OSI Transport Layer Security- CISSP Exam

Manoj Sharma
Manoj SharmaCISSP | CCSP | CISM | CRISC | CPISI | CPEGP | ISMS
OSI Transport Layer Security- CISSP Exam

OSI Reference Model : Layer 4 (Transport Layer) is one of the most import layer for modern ethernet Networks. The OSI Reference Model serves as the best means to understand data transmission between two nodes. In this blog our focus is on Transport Layer of the OSI Reference Model.

Functionality

This layer is responsible for providing reliable data transport and end-to-end transmission control through flow control, multiplexing, virtual circuit management (virtual circuits established during packet switching), and error checking and recovery. How this happens - a reliable connection between Computers (unlike applications in the session layer) is established before any data is transmitted. CISSP certification applicants should display capability in understanding and executing network safety efforts and tending to the difficulties emerging from network-based dangers.

Protocols

Two protocols which you must be familiar at this layer are TCP and UDP

Transmission Control Protocol (TCP- Connection Oriented) : TCP is a connection-oriented protocol and establishes a connection with another computer via a Three-way Handshake. TCP also provides extensive error checking through flow control and acknowledgment of data between two computers. Packets are sequenced so that they can be assembled at the destination and if a packet is lost that will be retransmitted. The below picture

describes the three-way handshake and the sequencing part.

Because of all the session establishment, sequencing, error checking, etc., the TCP is generally a slower protocol than connectionless protocols like UDP. All other protocols requiring reliable delivery make use of TCP (e.g., HTTP, FTP, etc.)

User Datagram Protocol (UDP - Connection less): UDP is a connectionless protocol (best-effort communication) which means there is no overhead associated with establishing a connection, maintaining a connection, or terminating a connection, making UDP simpler, faster, and more efficient than TCP. They are used widely for many applications like real-time

streaming of audio and video where speed is a priority than reliability. UDP is also commonly used by Domain

Name Systems (DNS), Dynamic Host Control Protocol (DHCP), Simple Network Management Protocol (SNMP), Voice over IP (VoIP), Internet of Things (IoT), etc.


Devices at Transport Layer

Circuit proxy Firewalls: Circuit proxy firewalls provide an additional layer of security for a network by acting as an intermediary between internal and external networks. We will understand more about this in the firewall section.

Proxy Servers: A proxy server is an intermediary server that sits between client devices (such as computers or smartphones) and other servers on the internet. We will understand more about it in the sections ahead.

Load Balancers: These are network devices or software applications that distribute incoming network traffic across multiple servers or resources to ensure availability, reliability, and performance of applications and services.

VPN Gateways: It is a network device or service that facilitates the creation of secure and encrypted connections between two or more networks over the internet or another untrusted network

Common attack vectors

TCP/IP Hijacking Attacks (session Hijacking): Attacker intercept and forge TCP packets by exploiting vulnerabilities in the sequence numbers used in TCP headers to take control of a session.

Syn Flood Attack: Denial of Service (DoS) attack where an attacker floods a target server with a large number of SYN (synchronize) requests, overwhelming its capacity to establish new TCP connections.

UDP Flood Attack: Attackers flood the target with a large number of UDP packets to overwhelm the server and causing it to become unresponsive.

Packet Fragmentation Attacks: Attackers leverages packet fragmentation (breaking big packets into smaller ones) weakness to obscure malicious content within fragmented packets.

Smurf Attack: The attacker sends a large number of ICMP packets (Ping) to a Network Broadcast address by spoofing the Victim IP. All these systems in the subnet then response back which is directed to the victim computer to perform an amplified DDoS attack.


Fraggle Attack: similar to Smurf attack, but here the attacker sends UDP Echo Request instead of ICMP Echo Request (TCP)

Conclusion: The Network and Communication Security Domain of the CISSP Contributes to 13% of the CISSP Exam and is one of the most challenging Domain. Passing the CISSP exam does not only require you to understand the core concepts but also requires you to understand the complexity of the CISSP Exam.

For more insightful updates on the CISSP exam, follow our webinar on Think Like a Manager (Part-1) .