DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Because the DevOps movement has redefined engineering responsibilities, SREs now have to become stewards of observability strategy.

Apache Cassandra combines the benefits of major NoSQL databases to support data management needs not covered by traditional RDBMS vendors.

The software you build is only as secure as the code that powers it. Learn how malicious code creeps into your software supply chain.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

Related

  • Penetration Testing: A Comprehensive Guide
  • Accelerating Connection Handshakes in Trusted Network Environments
  • The Case for Choosing Between TCP and UDP for Data Transmission
  • VPN Architecture for Internal Networks

Trending

  • How to Format Articles for DZone
  • Strategies for Securing E-Commerce Applications
  • Simplifying Multi-LLM Integration With KubeMQ
  • Optimizing Serverless Computing with AWS Lambda Layers and CloudFormation
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. How to Mitigate DDoS Vulnerabilities in Layers of OSI Model

How to Mitigate DDoS Vulnerabilities in Layers of OSI Model

Want to learn more about the OSI model layers? Check out this post to learn more about the layers of the OSI model and how to mitigate DDoS vulnerabilities.

By 
Atif Shahab Qureshi user avatar
Atif Shahab Qureshi
·
Aug. 21, 18 · Presentation
Likes (2)
Comment
Save
Tweet
Share
10.3K Views

Join the DZone community and get the full member experience.

Join For Free

If you have previously worked in the telecommunication field, most vendors you come across make an attempt to explain products and services in terms of the OSI Model. For someone who has some background in the field of networking and communications, you probably understand what the OSI Model is. But, in case you don’t belong to the field, you need to develop a bit of an understanding. Although OSI models are important for carrying out discussions and conducting evaluative sessions, it is still not implemented in most cases.

So, why particularly is it important to learn what the OSI Model is all about? When we talk about DDoS attacks, they usually target the layers in the OSI model. Understanding the layers will eventually help users understand where the vulnerabilities lie and how can one keep the infrastructure protected. To give you a brief overview, the OSI model was originally developed by representatives of major telecommunication companies in the year 1983. It was established as a common reference model that standardized the governance of transmission of data packets and was adopted as a standard by the ISO.

Explaining the OSI Model Layers

The process of communication in networking is dependent on two endpoints. It can be divided into seven different layers based on their relative functions. In the OSI model architecture, each layer is dependent on the layer above it and is equally dependent on the layer below it. If the lower layer doesn’t fulfill the function, the consecutive layer will fail to get executed, stopping the whole process in its wake. The data flows up from the source computer across the network and then, ultimately flows down through the layers within the receiving computer.

Here is a graphical representation of the OSI Model specifying layers

Sending signals over a network using an Ethernet cable, fiber optic cable, or Wi-Fi requires a combination of application, operating systems, network card drivers, and network hardware. These signals are delivered through seven layers of the function of the OSI Model.

Let’s discuss these seven layers in a top to bottom approach.

Layer 7: Application Layer

Layer 7, commonly known as the application layer, is the layer where communication partners are identified. This is the database access level where end-user protocols, such as FTP, Telnet, SMTP, and RAS, perform their respective functionalities. All messages and packet creations begin at this level. Here, the data is expressed visually so the user can understand. Although the layer is not the application itself, it contains a set of services an application can use.

Vulnerabilities to DDoS Attack

  • PDF GET requests, HTTP GET, HTTP POST, = website forms (login, uploading photo/video, submitting feedback)

Mitigation

One way to counteract the DDoS attack possibility on Layer 7 is to bring monitoring software applications into practice. By using a set of dedicated algorithms and technologies that can detect zero-day attacks, effective application monitoring can stop and track back the source from where the attack initiated.

Layer 6: Presentation Layer

Known as the Translator, the presentation layer or Layer 6 is that part of the operating system (OS) that translates the data from the source format into a common format and then sends it to the receiver and vice versa. It uses the protocol of compression and encryption during the transaction of information between users.

Vulnerabilities to DDoS Attack

  1. Malformed SSL Requests, Inspecting SSL encryption packets is resource intensive.
  2. Attackers use SSL to tunnel HTTP attacks to target the server.

Mitigation

One way to avoid this attack is to offload the SSL from the origin infrastructure. Once you have successfully done that, it’s time to inspect the application traffic for any signs of malicious activities. Be sure to check up on any violations of policy at an application delivery platform (ADP). An effective ADP will also make sure that the traffic is re-encrypted and sent back to the origin infrastructure.

Layer 5: Session Layer

This layer is responsible for establishment, coordination, and termination of sessions. In case there is any interruption in between the session process, this service reviews the authentication and reconnects the layers together. Commonly, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) make better use of this service when working with applications.

Vulnerabilities to DDoS Attack

Telnet DDoS-attacker exploits a flaw in a Telnet server software running on the switch, rendering Telnet services unavailable.

Mitigation

The only way to resolve this vulnerability is to keep your hardware up to date. Most commonly, the hardware provider issues a version update or a patch, which enable users to mitigate the vulnerability.

Layer 4: Transport Layer

The transport layer, on the other hand, is responsible for the packetization of data. It delivers packets of information error-free without observing any losses or duplication. For most applications running on the Internet, these services are provided by the TCP and UDP.

Vulnerabilities to DDoS Attack

SYN Flood, Smurf Attack

Mitigation

A typical method to stop from DDoS attacks taking place on this level is through blackholing. Blackholing is a method implied by the ISPs to stop any DDoS attack that a customer experiences at the transport layer. However, this approach to keep the DDoS attack out of the system stops all traffic (malicious and legitimate) from getting into the system.

Layer 3: Network Layer

The particular layer that handles the routing of data is termed as the network layer. It is also responsible for switching information from one network to another. It specifies the right destination for all transmission data at the packet level. IP is the most common example of a network layer operating on the Internet.

Vulnerabilities to DDoS Attack

ICMP Flooding – this is the Layer 3 infrastructure DDoS attack method that uses ICMP messages to overload the targeted network’s bandwidth.

Mitigation

You can prevent this kind of attack from taking place by rate-limiting ICMP traffic.

Layer 2: Data-Link Layer

The data-link layer is a protocol layer that transfers data frame in between nodes of the physical layer. It is responsible to conduct an error-free transfer, which allows the layer above it to assume they are virtually error-free. The layer comprises two sub-layers namely;

  1. The logical link control layer
  2. The media access control layer (MAC)

Vulnerabilities to DDoS Attack

MAC flooding is an attack that inundates the network switch with data packets that usually take place at the data-link layer.

Mitigation

Advance switches can be configured to limit the number of MAC addresses, which are more likely to be learned on ports connected to end stations.

Layer 1: Physical Layer

The physical layer is the bottom layer of the OSI model. It is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. The physical layer covers a variety of devices and mediums, among them cabling, connectors, receivers, transceivers, and repeaters.

Vulnerabilities to DDoS Attack

Physical destruction, obstruction, manipulation, or malfunction of physical assets

Mitigation

Practice defense-in-depth tactics, use access controls, accountability, and auditing to track and control physical assets.

This article was originally published at HostNoc Blog.

Vulnerability application operating system Network Data (computing) Data link UDP (Networking) Transmission Control Protocol

Opinions expressed by DZone contributors are their own.

Related

  • Penetration Testing: A Comprehensive Guide
  • Accelerating Connection Handshakes in Trusted Network Environments
  • The Case for Choosing Between TCP and UDP for Data Transmission
  • VPN Architecture for Internal Networks

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!