The importance of Defense in-depth and the Open System Interconnection (OSI) Layers
This blog provides a general overview on the importance of defense in-depth and how it is tied to the OSI Layers.
Defense in-depth is one of the components that fall under Information Assurance. There's a number of essential tasks that take place under this component. Many of the failures we see today across the implementation of the Risk Management Framework evolves around this component. In fact, more often than not, some of the OSI layers aren't secured correctly due to lack of guidance and/or incomplete guidance and they are not fully addressed on the security documentation. The roles under this component are imperative, for they are meant to help limit cyber attacks across the organization by leveraging existing technologies in order to minimize cost and limit the attack surface.
That is why,the Security Assessors under this component must be trained to perform the following tasks on a continuous basis:
- Assess new or existing technologies to determine the risk they will introduce or currently have introduced into the organization and determine if the risk is deemed acceptable by management;
- To maintain the organization's list of acceptable and unacceptable software, hardware, and firmware based on management's approval or disapproval;
- To validate, or develop secure baselines to be used across the Enterprise for the technology and version identified impacting the various Open System Interconnection (OSI) Layers if approved;
- To update all baselines whenever a new version of a particular software is introduced into the organization;
- Assess systems to identify vulnerabilities and/or failures in the process prior to the systems undergoing the Accreditation process in order to ensure it stays within the organization's acceptable risk level and appetite (addressing only the OSI layers that fall within the system's boundary); and
- Develop the Security Documentation (i.e., SAP, SAR, PO&AM) Reports and the Executive Summary of Issues delineating whether or not the system should be Accredited.
What are the OSI Layers?There's a total of seven (7) layers, which are a conceptual framework describing the functions of a networking and/or telecommunication system which is then used to guide vendors and developers responsible for creating new technologies ensure that they are interoperable, which means that they will be able to exchange information with each other as data is transmitted across each layer. It's meant to help personnel with network and telecommunication responsibilities narrow down any issues encountered to a particular layer, those helping ping-point where the issue/error may be occurring. When it comes to understanding defense in-depth, it's essential to grasp the various layers. The review of each starts from the last one, Layer 7 to Layer 1, but when troubleshooting is essential to start from Layer 1 and up.
|Seven (7): Application|| In this layer, organizational users gain access to the organization's resources. It is where the end-user (i.e, Privileged or Non-Privilege) interacts with the application interface required for them to complete their day-to-day tasks.
It is the only layer that directly interacts with data provided by the user. The layer is responsible for the protocols and data manipulation on which software relies to present meaningful data to the user. Many of the issues we see today derives from failures in this layer, because they are not always properly secured, those making it easier for attackers to exploit. Denial of Service (DoS) attacks are common in this layer.
|Six (6): Presentation|| In this Layer, the operating system is responsible for translating, encrypting or decrypting, and compressing the data being submitted by the end-user (i.e., Privilege or Non-Privilege). Due to the different encoding methods, this layer is responsible for translating incoming data into a syntax that can be understood by the receiving device. If this layer isn't configured correctly, it could lead to data leakage.
|Five (5): Session|| This layer is responsible for ensuring that communication between two or more systems comply with the termination settings set every time a connection is no longer required and/or has been idled for a specified time. It is also responsible for creating the session between the systems once authenticated. Failures in this layer can lead to an attacker gaining access to the system and acting as the individual's who's session was hijacked.
|Four (4): Transport|| This layer restricts the amount of data that can be transmitted from one system to another and incorporates a process for message delivery and error recovery. Failures in this layer can lead to an unauthorized amount of data being extracted within a short period of time. Something that can be identified when the systems are monitored, but which could go undetected if the organization doesn't have monitoring systems in place to keep track of large data extractions.
|Three (3): Network|| This layer is responsible for ensuring that all data packets received by the component are valid and are routed to the correct system, those ensuring the intended target is reached. In addition, this layer is responsible for blocking packages that are submitted by a known malicious system. Failure to secure this layer can lead to malicious packages reaching mission critical and sensitive level systems to exploit existing vulnerabilities and gain entry into the organization's network.
|Two (2): Datalink||This layer allows communication between systems by organizing bits into frames and ensuring that they are properly routed across the layers. It ensures that components can communicate properly among each other and that its transmitted correctly over the physical medium (i.e., optic fiber, RJ45 cable). Failure to secure this layer can lead to data leakage and entry into the organization's network.
|One (1): Physical|| This layer evolves around all of the physical components used for the data to be transmitted from one system to another. Hence, the network cables attached to your system and/or the internal wireless card that allow you to connect to your wireless network.
What's the importance of understanding the OSI Layers as it relates to Defense in-depth?
Understanding the OSI Layers is essential for Defense in-Depth. As a security assessor and/or implementer, grasping where each component or technology being assess falls within the OSI layer will help grasp the areas that are properly secured to limit cyber attacks and the areas that are vulnerable in the stack and require additional attention. Emphasizing the importance of documenting the OSI layers when delineating the Security Assessment and review of Security Documentation created by the system's Information System Security Officer (ISSO) will help identify failures not typically identified by the ISSO or obvious to the Accreditation Management Team.
In fact, a well written report should clearly separate the layers (i.e., Network Layer, Application, Layer, DB Layer, Perimeter Device) clearly delineating the vulnerabilities identified and the responsible parties based on the components that fall within the boundary of the system being assess. This will provide a more clear view on the areas that should be prioritized when mitigation of findings takes place.
Interested on learning more? Contact US via our site form at https://www.cyberadeptness.com
NOTE: Due to security concerns, we limit our web content to bare bones. Please note that you will receive a response within forty-eight (48) hours or less.