Network Vulnerabilities and the OSI Model


The OSI model is used as an understanding of how computer networks operate and communicate. Using this ISO standard, organisations can understand where vulnerabilities may exist within their infrastructure and apply controls appropriately. Understanding of the OSI model is imperative for any computer/network professional. Through understanding the model, computer professionals can gain a deeper level understanding of how packets move throughout a network and how attacks and can disrupt can occur at any level.

Initially, it is worth discussing the OSA model and its basic principles. This article will not go into detail of the OSI model as it is primarily focused on network vulnerabilities and how they map to the high level principles, or layers, of the OSA model. For in depth detail, please refer to the OSI model on the ISO website.

The OSA model consists of 7 layers and describes the communication path for networks. The layers consist of:

Layer 7. Application Layer
Layer 6. Presentation Layer
Layer 5. Session Layer
Layer 4. Transport Layer
Layer 3. Network Layer
Layer 2. Data Link Layer
Layer 1. Physical Layer

The layers describe each part of the network and are stepped through consecutively when data is sent on a network. The best way to understand this model is to envisage packets moving on a network. Data in an application, for example an email in Outlook, resides at Layer 7. When the user wants to send an email, they press the send button and the data works its way down the OSI layers and across the network.

Initially, the data will work down through presentation and session into the transport layer. The email will be sent by SMTP (or a similar protocol) that resides in Layer 4 – Transport Layer. The data will then move down across the network layer and into the data link. Finally, the packets will reach the physical layer, which is where the physical wiring will send the data across to the receipent network.

Once the data reaches the recipient network, it will work its way back up the OSA model before reaching the end user at the presentation/application layer.

And, in a very, very brief nutshell – this is how networks communicate. So, what does this mean in terms of risk to your business? How do vulnerabilities fit into this model? And, most importantly, how can this be used to understand the threats to your network and business?

Well, each attack can essentially be mapped onto the OSI model. For example, physical layer attacks occur when the physical infrastructure is compromised or disrupted – this can include cutting wires or running signals that disrupt wireless ranges. This would prevent packets being sent across the network, causing a denial of service (DoS) attack.

So, lets look at each layer of the OSI model, the typical attacks you might find at each layer and some general remediation’s. Obviously the mitigations you put in place will be dependent on a full and thorough risk assessment, but this can be used as a guide to understand the types of attacks that may occur:

OSI model Layer 1 attacks

Layer 1 refers to the physical aspect of networking – in other words, the cabling and infrastructure used for networks to communicate. Layer 1 attacks focus on disrupting this service in any manner possible, primarily resulting in Denial of Service (DoS) attacks. This disruption could be caused by physically cutting cable right through to disrupting wireless signals.

OSI model Layer 2 attacks

Layer 2 of the OSI model is the data link layer and focuses on the methods for delivering data blocks. Normally, this consists of switches utilising protocols such as the Spanning Tree Protocol (STP) and the Dynamic Host Configuration Protocol (DHCP), which is used throughout networking for dynamic IP assignment.

Attacks at this layer can focus on the insecurity of the protocols used or the lack of hardening on the routing devices themselves. As switches focus is on providing LAN connectivity, the majority of threats come from inside the organisation itself. Layer 2 attacks may also include MAC flooding or ARP poisoning.

In order to mitigate these risks, it is imperative network switches are hardened. Additional controls may include ARP inspection, disabling unused ports and enforcing effective security on VLAN’s to prevent VLAN hopping.

OSI model Layer 3 attacks

Layer 3 is the network layer and utilises multiple common protocols to perform routing on the network. Protocols consist of the Internet Protocol (IP), packet sniffing and DoS attacks such as Ping floods and ICMP attacks. Because of their layer 3 nature, these types of attacks can be performed remotely over the Internet while layer 2 attacks primarily come from the internal LAN.

To reduce the risk of these types of attacks, routers should be hardened, packet filtering controls should be used and routing information should be controlled.

OSI model Layer 4 attacks

Layer 4 is the transport layer and utilises common transport protocols to enable network communications. This may include the Transport Control Protocol (TCP) and Universal Data Protocol (UDP).

Port scanning, a method by which to identify vulnerable or open network ports, operates at layer 4 of the OSI model. Implementing effective firewalls and locking down ports only to those required can mitigate risks at this level.
OSI model layer 5-7

Above layer 4, we are looking primarily at application level attacks which result from poor coding practices. Vulnerabilities in applications can be exploited through attacks such as SQL injection, where the developer has failed to ensure that user input is validated against a defined schema.

The attacker would then input code to extract data from the database (e.g. SELECT * from USERS). As the application fails to validate this input, the command is run and data  extracted. To reduce this risk, developers must ensure that best practice development guides are adhered to.


This article has briefly looked at the OSI model, including the protocols and attacks that are utilised/occur at each layer. The OSI model is fundamental in understanding how networks communicate from the wire through to the application. Further understanding is imperative in order to secure both the network and end user devices.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *