32 Chapter 2 ■ System Fundamentals
StuxnetA few years ago an interesting little worm named Stuxnet showed up on the
scene—wreaking havoc and destroying industrial equipment. The operation of the virus
isn’t important here; what is important is that this worm was not much of a traveler. It
replicated itself via removable drives—that is, the physical layer!Layer 2: Data Link The data link layer works to ensure that the data it transfers is free
of errors. At this layer, data is contained in frames. Functions such as media access control
and link establishment occur at this layer. This layer encompasses basic protocols such as
802.3 for Ethernet and 802.11 for Wi-Fi.Layer 3: Network The network layer determines the path of data packets based on dif-
ferent factors as defined by the protocol used. At this layer we see IP addressing for routing
of data packets. This layer also includes routing protocols such as the Routing Information
Protocol (RIP) and the Interior Gateway Routing Protocol (IGRP). This is the know-where-
to-go layer.Layer 4: Transport The transport layer ensures the transport or sending of data is suc-
cessful. This function can include error checking operations as well as working to keep data
messages in sequence. At this layer we find the Transmission Control Protocol (TCP) and
the User Datagram Protocol (UDP).Layer 5: Session The session layer identifies established system sessions between differ-
ent network entities. When you access a system remotely, for example, you are creating
a session between your computer and the remote system. The session layer monitors and
controls such connections, allowing multiple, separate connections to different resources.
Common use includes NetBIOS and RPC.As you progress through the chapters, you’ll notice that much of our attack
surface resides within layers 3, 4, and 5, with a handful of other attacks
taking place outside these layers. Keep this in mind as a reference for
questions regarding attacks at specific layers or when trying to understand
the mechanics of an attack and its defense. Understanding what the layer
accomplishes can help you determine how a specific attack works and
what it may be targeting.Layer 6: Presentation The presentation layer provides a translation of data that is under-
standable by the next receiving layer. Traffic flow is presented in a format that can be
consumed by the receiver and can optionally be encrypted with protocols such as Secure
Sockets Layer (SSL).Layer 7: Application The application layer functions as a user platform in which the user
and the software processes within the system can operate and access network resources.
Applications and software suites that we use on a daily basis are under this layer. Common
examples include protocols we interact with on a daily basis, such as FTP and HTTP.