What is the Cybersecurity Domain? The cybersecurity domain is a broad field encompassing all aspects of protecting computer systems and networks from theft, damage, or unauthorized access. It involves technologies, processes, and people working together to safeguard digital information and infrastructure.
What are the seven layers of the OSI model? The Open Systems Interconnection (OSI) model was developed by the International Organization for Standardization and others in the late 1970s. It was published in its first form in 1984 as ISO 7498, with the current version being ISO/IEC 7498-1:1994.
Physical layer –The physical layer refers to the physical communication medium and the technologies to transmit data across that medium. At its core, data communication is the transfer of digital and electronic signals through various physical channels like fiber-optic cables, copper cabling, and air. The physical layer includes standards for technologies and metrics closely related with the channels, such as Bluetooth, NFC, and data transmission speeds.
Data link layer – The data link layer refers to the technologies used to connect two machines across a network where the physical layer already exists. It manages data frames, which are digital signals encapsulated into data packets. Flow control and error control of data are often key focuses of the data link layer. Ethernet is an example of a standard at this level. The data link layer is often split into two sub-layers: the Media Access Control (MAC) layer and Logical Link Control (LLC) layer.
Network layer- The network layer is concerned with concepts such as routing, forwarding, and addressing across a dispersed network or multiple connected networks of nodes or machines. The network layer may also manage flow control. Across the internet, the Internet Protocol v4 (IPv4) and IPv6 are used as the main network layer protocols.
Transport layer-The primary focus of the transport layer is to ensure that data packets arrive in the right order, without losses or errors, or can be seamlessly recovered if required. Flow control, along with error control, is often a focus at the transport layer. At this layer, commonly used protocols include the Transmission Control Protocol (TCP), a near-lossless connection-based protocol, and the User Datagram Protocol (UDP), a lossy connectionless protocol. TCP is commonly used where all data must be intact (e.g. file share), whereas UDP is used when retaining all packets is less critical (e.g. video streaming).
Session layer – The session layer is responsible for network coordination between two separate applications in a session. A session manages the beginning and ending of a one-to-one application connection and synchronization conflicts
Presentation layer – The presentation layer is primarily concerned with the syntax of the data itself for applications to send and consume. For example, HTML, JSON, and CSV are all modeling languages to describe the structure of data at the presentation layer.
Application layer – The application layer is concerned with the specific type of application itself and its standardized communication methods. For example, browsers can communicate using HyperText Transfer Protocol Secure (HTTPS), and HTTP and email clients can communicate using POP3 (Post Office Protocol version 3) and SMTP (Simple Mail Transfer Protocol). Many attacks involve multiple layers. For example, a phishing email (application layer) might deliver malware (application layer) that exploits a vulnerability at the network layer. Many attacks involve multiple layers. For example, a phishing email (application layer) might deliver malware (application layer) that exploits a vulnerability at the network layer.
Below is the mapping cybersecurity threats to OSI model. By thinking of cybersecurity in terms of these layers, it becomes easier to understand the different types of threats and how to defend against them. Below tables provides a general overview. Specific threats and mitigation techniques can vary.
OSI Layer | Function | Cybersecurity Tools |
7. Application | User-facing layer where network applications operate | – Firewalls (Application-level) |
6. Presentation | Data formatting, encryption, and decryption | – Encryption/Decryption tools (SSL/TLS) |
5. Session | Establishes, manages, and terminates connections between applications | – Authentication protocols (Kerberos) |
4. Transport | Ensures reliable data transfer between hosts | – Firewalls (Stateful inspection) |
3. Network | Logical addressing and routing of data packets | – Firewalls (Network-level) |
2. Data Link | Provides access to the physical medium and handles error detection/correction | – Network Interface Cards (NICs) with security features |
1. Physical | Physical transmission of data over a medium | – Physical security controls (locks, cameras) |