Security and the OSI Model
Network security is a topic that reaches far beyond the realm of firewalls, passwords, and user ID accounts. For a network and data to remain secure there must be protective measures at each level in the OSI interconnect model. While each layer basically operates autonomously of the other it is important to ensure that the data being transmitted from the host to destination has not been tampered with or is being prevented from reaching its destination. There are seven level to the OSI interconnect model; each with its own special tasks, abilities, and weaknesses.
There are seven layers in the OSI interconnect model; they are the Physical, Datalink, Network, Transport, Session, Presentation, and Application layers. Layer one the physical layer deals with the actual physical connections to the real world. All of the wires, power cords, and hardware that make up the physical portions of a network are part of the physical layer. There are several security issues that can cause physical layer problems within a network. The easiest way to cause a denial of service would be to simply remove power or disconnect or cut an important network cable going to a crucial piece of equipment. Another security concern would be a tapping of the physical medium allowing an attacker to copy or even corrupt the data stream. The best way to prevent these types of attacks is to keep facilities secure, keep all critical areas under lock and key and perform routine audits to ensure the infrastructure is safe and secure.
The second layer in the OSI model is the data link layer; here data is transmitted and received reliably across a physical medium.
Two of the biggest threats to the data link layer have to deal with ARP and the process of wardriving. ARP is the protocol that maps an IP address to a physical address or MAC address within the network. ARP is a simple protocol that was never designed for authentication. Any end station that has access to the layer two environment can claim any IP address if the proper security measures are not taken. ARP spoofing or ARP poisoning occurs when an attacker's computer forges its credentials to allow the host to believe that it is the intended recipient. If the attackers computer forwards all of the data that is to be sent to the intended host it is very likely that the "man in the middle" would go undetected. At any time the attacker can make changes to the data that is forwarded, copy and use the data, or flood the network with erroneous packets that cause data collisions and effectively bring network traffic to a halt. The process of wardriving is a new threat that has surfaced with the popularity of 802.11 style wireless connections. Poor security with these devices allows an attacker virtually unrestricted access to the data link layer and beyond. It is not very difficult to walk around various areas in a busy metropolitan area and pick up unsecured wireless signals and...