What is the OSI Model?

The Open Systems Interconnection (OSI) model is a framework that describes the functions of a networking system. The OSI model categorizes the computing functions of the different network components, outlining the rules and requirement needed to support the interoperability of the software and hardware that make up the network.

In addition to understanding what the OSI model is, note that the OSI model layers are particularly helpful when visualizing the flow of data from the sender to the receiver. The descriptions of the various levels, as well as their interdependency, make it easier to pinpoint networking issues. Also, programmers can use the OSI model to better understand how data gets to and from their applications or to write code specific for use at certain levels. 

In the following sections, you will see the OSI model explained.

The 7 Layers of the OSI Model

There are seven abstraction layers that make up the OSI model. Communication from one person to another goes from Layer 7 to Layer 1. Each layer performs a specific job before it sends the data on to the next layer.

Application Layer

The application layer is the closest to the end-user. It initiates communication between the user and the applications they personally interact with. At this layer, data is translated from the syntax it was converted to into something the user can read.

Examples of Layer 7 applications include a web browser like Chrome, Safari, or Firefox, or an email application. Layer 7 can also identify communication partners, check to see which resources are available, and make sure communication is properly synced.

Presentation Layer

The presentation layer takes care of getting data ready for the application layer. The two devices that are communicating may use different methods of encoding their data. Layer 6 therefore turns the incoming data into something that can be read at the application layer. This includes encrypting and decrypting data.

The presentation layer also compresses data that comes from the application layer before it sends it on to Layer 5, the session layer.

Session Layer

The session layer handles opening and closing network communications between two interacting devices. The “session” refers to the time between the opening and closing of the interaction. The session layer makes sure the session is open for a long enough period of time for all the necessary data to be sent through. The session layer then closes the session to prevent expending unnecessary resources.

Also, it synchronizes the data transfer. If a large amount of data is being sent, the session layer can set up checkpoints. If the transmission gets interrupted before all the data is downloaded, the checkpoints allow the transmission to be resumed without it starting all over again.

Transport Layer

The transport layer handles end-to-end communication between the devices interacting with each other. The management of the communication involves taking the data in the session layer and dividing it into pieces referred to as segments. The transport layer on the device receiving the communication handles the reassembly of the segments into data that is consumable by the session layer.

Also, the transport layer takes care of managing the flow and any necessary error messages that need to be sent in the event something goes wrong. To manage data flow, the transport layer makes sure it is not being sent so quickly that the receiver’s device cannot handle it. To control errors, the transport layer checks to see if the data transmitted was done so completely. If it is not, this layer will request a retransmission.

Layer 4 is where Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port numbers work. Internet Protocol (IP) addresses operate at Layer 3, the network layer. TCP, UDP, and IP are protocols that facilitate how data is sent and received.

Network Layer

The network layer facilitates the transfer of data when two networks are communicating with each other. If two communicating devices are using the same network, then there is no need for the network layer. The network layer divides the segments that come from the transport layer. These are referred to as packets. The division of the segments into packets happens on the sender’s device, and they are reassembled on the receiving device.

The network layer also functions as an efficiency tool. It figures out the optimal physical path needed to get the data to its destination. This function is called “routing.”

Data Link Layer

The data link layer is like the network layer, except that the data link layer facilitates data transfer between two devices using the same network. In the data link layer, packets are broken into pieces referred to as frames. Similar to the network layer, the data link layer handles flow and error control. The transport layer is different in that it only manages the flow of data and errors when two networks are communicating with each other.

Within the data link layer, you have two sublayers, the media access control (MAC) and logical link control (LLC) layers. The majority of switches perform their duties at Layer 2. In some cases, switches work at Layer 3 because they are facilitating communication between two networks or virtual local-area networks (VLANs). This has to happen at Layer 3 because, in these situations, the data needs to be routed, which is a Layer 3 task.

Physical Layer

The physical layer involves the physical equipment that transfers data, like switches and cables. In this layer, the data is converted into strings of 1s and 0s. In the physical layer, the devices have to agree on a method of distinguishing the 1s from the 0s, which enables the digital data to be properly interpreted by each device.

The physical layer includes a variety of components, such as cables, the radio frequency used to transmit data, Wi-Fi, and the other physical structures for transmitting data, such as pins, necessary voltages, and types of ports.

Firewalls and the OSI Model

Firewalls typically work on the network layer, the transport layer. However, some are also capable of working as high as the application layer, Layer 7.

A firewall performs the task of inspecting network activity, looking for cyber threats by comparing data against an extensive catalog of known threats. They can also detect abnormal activity, which may signal a potential threat. Layers 4 and 7 are optimal locations for intercepting data and inspecting its contents, as is Layer 7 if the activities of an application are of interest.

FortiGate firewalls performs functions at Layers 3 (network), 4 (transport), and 7 (application. At Layer 3, FortiGate sits between two interconnected networks. As data is transmitted from one network to the other, FortiGate performs in-depth packet inspection, checking whether the connection is being used to send cyber threats.

At Layer 4, FortiGate is positioned between two devices, inspecting each data segment before it reaches the receiving device. In this way, FortiGate prevents one device from being used to infect another. FortiGate also interacts with Layer 7 in that it has the ability to inspect the behavior of an application, including how it uses its data resources. At Layer 7, FortiGate can detect suspicious activity within the application and act accordingly.

FortiGate can identify the source, position, and content of the data, comparing it against a constantly evolving collection of threat signatures. If something suspicious is detected, the data can be discarded before it infects the receiving device.