For the Budding Cybersecurity Student: An Exercise You Must Endure!
A list of IT vocab and how it relates to the OSI Model. Basically, everything in IT and cybersecurity hinges on the OSI Model. So relating any new vocab you encounter to the OSI Model will help you get closer to your cybersecurity career!
Intro
This article is going to throw a bunch of random IT vocab at you. Then for each vocab word or phrase, there will be a quick explanation under which OSI layer that vocab term falls. Let’s dive in!
Cloud Based vs on-premises base vulnerabilities
The comparison of “cloud-based vs on-premise-based vulnerabilities” would primarily fall under the “Application Layer” and the “Network Layer” of the OSI model.
At the Application Layer (Layer 7), the vulnerability of the software or application being used to access the cloud or on-premise system can be assessed. Vulnerabilities can include exploitable flaws in the application’s design or code that may allow unauthorized access, data breaches, or other security issues.
At the Network Layer (Layer 3), vulnerabilities related to network security can be examined. For example, when accessing a cloud-based system, data is transmitted over the internet, which can potentially expose it to interception, hacking, and other threats. Similarly, on-premise systems can also be vulnerable to network-based attacks if they are not properly secured.
Unsecure Protocols
The issue of “unsecure protocols” would primarily fall under the “Transport Layer” (Layer 4) and the “Network Layer” (Layer 3) of the OSI model.
At the Transport Layer, protocols such as TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are responsible for the reliable transmission of data between applications running on different devices. If an unsecure protocol is used, it can lead to data being intercepted, modified, or completely blocked by malicious actors. For example, using the unencrypted version of the HTTP (Hypertext Transfer Protocol) protocol can allow attackers to intercept sensitive information like passwords, credit card details, and personal data.
At the Network Layer, protocols such as IP (Internet Protocol) are responsible for routing data between different networks. Unsecure protocols at this layer can result in network-level attacks such as IP spoofing, in which an attacker sends data packets with a forged IP address to hide their identity.
It’s important to note that unsecure protocols can impact multiple layers of the OSI model, so a comprehensive assessment of this issue should consider all layers of the model.
Weak Configurations
The issue of “weak configurations” would primarily fall under the “Network Layer” (Layer 3) and the “Application Layer” (Layer 7) of the OSI model.
At the Network Layer, weak configurations can refer to insecure network design or architecture, such as a lack of proper access controls or firewalls, misconfigured routers or switches, or weak encryption protocols. Such issues can lead to unauthorized access, data breaches, or other security threats.
At the Application Layer, weak configurations can refer to insecure settings or configurations within an application or software. For example, an application may be configured to use weak passwords, default usernames, or open ports that can be exploited by attackers.
It’s worth noting that weak configurations can impact multiple layers of the OSI model, depending on the specific type of configuration weakness.
Vulnerability scans
The task of “vulnerability scanning” would primarily fall under the “Presentation Layer” (Layer 6) and the “Application Layer” (Layer 7) of the OSI model.
At the Presentation Layer, vulnerability scanning involves translating data into a format that can be easily understood by the user or the application. This can include the presentation of scan results in a readable format, such as a report that highlights potential vulnerabilities and their severity.
At the Application Layer, vulnerability scanning involves interacting with the application or system being scanned to identify potential vulnerabilities. This can include the use of specialized software tools that can test for known vulnerabilities, misconfigurations, and other security issues.
Log reviews
The activity of “log reviews” would primarily fall under the “Presentation Layer” (Layer 6) and the “Application Layer” (Layer 7) of the OSI model.
At the Presentation Layer, log reviews involve interpreting and presenting data from system logs in a format that can be easily understood by the user or application. This can include the presentation of logs in a readable format, such as a table or a dashboard that highlights important information or anomalies.
At the Application Layer, log reviews involve the analysis of system logs to identify potential security issues or anomalies. This can include reviewing logs for unusual activity, such as unauthorized access attempts, unusual login patterns, or abnormal system behavior.
It’s important to note that log reviews can involve interactions across multiple layers of the OSI model, depending on the specific log data being analyzed and the tools or techniques used to perform the analysis.
Common vulnerabilities — CVE & CVSS
The concept of “Common Vulnerabilities and Exposures (CVE)” and “Common Vulnerability Scoring System (CVSS)” would primarily fall under the “Application Layer” (Layer 7) of the OSI model.
At the Application Layer, CVE and CVSS are used to identify, describe, and score vulnerabilities that may exist within an application or system. CVE is a dictionary of publicly known information security vulnerabilities and exposures, while CVSS is a framework for rating the severity of those vulnerabilities.
CVE IDs are assigned to unique vulnerabilities and exposures, allowing for easier tracking and identification of vulnerabilities. CVSS scores are assigned to individual vulnerabilities, indicating the severity of the vulnerability, and helping to prioritize and allocate resources for patching or remediation efforts.
Event Management
The activity of “event management” would primarily fall under the “Application Layer” (Layer 7) of the OSI model.
At the Application Layer, event management involves the monitoring, analysis, and response to events or incidents that occur within an application or system. This can include the use of specialized software tools that can detect and alert on anomalous or suspicious behavior, such as network traffic spikes or unauthorized access attempts.
Event management may also involve the use of security information and event management (SIEM) systems, which collect and analyze data from various sources to provide a centralized view of security events and incidents.
It’s important to note that event management can involve interactions across multiple layers of the OSI model, depending on the specific events being monitored and the tools or techniques used to perform the analysis.
Environments and Rules of Engagement
The concept of “environments and rules of engagement” would primarily fall under the “Physical Layer” (Layer 1) and the “Application Layer” (Layer 7) of the OSI model.
At the Physical Layer, environments and rules of engagement refer to the physical security measures that are in place to protect the underlying hardware and infrastructure that support an application or system. This can include physical security controls such as access controls, surveillance, and environmental controls.
At the Application Layer, environments and rules of engagement refer to the policies, procedures, and rules that govern the use and operation of an application or system. This can include policies for access control, data handling, and incident response.
Tools and Techniques of Penetration testing
The “Tools and Techniques of Penetration Testing” would primarily fall under the “Application Layer” (Layer 7) and the “Transport Layer” (Layer 4) of the OSI model.
At the Application Layer, penetration testing tools and techniques are used to identify and exploit vulnerabilities in software applications and protocols. This can include the use of automated scanning tools, manual code reviews, and fuzzing techniques to identify weaknesses in application logic, input validation, and access control mechanisms.
At the Transport Layer, penetration testing tools and techniques are used to identify and exploit weaknesses in network protocols and services. This can include the use of tools to perform packet sniffing, protocol analysis, and session hijacking to identify weaknesses in encryption, authentication, and data integrity controls.
However, pen testing is not actually tied to a specific layer of the OSI model, but can involve testing at multiple layers depending on the nature of the systems being tested and the specific goals of the testing.
Final thoughts
I hope this helped you with your cybersecurity studying adventures. There are more articles like this that I have posted if you found this one useful. Otherwise, you can carry on with this exercise on your own with other vocabulary you come across.
Happy studying and thanks for reading!