Getting “Hacked” Series: Part 4 - Layered Approach

Written By Steven Kroiss

As per the previous posts, we’ve covered the following:

Social Engineering

Phishing

Types of Hackers

The Social Engineering and Phishing are some of the basic hacks that focus primarily on the human element of the system.

We’re now going to focus on the non-human elements of the system. In the tech field, we break down security into different “layers”, 7 of which to be exact. There is even a full “model” we use to assist in explaining and breaking down each layer called the OSI Model which stands for Open Systems Interconnection.

Here is a breakdown of the different layers with the attacks as well as some of the prevention methods.

*Below this is a broken down description of each layer*

(5-7 are part of the same systems so the attacks and prevention are linked)

7. Application - Human-computer interaction layer, where applications can access the network services

6. Presentation

5. Session

  • Attack

    • Vulnerabilities in Applications

    • Virus

    • Missing Security Patches

    • Phishing

    • Key Logger

    • Session Hacking

  • Prevention

    • Anti-Virus

    • Dual Factor Authentication

    • Firewalls (Physical and software)

    • Patching - Operating System, Hardware, and Software

    • Anti-Phishing/Anti-SPAM

(1-4 have individual attack and prevention methods)

4. Transport - Transmits data using transmission protocols including TCP and UDP

  • Attack

    • Port scanning looking for vulnerable or accessible network ports

  • Prevention

    • Firewall

    • Lock down ports that aren’t in use

3. Network - External exposure open to external attacks

  • Attack

    • Packet Sniffing

    • DoS Attacks

      • Ping Floods

      • ICMP attacks

  • Prevention

    • Routers should be patched and configured properly

    • Packet filtering controls should be used

    • Routing information should be controlled

2. Data Link - Taking advantage of the data handling within an organization

  • Attack

    • Taking advantage of vulnerabilities in protocols someone may be using

    • A lack of security measures on dated or non-updated equipment

    • MAC Flooding

    • ARP Poisoning

  • Prevention

    • Software updates to Equipment

    • Physically replacing networking gear that is capable of the latest security measures

    • Configurations are set appropriately to take advantage of the proper security settings

1. Physical - Focuses on disrupting service though equipment

  • Attack

    • Denial of Service (DoS) attack

    • Physical destruction to equipment/cables

    • Interference with Wifi signals

  • Prevention

    • Newer Networking equipment has some preventative measures in place to protect against some DoS attacks

    • Securing where equipment and network infrastructure is stored.

Detailed Description of each layer

7. Application

The application layer is used by end-user software such as web browsers and email clients. It provides specific communications that allows software to send and receive information and make it legible for the user.

6. Presentation

The presentation layer prepares the data for the application layer. It decides how the devices should handle the data so it can be received correctly on the other end. In addition, it also takes any data that’s being sent by the application layer and prepares it to be sent over the session layer.

5. Session

Creates communication channels, called sessions, between devices. Think of it as a phone call. it’s responsible for opening sessions, and ensuring that they stay open and functional while data is being transferred, and then closing them once the communication has ended. It can also set checkpoints during the data transfer, so if the session has been interrupted, devices can resume the data transfer from the last checkpoint.

4. Transport

Takes data transferred in the session layer and breaks it into “segments” on the transmitting end. It’s responsible for taking those segments and reassembling them on the receiving end, turning it back into data that can be used by the session layer. It also carries out flow control, sending data at a rate that matches the connection speed of the receiving device, and error control, checking if the data was received incorrectly, and if not, requesting it again.

3. Network

This layer has 2 main functions. One is breaking up the segments into “packets” and reassembling them on the receiving end. The second is routing said packets by discovering the best path across a physical network. The network layer uses network addresses (similar to how your home address works) to route packets to it’s destination.

2. Data Link

Establishes and terminates a connection between two physically connected spots on a network. It takes the frames and breaks them up into segments and sends them from the source to the destination.

This layer is composed of two parts:

  1. Logical Link Layer (LLC) which identifies network protocols, performs error checking, and synchronizes frames.

  2. Media Access Control (MAC) which uses MAC addresses to connect devices and define permissions to transmit and receive data.

1. Physical

Responsible for cabled or wireless connection between devices. It defines the connector, connection type, data transfer rate, and the devices. It handles the transmission of the raw data which is just a series of bits which are represented by 0s and 1s.

Steven Kroiss
Next

Getting “Hacked” Series: Part 3 - Types of Hackers