Application Layer Security and the OSI Model

Finjan TeamBlog, Cybersecurity

Finjan Application Layer Security and the OSI Model

In an increasingly treacherous cyber-security landscape – and with corporate networks expanding beyond desktops and on-site data centers to include cloud connections and remote and mobile workers – enterprise software presents cyber-criminals and hackers with potential opportunities to steal information and cause damage or distress.

This highlights the need for security to extend to both the network and the software – whether it’s bought off the shelf, or developed in-house. That’s where application layer security and the OSI model come into the picture.

What is the OSI Model?

The Open Systems Interconnection or OSI Model is a security framework which sets out recommendations for application security in terms of seven layers (three media, and four host layers), all of which must be secured for an application to be considered safe. Those layers are:

  1. the physical layer
  2. the data link layer
  3. the network layer
  4. the transport layer
  5. the session layer
  6. the presentation layer
  7. the application layer

1. The Physical Layer

This is the media layer which gives technical specifications for physical and electrical data connections. It’s also the medium through which physical communication occurs between various end points.

Security in the physical layer is easily threatened by accidental or malicious intent (e.g. unplugging of power or network cables) or environmental factors like power surges. Denial of Service (DoS) for crucial applications and networks can result. Biometric authentication, electromagnetic shielding, and advanced locking mechanisms are typically used to secure it.

2. The Data Link Layer

This media layer involves all the data packets which are moved by the physical layer. Efforts to bypass virtual Local Area Network or VLAN security protocols and the spoofing of network interface identifying media access control or MAC addresses are typical vulnerabilities of this layer, and successful exploits can go on to compromise the security of the network layer. Filtering MAC addresses and ensuring that all wireless applications have authentication and encryption built in are common security strategies for this layer.

3. The Network Layer

This final media layer governs the routing, control, and addressing of data and traffic on the network.

A major threat to application security in this layer is IP address or packet spoofing, where data packets originating from malicious sources are disguised so that they appear to come from legitimate addresses within the network. Route and anti-spoofing filters in conjunction with strongly configured firewalls can best provide security in this layer.

4. The Transport Layer

This first host layer is a logical zone in which the transfer of data sequences of various lengths occurs. Smooth data flows with error control and measures ensuring segmentation and desegmentation are the mark of a strong transport layer protocol such as TCP or Transmission Control Protocol. Security here is dependent on limiting access to the transmission protocols and their underlying information, together with strong firewall protection.

5. The Session Layer

The second of the host layers governs the interaction between local and remote applications. It creates, manages, and terminates connections between machines on demand (i.e., per session).

The session layer is susceptible to brute force attacks and may be breached if authentication protocols are weak. To ensure security, authentication should take place through the exchange of encrypted passwords (which must be safely stored), and timers should be put in place to limit the number of attempts that may be made to establish a session.

6. The Presentation Layer

This logical or host layer uses a number of conversion methods to standardize data to and from various local formats, as information is transferred from the application layer to the network.

Input from users (which should have been cleaned up before it passes on to functions) should be segregated from program control functions, to avoid malicious inputs that might lead to system crashes or exploits.

7. The Application Layer

The final host layer is the one closest to the end user – and the one which presents potential intruders with the biggest attack surface. The application layer includes the user interface and various other critical functions, and if successfully exploited entire networks may be shut down in a Denial of Service attack, user data may be stolen, and individual applications may fall under an intruder’s control.

Secure application development practices are the safest way to guarantee that applications are able to sanitize user input, detect malicious activity, and securely handle and transfer sensitive information.

OSI on the Network

The OSI methodology has been extended beyond recommendations for individual applications to layer-based security standards for networks, namely the OSI reference model for networking (ISO 7498-1) and the OSI security architecture reference model (ISO 7498-2).

For network applications, each layer may communicate only with the layer above or below it. And each layer is developed independently of the others, which allows for flexibility and zero delays caused by the actions of other layers.

Every communication is required to start at the top of the sequence and work its way down the stack of layers as it’s transmitted from its source. At the receiving end, the recipient starts at the bottom layer and works its way back up the stack until it reaches the level appropriate for its specific use case.

Relevant information is attached to each communication as it passes through a layer (a process called encapsulation). These encapsulation tags allow each layer to communicate with its corresponding layer at the destination.

ISO 7498-1 Layer Model

The OSI convention of seven layers applies to the OSI reference model for networking, as follows:

1. Application Layer
2. Presentation Layer
3. Session Layer
4. Transport Layer
5. Network Layer
6. Data Link Layer
7. Physical Layer

ISO 7498-2 Layer Model

The seven OSI layers of the OSI security architecture reference model include:

  1. The Authentication Layer
  2. The Access Control Layer
  3. The Non-Repudiation Layer
  4. The Data Integrity Layer
  5. The Confidentiality Layer
  6. The Assurance / Availability Layer
  7. Notarization / Signature Layer

Practical Applications for the OSI Model

Application layer security comes into play for most of the internet-based activities we now take for granted. And OSI modeled application layer protocols are at work in common use cases such as the Hyper Text Transfer Protocol (HTTP) used in web browsers and browser-based client software.

Other applications include the Simple Message Transport Protocol (SMTP) used in transmitting email alerts and video attachments and the Simple Network Management Protocol (SNMP) used in monitoring network devices and reporting on their condition.

Share this Post

Summary
Finjan Application Layer Security and the OSI Model
Article Name
A Closer Look at Application Layer Security and the OSI Model
Description
Cyber-criminals and hackers targeting enterprise software have created the need for application layer security. In this article, we examine the OSI model.
Author
Publisher Name
Finjan
Publisher Logo