Here’s a short summary of different attack possibilities to be considered at each OSI Layer.
OSI layer is a structured model that presents the rulesets about how to set each communication methodology from a physical system into the real world.
The video below is a brilliant illustration to have a quick insight about the OSI Framework and post that, let’s discuss the cyber attack threats involved at each layer.
Let me help you to remember the 7 layers of an OSI, top-down and bottom-up as well.
All People Seem To Need Data Processing.
Please Do Not Throw Sausage Pizza Away
Let us get to the attack surfaces of each and have a look at what ways we could attack a system.
- Attack vectors: distributed denial-of-service attacks (DDoS) attacks, HTTP floods, SQL injections, cross-site scripting, parameter tampering, and Slowloris attacks. Other exploits include viruses, worms, phishing, key loggers, backdoors, program logic flaws, bugs, and trojan horses.
- Mitigation: have an arsenal of security protections, such as web application firewalls (WAFs), secure web gateway services. This layer is the hardest to defend as the application is accessible only over Port 80 (HTTP) or Port 443 (HTTPS). Keep yourself acquainted with the Application Monitoring to detect zero-day vulnerabilities.
- Attack vectors: SSL hijacking, encryption downgrade attacks, decryption attacks, encoding attacks, DDoS attacks
- Mitigation: offload the SSL from the origin infrastructure and inspecting the application traffic for signs of attack traffic or violations of policy at an applications delivery platform (ADP). A good ADP will also ensure that your traffic is then re-encrypted and forwarded back to the origin infrastructure.
- Attack vectors: Session hijacking attack, Man-in-the-Middle (MITM), Blind attack, Man-in-the-browser, SSH Sniffing
- Mitigation: Check for new updates or version upgrades with your hardware provider. Generally, these updates would carry a patch to nullify the threat.
- Attack vectors: TCP Sequence prediction, SYN flood attack, TCP Session hijacking, UDP flood attack, UDP-based amplification attacks
- Mitigation: DDoS blackhole routing/filtering or commonly referred to as Blackholing is one of the mitigation scenarios typically used by ISP’s.
- Attack vectors: IP Spoofing and jamming, ICMP attack, Smurf attack, Worm-hole, Blackhole attacks, Sybil attack, Packet sniffing, and selective forwarding attacks
- Mitigation: Ensure all security patches, packet filtering is kept enabled and any unused ports are blocked, unused services, and interfaces are disabled at the router operating system. Enable logging, place firewalls between your network and all untrusted networks and make sure that all switch traffic is encrypted.
- Attack vectors: ARP Spoofing, MAC cloning, DoS, Spanning tree attack, VLAN hopping, DHCP attacks
- Mitigation: configure their switches to limit the ports that can respond to DHCP requests, implement static ARP and install Intrusion Detection Systems (IDS). Allow discovered the MAC address to be authenticated against authentication, authorization and accounting (AAA) and subsequently filtered.
- Attack vectors: Unauthorised access, data sniffing, physical damage
- Mitigation: Use defense-in-depth tactics, use access controls, accountability and auditing to track and control physical assets.
Being aware of the exploits and understanding the importance of the security issues is one of the first steps in the cybersecurity world. Please share your thoughts and pen down for further inputs.