It begins with the Open Systems Interconnect (OSI) model and the TCP/IP model. If you don’t have experience working with these tables, you’ll simply have to memorize them. The table below contains a mnemonic to help you memorize the OSI, TCP/IP, and protocol data unit (PDU) that is mappable to each. Start from the bottom and read upward.
| PDU | LAYER | TITLE | TCP/IP | |
| d | 7 | A | nymore | A |
| d | 6 | P | hotos | A |
| d | 5 | S | nap | A |
| s | 4 | T | o | t |
| p | 3 | N | eed | i |
| f | 2 | D | on’t | N |
| b | 1 | P | eople | N |
Again, start by going from the bottom up to visualize it properly. Repeat the phrase “people don’t need to snap photos anymore” (now they take “pics”) or whatever you want to put in there.
The PDU, or protocol data unit refers to:
- Bits
- Frames
- Packets
- Segments
- Data
But again, read these from the table going upwards. You can memorize these by saying or writing the phrase “big feet point straight downwards”.
The TCP/IP model on the right side can be memorized by saying/writing “N2, A3,” with “IT” in the middle, or “NitA,” which could be someone’s name.
I recommend writing these mnemonics down several times on your memorization sheet.
The following table shows each layer, quick examples, attacks, and mitigations. While this is not exhaustive, be sure to familiarize yourself with what each layer is and how to protect it by knowing the vulnerabilities.
| LAYER | EXAMPLES | ATTACKS | MITIGATIONS | |
| 7 | Application | GUI interface | Software vulnerabilities | Sandboxing, malware and vulnerability scans, review and test application code, patch management/updates. |
| 6 | Presentation | Presents data to the application | Unicode vulnerabilities, code injection | Separation of user input and program control, input validation |
| 5 | Session | Connection session | Sniffing, brute force, session hijacking, information leak, spoofing | Password encryption, authentication protocols, |
| 4 | Transport | Establishing the connection | Infiltration, DOS | RUBAC, monitoring |
| 3 | Network | IP address | Spoofing | Firewalls, routing policies, ARP broadcast monitoring |
| 2 | Data Link | MAC address | MAC Spoofing, VLAN circumvention, ARP poisoning | Filter MAC addresses, don’t solely rely on VLANs for security, ensure wireless applications have encryption and authentication baked in. |
| 1 | Physical | Dumb devices, cabling, modems | Power interruption, disconnection, damage, theft | Fiber optic, use of star/mesh topology, STP |