Skip to main content

Top 10 Network Security Mistakes - #1: Not Looking Beyond Layer 7

December 03, 2014

This is the final installment of our superlative Top 10 Network Security Mistakes. As might be expected, I saved the best for last. So it is basically mistake “dessert.” Enjoy.

Boss of All Mistakes

I like to believe that mistakes develop character because, well, I’ve made a lot of them, and uttering sage-y nuggets of wisdom apparently make me feel better about myself. Through this slow and awkward accumulation of wisdom, I’ve determined that there is but one network security mistake that is the boss of all the other mistakes. 

A mistake so huge it makes all the other mistakes step aside in awe, aghast that such a hideous aberration could exist. 

A mistake that even its own mother doesn’t love: A failure to look past Layer 7 of the OSI model.

Fig Newton’s Laws

Many people demented enough to read this article already know about the OSI model. But for those of you silently hexing the IT deities who create nonsensical collections of capital letters like OSI, the Open Standards Interconnect model is a way of separating the networking stack into smaller functional groups. It starts with the physical connection between devices and goes all the way up to the applications that ride atop the copper and fiber railways we call The Network. Think of it like “Newton’s Laws of Physics” for networking. Or maybe “Fig Newton’s Laws” for networking. Whichever one gets you more excited.

Model Glue

Anyway, traditional networking spans from layers 1-4. Application delivery goes from layers 4-7.

Security people who deserve their jobs care about all 7 layers. Security people who deserve a promotion know that these 7 layers are just the starting point. Blocking port scans, serving XSS-free web pages, delivering malware-free emails and lulzing every cat pic on the Internet are all for naught if they don’t connect with their bigger purpose: the needs of the organization.

An Indecent Proposal

To help close this gap, I present to you an imperfect proposal for new OSI layers that will never be ratified by ISO:

  • Layer 8: People – the users of the systems and information you protect
  • Layer 9: Organization – needs to make enough money to share some with you
  • Layer 10: Industry – a collection of similar businesses that compete for the same dollars
  • Layer 11: All Y’All – the world at large, the consumers of whatever widget you peddle

These additional layers need to be accounted for in any system that wants to be valuable. Yes, security is about protecting data, but ultimately, that data has no value without these higher layers to give context. 

Pairs Well With…

Let’s be candid: An unpleasant texture and bitter aftertaste make mistakes a poor choice for dessert. Address this problem first to make the rest of your networking “meal” go down smoother. But always leave some room for sweet endorphin-releasing chocolate. 

Signed, Sealed, Delivered

Well, that officially wraps up the series! If you read all 10, mail in the proof-of-purchase for a free collectable mug. 

See you in The Ether!

Previous Posts

Related Blogs

January 25, 2017

Escape and Evasion Egressing Restricted Networks

A command kill chain consists of payload delivery, code execution on a target system, and establishing a command and control (C2) channel outside of a...

See Details

February 06, 2018

What Is SSL Web Inspection and Where Should It Occur? (Part 3)

In parts one and two of this blog series, I provided an overview of SSL web inspection, and dove deeper into how SSL inspection solutions work and met...

See Details

January 29, 2018

What Is SSL Web Inspection and Where Should It Occur? (Part 2)

Hardware will vary between vendors and even different models within a vendor’s catalog. Some models/vendors will offload complex CPU tasks (decryption...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

February 26, 2013

Continuous Monitoring and the Federal Government

“Continuous monitoring” is the latest buzz word being used throughout the federal government. And depending on with whom you talk or what you read, th...

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.