Cybersecurity Tutorial For Beginners: The OSI Model


The OSI (open system interconnection) reference model is a layered network model. The model is abstract; we do not directly run the OSI model in our systems (most now use the TCP/IP model). Rather, it is used as a reference point, so “Layer 1” (physical) is universally understood, whether you are running Ethernet or ATM, for example.

The layers may be listed in a top-to-bottom or bottom to top order. Using the latter, they are Physical, Data Link, Network, Transport, Session, Presentation, and Application.

Layer 1: Physical

Physical is layer 1 of the OSI model. This first layer describes units of data such as bits represented by energy (such as light, electricity, or radio waves) and the medium used to carry them, such as copper or fiber optic cables. WLANs have a physical layer, even though we cannot physically touch it. Cabling standards such as thinnet, thicknet, and unshielded twisted pair (UTP) exist in layer 1, among many others devices, including hubs and repeaters.

Layer 2: Data link

The data link layer handles access to the physical layer as well as LAN communication. An Ethernet card and its media access control (MAC) address are at layer 2, as are switches and bridges. Layer 2 is divided into two sublayers: media access control (MAC) and logical link control (LLC). The MAC layer transfers data to and from the physical layer, while LLC handles LAN communications. MAC touches layer 1 and LLC touches layer 3.

Layer 3: Network

The network layer describes routing, which is moving data from a system on one LAN to a system on another. IP addresses and routers exist at layer 3, where protocols include IPv4 and IPv6, among others.

Layer 4: Transport

The transport layer handles packet sequencing, flow control, and error detection. TCP and user datagram protocol (UDP) are layer 4 protocols. Layer 4 makes a number of features available, such as resending or resequencing packets. Taking advantage of these features is a protocol implementation decision.

Layer 5: Session

The session layer manages sessions, which provide maintenance on connections. Mounting a file share via a network requires a number of maintenance sessions, such as remote procedure calls (RPCs), which exist at the session layer. The session layer provides connections between applications and uses simplex, half-duplex, and fullduplex communication.

*For Certification Exams*

The transport and session layers are often confused. For example, is “maintenance of connections” a transport layer or session layer issue? Packets are sequenced at the transport layer, and network file shares can be remounted at the session layer; you may consider either to be maintenance. Words like “maintenance” imply more work than packet sequencing or retransmission; it requires “heavier lifting,” like remounting a network share that has been unmounted, so session layer is the best answer.


Layer 6: Presentation

The presentation layer presents data to the application and user in a comprehensible way. Presentation layer concepts include data conversion, characters sets such as ASCII, and image formats such as GIF (graphics interchange format), JPEG (joint photographic experts group), and TIFF (tagged image file format).

Layer 7: Application

The application-layer is where you interface with your computer application. Your web browser, word processor, and instant messaging client exist at layer 7. The protocols Telnet and FTP are application-layer protocols.