The OSI Model and You Part 4: Stopping Threats at the OSI Transport Layer

June 14, 2021
| |
2 min read

As we’ve talked about in the rest of this series, there are several ways to use the Open Systems Interconnection (OSI) seven layers of networking model to help us secure our networks and make them more resilient. Now, we’ve reached the first of the ‘host’ layers, the OSI transport layer. 

Previously, we described ‘what’ allows data to travel (physical layer), ‘how’ it travels (data link layer) and ‘where’ the data travels (network layer). Next, the OSI transport layer is a bit more of ‘how’ the zeroes and ones travel. More specifically the transport layer focuses on quality and speed.

What Is the OSI Transport Layer?

The Transport Layer outlines the functions and protocols for transferring variable-length data sequences between the source and the host. That means that since data has different sizes and is broken up into packets, some rules are in place on how to do that. Two types of protocols are often associated with the OSI model, the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The quick distinction between the two is that TCP prioritizes data quality over speed. Meanwhile, UDP is a connectionless protocol that prioritizes speed over quality.

Cybersecurity Threats to the OSI Transport Layer

Despite being a ‘host’ layer, the transport layer is prone to some of the threats to the previous ‘media’ layers. This is another place to expect sniffing, specifically related to ports and protocols. Distributed denial of services (DDoS) attacks can also strike the transport layer. In particular, two types of attacks common to the OSI transport layer are SYN floods and Smurf attacks. In an SYN flood, an attacker initiates many connections to a server using a spoofed IP address, not waiting for a connection to finalize. Smurf attacks use malware to overload network resources. The attacker broadcasts Internet Control Message Protocol echoes, resulting in an infinite loop of requests.

Therefore, you really want to limit access on the OSI transport layer. Lock down your ports, configure your firewalls for only what is needed and gate access to your transmission protocols.

Attackers Scouting Layers

There is also another issue to consider in the transport layer. It is a great place for a malicious actor to do reconnaissance. They may not attack you directly on the transport layer unless they intend to inflict a DDoS attack on you. However, the actor can learn a lot about how to get into your environment, especially the commonly-targeted session layer.

Reliability on the OSI transport layer is crucial. There is a lot going on in this layer because all the packets move around. As a side note, we often refer to packets as segments or datagrams on the transport layer, based on protocol used. If this layer does not segment and reassemble the packets correctly, performance may suffer. That means the OSI transport layer needs to be as error-free as possible. This is also why it performs error control as well. If errors are happening here, communication between hosts will get messy. 

In the next piece, we will look at the session layer, which introduces some different naming. What we’ve been calling segments or datagrams, we’ll now refer to simply as ‘data’ as they move through. With different layers seeing different threats, it’s important to cover all of them thoroughly.

George Platsis
Senior Lead Technologist, Educator and Author

George Platsis works with the private, public and nonprofit sectors to address their strategic, operational and training needs, focusing on projects related ...
read more