Explore BrainMass

Explore BrainMass

    Importance of OSI

    Not what you're looking for? Search our solutions OR ask your own Custom question.

    This content was COPIED from BrainMass.com - View the original, and get the already-completed solution here!

    Why is it important to understand the different layers of the OCI model when working on network security?

    What is the relationship between the OSI model and the TCP/IP Protocol.

    © BrainMass Inc. brainmass.com March 6, 2023, 2:28 pm ad1c9bdddf

    Solution Preview

    Why is it important to understand the different layers of the OCI model when working on network security?

    Network Security problems map directly to the logical constructs presented in the OSI Seven Layer Network Model:

    * Physical Layer Vulnerabilities
    Loss of Power
    Loss of Environmental Control
    Physical Theft of Data and Hardware
    Physical Damage or Destruction of Data And Hardware
    Unauthorized changes to the functional environment (data connections,
    removable media, adding/removing resources)
    Disconnection of Physical Data Links
    Undetectable Interception of Data
    Keystroke & Other Input Logging

    * Physical Layer Controls
    Locked perimeters and enclosures
    Electronic lock mechanisms for logging & detailed authorization
    Video & Audio Surveillance
    PIN & password secured locks
    Biometric authentication systems
    Data Storage Cryptography
    Electromagnetic Shielding

    * Link Layer Vulnerability Examples
    MAC Address Spoofing (station claims the identity of another)
    VLAN circumvention (station may force direct communication with other stations,
    bypassing logical controls such as subnets and firewalls.)
    Spanning Tree errors may be accidentally or purposefully introduced, causing the
    layer two environment to transmit packets in infinite loops.
    In wireless media situations, layer two protocols may allow free connection to the
    network by unauthorized entities, or weak authentication and encryption may
    allow a false sense of security.
    Switches may be forced to flood traffic to all VLAN ports rather than selectively
    forwarding to the appropriate ports, allowing interception of data by any
    device connected to a VLAN.

    * Link Layer Controls
    MAC Address Filtering- Identifying stations by address and cross-referencing
    physical port or logical access
    Do not use VLANs to enforce secure designs. Layers of trust should be
    physically isolated from one another, with policy engines such as firewalls
    Wireless applications must be carefully evaluated for unauthorized access
    exposure. Built-in encryption, authentication, and MAC filtering may be
    applied to secure networks.

    * Network Layer Vulnerabilities
    Route spoofing - propagation of false network topology
    IP Address Spoofing- false source addressing on malicious packets
    Identity & Resource ID Vulnerability - Reliance on addressing to identify
    resources and peers can be brittle and vulnerable

    * Network Layer Controls
    Route policy controls - Use strict anti-spoofing and route filters at network ...