Bangladesh University of Professionals (BUP)

M.Sc. in Cyber Security

Course Code: MCS 1101

Course Name: Cyber Security Fundamentals
Assignment
on
Cyber Attacks and Mitigations for the OSI Model

Submitted To: Submitted By:

Engr. Md. Mushfiqur Rahman Sree Pradip Kumer Sarker
ID No: 24525201005
Guest Faculty, Dept of CE
M.Sc. in Cyber Security
Bangladesh University of Professionals (BUP)
BUP, Dhaka, Bangladesh.
Dhaka, Bangladesh.

0
 Cyber Attacks and Mitigations for the OSI Model

The Open Systems Interconnection (OSI) model is a conceptual framework used to understand
and implement network protocols in seven distinct layers. Each layer serves a specific function
and communicates with the layers directly above and below it. This layered approach helps isolate
issues, ensure compatibility, and standardize network communication protocols.

Cybersecurity threats target different layers of the OSI model, exploiting vulnerabilities unique to
each layer. Understanding these attacks and implementing appropriate mitigations is crucial for
protecting the integrity, confidentiality, and availability of networked systems. This document
provides a detailed examination of common attacks at each OSI layer and the corresponding
defensive measures.

By delving into the specifics of layer-wise attacks and mitigations, network administrators and
security professionals can enhance their strategies to safeguard against various potential threats.
The following sections will explore each OSI layer, identify prevalent attack vectors, and outline
effective mitigation techniques to bolster network security.

Fig: Cyber Attacks for the OSI Model

Layer 1: The Physical Layer

Cyber Attacks:

• Physical Tampering: Unauthorized physical access to network hardware, such as routers, switches,
or cables, to disrupt or intercept communication.
• Cable Cutting: Severing network cables to cause a denial of service.
• Electromagnetic Interference (EMI): Disrupting communication by emitting electromagnetic
signals that interfere with network hardware.

1
 • Device Theft: Stealing network hardware to gain unauthorized access to network data or disrupt
network operations.
Mitigations:

• Physical Security Measures: Implement strong physical security controls, such as locked doors,
security cameras, and access control systems, to prevent unauthorized access to network hardware.
• Cable Management: Protect cables by routing them through secure conduits and using tamper-
evident seals to detect and prevent unauthorized access.
• Shielding and Grounding: Use shielded cables and proper grounding techniques to minimize the
risk of electromagnetic interference.
• Equipment Monitoring: Regularly monitor network hardware for signs of tampering or
unauthorized access and implement intrusion detection systems to alert administrators of potential
threats.
• Redundant Pathways: Establish redundant communication pathways to ensure network availability
even if one path is compromised.
By understanding the types of attacks that can occur at the physical layer and implementing appropriate
mitigation strategies, organizations can enhance the security and resilience of their network infrastructure.

Layer 2: The Data Link Layer

Cyber Attacks:

• MAC Spoofing: An attacker changes the Media Access Control (MAC) address of their device to
impersonate another device on the network, often to bypass access control lists (ACLs) or launch
man-in-the-middle attacks.
• ARP Spoofing/Poisoning: An attacker sends falsified Address Resolution Protocol (ARP)
messages to a network, causing data intended for one device to be sent to the attacker’s device
instead.
• Switch Port Attacks: Exploiting vulnerabilities in network switches, such as by overloading a
switch’s MAC address table (MAC flooding) to cause it to fail open, allowing the attacker to
intercept network traffic.
• VLAN Hopping: An attacker sends packets to a network switch with double tagging to access
VLANs they are not authorized to use, potentially intercepting or redirecting traffic.
Mitigations:

• Port Security: Configure port security on switches to limit the number of MAC addresses that can
be learned on a single port, helping to prevent MAC spoofing and flooding attacks.
• Dynamic ARP Inspection (DAI): Enable DAI on switches to inspect ARP packets and ensure their
validity, mitigating ARP spoofing/poisoning attacks.
• Access Control Lists (ACLs): Implement ACLs to restrict network access based on MAC
addresses, IP addresses, and protocols to enhance network security.
• VLAN Segmentation: Properly segment and isolate VLANs to limit the impact of VLAN hopping
attacks and reduce the attack surface.

2
 • Regular Monitoring: Continuously monitor network traffic for unusual patterns or signs of an attack
and deploy intrusion detection/prevention systems (IDS/IPS) to identify and respond to threats in
real-time.
• Authentication: Use network-level authentication protocols, such as 802.1X, to verify the identity
of devices connecting to the network, ensuring only authorized devices gain access.
By understanding the types of attacks that can occur at the data link layer and implementing these mitigation
strategies, organizations can better protect their networks from Layer 2 threats.

Layer 3: The Network Layer

Cyber Attacks:

• IP Spoofing: An attacker sends IP packets from a false (spoofed) source address to impersonate
another device, often to bypass security measures or initiate other types of attacks like DDoS.
• Routing Attacks: Manipulating routing tables or injecting false routing information to redirect
traffic to malicious destinations. This includes attacks such as route poisoning, route injection, and
route hijacking.
• Denial of Service (DoS) / Distributed Denial of Service (DDoS): Overwhelming a network or its
resources with excessive traffic, causing legitimate traffic to be delayed or dropped.
• Man-in-the-Middle (MitM): Intercepting and potentially altering the communication between two
parties without their knowledge, typically by inserting themselves into the routing path.
Mitigations:

• Packet Filtering: Use firewalls and access control lists (ACLs) to filter incoming and outgoing
packets based on IP addresses, protocols, and port numbers, reducing the risk of IP spoofing and
unauthorized access.
• Secure Routing Protocols: Implement secure routing protocols (e.g., OSPF with authentication,
BGP with MD5) to ensure the integrity and authenticity of routing updates, mitigating routing
attacks.
• Anti-Spoofing Measures: Configure network devices to implement anti-spoofing rules, such as
Unicast Reverse Path Forwarding (uRPF), which verifies the legitimacy of incoming packets based
on the expected source IP address.
• DDoS Protection: Deploy DDoS protection mechanisms, such as rate limiting, traffic analysis, and
scrubbing centers, to detect and mitigate DDoS attacks before they impact network resources.
• Encryption: Use encryption protocols (e.g., IPsec, SSL/TLS) to secure data in transit, making it
difficult for attackers to intercept and alter communications.
• Regular Monitoring and Auditing: Continuously monitor network traffic and routing tables for
unusual patterns or anomalies that could indicate an attack, and perform regular audits of network
configurations and security policies.
By understanding the types of attacks that can occur at the network layer and implementing these mitigation
strategies, organizations can better protect their networks from Layer 3 threats.

3
Layer 4: The Transport Layer
Cyber Attacks:

• Port Scanning: An attacker scans a range of ports on a target device to identify open or vulnerable
ports that can be exploited for further attacks.
• Session Hijacking: An attacker takes over an active session between two devices by intercepting
session tokens or identifiers, allowing unauthorized access to data or services.
• SYN Flood Attack: An attacker sends a flood of SYN (synchronization) requests to a target server,
overwhelming it with half-open connections and causing legitimate connection attempts to be
dropped.
• Buffer Overflow: An attacker sends more data to a buffer than it can handle, causing the buffer to
overflow and potentially allowing the attacker to execute arbitrary code or crash the system.
Mitigations:

• Port Filtering and Management: Use firewalls and intrusion detection/prevention systems
(IDS/IPS) to monitor and control traffic on open ports, reducing the risk of port scanning and
exploitation.
• Session Security: Implement secure session management practices, such as using strong, random
session tokens and ensuring they are transmitted over encrypted channels. Employ session timeout
mechanisms to limit the duration of inactive sessions.
• SYN Flood Protection: Configure SYN flood protection mechanisms, such as SYN cookies, which
help servers handle large numbers of SYN requests without allocating excessive resources. Rate
limiting and traffic shaping can also mitigate the impact of SYN flood attacks.
• Buffer Overflow Protection: Use secure coding practices to validate input sizes and implement
bounds checking to prevent buffer overflows. Deploy modern operating systems and applications
that include built-in protections like Address Space Layout Randomization (ASLR) and Data
Execution Prevention (DEP).
• Encryption: Employ encryption protocols like TLS/SSL for securing transport layer
communications, ensuring data integrity and confidentiality during transmission.
• Regular Monitoring and Logging: Continuously monitor network traffic and system logs for
unusual activity or patterns indicative of an attack. Use automated tools to detect and respond to
potential threats in real-time.
By understanding the types of attacks that can occur at the transport layer and implementing these mitigation
strategies, organizations can better protect their networks from Layer 4 threats.

Layer 5: The Session Layer

Cyber Attacks:

• Session Hijacking: An attacker takes control of an active session between a client and a server by
capturing session tokens or identifiers, allowing unauthorized access to data and services.
• Session Fixation: An attacker tricks a user into authenticating with a known session ID, allowing
the attacker to hijack the session once the user logs in.
• RPC (Remote Procedure Call) Exploits: An attacker exploits vulnerabilities in RPC services to
execute commands or gain unauthorized access to network resources.

4
Mitigations:

• Session Management: Implement secure session management practices, such as generating strong,
random session tokens and ensuring they are transmitted over encrypted channels. Regularly
invalidate and regenerate session tokens.
• Encryption: Use encryption protocols like TLS/SSL to secure session data during transmission,
preventing attackers from capturing session tokens or identifiers.
• Session Timeouts: Configure session timeouts to automatically terminate inactive sessions,
reducing the window of opportunity for session hijacking.
• Input Validation: Validate all input data, especially in applications that use RPC, to prevent
attackers from exploiting vulnerabilities and executing unauthorized commands.
• Multi-Factor Authentication (MFA): Implement MFA to add an additional layer of security,
making it more difficult for attackers to gain unauthorized access even if they capture session
tokens.
• Monitoring and Logging: Continuously monitor session activity and maintain logs of session
creation, termination, and authentication events. Use automated tools to detect and respond to
suspicious session behavior in real-time.
• Patch Management: Regularly update and patch software, especially those providing session and
RPC services, to address known vulnerabilities and reduce the risk of exploitation.
By understanding the types of attacks that can occur at the session layer and implementing these mitigation
strategies, organizations can better protect their networks from Layer 5 threats.

Layer 6: The Presentation Layer

Cyber Attacks:

• Man-in-the-Middle (MitM) Attacks: An attacker intercepts and potentially alters data being
transmitted between two parties. This can occur if the data is not properly encrypted.
• Data Injection: Malicious data is injected into the data stream, exploiting vulnerabilities in data
serialization or deserialization processes.
• SSL/TLS Attacks: Exploiting vulnerabilities in SSL/TLS protocols to intercept, decrypt, or alter
encrypted communications. Examples include SSL stripping, POODLE, and BEAST attacks.
• Encoding Exploits: Attacks that exploit weaknesses in the encoding or decoding processes, such as
buffer overflow attacks triggered by improper handling of encoded data.
Mitigations:

• Strong Encryption: Use robust encryption protocols, such as TLS 1.2 or higher, to ensure data
integrity and confidentiality during transmission. Disable outdated protocols and ciphers to prevent
exploitation.
• Secure Configuration: Ensure proper configuration of SSL/TLS settings, including the use of strong
ciphers, proper certificate validation, and avoiding the use of self-signed certificates.
• Data Validation and Sanitization: Validate and sanitize all data before encoding or decoding to
prevent data injection attacks. Implement secure coding practices to handle serialized and
deserialized data safely.

5
 • Regular Updates and Patching: Keep cryptographic libraries and related software up to date with
the latest security patches to mitigate known vulnerabilities.
• Authentication and Integrity Checks: Implement authentication mechanisms and integrity checks
to verify the authenticity and integrity of data before and after encoding/decoding.
• Network Monitoring: Monitor network traffic for signs of MitM attacks or other suspicious activity.
Deploy intrusion detection/prevention systems (IDS/IPS) to identify and respond to potential
threats.
• Security Training: Educate developers and system administrators about secure coding practices and
the importance of properly handling data encoding and encryption to prevent vulnerabilities.
By understanding the types of attacks that can occur at the presentation layer and implementing these
mitigation strategies, organizations can better protect their networks from Layer 6 threats.

Layer 7: The Application Layer

Cyber Attacks:

• SQL Injection: An attacker inserts malicious SQL queries into input fields to manipulate the
database, potentially gaining unauthorized access to data or executing arbitrary commands.
• Cross-Site Scripting (XSS): An attacker injects malicious scripts into web pages viewed by other
users, allowing the attacker to steal session cookies, deface websites, or perform other malicious
actions.
• Phishing: An attacker sends fraudulent messages designed to trick users into revealing sensitive
information, such as login credentials or financial details.
• Malware: Malicious software is delivered via emails, websites, or downloads, aiming to
compromise the security of the target system.
• Denial of Service (DoS): An attacker overwhelms an application with excessive requests, causing
it to become unresponsive or crash.
• Man-in-the-Browser (MitB) Attacks: Malware installed on a user's browser intercepts and modifies
the user's transactions with web applications without the user's knowledge.

Mitigations:

• Input Validation: Implement rigorous input validation to ensure that all user inputs are sanitized
and validated before being processed by the application. This helps prevent SQL injection and XSS
attacks.
• Secure Coding Practices: Educate developers on secure coding practices and use frameworks and
libraries that provide built-in security features to mitigate common vulnerabilities.
• Authentication and Authorization: Implement strong authentication mechanisms (e.g., multi-factor
authentication) and enforce strict authorization policies to ensure that only authorized users can
access sensitive data and functions.
• Regular Security Updates and Patching: Keep all application software, including third-party
libraries and plugins, up to date with the latest security patches.
• Web Application Firewalls (WAFs): Deploy WAFs to filter and monitor HTTP traffic to and from
web applications, protecting against common web exploits like SQL injection and XSS.

6
 • User Education and Awareness: Conduct regular training for users on recognizing phishing
attempts and safe online practices to reduce the risk of social engineering attacks.
• Anti-Malware Solutions: Use comprehensive anti-malware solutions to detect and prevent the
installation and execution of malicious software.
• Secure Session Management: Implement secure session management practices, such as using
secure cookies, setting appropriate session timeouts, and ensuring sessions are invalidated upon
logout.
• Content Security Policy (CSP): Implement CSP to prevent the execution of unauthorized scripts on
web pages, mitigating the impact of XSS attacks.
• Regular Security Audits and Penetration Testing: Conduct regular security audits and penetration
testing to identify and remediate vulnerabilities in applications before they can be exploited by
attackers.
By understanding the types of attacks that can occur at the application layer and implementing these
mitigation strategies, organizations can better protect their networks from Layer 7 threats.