What Is the OSI Model?


The OSI Model, or Open Systems Interconnection (OSI) model, details the seven conceptual OSI layers that computers use to communicate over a network. Information travels from one computer down from layer seven to layer one. It travels back up from layer one to layer seven to the computer on the other end of the network.

The OSI Model predates the modern Internet. It’s the product of a collaboration between the International Standards Organization (ISO) and the Internet Engineering Task Force (IETF). These two collaborating groups published it in 1984, redefined it in 1994, and revisited it in 2000. It’s still useful in isolating issues with computer networks, including cybersecurity problems.

Also called the OSI stack, the OSI Model is the standard for understanding computer networking regardless of what communications protocols run over the network, such as TCP/IP. The concepts of the seven-layer OSI Model do not conflict with the TCP/IP protocol stack that transmits data over the Internet. The OSI stack addresses a unique task in network communications on each layer. The TCP/IP suite or stack follows OSI principles. It enables devices using TCP/IP to interoperate and communicate with each other despite their different brands and operating systems.

Layer Seven, the Application Layer

The first of the seven OSI layers is layer seven, the Application Layer. At the application layer, human and machine users create or input data for applications accessing network services.

Human-computer interaction happens between people and graphical user interfaces (GUIs) or text interfaces, using human-machine interfaces (HMIs) such as a keyboard, mouse, and monitor screen. However, software such as email clients and web browsers are not themselves part of the application layer.

Data communication starts at the application layer. The interactions begin where applications access network services. A person or software interacts with an application or network when the user performs network tasks. At layer seven on the recipient machine, the user — whether a person or software —receives or transmits data files.

Applications such as office software and web browsers use layer seven application protocols to send and receive data across the network. Examples include the Hypertext Transfer Protocol (HTTP), which uses port 80, and the File Transfer Protocol (FTP), which uses ports 20 and 21.

Layer seven attacks, also known as Distributed Denial of Service attacks (DDoS), use botnets of zombie, robot-controlled machines to flood servers with so much Internet traffic that they crash because of the overload of requests. The zombie devices can be any connected device, such as a computer or smart home device. Botnets have included millions to a billion devices.

Layer Six, the Presentation Layer

This layer translates data from the application layer using the most appropriate application syntax. The presentation layer encrypts the data for sending and decrypts it at the computer on the other end of the network. It defines how the sender and recipient machines encode, encrypt, and compress data.

The recipient computer decompresses, decrypts, and decodes it for use by the recipient machine in the Non-Human-Readable Format (NHRF) or by the human user in the Human-Readable Format (HRF). NHRF is any language only computers can understand, such as Binary, C, and Python. HRF is any language a human can understand. The presentation layer prepares data from the application layer and readies it for transmission over the session layer.

Layer Five, the Session Layer

The session layer establishes, synchronizes, coordinates, maintains, and terminates connections and conversations between applications at both ends of the network conversation. It authenticates the parties to the communications on each end of the network.

Layer 5 determines the wait time or permissible delay in receiving a response from the other side of the conversation. Several session layer protocols exist, such as X.225, RTCP, and PPTP. It determines and controls the ports, such as port 80 for web surfing, and any email ports, such as 25, 587, or 465.

Layer Four, the Transport Layer

The transport layer breaks data in the session layer down into segments at the transmitting end of the session. It reassembles the segments into data on the receiving end for use by the session layer. Layer four transmits data using transmission protocols, including the transmission control protocol (TCP) and the user datagram protocol (UDP).

The transport layer manages error control by checking whether the receiving computer got the data correctly. If it did not receive the data without error, the recipient machine requests it again. It manages flow control by sending data at a rate matching the connection speed of the receiving device. It decides how much data to send, where to send it, and at what rate.

TCP in the TCP/IP suite is a well-known example of a transport layer. It is the set of protocols or the protocol stack where communications going to the network select the Transmission Control Protocol (TCP) port numbers to categorize and organize data transmissions across the network.

There is a strong relationship between cyberattacks and the OSI Model. While some attacks target software and hardware, many threats target the different layers of the OSI Model. A DDoS attack, for example, can target layers four and three of the OSI Model.

Layer Three, the Network Layer

The network layer further breaks segments into network data packets and reassembles those at the other end of the session. It routes the packets by discovering the best path across a physical network. The network layer uses IP addresses to route the packets to the destination node (computer, device).

Layer three moves data onto the network. It uses network layer protocols to package data packets with the correct network address information as an Internet Protocol (IP) address. It selects the network routes and forwards the packets to the transport layer. Here, the TCP/IP stack applies addresses for routing.

In an example of another cyberattack on the OSI Model, the Man-in-the-Middle (MitM) attack happens at layer three. In a MitM attack, an attacker intercepts communications and inserts themselves into the middle of the data conversation, receiving communications from both ends without either end knowing the difference. They can read the messages and let them pass or change the communications before sending them to the intended recipient.

Layer Two, the Data Link Layer

The data link layer starts and ends a connection between two physically connected devices on a network. It breaks packets into frames and sends them from the source computer to the destination.

A program’s protocol or data link layer moves data in and out of a physical link in a network. This layer ensures that the pace of data flow doesn’t overwhelm the sending and receiving computers to where it creates bit transmission errors.

There are two sub-layers in the data link layer. The logical link control (LLC) layer recognizes network protocols, engages in additional error checking, and synchronizes data frames to handle multiplexing, flow control, and acknowledgment, notifying upper layers of any transmit/receive (TX/RX) errors.

Beneath that layer lies the media access control layer, which tracks data frames using the machine’s MAC addresses for the sending or receiving hardware. This layer organizes each data frame, marking the start and end bits and organizing timing regarding when each frame can move along the physical layer.

Layer 1, the Physical Layer

The physical layer transports data using electrical, mechanical, or procedural interfaces. This layer sends computer bits from one device to another along the network. It decides how to set up the physical connections to the network and how predictable signals represent bits as they move either electronically, optically, or via radio waves.

It’s the physical layer that uses a physical cable such as an RJ45 ethernet cable or a wireless connection such as WiFi. The physical layer transmits the raw data bit stream in binary code, various combinations of zeros and ones, and manages bit rate control.

H2: Benefits of Interoperability With the OSI ModelInteroperability with the OSI Model makes identifying security risks and analyzing cybersecurity solutions operating at each OSI layer more straightforward. The Model’s common framework for understanding network communications enables organizations to identify and monitor security risks. By mapping vulnerabilities and threats against OSI layers, the organization can then orchestrate targeted assessments of security risks, identify attack vectors per layer, and test and add suitable solutions and security controls.

The OSI framework focuses on specific controls that map to each OSI layer. The visibility gained by following the OSI Model lets the organization study the controls each vendor solution implements at each layer. When vendors design devices to a single standard for interoperability, the market sees advantages in choice among vendors and product models. Standardization means customers can choose products from any vendor and expect compatibility. Choice makes vendors work harder to compete and produce better products at lower prices. Customers can scale their use of components and devices, knowing they will be interoperable and backward compatible with other brands.


What are the seven layers of the OSI model?

The OSI model is a way of thinking about how information moves from one computer to another across a network. Breaking the communications into seven distinct layers makes looking at parts of the process possible, which is easier than looking at it all at once.

How do I remember the OSI model?

The best way to remember the seven layers of the OSI model is with this simple mnemonic: “All People Seem To Need Data Processing”.

  • A = Application layer
  • P = Presentation layer
  • S = Session layer
  • T = Transport layer
  • N = Network layer
  • D = Data Link layer
  • P = Physical layer


Each layer of the OSI Model helps organizations understand data transfer across networks in a vendor-neutral fashion. The OSI Model benefits organizations seeking visibility into security risks and provides an easy way to map vendor solutions and security controls to the layers to evaluate those solutions.

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.