The Open Systems Interconnection (OSI) model is a framework created to serve as a guide on how the different network layers come together to make network communications possible. It is not exactly an exciting concept in IT and there is hardly any news or recent feature story about it. However, this conceptual framework is crucial to modern information technology as it enables a wide range of communication systems to work interoperably under standard protocols for online communications.
One of the most important roles of the OSI framework is data privacy and security. It does not only enable communication; it does this with the utmost regard for confidentiality. Nowadays, given the aggressiveness of cyber attacks, this is not optional but imperative.
OSI model: is it still relevant?
Before discussing OSI’s role in ensuring data confidentiality, here’s an important question to address: is it still relevant? With the emergence of various security protocols, standards, and solutions, it makes sense to address the questions on the framework’s applicability in modern computing.
The short answer is yes, OSI continues to be relevant. However, the reality is that the TCP/IP model is more popular in today’s computing systems, as it provides more practical benefits. Nevertheless, the OSI model has its benefits, particularly it comes to troubleshooting, flexibility, and as a tool for teaching network communications.
The OSI model allows IT teams to more easily classify their IT assets at different layers. As such, it makes it easy to find, understand, and resolve problems because of the clear distinction in different layers. It is different from TCP/IP, which has the top three layers (more on this below) integrated into a single layer.
When it comes to flexibility, OSI provides the advantage of supporting connection-oriented and connectionless services. It is also designed to provide layer independence, protocol interoperability, and end-to-end communication regardless of the service type employed.
Moreover, the OSI model is useful in educating those who are new to networking and software-hardware dynamics. Because of its relatively simple nature and flexibility, this model provides an easy way to understand networking concepts. It does not have the ambiguity and complexity of other models, especially in terms of layers and security implications.
Seven layers
The OSI model consists of seven layers. These are the physical, data link, network, transport, session, presentation, and application layers. Every layer serves a critical role in the networking stack, operating with the layers next to them through the exchange of protocol data units.
The first layer, the physical layer, is the point where the physical transmission of the raw bitstream takes place. In this layer, the transmitted bits are converted to electric, radio, or light signals.
The second layer is called the data link layer. It is responsible for digesting data into frames to be moved to the physical layer. It is also in this layer where connections between nodes are managed. Here, data connections are set up and identified. If there are bit errors (that come from the physical layer) encountered, they are resolved in this layer. Also, once a data connection session is completed, it is terminated in the data link layer.
From the data link layer, where connections are on a point-to-point basis, the connections expand into many interconnected nodes at the network layer. This is the third layer, where traffic is routed to their intended destinations based on IP addresses. The network layer also enables the implementation of VPNs.
As mentioned earlier, the three layers above are the top three layers that are separate in the OSI model but are fused as a single layer in the TCP/IP model. As described, their roles are quite distinct from each other, so there is an advantage in having them as separate leaders. It simplifies processes and makes it easy to understand the system and troubleshoot.
The fourth layer is the foremost component of the so-called “host” layers (the four other layers besides the first three). It is called the transport layer, where data transmission between nodes is managed. It is in this layer where the data arrival sequence is ascertained and errors are resolved. This is the layer where the Transmission Control Protocol works.
The fifth is the session layer. As the name suggests, this is the layer where sessions between nodes are managed. Management here usually entails setup, authentication, termination, and reconnection processes.
Sixth on the list is the presentation layer. This is where data from network data is translated into formats that are compatible with the specific applications requesting the data. It is also in this layer where data encoding and encryption are handled.
Lastly, the seventh layer is called the application layer. It is the layer facing end users, where data transmission between a web server and a client takes place. The HTTP protocol, for example, operates in this layer.
How does the OSI model keep data secure?
The OSI data model is not a data security solution or protocol. However, it plays a role in data security because of the way it is designed. Its structured approach in enabling network communications and more granular layers supports the implementation of more security mechanisms.
The OSI model makes it possible to add security controls at the physical, data link, and network layers, unlike in the TCP/IP model where these three layers are joined together as a single layer. At the physical layer, organizations can add restrictions for equipment access or video surveillance to make unauthorized access and network tampering difficult or at least extremely cumbersome.
With the data layer, organizations can impose MAC address filtering to make sure that unauthorized access attempts are prevented. They can also implement link-level encryption to counter eavesdropping or data transmission interception tactics.
In terms of network layer security, organizations can put up firewalls, VPNs, or network traffic control systems. These solutions make it possible to specify policies and restrictions over data transmissions, especially the data being routed to various destinations. It makes it possible to create secure tunnels over public networks (through VPNs).
Separate security mechanisms can then be added to the other layers, namely the transport, session, presentation, and application layers. Organizations can create more robust security measures or cyber defenses with the OSI model because it has more layers for network communications and it is compatible with complex and multifaceted cyber defenses including user access controls, security audits, and intrusion detection systems.
Enabling security and confidentiality
Having more layers may be an advantage for the OSI model, but it can also be a drawback because it means more attack surfaces or opportunities for threat actors to find vulnerabilities. Cybercriminals, for example, can find weaknesses at the data link layer to siphon data or intercept the transmission of sensitive information. Nevertheless, with the right knowledge and understanding of the model, it should not be difficult to implement suitable solutions to ensure security and the confidential handling of data across different layers. With its layered structure and well-defined functions, the OSI model affords a comprehensive framework for implementing data security measures.
The post Safeguarding Confidentiality: The OSI Model’s Role in Data Security appeared first on Datafloq.