Web application security - the fast guide 1.1 | Page 15

Chapter 1 - information Security overview
P a g e | 15
1.3.1 The Physical layer:
We mean by the physical layer the direct physical access to hardware. As
illustrated in the chart above the access to the physical layer can be very
direct and dangerous because attacker can cause direct damage or
compromise network, processing, and storage devices. As example
causing a denial of service that work on a server is simply doable by
unplugging the power cord of that server. This is why physical security of
data centers is an issue that needs to be taken seriously.
A well designed architecture should allow response to attack even with
physical based attacks as example sending notification or raising an alarm.
1.3.2 Network Layer:
When the attacker doesn’t have any direct access to the physical
hardware the only available path is through external layers toward the
core where the data assets resides.
Compromising network layer will make it easy for attacker to disclose,
alter, or make unavailable mainly the data in motion sent by legitimate
user or response sent by the server. Network layer in that model
represent all activities, devices and protocols used to transfer data from
its source to destination.
1.3.3 Platform layer:
The platform layer represents the carrier of application layer it provides the
interface between hardware devices and the application layer in addition to
process and file management.
This layer is normally reflected through operating system and any used
framework or server software that host the application.
1.3.4 Application layer:
This layer represents all input processing, storage, retrieval,
manipulation and output activities done on server side or client side.
This layer depends on services it gets from the platform layer.
1.3.5 Data layer:
This is the layer where the precious assets reside, as it is known that the
Data is the real asset in information systems.
If an attacker is able to reach this layer the information system is
considered as compromised.
1.3.6 The response layer:
This layer is the deepest layer it encompasses all Data and system
recovery, monitoring, logging and notification activities.