Certified Ethical Hacker – OSI Model and Exposure

NOTE: This series of posts are a tool for me to prepare for my Certified Ethical Hacker test. These posts are tantamount to a book report of the book: Certified Ethical Hacker (CEH) Cert Guide.  Where I directly quote anything from the book, the *citation is listed below.

The OSI model is hierarchy of layers that detail the how an application create connect with another application over a network connection.  There are seven layer to the model starting at the application all the way down to the physical cable that the bits travel across.  The hierarchy is defined as follows: Application, Presentation, Session, Transport, Network, Data Link and Physical.

The application layer is pretty self explanatory, but it encompasses the various application like telnet or a web application.  These are the tools that we interact with on a computer.  This is where you can see hacks such as malware like the recent xcode ghost. This was a bootlegged version of XCode that was put up on file sharing sites in China.  According to **MacRumors,  IOS developers downloaded this bootlegged version that had code in its library that would collect information from the IOS devices and upload the data to servers that the hacks controlled.  In addition to send data to the hacker’s servers, the were also able to send commands to the device to activate other functionality.  This is a good reason to not download pirated software.  It is likely that the developers did not knowingly code the infected applications.

The presentation layer is where the packets are deconstructed into a format that the application can use such as ASCII or some other format that the application is coded to use.  This is also where application data bound for somewhere else is encrypted or packaged.  This is where viruses and worms are transformed into a state where they can be executed and infect the target system. Encryption and decryption are also operations that occur at this level to try to protect data such as authentication credentials before it is transmitted.  Attacks at this layer can cause application to crash or machines to spin their CPUs out of control.

Moving down the stack, we next have the session layer.  This layer is responsible for the initialization and teardown of the various communication protocols such as TCP.  I often hear about session hacking such as Man in the Middle.  Session initialization is protected when the session is created , but once it is started the session data is open for hijacking.  Hijacking a session is pretty neat to me and is one that I am going to want to test out.  You can start injecting data into the stream and disrupt network traffic by exploiting the TCP work flow.  Again, this one is cool so I will definitely be trying this at home.

The transport layer is where protocols such as TCP or UDP are exercised. At this layer, messing with the handshake operations of TCP such as a syn attack are possible. An attacker can flood the connections with parts of the handshake and bring the system offline since it cannot accept new connections.  This is in essence a denial of service attack.

NOTE: There more information here that I want to examine.  Content to follow

The network layer is where the internet protocol is utilized.  This is the second half of the TCP/IP protocol.  It is at this level where the routing of the data is prepared.  Exploiting at this layer can be very effective at bring down a system or a set of systems. ***Route poisoning can take a legitimate route for a target system invalid.  This will cause the routers to no longer route datagrams that that target, regardless of its validity.  This can also logically bring a system down or otherwise unavailable.

The data link layer takes the data packet and packages them up into frames of data that can be transmitted.  This opposite is true on the other side of the wire where the data packet is unpacked from the frame to be sent to the network layer.  One important component within this later is the application of the MAC address into the frame.  This is what will route the data packet to the actual physical device  using the address resolution protocol (ARP).  If you can poison the ARP cache, you can cause the traffic to be redirected.

The final layer in the life of a data packet is the physical layer.  This is where the bits are place on the wire to be read at the other end.

This is how I interpret the OSI layer based on the references listed below.  I plan to do more in-depth reading and then I will come back an update this if needed.

*Gregg, Michael. Certified Ethical Hacker (CEH) Cert Guide. N.p.: n.p., n.d. Print.

“What You Need to Know About IOS Malware XcodeGhost.” – Mac Rumors. N.p., n.d. Web. 27 Sept. 2015.

**”Theft On The Web: Theft On The Web: Prevent Session Hijacking.” Theft On The Web: Theft On The Web: Prevent Session Hijacking. N.p., n.d. Web. 27 Sept. 2015.

**** “What Is Route Poisoning? – Definition from WhatIs.com.”SearchNetworking. N.p., n.d. Web. 27 Sept. 2015.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s