physical layer deals with the actual physical connections to the real world. All of the wires, power cords, and hardware that make up the physical portions of a network are part of the physical layer. There are several security issues that can cause physical layer problems within a network. The easiest way to cause a denial of service would be to simply remove power or disconnect or cut an important network cable going to a crucial piece of equipment. Another security concern would be a tapping of the physical medium allowing an attacker to copy or even corrupt the data stream. The best way to prevent these types of attacks is to keep facilities secure, keep all critical areas under lock and key and perform routine audits to ensure the infrastructure is safe and secure. The second layer in the OSI model is the data link layer; here data is transmitted and received reliably across a physical medium. Two of the biggest threats to the data link layer have to deal... ... middle of paper ... ...efully review any new applications to ascertain whether or not a new application contains security flaws. After looking into each of the seven layers in the OSI model it is apparent that there are many ways to exploit a security flaw within a system. A good security analyst has to look at the overall picture to keep the entire system secure and not just one or two layers. Information technology security measures are not a one time fix; it is a continuous process that must occur to keep pace with ever changing protocols, applications, and the ingenuity of attackers. References Reed, Damon "Applying the OSI Seven Layer Network Model to Information Security", November 2003. SANS Institute- The Information Security Reading Room. Surman, Glenn "Understanding security using the OSI model" March 20, 2002, SANS Institute- The Information Security Reading Room.
Whitman, M., & Mattord, H. (2011). Reading & cases in information security: law & ethics. (2011 custom ed., p. 264). Boston, MA: Cengage Learning.
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Security is a wide concept, it is a separated subject with its own theories, "which focus on the process of attack and on preventing, detecting and recovering from attacks" (William 1996). Certainly, these processes should be well organized in coping with the complex system issues. A coherent approach should be taken, which builds on established security standards, procedu...
System have to be constantly updated to prevent new types of attacks. Also, different layers of security have to be employed so as to increase the fortification of the network system against possible breach. In a case where a system has been breached, awareness should become the next priority as this can still help prevent the loss of data depending how soon detection can occur. In all security measures, human error has always been identified as a great risk. To minimize this, security training is encouraged not just for security personals but for everyone who uses a
The OSI model is a model of how a network actually works. The OSI model has seven different layers and is of course, theoretical. Meaning, this model may not be true in every instance, perhaps it can work without a counter part or perhaps not. The layers of the OSI are comprised of these layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application (InetDaemon, 2015).
Back in the 1980's, when all music sucked and men dressed like fags, a bunch of sissy Europeans got together in a passionate effort to overstandardize computer networking. They created this thing called the Open Systems Interconnection (OSI) networking suite. Anyone who has taken a CS (Computer Science) or CIS (Computer Information Systems) course knows this; they cram this fact down the student's throat from day freaking one. It is only when the student enters the real world do they realise that the OSI seven layer model is a sham.
As electronic commerce, online business-to-business operations, and global connectivity have become vital components of a successful business strategy, enterprises have adopted security processes and practices to protect information assets. But if you look at today's computing environments, system security is a horrible game of numbers: there are currently over 9,223 publicly released vulnerabilities covering known security holes in a massive range of applications from popular Operating Systems through to obscure and relatively unknown web applications. [01] Over 300 new vulnerabilities are being discovered and released each month. Most companies work diligently to maintain an efficient, effective security policy, implementing the latest products and services to prevent fraud, vandalism, sabotage, and denial of service attacks. But the fact is you have to patch every hole of your system, but an attacker need find only one to get into your environment. Whilst many organisations subscribe to major vendor's security alerts, these are just the tip of the security iceberg and even these are often ignored. For example, the patch for the Code Red worm was available some weeks before the worm was released. [02]
IP structure is a big part of the logical design of a network as well as security planning. A good logical design will have the foundation for security which provides the framework stages needed for security. Each layer should have scalable security services that involve the routers, switches, servers, workstations and other devices that are utilizing the network. In some cases the logical design is described using the terms of the customer's business. Processes, roles, and even locations can show up in the logical design; however, the important aspect of the logical design is that it is part of the requirement set for a solution to a customer's problem (Jim's Weblog, 2005).
Section 1.4 is basically the author telling us about two important network architectures, the OSI reference model and the TCP/IP reference model. The OSI (Open Systems Interconnection) deals with connecting opens systems, which are systems that talk with other systems. This model has seven layers: the physical layer, the data link layer, the network layer, the transport layer, the session layer, the presentation layer, and the application layer. From this information, we discover that the OSI model is used only for its model (the 7 layers) and not as a network architecture since it doesn’t specify the exact services and protocols to be used in each layer.
NSIT 800-30, Risk Management Guide for Information Technology Systems. This document describes a forma approach to risk assessment that includes threat and vulnerability identification, control analysis, impact analysis, and a matrix depiction of risk determination and control recommendations. When security professionals apply a qualitative or quantitative risk assessment, an organization management can begin the process of deciding what steps, if any, need to be implemented to manage the risk identified in the risk assessment. There are four general approaches to risk assessments (Gregory, 2010):
There are several advantages to the layered approach provided by the OSI model. With the design separated into smaller logical pieces, network design problems can be easier to solve through divide and conquer techniques. Vendors who follow the model will produce equipment that is much more likely to be compatible with equipment from other vendors. The OSI model also provides for more extensible network designs. New protocols and other network services are more easier added to a layered architect.
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
There are number of different models proposed as framework for information security but one of the best model is McCumber model which was designed by John McCumber. In this model the elements to be studied are organized in a cube structure, in which each axis indicates a dissimilar viewpoint of some information security issue and there are three major modules in each axis. This model with 27 little cubes all organized together looks similar like a Rubik's cube. There are three axes in the cube they are: goals desired, Information states, and measures to be taken. At the intersection of three axes you can research on all angles of an information security problem.
ErrealMedia (2010) Network standards OSI Reference Model; History of OSI Model; OSI Layers in Action http://www.erealmedia.com/cms125/