Appendix D

The OSI Model

The OSI reference model conceptually divides different networking requirements into seven separate layers. For most people studying for the CompTIA Security+ exam, the OSI model isn’t new. However, because it’s primarily theoretical and rarely used in day-to-day maintenance, some of the knowledge often slips away.

The good news is that you don’t need to know it as in-depth as you would for other certification exams such as the CompTIA Network+ exam. If you recently studied for Network+, you probably mastered these concepts, and this will just be a quick review.

Understanding the Layers

The OSI model has seven layers. The layers from Layer 1 to Layer 7 are Physical, Data Link, Network, Transport, Session, Presentation, and Application. Many people use mnemonics to memorize the layers. For example, “Please Do Not Throw Sausage Pizza Away.” The first letter in each of the words represents the first letter of the layer. The P in Please is for Physical, the D in Do is for the Data Link layer, and so on.

Another common mnemonic is “All People Seem To Need Data Processing” (for Application, Presentation, Session, Transport, Network, Data Link, and Physical). Notice that this method lists the layers from Layer 7 to Layer 1.

Table D.1 summarizes the layers with the mnemonics.

  • L.N.
  • Layer Name
  • Mnemonic
  • Mnemonic
  • 1
  • Physical
  • Please
  • Processing
  • 2
  • Data Link
  • Do
  • Data
  • 3
  • Network
  • Not
  • Need
  • 4
  • Transport
  • Throw
  • To
  • 5
  • Session
  • Sausage
  • Seem
  • 6
  • Presentation
  • Pizza
  • People
  • 7
  • Application
  • Away
  • All

After mastering the mnemonic, you also need to remember which layer is Layer 1, and which layer is Layer 7. This memory technique may help. You may have heard about a “Layer 8 error.” This is another way of saying “user error” and users interact with applications. In other words, a user on the mythical Layer 8 interacts with applications, which are on Layer 7. I don’t mean to belittle users or user errors—I make my fair share of errors. However, this memory trick has helped me, and many other people, remember that the Application layer is Layer 7.

The following sections provide a short synopsis of these layers.

Table D.1: OSI layers and common mnemonics

Layer 1: Physical

The Physical layer is associated with the physical hardware. It includes specifications for cable types, such as 1000BaseT, connectors, and hubs. Computing devices such as computers, servers, routers, and switches transmit data onto the transmission medium in a bitstream. This bitstream is formatted according to specifications at higher-level OSI layers.

Layer 2: Data Link

The Data Link layer is responsible for ensuring that data is transmitted to specific devices on the network. It formats the data into frames and adds a header that includes media Copyright 2021 YCDA, LLC. access control (MAC) addresses for the source and destination devices. It adds frame check sequence data to the frame to detect errors, but it doesn’t support error correction. The Data Link layer simply discards frames with detected errors. Flow control functions are also available on this layer.

Traditional switches (Layer 2 switches) operate on this layer. Computer network interface cards have a MAC assigned, and switches map the computer MAC addresses to physical ports on the switch. Systems use the Address Resolution Protocol (ARP) to resolve IPv4 addresses to MAC addresses. VLANs are defined on this layer.

The CompTIA Security+ objectives list Layer 2 attacks as Address Resolution Protocol (ARP) poisoning, media access control (MAC) flooding, and MAC cloning. Chapter 7, “Protecting Against Advanced Attacks,” covers these attacks.

Layer 3: Network

The Network layer uses logical addressing in the form of IP addresses at this layer. This includes both IPv4 addresses and IPv6 addresses. Packets identify where the traffic originated (the source IP address) and where it is going (the destination IP address). Other protocols that operate on this layer are IPsec and ICMP. Routers and Layer 3 switches operate on this layer.

Layer 4: Transport

The Transport layer is responsible for transporting data between systems, commonly referred to as end-to-end connections. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) operate on this layer. TCP provides reliability with error control, flow control, and segmentation of data.

Layer 5: Session

The Session layer is responsible for establishing, maintaining, and terminating sessions between systems. In this context, a session refers to an extended connection between two systems, sometimes referred to as dialogues or conversations. As an example, if you log on to a webpage, the Session layer establishes a connection with the web server and keeps it open while you’re interacting with the webpages. When you close the pages, the Session layer terminates the session.

If you’re like many users, you probably have more than one application open at a time. For example, in addition to having a web browser open, you might have an email application open. Each of these is a different session, and the Session layer manages them separately.

Layer 6: Presentation

The Presentation layer is responsible for formatting the data needed by the end-user applications. For example, American Standard Code for Information Interchange (ASCII) and Extended Binary Coded Decimal Interchange Code (EBCDIC) are two standards that define codes used to display characters on this layer.

Layer 7: Application

The Application layer is responsible for displaying information to the end user in a readable format. Application layer protocols typically use this layer to determine if sufficient network resources are available for an application to operate on the network.

Note that this layer doesn’t refer to end-user applications directly. However, many end-user applications use protocols defined at this layer. For example, a web browser interacts with DNS services to identify the IP address of a website name. Similarly, Hypertext Transfer Protocol (HTTP) and HTTP Secure (HTTPS) transmit webpages over the Internet on this layer.

Some of the protocols that operate on this layer are:

  • HTTP and HTTPS

  • Secure Shell (SSH)

  • Domain Name System (DNS)

  • Post Office Protocol 3 (POP3)

  • Simple Mail Transfer Protocol (SMTP)

  • File Transfer Protocol (FTP) and FTP Secure (FTPS)

  • Secure FTP (SFTP) and Trivial FTP (TFTP)

  • Internet Message Access Protocol 4 (IMAP4)

  • Simple Network Management Protocol (SNMP)

  • Lightweight Directory Access Protocol (LDAP) and LDAP Secure (LDAPS)

Many advanced devices are application-aware and operate on all of the layers up to the Application layer. This includes proxy servers, web application firewalls, next-generation firewalls (NGFWs), unified threat management (UTM) security appliances, and web security gateways.

Table D.2 summarizes the layers with relevant devices and protocols

  • L.N.
  • Layer Name
  • Devices
  • Protocols
  • 1
  • Physical
  • Cables, hubs
  • Ethernet, cabling portocols
  • 2
  • Data Link
  • Switches
  • MAC, ARP, VLANs
  • 3
  • Network
  • Router, Layers 3 switch
  • IPv4, IPv6, IPsec, ICMP
  • 4
  • Transport
  • TCP, UDP
  • 5
  • Session
  • 6
  • Presentation
  • 7
  • Application
  • Proxy servers, web application firewalls, next-generation firewalls, UTM security appliances, and web security gateways
  • DNS, FTP, FTPS, SFTP, TFTP, HTTP, HTTPS, IMAP4, LDAP, POP3, SFTP, SMTP, SNMP, SSH, and TFTP

Table D.2: OSI layers, devices, protocols