The OSI Model and You Part 3: Stopping Threats at the OSI Network Layer

June 7, 2021
| |
2 min read

Networking models help us understand the ‘lay of the land’ when it comes to protecting the network. In our journey through the Open Systems Interconnection (OSI) framework, we’ve arrived at the last stop in the media group, the OSI network layer.

Remember, we’ve gotten here via the OSI data link layer, or the ‘how’ the zeroes and ones traverse. In the past entry in this series, we discussed the importance of ensuring this link is secure through encryption, disabling ports and other ways to deny access.

Now, the OSI network layer is where the rubber really starts to hit the road. The data packets now get traveling. Think of it like this: the data link layer is node-to-node, whereas the network layer is network-to-network, and even through networks. The key to making this layer work is the router.

What is the OSI Network Layer?

You can also think of the network layer as the guide and traffic operator. It tells all the data packets where to go. Once data comes into the OSI network layer, an internet protocol (IP) address is added. Now, the data packet knows where to go. And the routers are what keep track and manage all the traffic. There are different ways to manage the traffic, also known as protocols, such as IPv4 and IPv6.  Without the network layer, the zeroes and ones can’t get anywhere.

Cybersecurity Threats to the OSI Network Layer

Malicious actors can attack the network layer through overloading the network, spoofing and sniffing. Let’s begin with overloading a network. An attacker can do this through denial of service (DoS) attacks, such as a ping flood. When an attacker knows which IP addresses are associated with a target network, they will send an internet control message protocol ping — or echo — repeatedly to overload the part or the entire network. This means an attacker can attack a single endpoint or a router to disrupt all communication.

Another method of attack is IP spoofing. Often used for distributed DoS attacks (DDoS), an attacker will alter the source IP in the header. IP spoofing is pretty much standard now for DDoS malware kits.

Finally, attackers can impact the OSI network layer through IP and port sniffing. IP and port sniffing allows an attacker to perform reconnaissance and learn more about a user through packet analysis. If the connection is not secured (think encryption) a malicious actor can steal valuable information.

In other words, it is not all too uncommon to see man-in-the-middle attacks happen at the OSI network layer level.

Using Firewalls in the OSI Network Layer

To prevent against these attacks, use of firewalls is critical. Firewall usage these days is pretty much a given, though future use of firewalls is up for debate on account of new cloud security technologies. Also, do not be surprised if a firewall gets overloaded during these types of attacks.

Similarly, a firewall technique that can reduce risk is packet filtering. This technique only allows incoming packets to pass based on the source and destination IP addresses and protocols. Finally, take a look at another related technique called anti-spoofing. A firewall will block a packet if the IP address is wrong, falsified or otherwise spoofed. All of the above seems relatively straightforward, but configuration is critical to success.

The Next Stop on the Journey

Collectively, the first three OSI layers — physical, data link and network layers — make up the ‘media’ portion of the OSI model. In the next piece, we will look at the first of the ‘host’ layers, the transport layer.

George Platsis

George Platsis works with the private, public and nonprofit sectors to address their strategic, operational and training needs, focusing on projects related ...
read more