Security OSI Model

I have been working on the OSI model attached to this post. It is a combination of many notes and late nights. I continue to work on some great C|EH tech notes. I would like to add a hacker attack row/column to the OSI model. Does anyone have any layer positions for different attacks. Any information to add to the attached table would be great.

security OPEN SYSTEMS INTERCONNECTION GUIDE.doc

Find more posts tagged with

Comments

Chris:/*

You are looking at penetration testing or hacking from the wrong perspective. You should be looking at how an attack is completed and why that specific threat affects that vulnerability. CEH is not like a CompTIA exam, my question to you would be what are you using to gain your new knowledge.

JDMurray

Software is running at layers 3-7, firmware at 2, and hardware-only at 1. You can list vulnerbilities that are present at specific layer, and research the specific attacks that exploit those vulnerabilities. You can then list safeguards that prevent a vulnerability from being exploited, and countermeasures that mitigate the undesirable affects if the exploit does occur.

For example, a layer 1 vulnerability is a computer's the need for electrical power. An attack (exploit) would be, "pull the power cord out of the wall." A safeguard to prevent the exploit would be, "house the power cords in a locked enclosure." And a countermeasure to work after-the-attack would be, "connect the computers to a UPS."

Now go do layers 2-7 and post your findings.

instant000

My favorite part of the chart: (your memorization tips for the OSI layers)
All People Seem To Need Data Processing (i knew this one for years)
Please Do Not Throw Sausage Pizza Away (believe it or not, my GF told me this one a couple weeks ago, and now it appears that I see it all over the place now, and wonder how I missed it all these years)

Jinverar

Here is a reply to my original post. I would like to see where this goes....Check out the Security OSI Model I attached. It seems there should be another layer under session indicating boot sectors and Memory attacks. Let me know what you think.

Attachment not found.

security OPEN SYSTEMS INTERCONNECTION GUIDE_hacker version.doc

Quantumstate

FFS.

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

I most certainly am logged in.

instant000

Quantumstate wrote: »

FFS.I most certainly am logged in.

If you're trying to download that file, you may have to get your post count up first. (The permission to do that may be based upon post count, how long you've been on the board, or something like that.)

Hope this helps, as I'm only guessing at what your problem might be.

Quantumstate

Looks like you're right.

Quantumstate

Yup......

pas1964

I'm brand new and this is my first post. I was able to download both files.

Jinverar

Be aware that these charts are close but not perfected. There may be errors, but they are relatively close. Do not take the charts as Gospel. I am actually looking for feedback on errors, additions or indications it looks good and is helpfull. In my defence the charts in general may never be perfected, because everyone has opinions and the devices or software could move or jump different levels every year based on evolution. It seems that adding the extra details on the equipment or software to the chart is more theory than facts. I did use the best facts before theory to get things in the correct columns but some stuff is very close and could move up or down levels.

I did hear there could be a new OSRI model out also. This is old school.

dmoore44

There are a couple of papers on the SANS site that go over various attacks using the OSI model as a reference. They're kind of old, but still useful as a starting point.