Network Security & Defense
OSI Model & TCP/IP Deep Dive Firewalls, IDS & IPS VPNs, Encryption & Secure Protocols Wireless Security Network Defense Strategies
Progress: 0%
Network Security & Defense

OSI Model & TCP/IP Deep Dive

55 min

The OSI Model — Seven Layers of Networking

The Open Systems Interconnection (OSI) model is a conceptual framework that standardizes network communication into seven distinct layers. Security professionals must understand each layer to identify where attacks occur and where controls should be placed.

OSI SECURITY REFERENCE MODEL ══════════════════════════════════════════════════════ Layer 7 APPLICATION HTTP, HTTPS, DNS, SMTP, FTP Threats: XSS, SQL Injection, Phishing Controls: WAF, Secure Coding, TLS Layer 6 PRESENTATION SSL/TLS, Encryption, Encoding Threats: SSL Stripping, Padding Oracle Controls: Enforce TLS 1.3, HSTS Layer 5 SESSION NetBIOS, RPC, Session tokens Threats: Session Hijacking Controls: Secure tokens, MFA Layer 4 TRANSPORT TCP, UDP, Port Numbers Threats: Port Scanning, SYN Flood Controls: Firewalls, Rate Limiting Layer 3 NETWORK IP, ICMP, Routing Threats: IP Spoofing, Routing attacks Controls: Firewall ACLs, DNSSEC Layer 2 DATA LINK Ethernet, MAC, ARP, VLANs Threats: ARP Poisoning, MAC Flooding Controls: 802.1X, Port Security Layer 1 PHYSICAL Cables, NICs, Wireless signals Threats: Physical tapping, RF interception Controls: Physical security, shielding ══════════════════════════════════════════════════════

Critical Protocols & Their Vulnerabilities

  • DNS — Translates domain names to IPs. Vulnerable to DNS poisoning, hijacking. Use DNSSEC.
  • ARP — Maps IP to MAC. No authentication — vulnerable to ARP spoofing/poisoning.
  • DHCP — Assigns IP addresses. DHCP starvation and rogue DHCP servers are common attacks.
  • ICMP — Network diagnostics (ping). Used in smurf attacks and ICMP tunneling.
  • BGP — Internet routing protocol. BGP hijacking can redirect global traffic.

Common Network Attacks

  • Man-in-the-Middle (MITM) — Intercept and potentially alter communications
  • DDoS — Overwhelm target with traffic from multiple sources (botnet)
  • Port Scanning — Enumerate open ports to identify services (Nmap)
  • Packet Sniffing — Capture unencrypted network traffic (Wireshark)
  • IP Spoofing — Forge source IP address in packets
Login to Track Progress Next