OSI Reference Model Overview

• OSI RM：Open System Interconnection Reference Model

Application Layer Provide communication between application programs

Data Transmission Presentation Layer Process data format and encryption

between Hosts
Session Layer Establish, maintain and manage sessions

Transport Layer Establish end-to-end connection

Network Layer Addressing and routing

Data Transmission
between Networks
Data-link Layer Provide media access and link management

Physical Layer Bit stream transmission

OSI 7 Layer
Connection-oriented Session

Sender Receiver
Synchronizing

Acknowledgement, Synchronizing

Acknowledgement

Connection Established

Data Transmission
Networking Devices
• Hub
• Switch/Bridge
• Router
A hub in an network
CSMA/CD
A Switch in an network
Routers in a network
Router
•Packet switching
•Packet filtering
•Internetwork communication
•Path selection
Site to Site VPN
IPsec (Internet Protocol Security)
Provides data security at the IP packet level. It is designed to provide the
following security features when transferring packets across networks:

• Authentication : Verifies that the packet received is actually from the claimed sender
• Integrity : Ensures that the contents of the packet did not change in transit
• Confidentiality : Conceals the message content through encryption.
IPsec Security Association
Security Association (SA) is a logical connection between two devices
transferring data. An SA provides data protection for unidirectional
traffic by using the defined IPsec protocols.
SAs operate using modes.
• Transport Mode : IPsec implementation encapsulates only the packet's
payload.
• Tunnel Mode : IPsec implementation encapsulates the entire IP packet.
 Ipsec SA Modes
Transport Mode – Security for Transport layer and above. Leaves the original IP header.

Tunnel Mode – Encapsulate the original IP header and creates a new IP header that is sent encrypted.
IPsec Phase

• Phase 1 – Two peers perform the initial negotiation of SA. Phase 1 generate
ISAKMP SA, used for management tunnel
• Phase 2 – Used to build IPsec SAs which are to security the actual traffic.
 IPsec Components
Ipsec contains the following elements:
(1) Encapsulating Security Payload (ESP)
Provides confidentiality, authentication, and integrity.
(2) Authentication Header (AH)
Provides authentication and integrity.
(2) Internet Key Exchange (IKE)
Provides key management and Security Association (SA)
management.