Update CyberAttacksOSI.md

CyberAttacksOSI.md

@@ -150,6 +150,32 @@ Mitigating attacks on the transport layer of the OSI model requires implementing
 
 > Attacks on the transport layer can have severe implications for network security, compromising the confidentiality, integrity, and availability of data and services. For example, TCP SYN flooding attacks can overwhelm a system's resources, leading to denial-of-service (DoS) conditions and rendering services inaccessible to legitimate users. Session hijacking attacks targeting the transport layer can enable unauthorized access, data tampering, or the impersonation of legitimate communication parties, potentially leading to unauthorized disclosure of sensitive information or unauthorized actions. Manipulating or disrupting transport layer protocols, such as TCP or UDP, can result in the disruption of network communication, loss of data, or the injection of malicious payloads into network streams.
 
+ ## Network Layer
+ ### What is Network Layer
+ The network layer is the third layer in the Open Systems Interconnection (OSI) model, which is a conceptual framework that standardizes the functions of a communication system. The network layer is responsible for the end-to-end delivery of packets across multiple networks. Its main purpose is to establish, maintain, and terminate connections between source and destination devices in a network.The network layer provides logical addressing and routing functions to enable data transfer between devices on different networks. It takes packets from the transport layer and adds a network header, which includes the source and destination IP addresses. These addresses are used to uniquely identify the devices on a network.
+
+ #### Attacks at the Network layer can compromise network security and affect the overall system in several ways -
+Attacks at the network layer (Layer 3) can compromise network security and have a significant impact on the overall system. Here's an understanding of how such attacks can affect network security:
+1. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: Attackers can flood a network or system with a massive volume of traffic, overwhelming its resources and causing denial of service. This can result in disrupted network services, unavailability of critical resources, and hindered communication. DDoS attacks, which involve multiple sources of attack traffic, can be even more potent and difficult to mitigate.
+2. Routing Attacks: Attackers can manipulate routing protocols or tables to redirect network traffic, leading to traffic interception, unauthorized access, or service disruption. By altering the routing paths, attackers can redirect data to unauthorized destinations, intercept sensitive information, or cause delays and network congestion.
+3. IP Spoofing: Attackers can forge or spoof the source IP address in packets to make them appear as if they originated from a trusted source. This can be used to bypass authentication mechanisms, launch various types of attacks, or hide the true source of the attack. IP spoofing can lead to unauthorized access, data interception, and identity impersonation.
+4. Network Scanning and Port Scanning: Attackers can perform network scanning and port scanning to identify vulnerable systems, open ports, or services that can be targeted for exploitation. By identifying weaknesses in the network infrastructure, attackers can gain unauthorized access, launch attacks against vulnerable services, or exploit misconfigured systems.
+5. Man-in-the-Middle (MitM) Attacks: MitM attacks involve intercepting and tampering with network communications between two parties. By positioning themselves between the sender and receiver, attackers can eavesdrop on sensitive information, modify data packets, or impersonate legitimate network entities. This can lead to data theft, unauthorized access, and compromise of confidentiality and integrity.
+
+   #### Mitigation Stratigies
+Mitigation strategies for attacks on the network layer in the OSI model involve implementing various security measures to protect the network infrastructure and prevent unauthorized access. Here are some common strategies:
+1. Access control and authentication: Implement strong access controls and authentication mechanisms to ensure that only authorized devices and users can access the network layer. This includes using strong passwords, multifactor authentication, and encryption.
+2. Firewalls and intrusion detection/prevention systems: Deploy firewalls and intrusion detection/prevention systems (IDS/IPS) to monitor network traffic, detect potential attacks, and block or mitigate them in real-time. These security devices can identify and prevent unauthorized access, network scans, and other malicious activities.
+3. Network segmentation: Divide your network into segments or subnets to isolate different parts of the network. This helps contain the impact of an attack and prevents lateral movement by attackers. Implementing proper network segmentation limits the attack surface and makes it more difficult for attackers to traverse the network.
+4. Virtual Private Networks (VPNs): Utilize VPNs to establish secure connections between remote locations or external users and the network. VPNs encrypt network traffic, providing confidentiality and integrity, which helps protect against eavesdropping and tampering.
+5. Network monitoring and logging: Regularly monitor network traffic, logs, and event data to detect any unusual or suspicious activities. Implement a centralized logging system to collect and analyze logs from various network devices. Monitoring and analyzing network traffic patterns can help identify potential attacks and take appropriate action in a timely manner.
+6. Denial-of-Service (DoS) protection: Implement DoS protection mechanisms, such as rate limiting, traffic filtering, and anomaly detection, to mitigate DoS and Distributed DoS (DDoS) attacks that can overwhelm the network layer.
+7. Regular patching and updates: Keep network devices, routers, switches, and other network infrastructure components up to date with the latest security patches and firmware updates. This helps address known vulnerabilities and reduce the risk of successful attacks.
+8. Encryption and tunneling protocols: Use encryption and tunneling protocols, such as IPsec (Internet Protocol Security) and SSL/TLS (Secure Sockets Layer/Transport Layer Security), to secure data transmission between network devices. Encryption protects the confidentiality and integrity of data as it traverses the network.
+9. Security awareness and training: Educate network administrators, employees, and users about network security best practices. Promote awareness of common threats, social engineering techniques, and the importance of strong passwords, avoiding suspicious links, and not sharing sensitive information.
+10. Regular security assessments and audits: Conduct regular security assessments and audits to identify vulnerabilities, evaluate the effectiveness of security controls, and make necessary improvements. This can include penetration testing, vulnerability scanning, and security reviews.
+Implementing a combination of these mitigation strategies can enhance the security of the network layer and help protect against various attacks and unauthorized access attempts.
+
 ## Data Link Layer
 ### What is Data Link Layer 
 The data link layer, which is the second layer of the OSI (Open Systems Interconnection) model, is responsible for the reliable transfer of data between directly connected nodes on a network. It takes the packets from the network layer and encapsulates them into frames for transmission over the physical medium. The data link layer ensures error-free and orderly data transmission through mechanisms such as error detection, flow control, and media access control. It also handles addressing at the local network level, using MAC (Media Access Control) addresses to uniquely identify devices on the same network segment. The data link layer operates by interacting with the physical layer below it to transmit and receive frames reliably across the network. In summary, the data link layer provides a reliable and efficient means of transferring data between directly connected devices on a local network.