The OSI Model and You Part 6: Stopping Threats at the OSI Presentation Layer

June 28, 2021
| |
2 min read

Our travels through the OSI seven layers of networking have shown that each layer has specific weaknesses and angles of attack. In turn, each has its best defenses. Now, we’ve come to the OSI presentation layer. Here translation, encryption and compression all happen.

What Is the Presentation Layer?

The simplest way to describe the OSI presentation layer is as follows: it is where machine-readable code gets processed into something the end user can use later in the application layer. This layer is where formatting, conversion and encryption happen. Without it, unless you’re a developer, you likely won’t know what you’re looking at.

Attacks and Threats

If you are using an HTTPS website, encryption would happen at the presentation layer. That means getting your encryption right matters here. Therefore threat actors look for exploits in encryption flaws within the OSI presentation layer. One of the most common tactics is SSL hijacking or sniffing.

Like we said in previous entries, man-in-the-middle (MitM) attacks are one of the go-to moves for threat actors. In conjunction with malware, SSL hijacking can be damaging at the OSI presentation layer. If an attacker has already installed malware on a machine, the MitM would use a proxy to serve as an untrusted certificate authority. If this is the case, the browser will trust the wrong certificate authority and now the attacker will be able to read all messages. For this reason, it is important that your antivirus is up to date and you are doing what you can to stop malware from entering your devices.

As mentioned in the previous piece on the session layer, attackers will take advantage of bad coding practices. That’s true at this layer as well. Keep this in mind when you choose and add software into your enterprise.

The Journey Through the OSI Seven-Layer Model

We’re almost done with the journey through the OSI seven-layer model. After the OSI presentation layer, we’ll look at the application layer. By far, this is where the widest range of attacks and breaches can occur. Therefore, it’s very important to understand.

George Platsis
Senior Lead Technologist, Educator and Author

George Platsis works with the private, public and nonprofit sectors to address their strategic, operational and training needs, focusing on projects related ...
read more