Layer 1 – The Physical Layer
The physical layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems. Characteristics such as voltage levels, timing of voltage changes, physical data rates, maximum transmission distances, physical connectors, and other attributes are defined by physical layer specifications. The physical layer is vulnerable to wire taps and reconnaissance. Fiber media is much more secure, but both copper and fiber media are vulnerable to cutting. This type of vandalism can bring down hosts, segments, and entire networks. Also, power instabilities, natural disasters, and severe storms can affect network devices to the extent that they can become inoperative (see Appendix on Physical Security).
Layer 2 – The Data Link Layer
The data link layer provides reliable transit of data across a physical link. The data link layer is concerned with physical, as opposed to logical addressing, network topology, network access, error notification, ordered delivery of frames, and flow control. Frame-level exploits and vulnerabilities include sniffing, spoofing, broadcast storms, and insecure or absent virtual LANs (VLANs, or lack of VLANs). Network interface cards (NICs) that are misconfigured or malfunctioning can cause serious problems on a network segment or the entire network.
Layer 3 – The Network Layer
The network layer provides connectivity and path selection between two host systems that may be located on geographically separated networks. Packet-level exploits include ping scans, sniffing, DoS, Address Resolution Protocol (ARP) poisoning, nuking, ping of death, and spoofing. DDoS attacks such as SMURF, Stacheldraht, and TFN are especially dangerous to target networks and devices.
Layer 4 – The Transport Layer
The transport layer segments data from the sending host system and reassembles the data into a data stream on the receiving host system. In providing communication service, the transport layer establishes, maintains, and properly terminates virtual circuits. In providing reliable service, transport-error detection-and-recovery and information flow control are used. The transport layer is especially vulnerable to an attack. Many applications and protocols use well-known TCP and User Datagram Protocol (UDP) ports that must be protected. This is analogous to locking the door but leaving all the windows wide open. These windows must also be closed or secured. Segment-level attacks such as DoS, spoofing, and hijacking can be performed. Numerous port scanners are available to perform reconnaissance on a host or network.
Layer 5 – The Application Layer
Application layer attacks can be implemented using several different methods. One of the most common methods is exploiting well-known weaknesses in software commonly found on servers, such as Send mail, Hypertext Transfer Protocol (HTTP), and File Transfer Protocol (FTP). By exploiting these weaknesses, hackers can gain access to a computer with the permission of the account running the application, which is usually a privileged system-level account. These application layer attacks are often widely publicized in an effort to allow administrators to rectify the problem with a patch. Unfortunately, many hackers also subscribe to these same mailing lists, a scenario that results in their learning about the attack, if they have not discovered it already. The primary problem with application layer attacks is that they often use ports that are allowed through a firewall. For example, a hacker executing a known vulnerability against a Web server often uses TCP port 80 in the attack. Because the Web server delivers pages to users, a firewall must allow access on that port. From the perspective of the firewall, it is merely standard port 80 traffic. Application layer attacks can never be completely eliminated. New vulnerabilities are always being discovered and publicized to the Internet community. Driven by the demands of the Internet market, companies continue to release software and hardware with many known security issues and bugs. Furthermore, users continue to make security difficult by downloading, installing, and configuring unauthorized applications that introduce new security risks at an alarming rate.