Plaintext: Understanding Layer 8
Welcome to Dark Reading in Plaintext, where each day we bring you insights around one topic important to cybersecurity professionals. Today, we talk about the OSI Model and what it means to consider Layer 8. How should security teams incorporate user behavior and intent into the security model?
Consider the OSI Model
Security teams often focus on "Layer 3" or "Layer 4" data when trying to detect security issues or mitigate attacks. Many are now moving up the stack to consider "Layer 7." What does this data tell security teams about modern attacks?
The International Organization for Standardization created the open systems interconnection (OSI) model, a conceptual model to help diverse systems communicate with each other.
Layer 1 : Physical. The “bottom” of the model represents the electrical and physical components, and can be the cable type, radio frequency link (as in WiFi). Troubleshooting Layer 1 problems involves checking that the hardware is plugged in and properly connected with each other.
Layer 2 : Data Link. This layer is where note-to-node data transfers happen. Most networking switches operate at Layer 2.
Layer 3 : Network. This layer refers to the router functionality – packet forwarding, routing traffic through different routers. Network switches that support virtual LANS are considered Layer 3 switches because of their routing capabilities.
Layer 4 : Transport: This layer coordinates data transfer between end systems and hosts, determining details such as how much data to send, at what rate, and to whom. TCP and UDP port are for Layer 4, while IP addresses are on the Layer 3.
Layer 5 : Session. A session is created on this layer so that two computers or other network devices can speak to each other.
领英推荐
Layer 6 : Presentation. This area is independent of data representation at the application layer and is where data for the application and network are presented. For example, data encryption and decryption happens at Layer 6.
Layer 7 : Application. This layer receives information directly from users and displays incoming data to the user. Web browsers rely on Layer 7.
Is there a Layer 8? We sometimes need to go beyond the application and look at the user activity to understand what is happening or whether an activity is legitimate. The difference between the legitimate user of an application and abuse boils down to the end user’s intent. “Some people refer to this end-user layer above layer 7 of the OSI model as?layer 8 ,” F5’s Joshua Goldfarb writes this week.?
Headlines on Tap?
Subscribe to receive Dark Reading Weekly every Thursday morning!
On That Note
Earlier this week, the Office of the National Cyber Director (ONCD) named Camille Stewart Gloster as Deputy National Cyber Director for Technology and Ecosystem Security.
“We need top talent in the government to meet the dynamic and complex cyber challenges we face as a nation,” National Cyber Director Chris Inglis said in a release . “The depth and breadth of her experiences will help the Biden-Harris Administration advance key priorities, including promoting the resilience of our software and hardware supply chain, building a more diverse cyber workforce, and strengthening cyber education for all Americans.”
Check out the Dark Reading Q&A on systemic racism and discussion on breaking the glass ceiling .