Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
The OSI model defines how devices operating over networks communicate with one another. The Open Systems Interconnection (OSI) model is a set of communication rules developed by the ISO. Quickly gaining acceptance in the early days of the internet — when inter-network communication was first emerging — this model became a guide for network operations. In the early days of the internet, every vendor built its own communication model for its own devices. However, as networks grew and expanded, this became a significant problem, and OSI was introduced as a vendor-independent communication model. This enabled all manufacturers to begin implementing their communication methods in compliance with the model. The TCP/IP model, on the other hand, emerged as a much simpler and more communication-friendly alternative to the ISO model.
In the cybersecurity world, familiarity with the OSI and TCP/IP models is essential. Knowing the layers within these models, understanding how they operate, and gaining experience in network management are among the most important steps in entering the field of cybersecurity.
Prior to the OSI model, most commercial networks used in small or large companies were built with technologies that no particular company could standardise. With the growth of communication, OSI emerged in the late 1970s as an industry necessity — to create a network to which products from various manufacturers could connect.
The OSI model — known in full as Open Systems Interconnection — describes how networks communicate. It does so by describing various protocols and activities and specifying how they relate to one another. The OSI model is divided into and classified across seven layers.
It is commonly understood that OSI forms the general foundation of internet and network infrastructure. However, the architecture actually used in today’s internet world is the TCP/IP model. TCP/IP became the preferred choice owing to its ease of use, whereas OSI is a more complex model by comparison.
| Layer | Description | Protocols |
|---|---|---|
| Application (7) | Interfaces directly with applications and performs common application services for application processes. | POP, SMTP, DNS, FTP, Telnet, HTTP |
| Presentation (6) | Handles syntactic differences in data representation between end-user systems. | NDR, LPP |
| Session (5) | Provides a mechanism for managing dialogue between end-user application processes. | NetBIOS |
| Transport (4) | Provides end-to-end communication control. | TCP, UDP |
| Network (3) | Routes information through the network. | IP, ARP, ICMP |
| Data Link (2) | Describes the logical organisation of data bits transmitted over a given medium. | SLIP, PPP |
| Physical (1) | Describes the physical characteristics of various communications media and the electrical properties and interpretation of exchanged signals. | IEEE 1394, DSL, ISDN |
The OSI model does not vary by hardware or network type — the standard is singular and applied uniformly. Data must pass through each layer in accordance with defined rules both for intra-network and inter-network transmission. At each layer it passes through, specific tasks are assigned to the data. When data is sent, it receives a separate header at each layer. When the data arrives at the destination computer, it progresses from the hardware layer (physical layer) up to the application layer, following these headers. Once it reaches the application layer, the data has arrived at the destination computer.
This is the layer at which data link connections are transmitted as electrical signals. The physical layer is the actual NIC and Ethernet cable. It defines the relationship between a device and the transmission medium connected to it (fibre, copper, radio signal, etc.) and also describes the transmission modes — simplex, half-duplex, full-duplex. The decoding of bits occurs at this layer. The resolved bits are then transmitted as digital or analogue signals. In general, raw data is processed at this layer without regard to the type or destination of the data.
This is defined as the data link layer, which provides end-to-end data transfer. It is the layer at which the MAC address of a wired or wireless Ethernet card is obtained and the ARP protocol operates. It detects errors that may arise in the physical layer and is the layer at which such errors are corrected as far as possible. At this layer, the protocol that establishes and terminates a connection between two physically connected devices is defined.
The network layer handles the transfer of a data packet from one network node to another. At this layer, data begins to be transported as packets. Through this layer, routing of data via routers is enabled. Switching and routing devices operate at this layer. The network layer encompasses scenarios in which information that routers will use when the data packet needs to be sent to a different network is added to the packet. It is at the network layer that IP addresses are assigned to devices and the IP address of the destination system is determined.
At this layer, the best path selection is also made for data in motion to reach its destination — generally the shortest path is preferred. This process is called routing, and the device that performs it is called a router. In its simplest description, a router aims to deliver a packet to the destination system in the shortest time by selecting the best path. The protocols used at this layer include IP, ARP, RARP, BOOTP, and ICMP. At this layer, logical network addresses are translated into physical machine addresses. If data being transmitted from a node operating at the network layer to another node at the data link layer is too large, the network divides the data into several fragments, sends them separately, and reassembles them at the destination node. The network layer does not guarantee secure data transmission.
Also referred to as the transmission layer. The transport layer takes data from the application layer and packages it. Packaging encompasses all operations involving dividing large data into smaller pieces. The transport layer is responsible for segmenting and reassembling packets and ensuring error control. If a packet encounters an error, it is retransmitted. It is the layer at which the successful delivery of packets to the destination is verified, and at which port differentiation is performed — determining which port is being listened to by which application.
The transport layer divides data from upper layers into network packet-sized fragments. TCP, UDP, and SPX protocols operate at this layer and also perform tasks such as error control. Data is carried in segments at this layer.
The session layer controls connections between devices. It can establish, manage, or terminate both local and remote connections. It is frequently used in application environments that use remote procedure calls (RPC). Services used at this layer include SQL, NetBIOS, and NFS.
At the session layer, operations of establishing, using, and terminating connections between two computers are carried out. When a single computer is communicating with multiple computers simultaneously, this layer ensures that communication with the correct computer takes place as required. Data to be sent to the presentation layer is separated between different sessions at this layer. Protocols such as NetBIOS, RPC, Named Pipes, and Sockets operate at this layer.
The presentation layer provides the communication medium between entities in the application layer. Its most important function is to translate transmitted data into a format that can be understood by the destination computer, enabling different programmes to use each other’s data. The presentation layer sends data to the application layer, and at this layer, adjustments are made to the structure and format of the data. The format of the data is determined. Encryption, decryption, and compression of data also take place at this layer. GIF, JPEG, TIFF, EBCDIC, and ASCII operate at this layer. The presentation layer converts data into a form that applications can accept, formatting and encrypting it for transmission over the network. It is therefore also known as the syntax layer.
The application layer provides an interface between the computer application and the network. It is the layer closest to the end user and deals with the data presented to the user — it interacts with software and applications. It is the only layer among the OSI layers that does not provide services to the other layers. In essence, it meets the requirements of computer users. Protocols and browsers such as SSH, Telnet, FTP, TFTP, SMTP, SNMP, HTTP, and DNS operate at this layer.
In the TCP/IP model, this layer is formed by combining OSI Model Layers 1 and 2 — i.e. the Physical and Data Link layers. All the functions of these layers are consolidated into the first layer of the TCP/IP model.
Operations at this layer are performed in the same way as at the OSI model’s Layer 3, the Network Layer. In the TCP/IP model, this section is designated as the second layer. Just as in the OSI model’s network layer, data begins to be transported as packets.
Operations at the transport layer function in the same way as at OSI model Layer 4, the Transport Layer. The transport layer is designated as the third layer in the TCP/IP model and stands alone as a distinct layer. It packages data received from the application layer into packets.
This layer encompasses OSI model Layers 5, 6, and 7. Known as the Application layer, the OSI model’s Session, Presentation, and Application layers are merged and consolidated into this single layer.
You May Be Interested In These
