The document summarizes the seven layers of the OSI model and security threats that can occur at each layer. It describes the functions of each layer and common attacks such as IP spoofing at the network layer, ARP spoofing at the data link layer, and viruses/worms at the application layer. The document provides examples of security measures that can be implemented to mitigate threats at different OSI layers.

2. • OSI Layer- Introduction
• Explanation of Layers
• Need of Security
• Top Security Threats
• Security Threats at each layer

3. •Developed by the International Organization for
Standardization (ISO) in 1978.
•(OSI) model describes how data is sent and received over a
network.
•The OSI Model also defines a logical networks and effectively
describes computer packet transfer by using different layer
protocols.

4. • While working on a network framework, ISO decided to
develop the seven-layer model
• it also called a reference Model
• OSI’s seven layers are divided into two portions:
1. Hot layers
2. Media layers.
• The hot portion includes the application, presentation,
session and transport layers
• The media portion includes the network, data link and
physical layers.
• The OSI Model works in a hierarchy, assigning tasks to all
seven layers.
• Each layer is responsible for performing assigned tasks and
transferring completed tasks to the next layer for further
processing.

6. Functions of physical layers:
• Bit representation
• Transmission rate
• Physical representation
• Synchronizing
• Transmission mode
• Physical topology

7. Responsible for delivery of data between two systems on
network.
Switch & Bridge are Data Link Layer devices
• Framing
• Physical Addressing
• Synchronization.
• Error Control.
• Flow Control.
• Multi-Access.

8. Segment in Network layer is referred as Packet
Network layer is implemented by networking devices such as
routers
• Routing
• Logical Addressing

9. • Responsible for source to destination delivery of entire message.
• Segmentation an reassembly divide message into smaller
segments , number them and transmit
• Resemble these messages at receiving end.
• Error control
The services provided by transport layer :
1. Connection Oriented Service: It is a three phase process which
include
• Connection Establishment
• Data Transfer
• Termination / disconnection
2. Connection less service

10. Data in the Transport Layer is called as Segments
Transport Layer is called as Heart of OSI model

11. The data link layer has three main functions:
• Session establishment, maintenance and termination.
• Synchronization
• Dialog Controller

12. Responsible of this layers are :
• Transmission : Different computer use different encoding
system (bit order translation).
Syntax represents information such as character code- how
many bits to represents data (7or 8 ) bits .
• Compression
• Encryption
• Decryption

13. • Directly interacts with the end user.
• Contain protocol that allow the users to access the
network.(HTTP, FTP etc).
• It also include application program such as e-mail,
browsers, word processing application etc.

14. • The network needs security against attackers and
hackers
• Protecting confidentiality, integrity, availability
of Data
• Network Security includes two basic securities
1. Information Security
2. Computer Security
• Data can be of the sensitive type; things like credit card
information, passwords or contact lists
• And another type is information that might interest
advertisers, like your Internet browsing habits.

15. 1. Privilege Escalation
2. Worm
3. Virus
4. Trojan
5. Spyware
6. Spam
7. Botnet
8. Logic Bomb

16. • Installing a firewall for protecting systems or data from being
attacked is dangerous fallacy
• Application security can be likened to a Tootsie Pop(Hard from
inside but soft from inside)
• Based on statistics from Cisco Systems, the idea that most
attacks come from the Internet is a serious misconception

18. Security threats that may occur at this level are the following:
1. Access Control
• Permitting only authorized personnel to possess logins and
passwords and closing unmanaged ports
• Physical security also involves keeping hardware (particularly
laptop computers) from being stolen
• Closing open ports, locking doors, using surveillance monitors,
restricting access to critical servers, and using strong passwords
can prevent many common attacks.

19. 2. Physical Damage or Destruction of Data And Hardware
3. Environmental issues include fire, smoke, water
• Environmental issues at the Physical layer include fire, smoke,
water
• Hardware failures are much more likely in the system
• Poor control over environmental factors such as temperature,
humidity, dust, and ventilation can cause frequent failures
• Use of climate-controlled rooms with proper dust filters and
ventilation can significantly reduce the incidence of hardware
failure
4. Disconnection of Physical Links
5. Backup

20. Security threats that may occur at this level are the following:
1. ARPs or ARP spoof
2. MAC flooding
3. Spanning tree attack
1. ARPs/ARP spoofing
• Can be used to maliciously take over a machine’s IP address
• ARP spoofing is targeted to fool a switch into forwarding packets
to a device in a different VLAN
• The security vulnerability occurs at the lower layer but affects
upper level security without the upper layer knowing about it

21. • To prevent these attacks, some
switches and routers can be
configured to ignore gratuitous
ARPs. Cisco switches offer Edge
VLAN segregation (Private VLANs)
and ARP inspection to mitigate this
threat.
2. MAC Flooding
• it is the method of attacking the network switches
• MAC Flooding occurs when the MAC table of a switch reaches
capacity and floods
• A malicious user can sniff the flooded traffic to obtain network
information such as passwords.
• Some switches, i.e., Cisco switches, have a port option that
prevents such flooding:
• setportsecurity3/21enableage10maximum5violation restrict

22. • Authentication with AAA server
• Port Security
3. Spanning Tree Attacks
• occur when an attacker’s computer inserts itself into a data
stream and causes a DoS attack
• A spanning tree attack begins with a physical attack by a malicious
user who inserts an unauthorized switch between two existing
network switches
• The attacker assigns a lower root priority
• Assigning the lower root priority causes the network connection
between Switch 2 (S-2) and M-1 to be dropped. The attacker’s
switch thereby becomes the root switch, and the attacker gains
full access to data transmitted between S-2 and the rest of the
network

23. • One-way of mitigating this problem is configure a network’s root
switch with Root Priority = 0.
Other examples are:-
• Private VLAN attack
• Multicast brute force attack
• Random frame stress attack

24. Security threats that may occur at this level are the following:
1. IP Address Spoofing
2. Routing attacks
3. Back Hole/Selective Forwarding
1. IP Address Spoofing
• also known as IP address forgery or a host file hijack
• IP address spoofing is the act of falsifying the content in the
Source IP header, usually with randomized numbers, either to
mask the sender’s identity or to launch a reflected DDoS attack
• monitoring networks for a typical activity,
• deploying packet filtering to detect inconsistencies
• using robust verification methods
• authenticating all IP addresses

25. 2. Back Hole:-
• In this attack malicious node behave like normal node and forward
packets but selectively drop some packets
• When the malicious node acts like a black hole, it drops all the
packet passing through it
• Selective Forwarding attack is called as special case of Black Hole
attack
Countermeasures
• Acknowledgement based detection
• Detection using neighborhood information
• Using multidata flow to mitigate attack.

26. Security threats that may occur at this level are the following
1) SYN Flood
2) Smurf Attack
1) SYN Flood
• Also called Half open attack or TCP Sync Flood
• Type of Distributed Denial of Service (DDoS) attack on a computer
server
• The attack involves having a client repeatedly send SYN
(synchronization) packets to every port on a server, using fake IP
addresses in order to make it over consumed and unresponsive
• exploits part of the normal TCP three-way handshake

27. Counter measures
1. RST cookies
• for the first request from a given client,
the server intentionally sends an invalid
SYN-ACK
• This should result in the client
generating an RST packet
2. SYN Cookies
• using cryptographic hashing
• the server sends its SYN-ACK response
with a sequence number
• When the client responds, this hash is included in the ACK packet

28. 2. Smurf Attack
• It is a DoS Attack in which a system is flooded with spoofed ping
messages.
• Attacker creates lots of ICMP Packets with the intended victims IP
Address
• Broadcasts those packets
• As a result most of devices in network responds
Counter measures
• Config. Individual host or
router not to respond to ICMP
REQ or broadcast
• Config. Router not to forward
packet directed to broadcast
address

29. Security threats that may occur at this level are the following
1. Session Hijacking
• is a security attack on a user session
• A session hijacking attack works when it compromises the token by
guessing what an authentic token session will be, thus acquiring
unauthorized access to the Web server
• MITM Attack
Common ways of Session Hijacking
1. Packet Sniffers
2. Cross Site Scripting(XSS Attack)

30. Security threats that may occur at this level are the following
1. SSL Hijacking
• Superfish uses a process called SSL hijacking to get at users’
encrypted data
 Your computer connects to the HTTP (insecure) site.
 The HTTP server redirects you to the HTTPS (secure) version of the same site.
 Your computer connects to the HTTPS site.
 The HTTPS server provides a certificate, providing positive identification of the
site.
 The connection is completed.

31. Security threats that may occur at this level are the following
1. Virus
2. Worm
3. Phishing
4. Key Loggers
5. Backdoors
6. Program logic flaws
7. Bugs
8. Trojan Horses