Cybersecurity Insights & Analysis

What is the OSI Model? 🔌

The OSI model is widely used to describe how computer networks operate. In this insights article, we’ll be exploring how the model works, and busting some jargon along the way.

The OSI (Open Systems Interconnection) model is a conceptual framework that standardises the functions and protocols used in computer networks. It consists of seven layers, each responsible for specific tasks and interactions in the network communication process.

To send information from one device to another through a network, the data has to go through seven levels of the OSI Model in the sending device and then through the same seven layers in the receiving device.

The OSI model forms a fundamental building block for which other topics within networking and cybersecurity rest upon. For example, some firewalls sit on layer four of the OSI model, whereas firewalls on layer seven perform unique functions, such as deep packet inspection, that are unavailable on any other layer of the model. Hence, a thorough understanding of the OSI model is crucial for any cybersecurity professional. It helps us visualise what sits where, and what security controls are appropriate at each level of a network.

In this insights article, we’ll explore the seven layers of the OSI model in detail, and provide practical examples of each of them at work.

Layer One: The Physical Layer

The Physical Layer is the lowest layer of the OSI model and deals with the physical aspects of data transmission. It defines the electrical, mechanical, and physical characteristics of the network, including cables, connectors, signalling, and transmission rates. This layer’s primary function is to transmit raw bits over a communication channel without any regard for the content or structure of the data.

Put in other words, the physical layer transmits the binary 1s and 0s across a network. Any computing device is essentially a collection of 1s and 0s, and these, when combined, are used to form the data that you see on your computer. The role of the physical layer is to ensure that these packets reach from one device to another.

When thinking of layer one, think of copper cables. As the name suggests, the physical layer is responsible for the underlying hardware which a network is built on. 

Layer Two: The data link layer

The Data Link Layer provides reliable and error-free transmission of data frames between directly connected nodes over a physical link. It takes the data received from the network layer and breaks it into smaller units called frames. It handles framing, error detection, and correction, as well as flow control to ensure that data is transmitted accurately and efficiently. This layer also manages access to the physical medium and resolves conflicts when multiple devices attempt to send data simultaneously.

The data link layer helps devices on the same network share data by breaking information into smaller parts called frames. It’s similar to the network layer, which also controls how data moves between devices, but is used only for communication within a single network. The data link layer also helps manage how information is sent and received with features called flow control and error control. These help ensure information is sent smoothly and without mistakes. The transport layer handles flow and error control for communication between different networks.

Layer three: the network layer

The Network Layer focuses on the logical addressing and routing of data packets across different networks. It receives the data from the transport layer and adds network-specific addressing information to create packets. This layer determines the best path for data transmission by using routing algorithms and protocols. It also manages congestion control, fragmentation, and reassembly of packets to ensure successful delivery to the destination.

The network layer helps two different networks send information to each other. If two devices are on the same network, the network layer isn’t needed. The network layer splits information sent from one device into smaller pieces called packets. Then, it puts the packets back together on the receiving device. The network layer also finds the best way to send the information to its destination. This is called routing. There are different ways to do this, like IP, ICMP, IGMP, and IPsec.

Whilst the aforementioned routing protocols aren’t going to be discussed in this article, they essentially dictate how one packet on a network reaches another network.

Layer four: the transport layer

The Transport Layer is responsible for the reliable and efficient transfer of data between hosts. It takes data from the session layer and breaks it into smaller units called segments. This layer ensures error-free delivery, flow control, and reliable end-to-end communication by providing acknowledgement mechanisms, error detection and recovery, sequencing, and retransmission of lost or corrupted segments. It can establish connections (connection-oriented) or send data without establishing connections (connectionless).

Layer 4 helps the two devices talk to each other from start to finish. It takes the information from layer 5 and splits it into smaller pieces, and sends it over to layer 3. When the other device receives the pieces, layer 4 puts them back together and sends them to layer 5. Layer 4 also makes sure the information is sent at a good speed and checks to make sure all the pieces of information arrived okay. Some types of Layer 4 are TCP and UDP.

Layer five: the session layer

The Session Layer establishes, manages, and terminates communication sessions between applications on different network devices. It provides mechanisms for session establishment, synchronisation, and checkpointing. This layer allows applications to establish connections, maintain conversations, and synchronise data exchange. It also handles session recovery in case of interruptions or failures.

This is the layer that opens and closes communication. It makes sure that the connection stays open long enough to exchange all the data, then closes it so the systems don’t waste resources.

The session layer also puts checkpoints every few chunks of data when exchanging files, so when there is a problem, the transfer can be resumed from the last checkpoint instead of starting all over again.

Layer six: the presentation layer

The Presentation Layer ensures that data exchanged between applications is properly formatted, translated, and interpreted. It deals with the representation and transformation of data to ensure compatibility between different systems. Functions of this layer include data encryption, compression, and decompression, data formatting, character set conversion, and encryption.

Layer 6 is a part of computer communication that gets data ready for the application layer to use. This means it makes data easy to understand for the application. Layer 6 does things like changing the way data is written if the two devices use different methods. If the connection is private, layer 6 helps keep data secret by putting a lock on it to keep it safe. Then it unlocks it at the other end so the application can read it. Layer 6 also makes data smaller to make communication faster and better.

Layer Seven: the application layer

Finally, The Application Layer is the topmost layer of the OSI model, which interacts directly with end-users and provides network services to applications. It includes protocols for functions such as email, file transfer, remote access, directory services, and web browsing. This layer allows users to interact with network services and applications, providing an interface for communication between the network and the user.

The application layer is the first layer of a software that talks to the user’s data. Programmess like web browsers and emails use this layer to start communication. Remember that client software is not part of this layer. The application layer has protocols that help the software display important data that users need. Some of these protocols are HTTP and SMTP. SMTP is a protocol used to communicate emails.

An example of the OSI model in action

When we send information from one device to another over the internet, it must travel down and back up 7 layers of the OSI Model. For example, when John Doe sends Mary Doe an email, his message goes from his laptop to the application layer.

Then, it’s compressed at the presentation layer, and sent to the session layer to start the communication session. The data is segmented at the transportation layer, then broken down even further at the network and data link layers. The data is finally converted to 1s and 0s and sent through a cable, wifi or other physical medium to Ms. Palmer’s device.

When the data reaches Ms. Palmer’s device, it travels through the 7 layers in the opposite order, until it gets to her email application and she can read Mr. Cooper’s message on her screen.

In conclusion

By dividing the network communication process into these distinct layers, the OSI model enables the standardisation of network protocols, simplifies network design and troubleshooting, and promotes interoperability between different network devices and technologies. It serves as a reference model for understanding and developing network protocols and architectures. 

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe 😇

More Cybersecurity Insights & Analysis

Fifteen Steps to maximising firefox privacy 🔒✅

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity. 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me 😇

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties 😇

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.