Table of Contents

Threat Mitigation in Layers of the OSI Model

Olivia Gallucci presenting research at WiCyS (2021); used on a post titled, Threat Mitigation in Layers of the OSI Model.

Effectiveness of Threat Mitigation in Layers of the Open Systems Interconnection Model

Formal research duration: 2021 Spring semester.

Abstract

Security risks and mitigations are often covered by the press after large data breaches at large companies. Smaller companies, however, are also at risk, but do not have the resources to implement high-end cybersecurity protection or the resources to survive a hack. This presentation critically examines past networking research that evaluates the effectiveness of security mitigations for each layer of the Open Systems Interconnection model (OSI model) and how small businesses can implement cost-effective security mitigations. Research methods include an extensive reading of published research, journal articles, statistics, and press articles on security threats and mitigations.

The goal of this research is to provide a detailed understanding of networking and assist in hands-on applications of vulnerability mitigation. This complex study of security mitigation explores historical threats and enables future cybersecurity leaders to learn from historical failures. This project details the results of cost-effective security mitigations for each layer of the OSI Model.

This research began as an independent study approved by RIT’s Honors Program. You can view the initial project outline here or as a PDF.

Olivia Gallucci's presentation flyer for WiCyS (2021); used on a post titled, Threat Mitigation in Layers of the OSI Model.

Awards and presentations

Gallucci received a full conference scholarship to present her research at the Women in Cybersecurity International Conference in Denver, Colorado, in September 2021. A forty-minute version of this presentation was displayed twice: RITSEC on 24 September 2021 and RIT’s Networking and Administration Class on 5 May 2021.  

Forty-minute presentation by Olivia Gallucci
Five-minute presentation by Olivia Gallucci

Proposal

Course description

Introduction to Routing and Switching (NSSA-241) provides an introduction to wired network infrastructures, topologies, technologies, and the protocols required for effective end-to-end communication. Basic security concepts for TCP/IP based technologies are introduced. Networking layers 1, 2, and 3 are examined in-depth using the International Standards Organization’s Open Systems Interconnection and TCP/IP models as reference. Course topics focus on the TCP/IP protocol suite, the Ethernet LAN protocol, switching technology, and routed and routing protocols common in TCP/IP networks. The lab assignments mirror the lecture content, providing an experiential learning component for each topic covered. The lecture instructor and advisor for this project is Professor Sylvia Perez-Hardy.

Background

The Open Systems Interconnection model (OSI model) is a conceptual model that illustrates layers of a telecommunication or computing system. The OSI model consists of seven layers: physical, data link, network, transport, session, presentation, and application. The first OSI layer is the physical layer, while the last OSI layer is the application layer. Each layer has security issues and mitigations. The OSI model is relevant today because it illustrates how data is processed and transported over the internet. 

Overview

In this honors option, I will use modules in NSSA-241 to learn about the OSI model. Under the guidance of Professor Sylvia Perez-Hardy, I will critically examine past networking research that evaluates the effectiveness of security mitigations for each layer of the OSI model. I will create presentation slides and a script for each layer of the module. This task will involve extensive reading of published research, journal articles, and press articles on security threats and mitigations. 

The development of this research project will enhance my understanding of networking, and assist in my hands-on application of vulnerability mitigation.This complex study of security mitigation will explore historical threats, and enable me to learn from historical failures. After the completion of this project, I will possess a better understanding of cybersecurity and networking, which will improve my abilities to evaluate cyber risk. 


🌸👋🏻 Let’s take this to your inbox. You’ll receive occasional emails about whatever’s on my mind—offensive security, open source, academics, boats, kittens, software freedom, you get the idea.


Deliverables

The course consists of ten to twelve modules. Each module introduces a layer of the OSI model. During each module, I will investigate vulnerabilities, and mitigations for those vulnerabilities. I will document my research, and prepare presentation slides on my research. In addition, I will make a script for each slide. Once I complete each module, I will submit my slides and script to a private folder on myCourses. Professor Sylvia Perez-Hardy will review my submission and suggest changes by the following week. 

Each week, Professor Sylvia Perez-Hardy and I will address my progress. Professor Sylvia Perez-Hardy will oversee my research and critique my slide submissions. 

I will present my research to the class on May 3rd, 2021. I will also present my research in RITSEC, and/or WiCyS. 

Faculty advisor

Sylvia Perez-Hardy is a professor in the School of Information in the Golisano College of Computing and Information Sciences at RIT. She earned her Bachelors of Science and Masters of Business Administration at Cornell University. Before joining RIT’s faculty in 1998, Perez-Hardy was a systems engineer at IBM for over 23 years. She focused on midrange and large system design and specialization deployment in data communications and computer networks. Her current interests include the use of technology and active learning techniques in teaching, the integration of information assurance concepts and their applications throughout the computing curriculum, and the design and deployment of secure, high-performance switches and routed networks. Sylvia has published research on security issues on networks, as well as experiential learning.

Portrait of Olivia Gallucci in garden, used in LNP article.

Written by Olivia Gallucci

Olivia is an honors student at the Rochester Institute of Technology. She writes about security, open source software, and professional development.