Everyday billions of devices communicate seamlessly, thanks, in no small part to the Open Systems Interconnection (OSI) model. The OSI model is a conceptual framework that standardizes how different networking protocols communicate. It consists of seven distinct layers, each responsible for specific functions, ranging from the physical transmission of data to more abstract processes like application-level interactions. These layers work together in a structured manner, providing a blueprint for how computers and devices communicate over networks worldwide.
Beyond the technical details, the OSI Model is fundamental for ensuring networks function efficiently and securely. The higher layers are especially critical as they directly impact end-user experiences and security.
What is the OSI Model?
The OSI model is a conceptual framework developed in the late 1970s and formally adopted by the International Organization for Standardization (ISO) in 1984. It divides network communication into seven distinct layers, each responsible for specific functions, from the physical transmission of data to high-level application interactions.
While the modern internet is based on the Transmission Control Protocol/Internet Protocol (TCP/IP) model, a simplified framework used for internet communication, the OSI model remains a valuable reference. IT professionals, engineers, and developers continue to use it to conceptualize and troubleshoot networking functions across the seven layers.
What Are the 7 Layers of the OSI Model?
The seven layers of the OSI model have clearly defined functions and standardized interfaces. Each layer interacts directly with the layer above and below it, passing data in a structured, predictable manner. This layered architecture provides two key benefits. First, it enables interoperability between hardware and software platforms regardless of vendor by offering consistent guidelines for protocol implementation. Second, it simplifies troubleshooting by allowing network professionals to isolate issues within a specific layer of the stack.
During network communication, data flows from Layer 7 (Application) to Layer 1 (Physical) on the sender’s side, then travels across the medium to the recipient, where it is processed from Layer 1 back up to Layer 7. This process is referred to as encapsulation on the sender’s side and de-encapsulation on the receiver’s side, and it enables consistent communication across networked systems.
Here is a more detailed look at each of the seven layers:
Application Layer (Layer 7)
The Application Layer is the topmost layer of the OSI model, serving as the interface between end-user applications and the underlying network services. It provides the protocols and tools that enable software to communicate over a network. Common services at this layer include web browsing, email, and file transfers. Protocols operating at the Application Layer include:
- Hypertext Transfer Protocol (HTTP): Used for web browsing.
- File Transfer Protocol (FTP): Used for transferring files between systems.
- Simple Mail Transfer Protocol (SMTP): Used for sending email messages.
- Domain Name System (DNS): Translates human-readable domain names into IP addresses.
Presentation Layer (Layer 6)
The Presentation Layer, also referred to as the translator or syntax layer, is responsible for formatting, encrypting, decrypting, and compressing data. In more practical terms, the Presentation Layer prepares data so that the Application layer can use it. Devices can communicate using different encoding methods, which the Presentation Layer is responsible for translating into a syntax that the Application Layer of the receiving device can understand. For example, it may convert data to and from formats like JPEG, GIF, or ASCII.
It also encrypts information on the sender’s side and decrypts it on the receiver’s end. Finally, it is also responsible for compressing data before delivering it to layer five, improving speed and efficiency by minimizing the amount of data transferred.
Session Layer (Layer 5)
The Session Layer manages the continuous exchange of data (sessions) between two devices. It ensures that a session remains open long enough to complete data exchange and then promptly closes it once communication ends. The Session Layer can also synchronize through checkpoints, allowing interrupted data transfers to resume from the last known good point. This is particularly useful for long or complex transfers, such as downloading large files.
Protocols operating at the Session Layer include:
- Remote Procedure Call (RPC): Enables a program to execute a procedure on a remote host as if it were local.
- Network Basic Input/Output System (NetBIOS): Provides session services for Windows-based networks.
- AppleTalk Session Protocol (ASP): Manages session layer functions for Apple devices.
Transport Layer (Layer 4)
The Transport Layer provides end-to-end communication services for applications. This layer is responsible for segmenting data into smaller units for transmission and reassembling them at the receiving end. Depending on the protocol used, it may offer guaranteed delivery, retransmission of lost data, and congestion management. Protocols found at the Transport Layer include
- Transmission Control Protocol (TCP): Ensures reliable data transfer takes place, complete with error checking and flow control., Email and web browsing both use TCP.
- User Datagram Protocol (UDP): A faster, less reliable transmission of data that does not confirm receipt. Commonly used by streaming services.
Network Layer (Layer 3)
The Network Layer determines how data is transmitted from one device to another across networks. It determines the optimal path for data to reach its destination, taking into account network conditions, priority, and other relevant factors. Key protocols found on the Network Layer include
- The Internet Protocol (IP): The core protocol responsible for logical addressing and routing.
- Internet Control Message Protocol (ICMP): Used for network diagnostics and error-reporting purposes.
- Routing Information Protocol (RIP): Manages the routing of data across networks.
Data Link Layer (Layer 2)
Operating directly above the Physical Layer, the Data Link layer ensures error-free transfer of data frames between two devices on the same network—a key distinction between the Physical Layer and the Data Link Layer. The Data Link Layer takes packets from the Network Layer and encapsulates them into smaller units called frames for transmission. It is responsible for node-to-node delivery within a local network segment and handles flow control, error detection, and hardware-level addressing using MAC addresses.
Physical Layer (Layer 1)
The Physical Layer encompasses the tangible infrastructure components involved in data transmission, including cables, connectors, network interface cards (NICs), and signal transmission media (electrical signals, light pulses, or radio waves). At the Physical Layer, data is converted into a stream of binary signals (1s and 0s) using agreed-upon signaling methods, such as voltage levels or light intensity, so that both sender and receiver can interpret the data consistently. The Physical Layer of communicating devices must use compatible conventions (e.g., line encoding, timing, and synchronization) to ensure proper transmission and reception.
Why the OSI Model Matters
The OSI Model is foundational for understanding, designing, and securing network communications. By breaking down complex interactions into seven distinct layers, it provides IT professionals with a clear structure for troubleshooting, optimizing, and securing networked systems.
Here’s why the OSI Model remains essential:
- Clarity in Communication: Provides a universal language for discussing networking concepts, making collaboration easier across teams, vendors, and disciplines.
- Targeted Problem Solving: Helps isolate issues to a specific layer, speeding up troubleshooting and root-cause analysis.
- Interoperability: Enables hardware and software from different vendors to work together by following standardized protocols.
- Security Alignment: Allows organizations to implement layer-specific security controls, such as Web Application Firewalls (WAFs) at Layer 7 or MAC filtering at Layer 2.
- Development Guidance: Informs the design of new protocols and technologies that fit cleanly into the existing networking ecosystem.
In short, this layered approach simplifies complex network behavior. Understanding how data flows from the Physical Layer down to the Application Layer empowers professionals to build, manage, and protect modern communication systems with greater precision.
Why You Need Protect Across Layers 5, 6, and 7
To ensure robust network security, organizations must address vulnerabilities across OSI Layers 5, 6, and 7, as these upper layers handle session management, data formatting, and direct user interaction — all critical vectors for modern cyberattacks.
To ensure robust network security, organizations should ensure they have adequate coverage across Layers 5, 6, and 7, as these layers handle critical aspects of network communication.
Session Layer (Layer 5)
The Session Layer manages the exchange of data between devices, playing a key role in dialog control and synchronization during data exchange. As such, organizations should take care to safeguard against session hijacking attacks. Implementing secure session handling, timeouts, and authentication mechanisms helps prevent unauthorized access and session abuse.
Presentation Layer (Layer 6)
Acting as a translator, this layer is responsible for data encoding, encryption/decryption, and compression, ensuring that data is in a usable format for the application. Monitoring this layer helps prevent issues like data manipulation, protocol downgrade attacks, or malicious encoding schemes that could bypass security filters or corrupt application logic.
Application Layer (Layer 7)
Many services operating at this layer, such as web applications and Application Programming Interfaces (APIs), are exposed to the public internet. As such, they are common targets for application-layer attacks, including:
- SQL injection and operating system (OS) injection: inserting malicious SQL code into a database to gain access to information
- Cross-site scripting (XSS): injecting malicious code into a web application so the application executes it
- Cross-site request forgery (XRSF): using external sources to execute commands and perform actions on behalf of authenticated users
- HTTP Flood: application-layer Distributed Denial of Service (DDoS) attack that overwhelms a target’s web server by flooding it with seemingly legitimate HTTP or HTTPS requests
- API Abuse: exploit poorly secured or misconfigured APIs
Security solutions, such as Web Application Firewalls (WAFs) and Web Application and API Protection (WAAP) platforms, are specifically designed to defend the Application Layer against these threats. While WAF and WAAP solutions compliment one another, there are differences.
A WAF primarily mitigates risks against layer 7, sitting in front of web applications and inspects HTTP requests to detect and block attacks, malicious traffic, and other abusive behavior. In contrast, WAAP solutions go a step further, combining the functionality of a WAF with capabilities focused on Application Programming Interface (API) security, although these solutions protect against threats targeting layer 4 (Transport Layer) and Layer 3 (Network Layer). Where a WAF monitors and filters traffic to block malicious and unauthorized activity, WAAP solutions build on their WAF implementations, layering bot mitigation and DDoS protections.
It’s worth noting that while the modern internet is built on the TCP/IP model, which condenses the above layers into one, the functions performed by Layers 5, 6, and 7 are still very much present; they’re simply grouped differently. TCP/IP’s Application Layer broadly encompasses the responsibilities of OSI’s Application, Presentation, and Session Layers. As such, organizations still need to ensure comprehensive coverage across these functional areas, regardless of which model they use to describe the stack.
WAF and WAAP: Layered Cyber Defense in a single solution
Vercara’s WAF and WAAP solutions provide comprehensive protection against dynamic threats.
Vercara’s WAAP solution blocks a high volume of malicious traffic and requests. In addition, our WAF solution defends critical applications, including those with complex workflows, against common threats targeting the application layer, such as SQL injection, XSS, and CSRF.
To learn how Vercara enables your organization, contact us today.
