Page 65 - ITGC_Audit Guides
P. 65

Appendix E. The Seven-layer Model in

                   Action





                   This example represents two hosts communicating across two LANs. (Note: this example ignores
                   the complexities of internet routing.)

                    Example of Two Hosts Communicating Across Two Local Area Networks (LANs)

                    Layer 7 — Application
                    User data (a graphic).
                    Layer 6 — Presentation
                    The graphic is formatted as a JPG. No encapsulation occurs; this is a transformation of a displayed bitmap to
                    a storage format. It can be stored in a file system or transferred via network connection.
                    Layer 5 — Session
                    Secure Socket Layer (SSL) encryption is applied. No encapsulation occurs; this is a transformation within a
                    session. The other end knows how to decrypt it. This layer begins the data-in-motion layers.
                    Visually, the content can be presented as <DATA>. For visual reinforcement, brackets surround the content at
                    this level. The next level shows how metadata from higher levels is treated as content.
                    Layer 4 — Transport
                    TCP header information is added to identify the receiving host’s connected port to receive the encrypted data.
                    The encrypted session layer data become the payload data of layer 4 encapsulation.
                    Visually, this can be abbreviated as 4+<DATA>, where the brackets define DATA at this level.
                    Layer 3 — Network
                    IP header information is added to the data received down the stack from layer 4. The combined session layer
                    data and transport layer metadata become the payload data of layer 3 encapsulation.
                    Visually, this can be abbreviated as 3+<4 DATA>. Layer 4 metadata is now inside the brackets meaning that it
                    is treated as DATA by layer 3.
                    Layer 2 — Data Link
                    The IP packets are broken into frames for transmission across the Local Area Network to the switch which
                    also serves as a router. Similar to the transport and network layers, both the original data and the metadata
                    from the higher layers are treated the same when forming data link layer frames.
                    Visually, this can be abbreviated as 2+<3 4 DATA>. All previous data and metadata are encapsulated by layer 2
                    headers.
                    Layer 1 — Physical
                    The frames are encoded as a wave form in the copper wires. No encapsulation takes place because layer one
                    simply transforms the data into a carrier signal. Since all data from higher levels is treated the same, metadata
                    from higher levels is considered to be part of the data coming down the stack.
                    Once the metadata relevant to the current layer is removed, the remaining data is pushed up the stack where
                    the higher-level metadata is recognized as metadata again. Network devices often only go back up the stack
                    through layer 4; session layer data is rarely modified at intermediate stops between the hosts.








                   57 — theiia.org
   60   61   62   63   64   65   66   67   68   69   70