Reference LibraryOSI 7-Layer Model
Network ArchitectureDomain 4: Communication & Network Security

OSI 7-Layer Model

Exam Relevance:

The Open Systems Interconnection model is a 7-layer conceptual framework for network communication. Every protocol, attack, and security control maps to one of these layers.

Why It Matters for CISSP

Almost every CISSP network question maps to OSI layers. Firewalls, IDS/IPS, VPNs, SSL/TLS, ARP poisoning, DNS spoofing — all have a specific layer.

Layer 7 — Application

Protocols: HTTP, HTTPS, FTP, SMTP, DNS, SNMP, LDAP, SSH, Telnet. Attacks: phishing, SQL injection, XSS, DNS poisoning. Controls: WAF, application proxies, content filtering, TLS termination.

Layer 6 — Presentation

Translation, encryption, and compression. TLS/SSL encryption and decryption happens here. Often combined with Application layer in practice.

Layer 5 — Session

Establishes, manages, and terminates communication sessions. Protocols: NetBIOS, RPC, PPTP. Attacks: session hijacking.

Layer 4 — Transport

End-to-end communication, segmentation, and flow control. TCP and UDP. Port numbers live here. Attacks: SYN flooding, port scanning. Controls: stateful firewalls, port-based ACLs.

Layer 3 — Network

Logical addressing and routing. IP addresses (IPv4/IPv6), ICMP, OSPF, BGP, IPsec. Attacks: IP spoofing, ICMP-based attacks. Controls: packet-filtering firewalls, IPsec tunnel mode.

Layer 2 — Data Link

Physical addressing (MAC addresses), framing, and local delivery. Protocols: Ethernet, Wi-Fi (802.11), ARP. Attacks: ARP poisoning, MAC flooding, VLAN hopping. Controls: 802.1X, dynamic ARP inspection.

Layer 1 — Physical

Raw bits over a physical medium. Cables, hubs, repeaters. Attacks: physical wiretapping, TEMPEST, jamming. Controls: physical security, shielded cables.

OSI layers with protocols, attacks, and controls

LayerNameKey ProtocolsAttack ExamplesSecurity Controls
7ApplicationHTTP, DNS, SMTP, LDAPSQLi, XSS, DNS poisoningWAF, app proxy
6PresentationTLS/SSL, JPEG, ASCIISSL strippingTLS enforcement
5SessionNetBIOS, RPCSession hijackingSession tokens, timeouts
4TransportTCP, UDPSYN flood, port scanStateful firewall
3NetworkIP, ICMP, IPsecIP spoofing, SmurfPacket filter, IPsec
2Data LinkEthernet, ARP, 802.11ARP poison, MAC flood802.1X, DAI
1PhysicalCables, hubsWiretap, jammingPhysical security

Related Concepts

PkiTls HandshakeZero Trust