Both TCP/IP and OSI model are conceptual models that help us understand how networks work (Thecybersecurityman, 2018). Networks in this scope can span from the internet to Local Area Networks. On the other hand, penetration testing, in terms of networks, is the act of investigating flaws and vulnerabilities that may exist between connections of devices with the aim of either exploiting them or test the security of such networks. More specifically, TCP/IP and OSI models are used to illus trate the network protocols and how they work to facilitate communication between computers or connected nodes in such networks.
Penetration testing requires that the specialists understand these models to know the exact places in the networks where flaws can be. TCP/IP is an illustration with the application layer which has similar functions as the first three layers in the OSI, which are an application, presentation, and session. The OSI model also has a transport layer, and its network layer illustrates similar functions as the internet layer in TCP/IP implementation. Link layer has almost identical functions to those of data link and physical layers in OSI illustration (Thecybersecurityman, 2018). Vulnerabilities can occur at any of these layers.
Delegate your assignment to our experts and they will do the rest.
An understanding of these models ensures that penetration testers can troubleshoot for problems in the network (Thecybersecurityman, 2018). For instance, the application layer defines the protocols for communication between nodes via different ports. If a connection cannot be established, the penetration tester can first start checking at this layer for problems with ports. Encryption and decryption of packets in the network happen at the presentation layer. Therefore, penetration testing for the security of the network connection can be done at this layer. Hacking attacks like Denial of Services can be investigated at the session layer. General understanding of these network models can give a forward hand in penetration testing.
Reference
Thecybersecurityman (May 2018) “The OSI Model and the TCP/IP Model.” The Cyber Security Man. Retrieved on 4 July 2019 from https://thecybersecurityman.com/2018/05/24/the-osi-model-tcp-ip-model/
