Today, we are living in a highly technical society. Technology and the way in which we communicate has been completely revolutionized by the invention and proliferation of the Internet, which began with the construction of computers in the 1960s. Our everyday lives revolve around the Internet, both at work and at home. We use the Internet to connect with coworkers, do research, shop, order lunch and dinner, find old friends, keep up with family, etc. The Internet is a permanent part of many people’s lives, but this can come at a price. As connected as we all remain to the Internet, putting our personal information on it leaves us privy to the actions of cyber criminals, who then use that information for any purpose. Cyber are offenses that can only be committed with the use of a computer or computer networks. It falls into two categories, namely the illegal intrusion into computer networks, such as hacking, or the disruption of computer functionality, such as viruses.
To understand how criminals use the Internet, it must be understood how we communicate on the Internet. The Internet consists of networks within an overarching network that are connected by fiber optic cabling and other complex hardware and software, all for the purpose of collaboration, communication and information dissemination among most of the entire world. The Internet provides several services of which we take advantage, such as instant messaging, e-mail, hypertext documents and data exchanges.
The Internet has entirely changed how individuals communicate with one another, gather information and even make purchases. Now more than ever, people are relying on the Internet and namely social media to make purchase decisions. The way that we were trained to communicate has shifted from formal to informal, from longhand to shorthand. Changes are sure to come as technology moves quicker than we can keep up with. As mentioned, this leaves personal consumer information vulnerable, making it much easier for cyber criminals to use the connectivity and transparency of the Internet to their advantage. Cyber criminals use information to develop networks for drugs trafficking, smuggling, money laundering, etc. The threat of cybercrime has the potential to affect national and international security, economies worldwide, and social and political relations among countries. Cyber criminals can choose any particular Internet network through which to commit their crimes, such as the Open Systems Interconnection Model.
The Open Systems Interconnection Model is a network system consisting of a vertical stack of seven layers which represent software that enable network services (the upper layers) and others that implement hardware-oriented functions like routing and flow control (the lower layers). The OSI model was designed and introduced in 1984 to be an abstract model for teaching individuals about the network technologies of the Internet today. The model’s top layer of the vertical stack is where data communication starts, then travels down the stack to the lowers bottom layer, travelling finally to the bottom layer on the receiving side and back up the OSI Model stack.
There are seven layers, or building blacks to the OSI model. The top four layers where network services are enabled are known as the Host layers; the bottom three layers where hardware functions are implemented are the Media layers. The layers are numbered, with 1 beginning at the bottom and working its way up. From top to bottom, however, is how the layers’ structure is recognized with the phrase “All People Seem to Need Data Processing,” taking the first letter of each word to correspond with the type of layer. Layer 7, at the top, is the application layer, wherein the data from the presentation layer (layer 6) is packaged in the format optimal for the application or end-user process that receives it, like in the form of browsers or HTTP. Layer 7 also creates what is to be returned to layer 6, the presentation layer, where data representation and encryption takes place. This layer can be thought of as a translator or image generator, including MPEGs, JPEGs and TIFFs. In the session layer (layer 5) is where management of communication takes place. It is from layer 5 that data goes to logical ports, such as SQL. The fourth layer, the transport layer, moves data across (reliable) network connections, handles error recovery and re-transmissions. The network layer is the third layer, that formats data as packets and directs it to the correct path. The data link layer is the second to last and the most complex layer in the model; it consists of two parts for media access control and logical link control. The final (or first) later consists of media, signal and binary transmission through mediums such as infrared light, electric voltage and radio frequencies.
Each layer faces its own vulnerabilities and threats. The application layer (7) is the most open-ended of each layer, thus the most difficult one to protect. Browses and website forms can be vulnerable to cyber criminals who are looking for personal information in order to commit fraud and identity theft. This layer can be protected by malware scans and sandboxing that keeps sensitive data protected. The presentation layer, the next layer, can be plagued by malformed SSL requests; a broken SSL can be used to tunnel HTTP attacks to a server, which could stop accepting those SSL connections. Separation of user input and data control is paramount to data security at this level. The session layer handles network connections, but without passwords and authentication protocols, cyber criminals can spoof, leak information and hijack browsing sessions. The transport layer consists of two protocols that ensure transmission of data, both of which can be used by an attacker to infiltrate a network, especially one without a secure firewall. The network layer is the one that includes routing policy and firewalls, controls that are likely already in place. The threats to this layer include spoofs to IP addresses and network routes. The data link layer manages packets of information that go across a physical networking, but multiple protocols make the layer vulnerable. The layer is a prime target for attack because it is often neglected when it comes to information security. Finally, the physical layer, the first layer, can have its functionality attacked through disconnection, theft, or power interruption. The physical layer is probably the second most vulnerable layer after the application layer as the physical layer is tangible. To protect this layer, enable video and audio surveillance, security staff and access control.
Each layer of the OSI model can face significant threats, but not threats that cannot be addressed or safeguarded against. With the advent of technology and continually changing mobility, approaches to security should be changing alongside it to protect against security breaches. Each layer is intricate and unique and the approach to security should be multifaceted and applicable to the individual layers. The OSI model is only as valuable as its functions, which have to be protected in order to be valuable at all. It can be forgotten that protections are only part of the equation, so administrators should take extreme precautions when it comes to securing any Internet connectivity network. Criminals can gain access to networks in more and more ways, so it would be in the best interest of these administrators to make the best effort necessary to keep it from happening.
- Gharbawi, Alaa. “Revolution of the Internet.” Available from http://www.cs.ucsb.edu/~almeroth/classes/F04.176A/homework1_good_papers/Alaa-Gharbawi.html; Internet; accessed July 21, 2017.
- Loader, Brian D., and Douglas Thomas, eds. Cybercrime: Security and surveillance in the information age. Routledge, 2013.
- McGuire, Mike, and Samantha Dowling. “Cyber crime: A review of the evidence.” Summary of key findings and implications. Home Office Research report 75 (2013).
- Mitchell, Bradley. “What Is the OSI Model?” Lifewire. Accessed July 21, 2017. https://www.lifewire.com/open-systems-interconnection-model-816290.
- New Media Consortium. “Social networking, the” third place,” and the evolution of communication.” (2007).