Sepio | Blog

What is the OSI Model ?

Understanding the OSI Model

A short history of the OSI model 

The OSI model is a universally understood concept regarding network communication and system interconnection.  Development of the model started during the 1970s by Hubert Zimmermann and was officially published by the International Organization for Standardization (ISO) in 1980. Officially it is called the “X.200: Information technology – Open Systems Interconnection – Basic Reference Model.” However, to keep it short, most people call it “the OSI model”. 

The purpose of the OSI model is to form an industry-standard of networking concepts that industry participants agree upon and understand.

The 7 Layers of OSI Model

The OSI model splits each stream of data in a communication system into seven different abstract layers, with every layer having its own well-defined function, which then interacts with its neighboring layers – ultimately defining the OSI communication protocols.  

It’s common to see the layers listed either from top-to-bottom or bottom-to-top; in this explanation of the OSI system, we will be using the latter.

Layer 1 – Physical 

The Physical layer is where the transmission and reception of raw data take place between devices. Examples of Physical layer devices range from repeaters to hubs. The units of data, such as bits, are constituted by energy; this can range from radio waves to electricity, and they are then transported via a physical medium, such as fiber optic cables or copper wiring.  

In other words, this layer is responsible for the physical connection between a network and its nodes.  

Layer 2 – Data Link 

The Data Link layer is technically made up of two sub-layers, one being Media Access Control (MAC) and the other is Logical Link Control (LLC). At this layer, the system manages access to the physical layer and to local networks. Both sub-layers act and connect bridges to Layers 1 and 2.  

The MAC layer transports data between itself and Layer 1, while LLC communicates with Layer 3 (LAN). This establishes the data link between the two sub-layers that use switches and bridges.

Layer 3 – Network  

The Network layer is comprised of commonly known elements, such as routers and IP addresses. On this layer, the routing (movement) of data takes place from one system connected on a LAN to another. Typically, IP protocols (IPv4 and IPv6) are used to find the best routing paths across a physical network for the delivery of network packets.    

Layer 4 – Transport  

The Transport layer is where packet sequencing takes place. Transferred data is broken into segments to allow data packets to be resent or re-sequenced. Layer 4 is also responsible for overall flow control and error detection. Flow control is vital in making sure that the rate of data being sent matches the connection speed of the receiving device, while error detection reaffirms that the data was correctly received. If the receival of data is not confirmed, then error detection will send another request in order to complete the communication.  

The protocols used in Layer 4 are Transmission Control Protocol (TCP), and User Datagram Protocol (UDP). Both of these protocols enable different types of data transmission. TCP is known to be a more reliable method, and UDP prioritizes the speed of data transfer.

Layer 5 – Session 

The Session layer is where communication channels are created and managed between devices. The functionality and operation of sessions are the responsibility of Layer 5 to ensure that the data being transferred is uninterrupted. Besides the opening and closing of communication channels, Layer 5 also establishes checkpoints during data transfer that can be used to resume a session if it happens to get interrupted.  

The types of communication that are used at the session layer are simplex, half-duplex, and full-duplex. Each one of these is a different transmission mode used for the communication of data.

Layer 6 – Presentation 

The Presentation layer’s purpose is to take data and present it to the application layer. This is done in a comprehensible manner that involves compressing, encoding, and encrypting data so that it may be received on the other end.  

Common concepts within layer 6 include known formats such as JPEG, GIF and TIFF.  

Layer 7 – Application 

The Application layer is the final interface wherein a user and a computer application meet. This is referred to as end-user software. Examples of protocols that take place at Layer 7 are: FTP (File Transfer Protocol), HTTP (Hypertext Transfer Protocol), and DNS (Domain Name System).  

Users interact with end-user software daily, from their web browser to instant messaging.

An Explanation of the Physical Layer of OSI Model

The Physical Layer (L1) is the lowest layer of the OSI model and provides hardware security. This layer is responsible for the actual physical connection between the devices by identifying the equipment involved in the data transfer. Layer 1 defines the hardware equipment, cabling, wiring, frequencies and pulses. The information is contained in the form of bits and transmitted from one node to another.

The problem is that hardware security goes neglected; existing security software solutions do not cover the Physical Layer of the OSI model (Layer 1). Without Layer 1 visibility, the physical specifications of the network are not captured. Hence, network implants – Rogue Devices which operate on the Physical Layer – are not detected. Similarly, spoofed peripherals – Rogue Device manipulated on the Physical Layer – are identified as legitimate HIDs.

Without Layer 1 visibility, enterprises are at risk of Rogue Devices infiltrating their network and conducting harmful attacks. As Layer 1 is the first of the OSI layers, it is crucial to have adequate physical level security protection at this level to stop the attacks originating from Rogue Devices at the very first instant; before being carried out.

See every known and shadow asset. Prioritize and mitigate risks.
Our experts will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

November 22nd, 2022