The Open Systems Interconnect (OSI) model is a standard reference model for the communication between two end users. Seven different layers make up the OSI model: physical, data link, network, transport, session, presentation, and application. This paper will cover the type of security that is associated with each level of the OSI model.
The physical layer is where the actual communication occurs between devices. The security of the physical layer pertains to the actual hardware. The vulnerabilities of the physical layer include:
Environmental control loss
Hardware theft, damage or destruction
Unauthorized hardware changes (i.e.; removable media, data connections)
Detachment of the physical data links
Unnoticeable Data Interception
Certain measures can be implemented to ensure the physical layer is secure. This would be done by storing all hardware in a locked environment. The use of electronic locks would control and log all access to the room containing the hardware. The electronic locks could be a PIN and password or fingerprint scanner (biometrics). The use of video and audio surveillance would provide physical proof of unauthorized access that could compromise the hardware.
Data Link Layer
The second layer of the OSI model is the data link layer. This is the layer that transports the data between network nodes in a wide area network (WAN) or on the same local area network (LAN) between nodes. The data link layer makes available the procedural and functional means to move data between network devices and could provide the measures to find and possibly correct errors that may occur in the physical layer. The security vulnerabilities associated with the data link layer are:
One device may claim to be a different device by spoofing the MAC address
Spanning Tree errors could be introduced either accidental or on purpose causing packets to transmit in infinite loops.
Switches could flood all traffic to the VLAN ports and not forward to the proper port. This could result in data being intercepted by any device that is connected to the VLAN.
Stations could be force direct communication with other stations which ends up bypassing subnets and firewalls.
Weak authentication and encryption on a wireless network could allow for unauthorized connections to the network, data and devices.
Data link layer controls can be implemented to ensure the security of the transmissions. By using MAC address filtering the stations are identified by not only the MAC address but are cross-referenced with the logical access or physical port. Firewalls should be between layers, ensuring physical isolation from one another. Wireless application must be monitored consistently and carefully for unauthorized access. In order to secure the wireless network, the use of the built-in encryption, authentication, and MAC filtering must be implemented with...