As we’ve talked about in the rest of this series, there are several ways to use the Open Systems Interconnection (OSI) seven layers of networking model to help us secure our networks and make them more resilient. Now, we’ve reached the first of the ‘host’ layers, the OSI transport layer. 

Previously, we described ‘what’ allows data to travel (physical layer), ‘how’ it travels (data link layer) and ‘where’ the data travels (network layer). Next, the OSI transport layer is a bit more of ‘how’ the zeroes and ones travel. More specifically the transport layer focuses on quality and speed.

What Is the OSI Transport Layer?

The Transport Layer outlines the functions and protocols for transferring variable-length data sequences between the source and the host. That means that since data has different sizes and is broken up into packets, some rules are in place on how to do that. Two types of protocols are often associated with the OSI model, the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The quick distinction between the two is that TCP prioritizes data quality over speed. Meanwhile, UDP is a connectionless protocol that prioritizes speed over quality.

Cybersecurity Threats to the OSI Transport Layer

Despite being a ‘host’ layer, the transport layer is prone to some of the threats to the previous ‘media’ layers. This is another place to expect sniffing, specifically related to ports and protocols. Distributed denial of services (DDoS) attacks can also strike the transport layer. In particular, two types of attacks common to the OSI transport layer are SYN floods and Smurf attacks. In an SYN flood, an attacker initiates many connections to a server using a spoofed IP address, not waiting for a connection to finalize. Smurf attacks use malware to overload network resources. The attacker broadcasts Internet Control Message Protocol echoes, resulting in an infinite loop of requests.

Therefore, you really want to limit access on the OSI transport layer. Lock down your ports, configure your firewalls for only what is needed and gate access to your transmission protocols.

Attackers Scouting Layers

There is also another issue to consider in the transport layer. It is a great place for a malicious actor to do reconnaissance. They may not attack you directly on the transport layer unless they intend to inflict a DDoS attack on you. However, the actor can learn a lot about how to get into your environment, especially the commonly-targeted session layer.

Reliability on the OSI transport layer is crucial. There is a lot going on in this layer because all the packets move around. As a side note, we often refer to packets as segments or datagrams on the transport layer, based on protocol used. If this layer does not segment and reassemble the packets correctly, performance may suffer. That means the OSI transport layer needs to be as error-free as possible. This is also why it performs error control as well. If errors are happening here, communication between hosts will get messy. 

In the next piece, we will look at the session layer, which introduces some different naming. What we’ve been calling segments or datagrams, we’ll now refer to simply as ‘data’ as they move through. With different layers seeing different threats, it’s important to cover all of them thoroughly.

More from Mobile Security

Third-Party App Stores Could Be a Red Flag for iOS Security

4 min read - Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…

4 min read

A View Into Web(View) Attacks in Android

9 min read - James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

9 min read

How the Mac OS X Trojan Flashback Changed Cybersecurity

4 min read - Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…

4 min read

Switching to 5G? Know Your Integrated Security Controls

4 min read - 5G is a big leap in mobile technology. It presents enterprises and service providers with capabilities for advanced applications, content delivery and digital engagement anywhere. It enables businesses with new use cases and integrated security needs to have a trusted network and application/data delivery function. How does one build a secure 5G network that provides the level of trust required by users today and in the future? The Benefits of 5G 5G's new use cases come from: Customized network slices…

4 min read