Name That Layer!
Relating cybersecurity vocab to the layers of the OSI Model
Zero Day:
A zero day attack is a type of attack that exploits a previously unknown vulnerability in a software application or operating system. Because the vulnerability is unknown, the attack is often successful in bypassing existing security measures.
In the Open Systems Interconnection (OSI) model, a zero day attack would typically fall under the application layer (Layer 7). This is because the attack exploits vulnerabilities in the software that is being used, rather than vulnerabilities in the lower-level protocols and systems that make up the lower layers of the model.
At the application layer, the attack involves exploiting a vulnerability in the code of the software application or operating system. This might involve finding ways to bypass security measures such as firewalls, intrusion detection systems, and antivirus software. It could also involve finding ways to gain access to sensitive information, such as passwords or user data, that is stored on the system.
Credential Harvesting:
A credential harvesting attack typically falls under the application layer (Layer 7), as it involves social engineering and manipulating human behavior to trick individuals into disclosing their authentication credentials.
At the application layer, the attack could involve a wide range of tactics, such as phishing attacks, where attackers create convincing-looking websites or email messages to trick users into providing their credentials, or keylogging attacks, where attackers use malware to capture keystrokes and record usernames and passwords as they are typed.
Rootkit:
This one is doozy! An attacker gains unauthorized access to a computer or other device and installs malicious software that allows them to maintain persistent control over the system, often with the goal of stealing information or using the system for other malicious purposes.
In the Open Systems Interconnection (OSI) model, a rootkit attack would typically fall under the operating system layer. There technically isn’t a layer called the ‘operating system’ layer. However, since the functions of an operating system can span multiple layers people will say operating system layer to refer to layers 3, 4 or 5. It’s not correct but people call them that anyways.
The attack itself involves installing the rootkit software, which is designed to be difficult to detect and remove. Once installed, the rootkit can provide the attacker with access to the system’s files, processes, and network connections, allowing them to steal information, launch additional attacks, or use the system for other malicious purposes.
Impersonation:
An attacker impersonates another person or entity to gain access to sensitive information or systems, or to deceive the victim into performing an action that benefits the attacker.
In the Open Systems Interconnection (OSI) model, an impersonation attack could involve multiple layers, but would typically fall under the application layer (Layer 7), as it involves manipulating data exchanged between the user and the system.
At the application layer, the attack could involve impersonating a legitimate user or system, such as by spoofing an email address, IP address, or website URL, or by using a phishing attack to trick the victim into believing they are interacting with a legitimate system or individual.
Third Party Risks:
A type of risk that arises from the use of third-party vendors, suppliers, and service providers in an organization’s supply chain. The risk is related to the potential for these third parties to cause harm or damage to the organization’s systems, data, or reputation.
In the Open Systems Interconnection (OSI) model, third party risk would not fall under a specific layer of the model, as it is not related to the communication protocols and systems that make up the various layers of the model. Rather, third party risk is related to organizational security and risk management practices.
Third party risk can impact multiple layers of the OSI model, as it can affect the security and integrity of the data being transmitted and stored at various layers of the model. For example, a third party vendor that provides software applications or data storage services may be responsible for vulnerabilities at the application layer (Layer 7) and the data link layer (Layer 2) of the OSI model.
To manage third party risk, organizations typically implement risk management frameworks and protocols that aim to identify, assess, and mitigate potential risks associated with third-party vendors and service providers. This involves evaluating the security practices and controls of these third parties, and ensuring that they meet the organization’s security standards and requirements.
Whaling:
A whaling attack is a type of phishing attack that targets high-level executives and other senior members of an organization, with the aim of tricking them into disclosing sensitive information or transferring funds to the attacker.
In the OSI model, the whaling attack would typically fall under the application layer (Layer 7), as it involves social engineering and manipulating human behavior to achieve the attacker’s goals.
At the application layer, the attack could involve exploiting vulnerabilities in email or messaging platforms, such as by sending convincing emails that appear to be from a trusted source or using impersonation tactics to trick the target into disclosing sensitive information or performing an action, such as wiring money to a fraudulent account.
Typosquatting:
Typosquatting would typically fall under the application layer (Layer 7), as it involves creating and manipulating data that is exchanged between the user and the website.
At the application layer, the attack involves manipulating domain names and web page content to trick users into visiting the attacker’s website. For example, an attacker might create a website with a URL that is one or two letters off from the legitimate website, or a website with a different top-level domain. When a user types the incorrect URL into their browser, they are redirected to the attacker’s website, which may look very similar to the legitimate website.
Final Thoughts
It’s worth noting that many of these attacks are not specific to any one layer of the OSI model and can occur at multiple layers depending on the specifics of the attack.
When studying for a cybersecurity exam or certification, it’s good practice to always try to find a connection between any new words and the layers of the OSI model. That will help you think fast and act quickly when an actual attack occurs.
To help support the creation of more content like this please subscribe and follow! OR you could purchase some merch from my shop on Redbubble.