This paper reviews different aspects of network security based on the layers of the Open Systems Interconnection (OSI) model. It outlines the generic forms of network attacks and their degree of damage, at each OSI layer. Three or four of the most popular forms of attack are described in detail for each layer, along with countermeasures that can be implemented.

The exponential growth of networking technology and increasingly efficient computing systems over the last few years has promoted the worldwide internetworking of almost everything from handheld PDAs to global positioning satellite systems. However, this seemingly giant leap for mankind has come at a very costly price – data security. According to the CSI/FBI statistics on e-crimes, more than US$ 2.9 million is lost every year in network intrusion and more than US$ 1.7 million in violation of proprietary electronic data1.

This paper studies different aspects of network security based on the layers of the Open Systems Interconnection (OSI) model. The introduction deals with a rough outline of the generic forms of network attacks and their degree of damage. Each of these different forms of attacks is then explored for each layer. Three or four of the most popular forms of attack are described in detail for each layer, along with countermeasures that can be implemented.

Of all the layers in the OSI model, studies have shown that it is the network and session layers that usually take the brute of more attacks. A short summary at the end of this paper will attempt to briefly explain whether this is the case or not, and the reasons for the same. One of the key focuses of this paper will be three of the most popularly implemented technologies, Secure Socket Layer (SSL), IP Security (IPSec) and Public-Key encryption. This paper briefly explains the reasons for their popularity and show why their simplicity makes them an irresistible offer for both software designers and network engineers.

Download the report and the presentation.

  1. Sinha, R. (2001), Oracle 8i Security and e-business, Oracle [http://www.oracle.com]
Posted in AUS