Networking models help us understand the ‘lay of the land’ when it comes to protecting the network. In our journey through the Open Systems Interconnection (OSI) framework, we’ve arrived at the last stop in the media group, the OSI network layer.

Remember, we’ve gotten here via the OSI data link layer, or the ‘how’ the zeroes and ones traverse. In the past entry in this series, we discussed the importance of ensuring this link is secure through encryption, disabling ports and other ways to deny access.

Now, the OSI network layer is where the rubber really starts to hit the road. The data packets now get traveling. Think of it like this: the data link layer is node-to-node, whereas the network layer is network-to-network, and even through networks. The key to making this layer work is the router.

What is the OSI Network Layer?

You can also think of the network layer as the guide and traffic operator. It tells all the data packets where to go. Once data comes into the OSI network layer, an internet protocol (IP) address is added. Now, the data packet knows where to go. And the routers are what keep track and manage all the traffic. There are different ways to manage the traffic, also known as protocols, such as IPv4 and IPv6.  Without the network layer, the zeroes and ones can’t get anywhere.

Cybersecurity Threats to the OSI Network Layer

Malicious actors can attack the network layer through overloading the network, spoofing and sniffing. Let’s begin with overloading a network. An attacker can do this through denial of service (DoS) attacks, such as a ping flood. When an attacker knows which IP addresses are associated with a target network, they will send an internet control message protocol ping — or echo — repeatedly to overload the part or the entire network. This means an attacker can attack a single endpoint or a router to disrupt all communication.

Another method of attack is IP spoofing. Often used for distributed DoS attacks (DDoS), an attacker will alter the source IP in the header. IP spoofing is pretty much standard now for DDoS malware kits.

Finally, attackers can impact the OSI network layer through IP and port sniffing. IP and port sniffing allows an attacker to perform reconnaissance and learn more about a user through packet analysis. If the connection is not secured (think encryption) a malicious actor can steal valuable information.

In other words, it is not all too uncommon to see man-in-the-middle attacks happen at the OSI network layer level.

Using Firewalls in the OSI Network Layer

To prevent against these attacks, use of firewalls is critical. Firewall usage these days is pretty much a given, though future use of firewalls is up for debate on account of new cloud security technologies. Also, do not be surprised if a firewall gets overloaded during these types of attacks.

Similarly, a firewall technique that can reduce risk is packet filtering. This technique only allows incoming packets to pass based on the source and destination IP addresses and protocols. Finally, take a look at another related technique called anti-spoofing. A firewall will block a packet if the IP address is wrong, falsified or otherwise spoofed. All of the above seems relatively straightforward, but configuration is critical to success.

The Next Stop on the Journey

Collectively, the first three OSI layers — physical, data link and network layers — make up the ‘media’ portion of the OSI model. In the next piece, we will look at the first of the ‘host’ layers, the transport layer.

More from Mobile Security

Juice jacking: Is it a real issue or media hype?

4 min read - You get off a flight and realize your phone is almost out of battery, which will make getting an Uber at your destination a bit challenging. Then you see it — a public charging station at the next gate like a pot of gold at the end of the rainbow. As you run rom-com style to the USB port, you may briefly wonder if it’s actually safe from a cybersecurity perspective to plug in your phone. The answer is technically…

Third-party app stores could be a red flag for iOS security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

A view into Web(View) attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today