Exploring Security Threats Across the 7 Layers of the OSI Model

Layer 7 - Application Layer

The application layer is the closest to users in the OSI layer model and establishes the communication between the user and applications with which they interact individually. The common security attack on this layer is an exploit.

Attack: Exploit

Exploit means taking advantage of a software vulnerability. An exploit in the application layer refers to a type of cyber attack that targets vulnerabilities in software applications. These attacks take advantage of bugs or weaknesses in the code of the application to gain unauthorized access or perform malicious actions. This indicates that the target of an attack includes a software vulnerability that allows attackers to build the means to access and exploit it. Without employing an exploit, attackers can take down a website or important system by using DoS (Denial-of-Service) or DDoS (Distributed Denial-of-Service) cyberattacks. Many exploits are designed to enable super user-level access to a victim system.

Some common types of bugs that may affect the application layer include:

  1. Input Validation Bugs: These bugs occur when an application fails to properly validate user input, leading to vulnerabilities such as buffer overflows, SQL injection, and cross-site scripting (XSS).
  2. Authentication and Authorization Bugs: Bugs related to authentication and authorization mechanisms can lead to security vulnerabilities such as authentication bypass, privilege escalation, and improper access control.
  3. Session Management Bugs: Bugs in session management functionality can result in session fixation, session hijacking, or insufficient session expiration, allowing attackers to gain unauthorized access to user accounts.
  4. Error Handling Bugs: Inadequate error handling can expose sensitive information or provide attackers with insights into the inner workings of an application, potentially aiding in further exploitation.
  5. Cryptographic Bugs: Bugs in cryptographic implementations can lead to weaknesses in encryption, decryption, or key management, compromising the confidentiality and integrity of sensitive data.
  6. Denial-of-Service (DoS) Bugs: Bugs that allow attackers to exploit resource exhaustion vulnerabilities can result in denial-of-service conditions, disrupting the availability of the application for legitimate users.
  7. Race Conditions: Race conditions occur when the outcome of an application's execution depends on the timing or sequence of events, leading to unpredictable behavior that can be exploited by attackers to manipulate the system state.
  8. Insecure Default Configurations: Applications may ship with insecure default configurations or settings, leaving them vulnerable to exploitation if not properly configured by administrators.

Layer 6 - Presentation Layer

The presentation layer specifies the two devices’ encoding, encryption, and compression methods for proper communication. Anything sent from the application layer is received by the presentation layer, which is transformed into a format suitable for transmission via the session layer. Phishing is one of the common security attacks carried out by attackers in this layer.

Attack: Phishing

Phishing attacks in the presentation layer comprise using social engineering tactics to trick users into providing personal and sensitive information or clicking on a malicious link. This is often done by creating fake websites or email messages that appear to be from a legitimate source. This attack aims to steal sensitive information such as login credentials and credit card information or install malware on the victim’s system by disguising the attack as a legitimate request.

Layer 5 - Session Layer

The session layer establishes communication channels between devices, known as sessions. It starts sessions, keeps them open and effective while data is transferred, and closes them after communication is completed. Hijacking is one of the common security attacks that occurs in this layer.

Attack: Hijacking

Hijacking in the session layer occurs when an attacker intercepts and takes control of an established communication session between two parties. This can be carried out by exploiting vulnerabilities in the protocol used to establish the session or using the tools to intercept and manipulate network traffic. Once the attackers hijack the session, they can access sensitive information or gain unauthorized access. There are two types of session hijacking:

  • Active session hijacking: In this, the attacker takes control of an active user session on a network and intercepts and alters network traffic in real-time.
  • Passive session hijacking: In this, attackers monitor network traffic and wait for users to log into a website; at that point, the attackers take over the session.

Layer 4 - Transport Layer

The transport layer performs flow control, transmitting data at a frequency corresponding to the receiving device’s connection speed and error control, determining whether data was received wrongly and requesting it if necessary. The most common security attack that is carried out in this layer is reconnaissance.

Attack: Reconnaissance

A reconnaissance attack in the transport layer typically involves an attacker attempting to gather information about a target system or network by actively probing the transport layer protocols, such as TCP or UDP. This can include techniques such as port scanning, which involves sending messages to various ports on the target system to determine which ports are open and potentially vulnerable to attack. Additionally, an attacker may use tools such as packet sniffers to capture and monitor network traffic to gather information.

Layer 3 - Network Layer

There are two primary jobs that the network layer does. One breaks up the segments into network packets and then puts the packets back together at the other end. The other is sending packets through a physical network by finding the best route. One of the most common security attacks in this layer is a man-in-the-middle attack.

Attack: Man-in-the-Middle (MITM)

In the network layer, a man-in-the-middle attack occurs when an attacker intercepts and modifies communication between two parties without their knowledge. The attackers become a man in the middle of the communication, able to read, modify, or inject new information into the communication. Attackers also intercept and alter communication by manipulating the routing of packets between the two sources. This can be done by using a technique such as ARP spoofing, where attackers send fake ARP messages to a target system, tricking it into sending packets to the attacker’s device instead of the intended source.

Layer 2 - Data Link Layer

The data link layer establishes and terminates communication between two technically connected network nodes. It divides packets into frames and transmits them from source to destination. In this layer, attackers use spoofing attacks to target the network system.

Attack: Spoofing

A spoofing attack in the data link layer occurs when an attacker alters a device’s Media Access Control (MAC) address to impersonate another device in the network. This can allow the attackers to gain access to network resources or intercept and modify network traffic intended for the legitimate source. There are different ways that attackers carry out MAC spoofing.

  • Address Resolution Protocol (ARP) Spoofing.
  • DHCP Spoofing.
  • MAC Flooding.

Layer 1 - Physical Layer

The physical layer is responsible for adequately connecting network nodes via wired or wireless means. Sniffing is the most common security attack used by attackers to target the data link layer.

Attack: Sniffing

A sniffing attack in the data link layer occurs when an attacker captures and analyses network traffic to gather sensitive information. This is done using a packet sniffer tool, which captures and decodes all the packets passing through a particular network segment. Sniffing attacks steal sensitive information such as login details, credit card numbers, and other personal and sensitive information.

Social Engineering
The Art of Exploiting Human Psychology.