The OSI Model and SharePoint

The OSI Model and SharePoint

The OSI model is the standard when it comes to routing, switching, and broad-spectrum application services, along with supporting conventional networked services. It spans the entire network computing infrastructure to provide a standard by which network and application engineers, as well as SharePoint architects can communicate pertinent information back and forth between each other leveraging a common standard. Although selected layers may prove to abstract for a SharePoint architect to be particularly concerned about, they nonetheless provide a positive insight into the network and application architecture that fabricate the backbone of how SharePoint operates and functions at a multiplicity of levels.

Layer 1 The Physical Layer

The first layer of the OSI model is the physical layer. Relative to SharePoint, the physical layer deals with the actual data rates and physical connectors while erect the inclusive collaboration environment. At the physical layer, there is the defining of how the actual bits that SharePoint creates (at a very high level, translated to a very low level) is converted into voltage and transmitted across a physical medium. This is a very granular level that SharePoint architects rarely see, since it will determine the transmission medium including whether it is a thinnet, thicknet, or Unshielded Twisted Pair (UTP) that SharePoint will employ. The overall concept, at a high level, is how SharePoint will function at the physical link in a networked environment.

There are several network devices that define the physical layer, such as:

  • Hubs
  • Repeaters
  • Multiplexers
  • Network Interface Cards

Along with these physical devices, there are several protocols that operate at this level, such as:

  • ATM
  • BRI
  • X.23
  • PRI
  • E1
  • E3
  • 10BaseT
  • 100BaseT
  • 10Base2
  • 10Base5
  • OC-3
  • OC-12
  • DS1
  • DS3

Layer 2 The DataLink Layer

The DataLink layer contracts predominantly with topology and frame handling. In this, there are certain other things defined such as the physical network addressing, line discipline, notification of network errors, delivery of frames in ordered pairs, and network data flow control. SharePoint architects will have relatively no interaction with the DataLink layer, since it is either handled by network engineers or through automation provided by network devices.

The DataLink layer will bestow the workings of certain resolution protocols such as the Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) which interrelate with the two sub-layers that the DataLink supplies, the Media Access Control layer (MAC) and the Logical Link Control (LLC) layer. MAC interacts with the Physical layer in that it provides physical addresses for resolution to transpire. The MAC address are 12 hexadecimal digits, the first 6 that defined by the IEEE, and the latter six defined by the vendor, all burned into Read Only Memory (ROM) of the arbitrary machine. The LLC talks up in the OSI model by instantiating a uniform interface that procures independent LAN media access to procure flow control and sequencing services.

The network devices that exist at the DataLink Layer of the OSI model are:

  • Bridges
  • Switches

The protocols that exist at the DataLink layer are:

  • SLIP
  • PPP
  • RARP
  • SLARP
  • IARP
  • SNAP
  • BAP
  • CHAP
  • LCP
  • LZS
  • MLP
  • Frame Relay
  • HDLC
  • BPDU
  • LAPD
  • ISL
  • MAC
  • Ethernet
  • Token Ring
  • L2F
  • L2TP
  • PPTPFDDI
  • ISDN

Layer 3 Network Layer

The Network Layer of the OSI model defines the injected information of the sent packets and frames so that they can be properly routed throughout the network to the correct destination sets. For SharePoint architects this is typically where content routers can be inserted. As well, securing routers is imperative to collaboration environments since compromising the router can eventually lead to concessions with the aggregate collaboration environment.

The Network Layer is fundamentally accountable for next-hop resolution and addressing, which build the principals of routing and switching. As broad network problems arise they are also resolved at this level, such as when there is network congestion (if multiple packet injections institutes a traffic bottleneck) that occurs that is affecting normal operations. After the segment are received from the Transport Level of the OSI model, it is pieced into Maximum Transmission Units (MTUs), which will consecutively classify the thresholds for the sized packets that are allowed to cross an arbitrary network medium. After the packet is sent, it is moreover reassembled at this level.

As well, the Network Level also has several duties related to the subnet, including how information packets are routed from the source to the destination, using an arbitrary set of routing logic that is up to the network architect to decide on, and the related node metrics.

The devices that operate at the network layer are:

  • Routers

The protocols that can execute at the network layer are:

  • IP
  • BOOTP
  • DHCP
  • OSPF
  • EIGRP
  • IPX
  • ICMP
  • RIP
  • ISIS
  • ZIP
  • DDP
  • X.25

Layer 4 The Transport Layer

The transport layer provides the essential transport services for end-to-end data movement, along with establishing the entail connections that are needed for the data transport to occur by establishing a logical link between the two. In essence, the transport layer is responsible for all activities related to the massaging of data between two endpoints by assimilating data from the Session Layer and breaking it into lesser units and passing it to the network layer, and then assuring that the data is routed correctly. SharePoint architects tend to have very little interaction with this layer since it is mostly automated by the appropriate network devices and for adjustments requires an understanding of the Cisco IOS. The transport layer provides another layer of abstraction in order to accommodate for changes to the physical network.

The Transport layer is most known for its function related to TCP. The transport layer will subdivide user-buffer datagrams, into network-buffer datagrams, and implement that necessary transport protocols for the data transmission to occur. As stated before, TCP exists at this level, as well as User Datagram Protocol (UDP). Between these two protocols, the largest difference is the concept of speed and reliability. UDP simply makes a handshake with low overhead transmission services and is essentially stateless with no error checking. The TCP protocol however keeps a running tally of the packets being delivered and the order that the packets are sent with granular error checking, sent via sockets. This in essence, means that TCP is a stateful protocol.

Protocols that are used at the transport level are:

  • TCP
  • UDP
  • SPX
  • ATP

Layer 5 The Session Layer

The session layer is mostly responsible for establishing and maintaining the inclusive connection between two network enabled hosts, providing the facilities for preserving the connection during the transport of the data as well as controlling the drop of the connection if it is needed. For SharePoint architects the session layer typically interacts with how relevant SharePoint frames and dropped and managed at the network level. This is not implying anything regarding session stating or viewstates, since this are application specific settings.

The Session Layer does three main actions related to sessions:

  1. Establishes the Session
  2. Maintains the Session
  3. Drops the Session

Involved with the session process are the recognition and identification of the parties involved in the packet inter-exchange so that participation of the session parties can be maintained. To promote the quality of the session (QoS) there is a synchronization check that occurs by injecting checkpoints into the transmitted data streams in order to detect whether a session fails so that the last checkpoint can be reloaded into the session stream for transmission, this provides a rudimentary form of fault-tolerance.

In a networked computing environment, the session layer enables two client machines to establish a germane session to implement conventional data transport as well as time-sharing and file transport between client machines. As opposed to the Transport Layer of the OSI model that can still provide ordinary data transport the session’s layer can also implement dialogue control in order to procure bi-directional traffic control and keep a tally of the clients that are involved in a traffic push.

The protocols that are used in the session layer are:

  • DNS
  • RPC
  • SQL
  • NFS
  • SSL
  • TLS
  • SSH
  • ASP
  • RADIUS

Layer 6 The Presentation Layer

Layer 6 of the OSI model, the Presentation Layer, is the primary means of representing data in a standard structure that can be translated into sensible data once it is received at the destination. The presentation layer is genuinely where the SharePoint architect will begin to interact with the OSI model since it is where relevant SharePoint frames are converted into the service that build the presentation layer of the application.

During this frame resolution process, there is a translation procedure that occurs between the format that is provided by the network and the format that is parsed by the application. This provides a uniform method of conversion, whereby all data passed through the OSI model can be translated into a common format through the use of protocol conversion, character conversion, data encryption services, graphic commands, and data compression.

Layer 7 The Application Layer

The Application Layer provides the support needed to provide support to services that will generate the user interface from relevant application services. The application layer should not be confused with the tangible user interface, but is instead the application interface that will in turn impart support to the user interface. This is where the ASP.NET framework will reside since it is the service that services the SharePoint framework, but does not actually generate the user interface.

The Application Layer will provide the network access flow, overall flow control, and general error recovery after the transmitted data has reached this level.

The protocols that are used in the Application layer are

  • HTTP
  • NNTP
  • DNS
  • SMTP
  • DNS
  • FTP
  • TFTP
  • BOOTP
  • SNMP
  • RLOGIN
  • MIME
  • NFS
  • Finger
  • Telnet
  • NCP
  • SET
  • SMB
Share

The CIA Triad and SharePoint

The propriety information that SharePoint propagates and builds upon is the essenc collaboration enabled organization. Protecting this information should be the primary goal of an organizational after the proper enablement of it, safeguarding it from intruders and attacks that may have malicious intent. This is especially pertinent in the case of SharePoint where the integrity of the stored business data is nothing but operationally critical. In this, a simple principle should be maintained. Users that can access the data should be able to do so easily and efficiently, whereas users that are not authorized to do so cannot. In order to enforce a certain standard, it is wise however for one to take this concept of security beyond a rudimentary level of access control mechanisms, since attacks can occur at the pipe, post transit, as well as when in archived storage.

The concept of the CIA triad is one of the methodologies that are immediately available to empower a user to properly structure their SharePoint security strategy. Within the concept of SharePoint which builds upon various objects having the option of being secured, this means that a SharePoint administrator must look at all of these objects when positioning himself/herself to secure SharePoint.

The CIA triad is composed of three main layers:

  • C – Confidentially
  • I – Integrity
  • A – Availability

How the CIA triad is applied to an organizational is a molded basis. It is never a uniform application since it requires taken each individual company and applying it as an aggregate framework. For each organization that implements SharePoint, the overall goals that they wish to achieve will be different, as well as the limits that the CIA objectives can touch tend to be excluded against the overall business strategy of the company. Whenever applying a security protocol however, it is best to think that the you are doing it to preserve a layer of the CIA triad.

Confidentially

Within any organization, the concept of confidentiality is ever present. Particularly in a SharePoint environment where the nature of the system is to aggregate business data this is an ever increasing problem that needs gentle application. The basis of confidentiality is that the base of a certain object, whether it is a Microsoft Office Word document, list item, or any other arbitrary SharePoint item, has not in any way shape or form been compromised by another party, and is only available to parties that require access to this data. The latter in general means that only trusted parties are the ones that have access to that data. There are a multitude of ways that a person may breach confidentially, whether it is through technical or social means, either through hacking and sniffing to calling up a support representative of a company and social engineering their way into the data that they wish to get access to.

Every party can be susceptible to committing an act that would breach confidentiality. Since SharePoint at its essence is a self service system, it is particular vulnerable to site / site collection owners causing the breach, particularly through social engineering tactics. Although an exact example of this is fairly impossible to give, it would in general just be an attacker posting as a trusted user attempting to gain access to a site collection. The problem with social engineering in the realms of creating the most secure collaboration systems is that it is often an endeavor that companies are not willing to pay for, since it results in high user training costs and proper security training.

Integrity

Somewhat related to the concept of confidentiality is the subject of integrity. When a individual posts a certain business asset to a site collection, there is the understanding that the data will not be tampered with either after-post or while the upload is happening. if the data is committed by any of these two breaches, the data is considered to be of failed integrity.

Integrity can be defined very simply as data that party A commits to SharePoint will never be modified or destroyed by any unauthorized party. Therefore, there are typically two points during the data transmission process where the breach of integrity could occur. When uploading a document to SharePoint from the origin to destination site collection, the user is assured that

  • the document during transmission will do so without any unauthorized tampering or modification
    where the document is stored is the target site collection without doubt. Otherwise the integrity of the arbitrary business asset is forfeited.

Establishing the concept of integrity is relatively simple for one to do. There are three main principles that are typically implemented against a SharePoint framework in order to achieve this:

  1. LUA (Least User Access) – The user only will need access to certain site collections. Spreading privileges to think will cause breaches in integrity.
  2. Rotate Duties – Rotate the site collection administrator permissions within an arbitrary web application in order for absolute control to be difficult to maintain
  3. Separate Duties – One person should never have complete control over the SharePoint environment. This task should be split across multiple parties to ensure failover points and separate trust within the collaboration environment.

Availability

Availability is a problem that occurs within any collaboration environment, and can be an operational killer. For a collaboration environment to properly build out virtual teams, it is essential that the SharePoint network have optimal uptime. Although availability does encapsulate the point of making sure that the environment is stable and maintained, it also houses the fact that users should be able to quickly get to the information that they require with little waiting time. The concept of availability is usually subject to calculating the Quality of Service that one can provide to their SharePoint users. The concept of QoS means that a standard will be maintained for all natural disasters, against technical attacks that may effect availability (such as a Denial of Service attack), and that a redundant collaboration environment is architected in order to promote the highest level of failover.

Share