OSI model from cyber attacks
Talk about network isolation, first of all, there is a security risk in the network. What is risk? Scan, attack, invasion, and Trojans are all risks. It is difficult to comprehensively describe all network attacks, there may be thousands, but you can summarize and summarize network attacks in order to locate which layer in the OSI model of TCP / IP, thus finding solutions. Attack of the physical layer of the OSI model: the bottom of the OSI model is the physical layer. The work of the physical layer is divided into two, one is the normal operation of the hardware, and the other is the logical representation of the physical layer. Unless hack enters the computer room and contacts hardware, it is difficult to attack and destroy hardware. However, the logical representation of the physical layer can be attacked. Take the Ethernet layer as an example, hackers are difficult to get into the user's computer's Ethernet, but hackers may fake the user's MAC address to attack the logical representation of the physical layer to reach the purpose of the dejected service. The hardware of the physical layer is unable to attack, but the logical representation can be attacked, so network isolation must interrupt the logical representation of the physical layer. Attack of data links to the OSI model: Data link is the concept of a communication protocol. Be sure to create a data link for data communication on the physical layer. Each physical hardware has its own unique communication protocol to support unique data link mode. For example, the X.25 protocol supported on the X.25 MODEM, support the Ethernet agreement on the TA. The data link layer is an invasion, denial of service, and information to steal such as listening. In fact, the noun in the hacker exists before the Internet is born. Early telephone companies such as Bell communication systems and telephone networks are suffering from communication hackers. Early telephone dialing BBS such as Fidonet, also suffered a lot of hacker, although it used to Kermit Agreement instead of today's TCP / IP over PPP protocol. Network isolation must interrupt the communication connection. Attack of Network Layer (IP) protocol to OSI models: Attack of IP protocol, is the main attack in the Internet. The main defects of the IP protocol include IP communication without using identity authentication. IP data transmission is not encrypted. The IP packets and reorganization mechanisms are not perfect. The IP address represents no need for real and confirming truth. Like the IP debris attack, source routing attacks, IP deception, IP forgery, ping flooding, and ping of death, etc., are attacked by the IP protocol for defects using the IP protocol. Therefore, network isolation must strip the IP protocol. Attack of the Transport Layer (TCP / UDP) protocol of the OSI model: TCP / IP protocol corresponds to the transport layer in its OSI model, mainly TCP and UDP protocols. The TCP protocol is attacked, mainly using TCP three handshake mechanisms. Ack flooding attacks are used as the current popular SYN FLOODING attack, and the three handshake mechanisms of TCP are used. Attacking the UDP protocol, mainly flowing, strengthening the unreliability of UDP communication to reach the purpose of denial. Therefore, network isolation must pee out the TCP / UDP protocol. Attack of the session layer of the OSI model: This is a typical application attack. The attacker is to prevent the legal user's session information and then pretend to reach the purpose of unauthorized access, or steal the privileges and information of legitimate users. The most typical case based on session attack is to attack cookies or token. In some applications, such as e-commerce, e-government or BBS, users have a complete permissions control mechanism after logging in, and this mechanism is implemented by the use of sessions. Once hackers have successfully attacked the session, they have mastered the user's permissions. Network isolation essential stripping session protocol Attack: OSI's performance layer is through format translation, data compression and decompression, data encryption and decryption, to provide a standard application interface to ensure different systems can be performed Normal application communication.
In fact, solve the problem of an open platform, that is, how the multi-platform computer implements the application communication through the same open network. Attacks of the performance layer, of course, is attacking the format translation and data processing. Typical cases are Unicode attacks, as well as calculation overflow attacks. Network isolation must be stripped from the application of the application. Attack on the application layer of OSI model: Attack on the application layer is the most serious attack. The attacks of the application layer include very wide, such as attacks on application protocol vulnerabilities, attacks for applicable data, attacks for applicable operating system platforms. The application layer attack method includes: the information entry of the unidentified web mode; the access control of application rights is broken; identity authentication and session management is broken; the vulnerability of cross-site execution code; cache overflow vulnerability; pop-up loophole; error handling Improper; unsafe storage; refusal service; unsecure configuration management. Network isolation must pee out the application agreement. All network attacks must be located at a layer of the network OSI model, otherwise it is not a cyber attack. Since all seven layers of the TCP / IP protocol OSI model have the risk of attacked, all seven floors of the OSI model must be disconnected to ensure security. The network isolation disconnects all seven layers of the OSI model, thoroughly eliminating security threats from the network. The OSI model diagram of the network isolation is as follows:
