Common Security Attacks in the OSI Layer Model
Information Technology (IT) has transformed traditional corporate processes with the advent of cutting-edge advancements such as cloud computing, AI, and machine learning. It is a valuable asset to any firm, but as IT advances, so do risks to corporate security. According to research and studies, IT threats and vulnerabilities are becoming progressively worse daily and are now a big worry for enterprises and individuals.
What is the OSI Model?
The OSI (Open Systems Interconnection) model is a framework for describing a networking system’s functionality. The OSI model classifies the computing functions of the various network segments, specifying the rules and requirements necessary to ensure the network’s software and hardware interconnection.
7 Layers of the OSI Model and Common Security Attacks in Each Layer
The OSI model comprises seven layers of abstraction. The layer establishes communication between one user to another from layers 7 to 1. Each layer carries out a particular function before sending data to the subsequent layer.
1. Application layer
The application layer is the closest to users in the OSI layer model and establishes the communication between the user and applications with which they interact individually. The common security attack on this layer is an exploit.
Attack: Exploit
Exploit means taking advantage of a software vulnerability. An exploit in the application layer refers to a type of cyber attack that targets vulnerabilities in software applications. These attacks take advantage of bugs or weaknesses in the code of the application to gain unauthorized access or perform malicious actions. This indicates that the target of an attack includes a software vulnerability that allows attackers to build the means to access and exploit it. Without employing an exploit, attackers can take down a website or important system by using DoS (Denial-of-Service) or DDoS (Distributed Denial-of-Service) cyberattacks. Many exploits are designed to enable super user-level access to a victim system.
 2. Presentation layer
The presentation layer specifies the two devices’ encoding, encryption, and compression methods for proper communication. Anything sent from the application layer is received by the presentation layer, which is transformed into a format suitable for transmission via the session layer. Phishing is one of the common security attacks carried out by attackers in this layer.
Attack: Phishing attack
Phishing attacks in the presentation layer comprise using social engineering tactics to trick users into providing personal and sensitive information or clicking on a malicious link. This is often done by creating fake websites or email messages that appear to be from a legitimate source. This attack aims to steal sensitive information such as login credentials and credit card information or install malware on the victim’s system by disguising the attack as a legitimate request.
3. Session layer
The session layer establishes communication channels between devices, known as sessions. It starts sessions, keeps them open and effective while data is transferred, and closes them after communication is completed. Hijacking is one of the common security attacks that occurs in this layer.
Attack: Hijacking
Hijacking in the session layer occurs when an attacker intercepts and takes control of an established communication session between two parties. This can be carried out by exploiting vulnerabilities in the protocol used to establish the session or using the tools to intercept and manipulate network traffic. Once the attackers hijack the session, they can access sensitive information or gain unauthorized access. There are two types of session hijacking:
- Active session hijacking: In this, the attacker takes control of an active user session on a network and intercepts and alters network traffic in real time.
- Passive session hijacking: In this, attackers monitor network traffic and wait for users to log into a website; at that point, the attackers take over the session.
4. Transport layer
The transport layer performs flow control, transmitting data at a frequency corresponding to the receiving device’s connection speed and error control, determining whether data was received wrongly and requesting it if necessary. The most common security attack that is carried out in this layer is reconnaissance.
Attack: Reconnaissance
A reconnaissance attack in the transport layer typically involves an attacker attempting to gather information about a target system or network by actively probing the transport layer protocols, such as TCP or UDP. This can include techniques such as port scanning, which involves sending messages to various ports on the target system to determine which ports are open and potentially vulnerable to attack. Additionally, an attacker may use tools such as packet sniffers to capture and monitor network traffic to gather information.
5. Network layer
There are two primary jobs that the network layer does. One breaks up the segments into network packets and then puts the packets back together at the other end. The other is sending packets through a physical network by finding the best route. One of the most common security attacks in this layer is a man-in-the-middle attack.
Attack: Man-in-the-Middle (MITM) attack
In the network layer, a man-in-the-middle attack occurs when an attacker intercepts and modifies communication between two parties without their knowledge. The attackers become a man in the middle of the communication, able to read, modify, or inject new information into the communication. Attackers also intercept and alter communication by manipulating the routing of packets between the two sources. This can be done by using a technique such as ARP spoofing, where attackers send fake ARP messages to a target system, tricking it into sending packets to the attacker’s device instead of the intended source.
6. Data link layer
The data link layer establishes and terminates communication between two technically connected network nodes. It divides packets into frames and transmits them from source to destination. In this layer, attackers use spoofing attacks to target the network system.
Attack: Spoofing attack
A spoofing attack in the data link layer occurs when an attacker alters a device’s Media Access Control (MAC) address to impersonate another device in the network. This can allow the attackers to gain access to network resources or intercept and modify network traffic intended for the legitimate source. There are different ways that attackers carry out MAC spoofing.
- Address Resolution Protocol (ARP) spoofing
- DHCP spoofing
- MAC flooding
7. Physical layer
The physical layer is responsible for adequately connecting network nodes via wired or wireless means. Sniffing is the most common security attack used by attackers to target the data link layer.
Attack: Sniffing attacks
A sniffing attack in the data link layer occurs when an attacker captures and analyzes network traffic to gather sensitive information. This is done using a packet sniffer tool, which captures and decodes all the packets passing through a particular network segment. Sniffing attacks steal sensitive information such as login details, credit card numbers, and other personal and sensitive information.
About InfosecTrain
The primary objective of any cyberattack has always been and will continue to be acquiring sensitive data about the target and using it for malicious purposes. We must improve the security posture to prevent these attacks. To learn how to prevent and mitigate these kinds of security attacks in the OSI layer model, check out InfosecTrain’s Network Security training course. The course will enhance your primary network and network security expertise. The Network Security training provides in-depth knowledge and hands-on practice to help you understand and implement security measures for network communication.
Contact Us
1800-843-7890 (India) 
