Cheat Sheet

Summary of critical concepts,

devices and protocols
 Model
Many people know the OSI model as simply a seven-word mnemonic that
corresponds to its seven layers:

Please Do Not Throw Sausage Pizza Away

1 2 3 4 5 6 7
Physical Data Link Network Transport Session Presentation Application

Processing Data Need To Seem People All

It’s important to know the seven layers, what happens at each of them, and where security fits in.
OSI stands for open systems interconnection, which implies that the OSI model is about open
systems that can interconnect and communicate with each other, using protocols. The OSI model is a
structured, layered architecture comprising seven layers. Because it is a layered architecture, think of
the seven layers of the OSI model as team members. Each member has responsibilities that allow the
ultimate goal of communication to be accomplished. No layer can work on its own and accomplish
this ultimate goal.

It’s very important to know what security-specific features exist at different layers of the OSI model.
The higher the layer, the more functional the security features become, and more comprehensive
controls can be implemented; the lower the layer, the opposite is true. However, at the higher layers,
the functionality is accompanied with complexity, which has an expense at speed and efficiency.
Similarly, at the lower layers, where complexity is minimized, speed and efficiency are a given. At the
lowest layer—the physical layer—no intelligence exists. This is simply the layer that interconnects
devices, and it is extremely fast.

While the OSI model consists of seven layers, the TCP/IP implementation consists of four layers.
Similar to the OSI model, rules must still be followed, but just a bit differently. For instance, the top
three layers of the OSI model are handled by the application layer of the TCP/IP model. The transport
layer is the same in both models. The OSI network layer is called the internet layer in TCP/IP and then
the bottom two layers of the OSI model are handled by TCP/IP’s link layer.
 Common Attack Data
OSI Description Devices Protocols TCP/IP
Attacks Mitigation Format
Slowest

Encapsulation Network Application HTTP/S DNS DNSSEC

capabilities of Firewall masquerading/
Most

applications DHCP cache AV software

poisoning
SSH Hardening
Password
SNMP Patching
7 SMTP
exploitation
IDS/IPS
SNMP
Application Community
FTP Encryption
String (prior to data
SIP entering
exploitation
network)
DNS

Formatting of data, XML

Data 4
including Application
6 encryption/
decryption and
JPEG

Presentation ANSI
compression

Interhost Circuit PAP

communication Proxy
Firewall CHAP

5 EAP
Session NetBIOS
RPC
Intelligence

End-to-end TCP/UDP SYN Flood Encryption

Speed

connection with (SSL/TLS)

4 3
error correction SRTP DoS/DDoS
Segment
and detection; iSCSI (SAN)
Transport encryption Transport
BGP

Logical Routers IP addresses Network

addressing, Address
routing, and Packet IPSec Translation
Filtering & (NAT)
delivery of ICMP
Stateful
datagrams Inspection Encryption
3 Firewalls NAT
RIP
(VPN) Packet /
Datagram
2
Network Layer 3 ACL Network
Switches OSPF
limit physical
and logical
access to
router

Physical addressing Switches MAC ARP spoofing/ VLAN

and reliable addresses poisoning

2 point-to-point Bridges ARP inspection

ARP/RARP MAC flood
connection Encryption Frame
Data Link L2TP Spanning tree (VPN and
attack Wireless)
PPTP

1
Decapsulation

Binary transmissio Hubs Ethernet Eavesdropping Encryption

/tapping
Link
of data across
physical media NICs Wireless
1 Jamming
Least
Fastest

(wire, fiber, etc.) Repeaters Bits

Physical Floods
Concentrators
Power
manipulation
Term Definition

Address Resolution Protocol (ARP) Protocol which maps Layer 3 IP addresses to Layer 2 MAC addresses

Application Firewall Operates at Layer 7 (Application), the most complicated / intelligent, slowest, highest
latency, can inspect anything in the packet header and assemble a series of packets to
inspect contents (e.g. for viruses)

Border Gateway Protocol (BGP) Network protocol used to exchange routing and reachability information between routers -
essentially the protocol looks at all of the available paths that a packet could travel and
picks the best route based on numerous variables

Bridge Device that creates a single aggregate network from multiple communication networks or
network segments

Challenge-Handshake Authenticates using a challenge / response method which prevents replay attacks. Should
Authentication Protocol (CHAP) be used over PAP

Circuit Level Firewall Operates at Layer 5 (Session), will allow a circuit / session to be established if it complies
with rules

Concentrator Device which aggregates and forwards data packets from multiple smaller networks
across a single higher bandwidth connection

DNS Spoofing (AKA DNS Cache Poisoning) corrupt data is provided to a DNS resolver's cache such that
incorrect results are returned (e.g. a user is sent the wrong IP address for the provided
domain name)

Domain Name System (DNS) Protocol which is a hierarchical decentralized naming system. Primarily used to translate
easily remembered domain names (google.com) into IP addresses (74.125.224.72)

Domain Name System Security Set of extensions to DNS which attempt to provide security while maintaining backwards
Extensions (DNSSEC) compatibility

Dynamic Host Configuration Network protocol that enables a DHCP server to dynamically or statically assign IP
Protocol (DHCP) addresses to devices as they are added to the network

Ethernet Family of wired networking technologies used in local area networks (LANs), metropolitan
area networks (WANs) and wide area networks (WANs)

Extensible Authentication Protocol Authentication framework, not a specific authentication mechanism. Enables
(EAP) authentication over wired or wireless networks using multiple different authentication
methods (knowledge, ownership & characteristic)

Extensible Markup Language Language that defines a set of rules for encoding documents in a format that is both
(XML) human-readable and machine-readable

File Transfer Protocol (FTP) Protocol which enables a client to get or put (save) a file on a remote server. FTP provides
no encryption mechanisms

Hub Device used to connect multiple network devices. Any packet sent to the hub is repeated
to all other devices connected to the hub
Term Definition

Hypertext Transfer Protocol Secure Protocol which extends HTTP to enable encrypted communication with a web server.
(HTTPS) Encryption is provided via SSL/TLS protocol

Internet Control Message Protocol Protocol which supports IP protocol by allowing network devices (e.g., routers) to send
(ICMP) error and control messages and enables Ping & Traceroute utilities

Internet Protocol Security (IPSec) Framework of open standards for ensuring private, secure communications over Internet
Protocol (IP) networks

Internet Small Computer Systems Protocol which enables clients to send and receive data from storage devices over an IP
Interface (iSCSI) network

IP Addressing Assigning source and destination IP addresses to each packet/datagram so that it can be
routed across a network

Layer 2 Switch Device used to connect multiple network devices. A packet sent to the switch is forwarded
on only to the intended recipient based on destination MAC address in packet header

Layer 2 Tunneling Protocol (L2TP) Tunneling protocol used to establish Virtual Private Network (VPN) connections over the
Internet. Does not provide encryption on its own

Layer 3 Switch Device used to connect multiple network devices. A packet sent to the switch is forwarded
on only to the intended recipient based on destination IP address in packet header

Network Address Translation (NAT) Method of remapping (swapping) an IP address to another by modifying the IP header of
packets when they pass through a proxy. Typically remapping from an internal unrouteable
IP address to a publicly routable address

Network Basic Input/output Protocol which allows applications on computers to communicate with one another over a
System (NetBIOS) LAN

Network Interface Card/Controller Hardware component that connects a computer to a network (wired or wireless)
(NIC)

Open Shortest Path First (OSPF) Protocol which calculates the shortest route to a destination through a network based on
an algorithm

Open Shortest Path First (OSPF) Protocol which calculates the shortest route to a destination through a network based on
an algorithm

Packet Filtering Firewall Operates at Layer 3 (Network), the simplest, fastest, lowest latency firewall, inspects
packets headers (e.g. source and destination IP address & ports) against a set of rules
typically defined in an Access Control List (ACL)

Password Authentication Protocol Sends authentication credentials (username & password) in clear text across the network
(PAP)

Physical Addressing / Media Unique identifier (built-in address) associated with a network adapter that is used for
Access Control (MAC) Address identifying a device at Layer 2 of a network
Term Definition

Point-to-Point Tunneling Protocol Protocol for creating Virtual Private Networks (VPN)s which does not include encryption or
(PPTP) authentication. Now considered an obsolete protocol due to many security vulnerabilities
identified

Remote Procedure Call (RPC) Protocol (Application layer in TCP/IP) which enables a client to send a request to a remote
server to execute a specified procedure with supplied parameters

Repeater Device which receives signals (wired or wireless) and re-transmits the signal to increase
range of communications

Reverse Address Resolution Protocol which maps Layer 2 MAC addresses to Layer 3 IP addresses
Protocol (RARP)

Router Device that forwards packets between different networks based on IP addresses

Routing Information Protocol (RIP) Protocol which prevents routing loops by implementing a limit on the number of hops
allowed by packet in a path from source to destination

Secure File Transfer Protocol Protocol which enables a client to get or put (save) a file on a remote server. SFTP
(SFTP) provides encryption

Secure Real-time Transport Secure version (encryption, authentication, integrity & replay attack protection) of the Real-
Protocol (SRTP) time Transport Protocol (RTP) which provides streaming audio and video over IP

Secure Shell (SSH) Cryptographic protocol for using network services securely over an unsecured network
(e.g. secure remote user login to a computer)

Session Initiation Protocol (SIP) Signaling protocol used for initiating, maintaining, modifying and terminating real-time
communications sessions between Internet Protocol (IP) devices. Used to establish voice
& video calls.

Simple Mail Transfer Protocol Standard for electronic mail (email) transmission. Typically, just used by clients to send
(SMTP) emails to the server

Simple Network Management Protocol for collecting data from, and managing configuration of, network devices (e.g.
Protocol (SNMP) switches & routers) across an IP network. Versions 1 & 2 provided no encryption; v3
incorporates encryption

Stateful Packet Filtering Firewall Operates at Layer 3 (Network), maintains a dynamic state table (simple memory / history of
recent traffic) and uses the state table to help determine if packets are allowed through
(e.g. if a request was sent out, reply will be allowed back in)

Transmission Control Protocol Protocol which provides reliable, ordered, and error-checked delivery of packets between
(TCP) applications running on hosts communicating via an IP network

User Datagram Protocol (UDP) Protocol which provides speed/efficiency at the expense of a reliable connection and error
correction (e.g. often used for video and audio streaming), jokingly referred to as: send and
pray data arrives

Virtual Local Area Network (VLAN) Abstracts the idea of the LAN; A VLAN might comprise a subset of the ports on a single
switch or subsets of ports on multiple switches thus allowing systems to be logically
separated / segmented into groups
Hi there!
I hope this cheat sheet helped you learn about the critical
concepts, devices and protocols related to the OSI model.

If you’re looking for an even deeper dive into the wonderful world
of networking so you can learn all you need to know to confidently
pass the CISSP exam, you can check out our CISSP MasterClass
here: destcert.com/CISSP

We have been guiding folks to confidently pass the CISSP exam

for over 20 years. We provide expert instruction and an integrated
intelligent system of study resources and tools.

All the best in your studies!

Rob Witcher
Co-founder & Master Instructor
OSI Model
Cheat Sheet
Summary of critical concepts,
devices and protocols
OSI Model
Many people know the OSI model as simply a seven-word mnemonic that
corresponds to its seven layers:

Please Do Not Throw Sausage Pizza Away

1 2 3 4 5 6 7
Physical Data Link Network Transport Session Presentation Application

Processing Data Need To Seem People All

It’s important to know the seven layers, what happens at each of them, and where security fits in.
OSI stands for open systems interconnection, which implies that the OSI model is about open
systems that can interconnect and communicate with each other, using protocols. The OSI model is a
structured, layered architecture comprising seven layers. Because it is a layered architecture, think of
the seven layers of the OSI model as team members. Each member has responsibilities that allow the
ultimate goal of communication to be accomplished. No layer can work on its own and accomplish
this ultimate goal.

It’s very important to know what security-specific features exist at different layers of the OSI model.
The higher the layer, the more functional the security features become, and more comprehensive
controls can be implemented; the lower the layer, the opposite is true. However, at the higher layers,
the functionality is accompanied with complexity, which has an expense at speed and efficiency.
Similarly, at the lower layers, where complexity is minimized, speed and efficiency are a given. At the
lowest layer—the physical layer—no intelligence exists. This is simply the layer that interconnects
devices, and it is extremely fast.

While the OSI model consists of seven layers, the TCP/IP implementation consists of four layers.
Similar to the OSI model, rules must still be followed, but just a bit differently. For instance, the top
three layers of the OSI model are handled by the application layer of the TCP/IP model. The transport
layer is the same in both models. The OSI network layer is called the internet layer in TCP/IP and then
the bottom two layers of the OSI model are handled by TCP/IP’s link layer.
 Common Attack Data
OSI Description Devices Protocols TCP/IP
Attacks Mitigation Format
Slowest

Encapsulation Network Application HTTP/S DNS DNSSEC

capabilities of Firewall masquerading/
Most

applications DHCP cache AV software

poisoning
SSH Hardening
Password
SNMP Patching
7 SMTP
exploitation
IDS/IPS
SNMP
Application Community
FTP Encryption
String (prior to data
SIP entering
exploitation
network)
DNS

Formatting of data, XML

Data 4
including Application
6 encryption/
decryption and
JPEG

Presentation ANSI
compression

Interhost Circuit PAP

communication Proxy
Firewall CHAP

5 EAP
Session NetBIOS
RPC
Intelligence

End-to-end TCP/UDP SYN Flood Encryption

Speed

connection with (SSL/TLS)

4 3
error correction SRTP DoS/DDoS
Segment
and detection; iSCSI (SAN)
Transport encryption Transport
BGP

Logical Routers IP addresses Network

addressing, Address
routing, and Packet IPSec Translation
Filtering & (NAT)
delivery of ICMP
Stateful
datagrams Inspection Encryption
3 Firewalls NAT
RIP
(VPN) Packet /
Datagram
2
Network Layer 3 ACL Network
Switches OSPF
limit physical
and logical
access to
router

Physical addressing Switches MAC ARP spoofing/ VLAN

and reliable addresses poisoning

2 point-to-point Bridges ARP inspection

ARP/RARP MAC flood
connection Encryption Frame
Data Link L2TP Spanning tree (VPN and
attack Wireless)
PPTP

1
Decapsulation

Binary transmissio Hubs Ethernet Eavesdropping Encryption

/tapping
Link
of data across
physical media NICs Wireless
1 Jamming
Least
Fastest

(wire, fiber, etc.) Repeaters Bits

Physical Floods
Concentrators
Power
manipulation
Term Definition

Address Resolution Protocol (ARP) Protocol which maps Layer 3 IP addresses to Layer 2 MAC addresses

Application Firewall Operates at Layer 7 (Application), the most complicated / intelligent, slowest, highest
latency, can inspect anything in the packet header and assemble a series of packets to
inspect contents (e.g. for viruses)

Border Gateway Protocol (BGP) Network protocol used to exchange routing and reachability information between routers -
essentially the protocol looks at all of the available paths that a packet could travel and
picks the best route based on numerous variables

Bridge Device that creates a single aggregate network from multiple communication networks or
network segments

Challenge-Handshake Authenticates using a challenge / response method which prevents replay attacks. Should
Authentication Protocol (CHAP) be used over PAP

Circuit Level Firewall Operates at Layer 5 (Session), will allow a circuit / session to be established if it complies
with rules

Concentrator Device which aggregates and forwards data packets from multiple smaller networks
across a single higher bandwidth connection

DNS Spoofing (AKA DNS Cache Poisoning) corrupt data is provided to a DNS resolver's cache such that
incorrect results are returned (e.g. a user is sent the wrong IP address for the provided
domain name)

Domain Name System (DNS) Protocol which is a hierarchical decentralized naming system. Primarily used to translate
easily remembered domain names (google.com) into IP addresses (74.125.224.72)

Domain Name System Security Set of extensions to DNS which attempt to provide security while maintaining backwards
Extensions (DNSSEC) compatibility

Dynamic Host Configuration Network protocol that enables a DHCP server to dynamically or statically assign IP
Protocol (DHCP) addresses to devices as they are added to the network

Ethernet Family of wired networking technologies used in local area networks (LANs), metropolitan
area networks (WANs) and wide area networks (WANs)

Extensible Authentication Protocol Authentication framework, not a specific authentication mechanism. Enables
(EAP) authentication over wired or wireless networks using multiple different authentication
methods (knowledge, ownership & characteristic)

Extensible Markup Language Language that defines a set of rules for encoding documents in a format that is both
(XML) human-readable and machine-readable

File Transfer Protocol (FTP) Protocol which enables a client to get or put (save) a file on a remote server. FTP provides
no encryption mechanisms

Hub Device used to connect multiple network devices. Any packet sent to the hub is repeated
to all other devices connected to the hub
Term Definition

Hypertext Transfer Protocol Secure Protocol which extends HTTP to enable encrypted communication with a web server.
(HTTPS) Encryption is provided via SSL/TLS protocol

Internet Control Message Protocol Protocol which supports IP protocol by allowing network devices (e.g., routers) to send
(ICMP) error and control messages and enables Ping & Traceroute utilities

Internet Protocol Security (IPSec) Framework of open standards for ensuring private, secure communications over Internet
Protocol (IP) networks

Internet Small Computer Systems Protocol which enables clients to send and receive data from storage devices over an IP
Interface (iSCSI) network

IP Addressing Assigning source and destination IP addresses to each packet/datagram so that it can be
routed across a network

Layer 2 Switch Device used to connect multiple network devices. A packet sent to the switch is forwarded
on only to the intended recipient based on destination MAC address in packet header

Layer 2 Tunneling Protocol (L2TP) Tunneling protocol used to establish Virtual Private Network (VPN) connections over the
Internet. Does not provide encryption on its own

Layer 3 Switch Device used to connect multiple network devices. A packet sent to the switch is forwarded
on only to the intended recipient based on destination IP address in packet header

Network Address Translation (NAT) Method of remapping (swapping) an IP address to another by modifying the IP header of
packets when they pass through a proxy. Typically remapping from an internal unrouteable
IP address to a publicly routable address

Network Basic Input/output Protocol which allows applications on computers to communicate with one another over a
System (NetBIOS) LAN

Network Interface Card/Controller Hardware component that connects a computer to a network (wired or wireless)
(NIC)

Open Shortest Path First (OSPF) Protocol which calculates the shortest route to a destination through a network based on
an algorithm

Open Shortest Path First (OSPF) Protocol which calculates the shortest route to a destination through a network based on
an algorithm

Packet Filtering Firewall Operates at Layer 3 (Network), the simplest, fastest, lowest latency firewall, inspects
packets headers (e.g. source and destination IP address & ports) against a set of rules
typically defined in an Access Control List (ACL)

Password Authentication Protocol Sends authentication credentials (username & password) in clear text across the network
(PAP)

Physical Addressing / Media Unique identifier (built-in address) associated with a network adapter that is used for
Access Control (MAC) Address identifying a device at Layer 2 of a network
Term Definition

Point-to-Point Tunneling Protocol Protocol for creating Virtual Private Networks (VPN)s which does not include encryption or
(PPTP) authentication. Now considered an obsolete protocol due to many security vulnerabilities
identified

Remote Procedure Call (RPC) Protocol (Application layer in TCP/IP) which enables a client to send a request to a remote
server to execute a specified procedure with supplied parameters

Repeater Device which receives signals (wired or wireless) and re-transmits the signal to increase
range of communications

Reverse Address Resolution Protocol which maps Layer 2 MAC addresses to Layer 3 IP addresses
Protocol (RARP)

Router Device that forwards packets between different networks based on IP addresses

Routing Information Protocol (RIP) Protocol which prevents routing loops by implementing a limit on the number of hops
allowed by packet in a path from source to destination

Secure File Transfer Protocol Protocol which enables a client to get or put (save) a file on a remote server. SFTP
(SFTP) provides encryption

Secure Real-time Transport Secure version (encryption, authentication, integrity & replay attack protection) of the Real-
Protocol (SRTP) time Transport Protocol (RTP) which provides streaming audio and video over IP

Secure Shell (SSH) Cryptographic protocol for using network services securely over an unsecured network
(e.g. secure remote user login to a computer)

Session Initiation Protocol (SIP) Signaling protocol used for initiating, maintaining, modifying and terminating real-time
communications sessions between Internet Protocol (IP) devices. Used to establish voice
& video calls.

Simple Mail Transfer Protocol Standard for electronic mail (email) transmission. Typically, just used by clients to send
(SMTP) emails to the server

Simple Network Management Protocol for collecting data from, and managing configuration of, network devices (e.g.
Protocol (SNMP) switches & routers) across an IP network. Versions 1 & 2 provided no encryption; v3
incorporates encryption

Stateful Packet Filtering Firewall Operates at Layer 3 (Network), maintains a dynamic state table (simple memory / history of
recent traffic) and uses the state table to help determine if packets are allowed through
(e.g. if a request was sent out, reply will be allowed back in)

Transmission Control Protocol Protocol which provides reliable, ordered, and error-checked delivery of packets between
(TCP) applications running on hosts communicating via an IP network

User Datagram Protocol (UDP) Protocol which provides speed/efficiency at the expense of a reliable connection and error
correction (e.g. often used for video and audio streaming), jokingly referred to as: send and
pray data arrives

Virtual Local Area Network (VLAN) Abstracts the idea of the LAN; A VLAN might comprise a subset of the ports on a single
switch or subsets of ports on multiple switches thus allowing systems to be logically
separated / segmented into groups
Hi there!
I hope this cheat sheet helped you learn about the critical
concepts, devices and protocols related to the OSI model.

If you’re looking for an even deeper dive into the wonderful world
of networking so you can learn all you need to know to confidently
pass the CISSP exam, you can check out our CISSP MasterClass
here: destcert.com/CISSP

We have been guiding folks to confidently pass the CISSP exam

for over 20 years. We provide expert instruction and an integrated
intelligent system of study resources and tools.

All the best in your studies!

Rob Witcher
Co-founder & Master Instructor