OSI Model
Last updated
Last updated
The OSI Model (Open Systems Interconnection Model) is a conceptual framework used to understand and standardize the functions of a networking system. It divides network communication into seven distinct layers, each with a specific role in data transmission. This layered approach helps different networking technologies and protocols work together efficiently.
This is the lowest layer of the OSI Model, responsible for the physical connection between devices.
It deals with electrical signals, cables, wireless transmission, and hardware components such as network adapters and switches.
Example: Ethernet cables, fiber optics, radio waves (Wi-Fi, Bluetooth).
Responsible for the reliable transmission of data frames between devices over a physical network.
This layer manages MAC (Media Access Control) addresses to uniquely identify network devices and handles error detection.
Divided into two sublayers:
MAC (Media Access Control) Sublayer – Governs how devices access the network.
LLC (Logical Link Control) Sublayer – Handles error checking and flow control.
Example: Ethernet, Wi-Fi (802.11), MAC addresses, ARP (Address Resolution Protocol).
Handles the routing of data packets between devices across different networks.
Uses IP (Internet Protocol) addresses to determine the best path for data to travel.
Supports packet switching, routing, and congestion control.
Example: IP, ICMP (ping), IPv4/IPv6, routers.
Ensures end-to-end communication, reliability, and data flow control.
Uses two primary protocols:
TCP (Transmission Control Protocol) – Provides reliable, connection-oriented communication with error checking and retransmission.
UDP (User Datagram Protocol) – A connectionless, faster protocol used for real-time applications where some data loss is acceptable.
Example: TCP, UDP, port numbers (e.g., HTTP - port 80, HTTPS - port 443).
Manages and maintains communication sessions between applications on different devices.
Handles session establishment, maintenance, and termination.
Example: Remote desktop sessions, SSL/TLS, NetBIOS, RPC (Remote Procedure Call).
Translates data into a format that the application layer can understand.
Handles encryption, compression, and data format conversion.
Ensures compatibility between different system architectures.
Example: SSL/TLS encryption, JPEG, MP3, ASCII, MPEG.
The layer closest to the user, enabling communication between applications and the network.
Supports network services like web browsing, email, and file transfers.
Uses high-level protocols that allow software applications to interact with the network.
Example: HTTP/HTTPS (web browsing), FTP (file transfer), SMTP (email), DNS (domain name resolution).
While the OSI Model officially has seven layers, some professionals humorously or practically extend it to include Layers 8, 9, and 10, which represent human, organizational, and governmental factors in cybersecurity and networking. These additional layers highlight the social, policy, and regulatory aspects that impact technology use and security.
Represents the human factor in cybersecurity and IT operations.
Encompasses end-user awareness, training, mistakes, social engineering, and insider threats.
Cyber attackers frequently target this layer through phishing, social engineering, and credential theft.
Security Considerations:
User education on phishing, strong passwords, and multi-factor authentication (MFA).
Social engineering awareness training.
Reducing human errors through automation and security policies.
Represents corporate policies, procedures, compliance requirements, and risk management.
Decisions at this layer impact cybersecurity budgets, security culture, and regulatory adherence.
Security Considerations:
Implementation of security frameworks like ISO 27001, NIST Cybersecurity Framework, and CIS Controls.
Enforcement of security policies such as password policies, data classification, and least privilege access.
Incident response planning, security awareness training, and third-party risk management.
Represents government regulations, laws, and geopolitical factors that influence cybersecurity strategies.
Includes data privacy laws, national security directives, and cross-border cybersecurity cooperation.
Security Considerations:
Compliance with regulations like GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), PCI DSS (Payment Card Industry Data Security Standard), and FISMA (Federal Information Security Management Act).
Cyber warfare, nation-state threats, and government-imposed cybersecurity mandates.
International cybersecurity collaboration and cybercrime law enforcement.
While Layers 1-7 focus on technical networking, Layers 8-10 recognize that people, businesses, and governments play a critical role in cybersecurity. These layers remind us that security is not just about technology—it’s also about human behavior, policy enforcement, and regulatory frameworks.
By addressing Layers 8-10, organizations can strengthen their security culture, improve policy enforcement, and ensure regulatory compliance, reducing risks that purely technical solutions cannot fully mitigate.
When a user sends data (e.g., accessing a website), the information flows down the OSI Model from Layer 7 (Application) to Layer 1 (Physical), where it is transmitted over the network. When the data reaches the destination, it moves up the OSI Model, being processed at each layer until it reaches the receiving application.
Standardization: Helps ensure different networking systems and devices can communicate effectively.
Troubleshooting: Network engineers use it to diagnose and isolate issues at specific layers.
Security: Each layer presents unique vulnerabilities that cybersecurity professionals must address.
Interoperability: Enables vendors to develop network hardware and software that work together.
By understanding the OSI Model, IT and cybersecurity professionals can better design, secure, and troubleshoot networks, ensuring seamless communication between systems.
Top to Bottom = All People Seem To Need Data Processing (APSTNDP)
Bottom to Top = Please Do Not Throw Sausage Pizza Away (PDNTSPA)
