Information Security at OSL Layers and Cloud Computing - Assignment Example

INFORMATION SECURITY AT O.S.I LAYERS AND CLOUD COMPUTING. Letter of Transmittal This report “Information security at O.S.I layers and cloud computing” mainly strives to identify the security vulnerabilities which are mainly associated with information systems at the available layers. It explains layer by layer in brief and then concludes by examining transport layer, data link, point to point protocol, end to end security and cloud computing in depth while examining the security loopholes comprehensively and how security procedures are established before how connections are made in the different layers. Finally it gives a conclusion on the best way forward that an Information Systems Security expert has to follow in order to stay updated with modern trends and solutions in order to counter security lapses and loopholes within the O.S.I network. This particular report assumes the learner has some intermediate computer background and in particular some knowledge on computer networking and information security. Executive Summary This paper is mainly on information security that applies to an organizations computer systems network. It lists and describes the basic Open Systems Interconnection layers while giving a brief overview on their security loopholes and finally proceeding on and giving a comprehensive overview of Transport layer security, Point to point protocol, end to end security, Data link layer security, internet layer security and cloud computing on an organizations entire IT security requirement. We move on and give our conclusions and recommendations on the best security procedures on an organization, in relation to OSI network layers. Table of contents 1. Introduction ……………………………………………………………………..5 2. OSI Layers……………………………………………………………………….5 2.1 Layer 1 the physical Layer …………………………………………………6 2.2 Layer 2- Data link Layer …………………………………………………...6 2.3 Layer 3- Network Layer ……………………………………………………7 2.4 Layer 4- Transport Layer ………………………………………………….7 2.5 Layer 5- Session Layer ……………………………………………………..8 2.6 Layer 6- Presentation Layer ……………………………………………….8 2.7 Layer 7- Application layer …………………………………………………9 3. Transport Layer Security …………………………………………………………..9 4. Point to Point Protocol (PPP) ……………………………………………………….12 5. End to End Security ………………………………………………………………….14 6. Data Link Layer Security…………………………………………………………….15 7. Internet Layer Security………………………………………………………………16 8. Cloud Computing……………………………………………………………………..17 9. Recommendations & Conclusion…………………………………………………….19 10. References…………………………………………………………………………….20 Introduction The ubiquitous nature of computer network connectivity may aid computer users into accessing the world, while at the same time it may enable the same world to access those same computer systems in an undesirable manner. It is this unique nature of computer networking that becomes of prime concern for our information systems and data security. Regardless of the security of our hosts, information systems are, and will continue to be vulnerable if parts of the infrastructure between our distant destinations and ourselves become victims to security exploitation. Also going by the fact that, information security and data exchange are inextricable linked, modern computer networking engineers have to be security conscious while at the same time they have to understand the network that they are mandated to secure (E Cole et al. 2003). It is this particular scenario that has made security, between sites, system, and applications, a major consideration and expense for any modern organization. OSI Layers The Open Systems Interconnect (OSI) layers, enables the network engineers, to understand data communications between any two networked computer systems by dividing the communication systems into seven different layers in which each layer has been mandated to specific functions to either support the layer above or below it. FIG 1.0 Depiction of OSI layers Layer 1 the physical Layer This is the layer that defines the connectors and interface applications together with the medium used (cables). It involves all the electrical, mechanical, and procedural specifications that are provided for sending bit streams through the computer systems network, and some of the components used in this layer may include; Cabling systems, Adapters that connect to physical interfaces, Hubs & repeaters, wireless devices, network interface cards among others (Paul Simoneau, 2006). This layer is the most critical when it comes to data security and denial of service may be launched by a mere circuit breaking or just unplugging the power cord or network cable. Other security vulnerabilities may include loss of power, physical theft of data and computer hardware, undetected interception of data, key stroking and other input login. (Damon Reed, 2003). However, this security situation may be contained by, locked enclosures, video & audio surveillance, biometric authentication and cryptography techniques among others. Layer 2- Data link Layer This particular layer mainly allows devices to access the network, send and receive messages, it also offers physical address to devices that are present on the network so that the devices’ data present on the network can be sent. It also synchronizes with the devices networking software seamlessly in order to send and receive messages and it may also proceed and provide error detection capability (Paul Simoneau, 2006) Some of the common components in this layer include, network interface cards, Ethernet & token rings, Bridges e.t.c This layer is also the realm of wireless protocols such as the 802.11 wireless networking and it is due to this wireless capability that signals may go beyond the intended range to the outside public, whereby some wireless access point, may lack sufficient control at this particular layer, hence letting anyone with signals at the physical layer to easily interconnect to the network In this layer, more weakness have also been touted in the Ethernet switches, this is because any station in a local layer is capable of claiming any IP address hence attackers can easily create an artificial view of the layer two environment which eventually aids in “man in the middle attacks” by enabling a machine in the network to acquire data communication between hosts, this occurs mainly by intercepting their traffic and forcing it through the attacking machine (Pascal Meunier, 2003) Some of the vulnerabilities associated with this layer include, MAC address spoofing and switches flooding traffic to VLAN ports other than to the required ports which may aid in intercepting data by any device connected to the VLAN. Layer 3- Network Layer This particular layer aids in providing an end to end logical addressing system that is required to route packets of data across multiple layer 2 networks. This layer determines what path a packet requires in order to reach its destination and it mainly uses constructs such as IP addresses to identify nodes and routing tables to identify the network. This layer also has some security vulnerabilities in the senses that, peers can easily exchange information with no mechanisms entirely to validate the routes that are likely to have been propagated from untrusted components of the network. This means that hackers may exploit the system by stealing the entire network ranges provided that they have the right resources (Damon Reed, 2003). For instance, IP address enables networks to be set up easily and to connect seamlessly with one another. Some of the additional functions of this particular layer may include diagnostics and reporting logical variations in a normal network operation (Paul Simoneau, 2006). Layer 4- Transport Layer This particular layer is mainly concerned with transmitting data streams into the lower layers and it is basically the first purely logical layer within the OSI model. Some of the functions associated with this layer include, application identification, message arrival confirmation, data control, transmitting error detection among others (Paul Simoneau, 2006). Some of the most common protocols found in this layer include, Transmission control protocol (TCP) and the User Datagram protocol (UDP). Layer 5- Session Layer This layer enables application functioning on devices to establish, manage and terminate some communication through a network, it basically organizes data communication into logical flows. This particular layer works by taking the higher layer request for sending data and organizes the initiation & cessation of communication with the far end host, it then present the data flow to the transport layer, which is below where the actual transmission usually starts from. Some of the vulnerabilities associated at this layer may include; weak authentification mechanisms, session identification which may be subject to spoofing and hijacks, leakage of information as a result of failed authentification attempt and these vulnerabilities may be countered by encryption of passwords, expiration of accounts based on specific credentials & authorizations, cryptographic techniques on information and failed session attempts should be limited by timing mechanisms (Damon Reed, 2003). Layer 6- Presentation Layer This layer mainly deals with how applications formats data to be sent to the network and some of the functionality of this particular layer may include; encryption & decryption, compressing & expanding messages for its efficient travel within the network, graphic formatting, content translation and system specific translation (Paul Simoneau, 2006). In this layer application may embrace, SSL & TSL libraries in order to secure communications via strong authentification, data encryption and other cryptographic techniques in which some of the vulnerabilities associated with this layer may come from weaknesses in implementing its functions (Damon Reed, 2003). Some of the vulnerabilities associated with this layer may involve; careless handling of unexpected input that may eventually lead to application crashes, unintentional use of externally supplied input that may aid in remote information manipulation and the cryptographic flaws may be easily exploited to circumvent privacy protections and some of the controls associated with this particular layer may entail; specifying and monitoring the received input into the applications, separating the user input and program control functions and reviewing cryptographic solutions (Damon Reed, 2003). Layer 7- Application layer This layer provides an interface for the end user who operates the device connected to the network (Web browser, e-mail client). This layer aids in file transfers, network printing, electronic mail, electronic message and the World Wide Web (Paul Simoneau, 2006). Some of the vulnerabilities associated with this layer include; poor security design of the basic functioning of the applications, this makes sensitive information to be insecurely handled by placing it in publicly accessible files such as HTML codes. There are also other applications that come with poor authentification mechanisms. But on the hardware side, intrusion detection systems may be implemented in order to observe data traffic and host based firewalls which are used within the network, should include mechanisms to control access of applications to the network. Transport Layer Security (TLS) This particular layer is mostly concerned with transmitting data streams into the lower layers of the model. It takes data streams from the layers on top and prepares them for transportation to the lower layers. In this particular layer, communication has to be established in a unique manner in order to prevent eavesdroppers from getting hold of our messages or even modifying it and mechanisms such as cryptography may prove to be very ideal in this whole security scenario. For instance, in TLS, the clients may try and embrace the certificate authority (CA’s) public key concept to validate the CA’s digital signature of the server certificate. If the client verifies these digital signatures successfully, then, the client accepts the server certificate as a valid certificate that has been issued by a legitimate certificate authority and a connection is established. This procedures happen by the client verifying that the issuing CA is from the trusted lists of CA’s, the client then proceeds and checks the validity period of the server, and if the data & time are still valid, then the authentification continues. The TLS client may also establish a stateful connection by embracing the handshaking concept. This may happen by the client connecting to a TLS enabled server and requesting for a secure connection from a list of some supported CipherSuites (Ciphers & Hash functions), it is from this particular list that the server is going to pick the strongest cipher and hash function that it supports and it immediately will notify the client of the decision. The server will then proceed on and send its identification in form of a digital certificate which contains the server name, the Certificate Authority and the server’s public encryption key. The client then follows and contacts the server believed to have issued the certificate and subsequently confirms that the certificate is legitimate and authentic before proceeding on. In generation of the session keys used to establish secure connections, the client automatically encrypts some random numbers with the server’s public key and immediately sends the results to the server which has the full rights to decrypt it with its private key. This is the main reason the keys keep on being invisible from third parties because it is only the server and the client that have the access to the data because the client knows the servers public key & random number, while the server knows the private key & random number. A third party may only access the random number if the private key has been compromised with. From the random numbers, both the server and the client generates the material that aids in encryption & decryption, this process concludes the handshaking and begins the secured connection which is usually encrypted and decrypted with the material until the connection is finished. If any of the steps in the above procedure is not followed, then, the TSL handshake will fail and the connection will not be established. Transport layer protocols such as the TCP and UDP embrace port number concepts in order to allow multiple simultaneous conversations among various conversations to individual local protocols or applications. Among the vulnerabilities associated with this particular layer is poor handling of undefined conditions. For instance, most transport protocols within this layer are of the notion that they will be dealing with properly defined and well behaved communication protocols from both lower and upper levels, but if we would consider the world of public internet where traffic of all sorts from all corners is coming through. This scenario subjects protocols, into unexpected and deliberate perverse input which exploits the more obscure protocol details which results into unexpected behavior (Damon Reed, 2003). For instance, attacks such as “Winnuke” uses obscure and an out of specification TCP flag when connecting to an open TCP port in a Microsoft Windows Operating System based machine which results into the operating system crashing. Another vulnerability pertains to usage and re-use of ports for multiple functions which is very common within the Microsoft windows environment, where numerous functions that differ exist e.g. File & printer sharing, remote administration, RPC functions and other applications which use handful of UDP and TCP ports. It is this particular over-use of ports that is ultimately going to restrict access at this particular layer (Layer 4-Transport layer) to a firewall, extremely difficult, and if any function is required, then, the firewall ports open, and most if not all of the functions, that make use of those same ports, are likely to go through, unchecked (Damon Reed, 2003). Overloading ports is likely to limit the effectiveness of controls which are network based such as firewalls and this forces reliance on individual host level security controls. With most transmission protocols being developed with an emphasis on utility and performance, they rarely deliberate on strong controls to validate their source of transmission whether a certain packet is legitimate or not and this makes it easier to forge packets that easily interrupt the flow of transmission. However, some other protocols such as the TCP are extremely susceptible because of their extensive flow control and integrity checking, but integrity only pertains to accidental loss of data because of errors or packet loss, than, deliberate attempts in attacking the protocol itself hence making the protocols more susceptible to sophisticated attacks. For instance, there is the session hijacking, here an attacker may guess factors such as the TCP numbers and subsequently injects fake packets in order to manipulate data flow by simply interrupting and falsifying higher level data flow. With conventional firewall being the dominant control at this particular layer, the firewall rules have to be written in a strict manner as possible, the transport layer protocols have to be specified individually in rules. IN TCP/IP communication, the rules should be developed in a way that they apply matches for the transport layer protocols details such as UDP/TCP port numbers. Other controls that may be implemented at this layer include; inspection at the firewall layer to prevent the out of state packets, “illegal flags” and other malicious packets so that they may not go into the security perimeter. We may also use stronger transmission mechanism and layer session identification mechanisms to prevent takeover of communications (Damon Reed, 2003). However, the information has to be consistently protected with greater authentification, confidentiality and integrity mechanisms with modern cryptographic techniques, this calls for stricter controls at this particular layer which is also based on a protocol known as the Secured Socket Layer which uses cryptographic mechanisms that establishes and maintains a secure TCP/IP connection which prevents eavesdropping, message tampering or forgery. Message authentification code with secure hash identification may prevent message tampering, and authenticating clients and servers with public key cryptography based digital signatures may prevent message forgery. In order to effectively prevent message eavesdropping, tampering and forgery, a unique or shared secret key may be required by the cryptographic mechanism whereas a pseudo-random number generator together with a key establishment algorithm may provide for the generation and sharing of secrets (C. Michael et al, 2005). Point to Point Protocol (PPP) This particular protocol provides a standard method for transporting multiprotocol datagram’s over point to point links. For instance, apart from TCP/IP, this protocol may also transports Novels IPX and AppleTalk traffic and PPP at the same time, it also permits these protocols to be transported over the same connection (Douglas Schweitzer, 2002). This technology enables networks to connect over ordinary telephone lines and ordinary users just need to connect their personal computers to the internet using PPP concept, by using a modem, the remote computer in the network becomes a node that enables users to run applications such as e-mails & web browsing on this remote computer directly (Douglas Schweitzer, 2002). PPP, automates the login procedures via Password Authentification Protocol (PAP) and challenge Handshake Authentification Protocol (CHAP) and it comprises of three basic components: A method to encapsulate multiprotocol datagram’s. A link control protocol (LCP) that establishes configures and tests the data-link connection. A family of Network Control Protocols (NCP) that establishes and configures the different network-layer protocols. There are four important phases arising from using LCP, NCP and PPP, these include (Douglas Schweitzer, 2002). Link Establishment and configuration exchange: Before the network layer data grams are exchanged, LCP has to initially open connections and negotiate parameters in which this particular phase can only be described complete only when the configuration acknowledgement have been sent and received. Link Quality Determination: After the link establishment and configuration phase, the LCP will allow an optional link quality determination phase and it is also at this phase when the link is tested in order to determine on the link quality in order to ascertain its sufficiency in bringing the network layer protocol. Network Layer protocol configuration: After LCP finishes the link quality determination phase, the network layer protocols may be configured separately by NCP and can be brought up and `also be terminated anytime and if LCP decides to close the link, it sends signals to network layer protocol so that appropriate action may be taken. Link termination: This mainly occurs when LCP or NCP terminates the links and it is mainly done at user requests or outside events such as loss of transmission or inactivity. Some of the notable applications of PPP may include, World Wide Web, Telnet, File transfer protocol (FTP) and e-mail (Douglas Schweitzer, 2002). However, due to remote connectivity and associated insecure infrastructure, there was need of a more secure protocol which led into a Point to Point Tunneling Protocol (PPTP). End to End Security This is mainly concerned with encryption of sensitive data between communication partners. It is more about raising the level of trust in devices to a certain point where all the devices being involved in a certain transaction meet the prescribed criteria for that transaction (Jericho Forum, 2006). This works by mutual trust, which requires that for any two devices to transact there has to be some certain degree of trust between them. It operates by managing end points (workstations, PDAs, mobile devices) and network security boundaries. For instance, with the increasing mobility by the global workforce, there becomes an urgent need to access the corporate network resources via various devices and from various locations. This forces enterprises to balance this need while at the same time ensuring that their network users and the devices they are using have sound security credentials before being granted access to the network (Juniper Networks, 2010). This requires a remote access solution that offers end-end security, which means having a variety of unique features that protect access from the end user perspective to the internal server (Juniper Networks, 2010). Some of the security features available on an end point include the ability to determine the security posture of the end point device e.g. right virus protection, malware and other malicious programs. It also entails safeguards for users accessing system resources from the public internet cafes and ensuring that the data is not carelessly left behind for strangers to access (Juniper Networks, 2010). Some of the benefits of an end point security may include: Protecting network from devices not meeting the required security credentials. Ensuring the network resources are only viewed by authorized personnel. Enable a wider variety of devices and workforce to access the network without security concerns. Decrease cost since no unique software is required to be deployed on devices in order to manage them. Data Link Layer Security This is the second lowest layer and it is where most of the wired and wireless technologies such as Ethernet & token ring are found. The data link layer consists of the sub-layers logical link control and media access control (TCP/IP Guide, 2010). Some of the key tasks being performed in this layer include: Logical Link Control (LLC): These are basically the functions which are required to establish and control logical links between local devices on a network. Media Access Control (MAC): These are the procedures employed by the device to control access to the network. Data framing: Data link layer is the layer responsible for final encapsulation of higher- level messages into frames sent over the network at physical layer. Addressing: The data link layer is also concerned with addressing and labeling information with a particular destination address. Error detection and handling: The data link layer handles and detects errors. Security at this layer is provided by tunneling protocols. Tunneling enables transmission of data mostly from a private network to a public network in such a way that the routing nodes available in the public network are completely unaware that the transmission is part of a private network. It entails encapsulating private network data and the protocol information within the public network in order for the private network protocol to appear to the public network as data. For instance, tunneling may aid in using the internet which is indeed a public network, to directly convey data on behalf of a private network (TCP/IP Guide, 2010). A notable approach to Tunneling is the point to point Tunneling protocol which enables authorized users in gaining access to a Virtual Private Network (VPN). It may also be described as a wide area based protocol that enables it’s users to access their organizational networks from remote locations while at the same time embracing modern security concepts. This is mainly because in public internet, if the data in question is not properly encapsulated and encrypted via secure methods, then, there is a possibility of the data being intercepted (Douglas Schweitzer, 2002).. One notable feature of PPTP is the creation of a tunnel which enables it to securely carry non TCP/IP protocols like NetBEUI or IPX over the internet (Douglas Schweitzer, 2002). Internet Layer Security The internet layer security consists of the IP, Authentification header, Encapsulating Security Payload and secure hashing. The IP is the most vulnerable to attacks making it easier to threaten the security of application payload carrier by higher layer protocols such as the TCP. An IP sec therefore can be used to protect IP layer path between hosts, between security gateways or both. Security gateways provides packet forwarding functionality at IP layer hence it can be a router or a firewall or any host that has IP forwarding capability. Cloud Computing Cloud computing may refer to delivering scalable IT resources such as office applications and e-mail services over the information superhighway as opposed to hosting and operating them on the local infrastructure such as Local and wide area networks (Educause, 2009). By an organization deploying its IT infrastructure and services over the network, it is able to purchase its needed technological resources on as needed basis and immediately save on expenses associated with deploying computer hardware and software’s. Cloud computing enables IT capacity to be adjusted expediently and easily to accommodate changes in demand. With cloud computing technologies, organizations procure common I.T services from remote and established providers and their employees may access these resources remotely over the networks. For instance, email software may be hosted by an outside provider and does not need to be installed or maintained in-house and users may access them remotely provided that there are some internet connections (Educause, 2010). This scenario has made cloud computing to evolve into a flexible, cost-effective and a proven delivery platform that provides business and consumer IT services over the internet. As a result, this technology provides different businesses an opportunity to increase on their service delivery efficiencies while at the same time streamlining their IT management and aligning their IT services with dynamic business requirements (Alex Buecker, et al. 2009) Cloud computing models comes with a number of security concern, with massive amounts of technological related resources being shared among different users, and security processes being more often than not behind layers of abstraction, and with cloud computing being provided as a service, then, the control over data and operations is shifted to third party service whom require their clients to build trust relationships with their same service providers while coming up with modern security solutions that take this relationship into account (Alex Buecker, et al. 2009). These clouds, which are both public and private, are available to almost anyone provided he has access to some internet connections and with the benefits being associated with cloud computing being clear, there is also need at the same time to develop proper security measures for cloud computing implementations. This data that resides from the clouds has to be secured and there are challenges as well to secure them. In addition to this, the externalized aspect of outsourcing makes it extremely hard for organizations in maintaining data integrity, privacy and demonstrating compliance and cloud computing shifts most of their data and operations from client organization to cloud providers the same way companies entrust some of their technological operations to outsourcing organizations which requires basic tasks such as patches and even configuring firewalls as the responsibility of the service provider which requires clients to establish trust relationships with their service providers and understand risks in terms of how the service providers are going to implement, deploy and manage security on their behalf. Organizations have to be vigilant on how their passwords are always assigned, protected and changed; this is so because, most cloud service providers, in most cases work with third party providers and organizations should gain information about these third party providers whom could potentially access their information (David Binning, 2009). Organizations are also concerned with (Jon Brodkin, 2008): Privileged User Access: This means all the sensitive data that are processed outside, poses some inherent level of risks. Regulatory Compliance: With traditional service providers being subjected to external audits and security certifications, providers who refuse undergoing this scrutiny signal that they can only be trusted for trivial functions. Data location: Most providers usually host data in offshore locations which calls for contractual commitment on behalf of customers. It is this trust relationship between cloud service providers and their customers that is critical because the customer is ultimately responsible for compliance and protection of their sensitive data even if workload is residing on the cloud (Jon Brodkin, 2008). With cloud computing aspects, there should be also a major re-assessment of risks, for instance, inside the cloud environment it is extremely difficult to locate the data is always stored. However, by not moving to cloud means that an organization will be paying more than its competitor for the same type of products. Recommendations & Conclusion With the current threats emanating from all corners, it is wise for organizations to properly design and implement security mechanism within the various layers of the OSI models. This calls for understanding of the threats themselves, how they come and where they are coming from. This requires huge financial injection in terms of purchases necessary like security product licenses, modern equipments such as firewall, intrusion detection systems and finally making substantial investments on the manpower required to oversee this process because of their scarcity within the industry. However, security is not a product but rather a range of solutions, this requires proper implementation and deployment of technological solutions whether they are in-house or outsourced such as the cloud computing which calls for proper understanding of the organizational security needs whether it is staff security screening or companies service provider whom might leak out the organization data to regulatory authorities or competitors. The Information Systems Security (ISS) manager should on the other hand acquaint himself with the latest security trends and products in order to learn the various ways that an organization information system may be easily exploited by intruders, this will ensure that all forms of attack and information exploitation are easily countered while at the same time the existing IT budget does not surge due to information systems security in order to give the organization the best value for its money. With a secure information system in place, organizations rest assured that their reputation, secrets, efficiency hence reliability towards customer is 99.9 % guaranteed, this calls for massive investment in information security at the different levels of O.S.I hence an improved business climate of the organization hence greater return for the organization and finally an increased shareholders value with a rising share price and an increasing market capitalization. References E Cole, J Fossen, S Northcutt, H Pomeranz (2003). Sans Security Essentials with CISSP CBK. SANS Press. C. Michael Chernick, Charles Edington III, Mathew J. Fanto, Rob Rosenthal (2005). Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations. National Institute of Standards and Technology. Douglas Schweitzer (2002).Internet security made easy: a plain English guide to protecting yourself and your company online. Illustrated edition. AMACOM Div Management Association. Jericho Forum (2006). Position Paper, End point security. Retrieved May 2010, from http://www.opengroup.org/jericho/EPS_v1.0.pdf Juniper Networks (2010). End to end security with SA series SSL VPN Appliances. Retrieved May 2010 from http://www.juniper.net/us/en/local/pdf/solutionbriefs/3510213-en.pdf TCP/IP guide (2010). The TCP/IP guide, Data Link Layer. Retrieved May 2010 from http://www.tcpipguide.com/free/t_DataLinkLayerLayer2.htm Educause (2010). Seven things you should know about cloud computing. Retrieved may 2010 from http://net.educause.edu/ir/library/pdf/EST0902.pdf Pascal Meunier (2003). Purdue University, lecture notes. Retrieved May 2010 from http://www.cs.purdue.edu/homes/cs490s/LectureNotes/cs490sARP.pdf Fig 1.0 Depiction of OSI model. Retrieved May 2010 from http://www.ns-linux.org/Uputstva/Teorija/slike/osi-model-7-layers.png David Binning (2009). Top 5 cloud computing security issues. Retrieved May 2010 from http://www.computerweekly.com/Articles/2010/01/12/235782/Top-five-cloud-computing-security-issues.htm Paul Simoneau (2006). The OSI Model: Understanding the Seven layers of Computer Networks. Retrieved May 2010 from http://webcache.googleusercontent.com/search?q=cache%3A8UcBQWl_BLMJ%3Awww.rgtechnologies.net%2Fdownloads%2Fwhitepapers%2FOSIModel.pdf+ISO+layers+pdf&hl=en&gl=ke Damon Reed (2003). Applying the OSI Seven Layer Network Model to Information Security. SANS Institute reading room. Jon Brodkin (2008). Gartner: Seven cloud-computing security risks. Retrieved May 2010 from http://www.infoworld.com/d/security-central/gartner-seven-cloud-computing-security-risks-853?page=0,1 Read More