A Tale of Two Models

OSI TCP/IP and the ability to connect worlds (A very brief overview)

The internet is magic. Point, click, and be transported to anywhere you want to go. Most people never even stop to consider the how, or why, or the what that makes that happen. It’s Magic.

In the beginning… there was the OSI model (Open System Interconnection Model). This was formalized and adopted worldwide in 1984 to provide a set of rules (protocols) on how data and communication are governed. Instead of a data free-for-all the OSI Model standardized the steps in data flow from user to destination and back again. This model is also useful as it aids in the visualization and troubleshooting of network issues and helping to narrow down where connectivity issues may be occurring.

TCP/IP (Transmission Control Protocol/ Internet Protocol) is a shortened form of the OSI Model that was developed by the US Government DoD (DARPA) and was deployed to ensure communication continuity in the event of uncertain political climates (think war). TCP/IP is the model most commonly in use today, but in cyber security the OSI model (IMHO) better helps to understand the conceptualization of data flow.

OSI to TCP/IP model by e-smartsolution.co.uk

The above diagram highlights the way the data flows from the moment that you open your browser or email, the protocols that are used, how the data is formatted for use or transmission, how it is encrypted, and how a data transfer “session” is established, synchronized, and terminated. This is handled by OSI Layer 7 / Application, Layer 6 / Presentation, Layer 5 /Session which are equivalent to the TCP/IP Application Layer.

Layer 7 / Application is the layer directly behind the the software user interface. It starts the data processing, identifies communication partners, determines resource availability, and helps to synchronize communications between applications.

Layer 7 Protocols: These Protocols help establish communications whether from a web application, email, files, and finding destination computers. HTTP/HTTPS, POP, SMTP, FTP, FTFP, DNS, SSH, DHCP, IMAP4, SNMP, BOOTP, NFS,

Layer 6 / Presentation sets the format (presentation) much like a translator, it ensures that the same “language” is being spoken by the sender and the receiver, for example: ASCII to extended binary code decimal interchange code (EBCDIC). It also encrypts the data being sent, and compresses the data in readiness for transportation, or on the receiving end it decompresses and de-encrypts).

Layer 6 Protocols: When Application Layer data is received at Layer 6 it will be translated into readable format, encrypted and compressed. Layer 6 is responsible for all end to end encryption. LPP (Lightweight presentation protocol), TLS/SSL.

Layer 5 / Session controls the dialogue between applications on different hosts by establishing a session ID, Authentication and Authorization by token management, and session synchronization. It establishes connections and controls how those connections communicate and terminate. Full Duplex, Half Duplex, Simplex options reside here.

Layer 5 Protocols: establishes and authenticates connections and identification and manages the conversation between two endpoints. RPC (Remote Procedure Call protocol), SMB.

The Transport Layer in both the OSI and the TCP/IP Models is responsible for end-to-end communication between devices. What you are trying to do determines how your connection communicates — are you wanting to talk over VOIP, request an web page, or send an email — is your connection needing to be fast? does it matter is all the data is transmitted correctly and in order? If parts are missing does the data need to be resent or not?

The protocols used in Layer 4 / Transport Layer determine these features. TCP/UDP (Transmission Control Protocol/ User Datagram Protocol) are two very different protocols and dependant upon the services requested in the initial application. The below diagram details the differences between TCP and UDP and indicates a sample of services that would use each protocol.

TCP/UDP diagram by homenethowto.com

The application data is now formatted for a required service, a session is established, and the way that the data is to be transported is sorted, then we have to address it. At this point (Layer 4 Transport) the data is now referred to as a segment. The segment information includes a port number for both the source and the destination. This ensures that the data is directed to the appropriate destination port that is set up to handle the service that is requested.

Layer 4 Protocols: TCP Establish connections, synchronize data and use flow control to ensure data. UDP is a connectionless, best effort protocol. This layer uses socket pairs: source and destination port numbers in conjuntion with IP addresses to ensure delivery processes.

Layer 3 / Network Layer. The Network Layer segment is now ready to be addressed. An IP address is attached for both the source and the destination, and once it is labelled with a logical IP address the segment is now called a packet. Logical addresses are simply an IP address, which is analogous to a street address but instead of a house it identifies your internet connected device with an unique identifier. This IP reveals your geolocation, or at least that of your ISP.

Layer 3 Protocols: Encapsulate data into packets that contain source and destination IP addresses. ICMP, and ICMP Error reports, IGMP, IPv4, IPv6, NAT, ARP.

Next up is the physical addressing in the Layer 2 /Data Link Layer in the OSI model. (The first layer of the TCP/IP model both the spans both Layer 2 and Layer 1 of the OSI Model and is called the Network Access/ Link Layer ) The MAC (Media Access Control) is a unique identifier for your network interfaces and is a unique burned-in-address (BIA) on each of your devices. It is assigned by the device manufacturer and is stored in the system hardware. The Layer 3 Packet once it has a MAC address assigned is now called a Frame. Once a data Frame is sent it needs to arrive at the correct device and the MAC address of your device is how the local router knows where to forward the frame to.

Layer 2 Protocols: Confirm that bits and bytes sent are identical to what is received. LCP, LAP, PPP, SLIP, SDLC, ARP, ATM, CHAP.

Layer 1 / Physical Layer is where a large part of the magic occurs. This is where the data in the Layer 2 Frame is changed into a binary signal in order to be transmitted over the connecting physical media. There is a whole complex system of encoding that takes place at this level that also involves regulation of how the data is actually sent including modulation, bit synchronization, duplexing, collision detection and carrier sense. It also includes physical components such as cables, connectors, hubs, network adapters, and repeaters.

This is a very brief outline of the processes that have to take place in order for the data exchange to occur when computers are in communication. It defines how data flows, is regulated, and is formatted. A separate blog entry could be done for each Layer in the OSI Model but the main take away should be that there are 7 layers each with their own specific functionality that allows for data transport and device communication.

It should also be mentioned that each layer may only “talk” to the one above and below it. The flow is unidirectional, it either flows from the sender down the stack towards Layer 1, or it is on the receiving end and flows from Layer 1 up and through to Layer 7.

Part II ( What’s in a Name?) will deal with Headers. What they are, why they are, and some security issues associated with each Layer Header.