Security OSI Model

JinverarJinverar Member Posts: 95 ■■■□□□□□□□
I have been working on the OSI model attached to this post. It is a combination of many notes and late nights. I continue to work on some great C|EH tech notes. I would like to add a hacker attack row/column to the OSI model. Does anyone have any layer positions for different attacks. Any information to add to the attached table would be great.
Jinverar, TSS

Comments

  • Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    You are looking at penetration testing or hacking from the wrong perspective. You should be looking at how an attack is completed and why that specific threat affects that vulnerability. CEH is not like a CompTIA exam, my question to you would be what are you using to gain your new knowledge.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • JDMurrayJDMurray Admin Posts: 13,092 Admin
    Software is running at layers 3-7, firmware at 2, and hardware-only at 1. You can list vulnerbilities that are present at specific layer, and research the specific attacks that exploit those vulnerabilities. You can then list safeguards that prevent a vulnerability from being exploited, and countermeasures that mitigate the undesirable affects if the exploit does occur.

    For example, a layer 1 vulnerability is a computer's the need for electrical power. An attack (exploit) would be, "pull the power cord out of the wall." A safeguard to prevent the exploit would be, "house the power cords in a locked enclosure." And a countermeasure to work after-the-attack would be, "connect the computers to a UPS."

    Now go do layers 2-7 and post your findings. icon_wink.gif
  • instant000instant000 Member Posts: 1,745
    My favorite part of the chart: (your memorization tips for the OSI layers)
    All People Seem To Need Data Processing (i knew this one for years)
    Please Do Not Throw Sausage Pizza Away (believe it or not, my GF told me this one a couple weeks ago, and now it appears that I see it all over the place now, and wonder how I missed it all these years)
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • JinverarJinverar Member Posts: 95 ■■■□□□□□□□
    Here is a reply to my original post. I would like to see where this goes....Check out the Security OSI Model I attached. It seems there should be another layer under session indicating boot sectors and Memory attacks. Let me know what you think.

    security OPEN SYSTEMS INTERCONNECTION GUIDE_hacker version.doc
    Jinverar, TSS
  • QuantumstateQuantumstate Member Posts: 192 ■■■■□□□□□□
    FFS.
    You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:
    I most certainly am logged in.
  • instant000instant000 Member Posts: 1,745
    FFS.I most certainly am logged in.

    If you're trying to download that file, you may have to get your post count up first. (The permission to do that may be based upon post count, how long you've been on the board, or something like that.)

    Hope this helps, as I'm only guessing at what your problem might be.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • QuantumstateQuantumstate Member Posts: 192 ■■■■□□□□□□
    Looks like you're right.
  • QuantumstateQuantumstate Member Posts: 192 ■■■■□□□□□□
  • pas1964pas1964 Registered Users Posts: 3 ■□□□□□□□□□
    I'm brand new and this is my first post. I was able to download both files.
  • JinverarJinverar Member Posts: 95 ■■■□□□□□□□
    Be aware that these charts are close but not perfected. There may be errors, but they are relatively close. Do not take the charts as Gospel. I am actually looking for feedback on errors, additions or indications it looks good and is helpfull. In my defence the charts in general may never be perfected, because everyone has opinions and the devices or software could move or jump different levels every year based on evolution. It seems that adding the extra details on the equipment or software to the chart is more theory than facts. I did use the best facts before theory to get things in the correct columns but some stuff is very close and could move up or down levels.

    I did hear there could be a new OSRI model out also. This is old school.
    Jinverar, TSS
  • dmoore44dmoore44 Member Posts: 646
    There are a couple of papers on the SANS site that go over various attacks using the OSI model as a reference. They're kind of old, but still useful as a starting point.
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
Sign In or Register to comment.