, 9 tweets, 2 min read Read on Twitter
*Deep breath* So like, this is a great thread, and Rob’s commentary on why the higher layers of the OSI model aren’t what actually happened in reality is very accurate. However, I don’t quite agree on starting an OSI revolution *today* in college classrooms - here’s why... (1/n)
The dirty secret is ALL the models we use in cybersecurity are deeply flawed and rarely fully representational. The Kill Chain. Purdue Model. MITRE ATT&CK gets closer only because of massive verbosity. And we who teach and frequently refer to them all KNOW it. We still use them..
I run into developers *building security products*, regularly, who don’t know the OSI model at all. Therefore, we’re missing common verbiage, and that’s a Problem. Do I commonly refer to the presentation later? No, of course not. The higher layers of the model are quite flawed.
I refer to layers 1-4 all the time, however. They’re a simplified and fairly easy way to understand the obtuse and arcane way modern networks are kludged together. It’s really hard to convey the layers necessary to do proper monitoring and detection without that understanding.
For example, people not grasping TCP/IP well is why layer 2 attacks are a scary problem in our non-airgapped, heavily VLANed environments. It’s why we often treat IPv6 as a confusing problem we just ignore. It’s why we presume network issues are security incidents and vice versa.
Could we get rid of OSI and replace it with something more accurate? Probably. Would it be as simple and effective tool to teach and refer to network (dys)function? Maybe, maybe not. It *should* be pursued. It’s the same with the kill chain and the Purdue model...
There’s a lot of grumbling about how unrepresentative and inaccurate those models are, today. Yet security and networks are so complex and varied that really putting anything into a box ends up being a 40 page appendix. Which is a hard way to convey concepts to students or devs.
So, I would simply challenge anyone who suggests we throw out a teaching tool to recommend a reasonable and fleshed our plan to replace it with something that can be used effectively in its place - remembering that oversimplification can be necessary to teach concepts and define.
Anyway, read Rob’s whole thread because he’s absolutely correct about the problem and why we’re where we are today. Just consider the immense problem of teaching THE INTERNET, the Universe, and Everything to security and non-security people - and that someone has to tackle it.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Lesley Carhart
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!