Layer 8

Layer 8 is an informal extension of the OSI model , which leaves the technical framework and includes people as a further factor in the consideration of network communication. It is and was originally used humorously, for example in the Internet RFC 2321, which was published in 1998 as an April Fool's joke, or as a discreet indication that the cause of a network or computer problem is not to be found in the technology but rather in incorrect or improper operation.

Serious Layer 8 notation

The OSI model of the international standardization organization ISO represents an abstract, generic model of communication between networked systems. It divides the network into seven hierarchically structured levels, which range from the physical connection to the application layer that communicates interacts with the user.

Layer 8 notation is serious and useful when it comes to computer and network security, for example, because attack vectors such as social engineering start at Layer 8, the user layer. In this context, the crypto expert Bruce Schneier and the network security company RSA use the term. In a comment on the RSA blog on December 7, 2010, guest author Ian Farquhar expanded the network model to include layer 8 and two more layers.

The entire extended OSI model then looks like this:

• Layer 8: the individual (human layer)
• Layer 9: the organization (Organization Layer)
• Layer 10: the state (Legal and External Compliance Layer)

The seven layers of the OSI model build on one another hierarchically, with each level interacting exclusively with the directly adjacent levels. In practical applications, the individual layers do not necessarily have to be found in a corresponding, specific subdivision and functions from one layer can also be divided into different units. A prominent example of this is the TCP / IP model of the Internet. This is divided into four layers, the limits of which are partly within an OSI level. Nevertheless, network communication on the Internet can also be discussed in a meaningful way using the OSI model. It was developed quite generally for this purpose and not as a basis for specific network protocols. The addition of layer 8, the user layer and, if necessary, further political levels above it is therefore appropriate and appropriate so that countermeasures such as promoting social awareness can also be included in the discussion. After all, not all computer, network and security problems can be solved on a technical level and through technical measures. The aforementioned social engineering, for example, has to be countered by increased social awareness, especially in the user class.

Another essential property of the levels of the OSI model is that they only communicate with the same level between two network nodes. This means that level 4 on system A interacts with the same level on system B. In between, however, levels 3 to 1 are run through on system A and the same on system B in reverse order. Using the example of TCP / IP, a TCP session is opened between system A and B. For this purpose, the TCP data packets are packaged in IP packets ( Layer 3 ) and these are then packaged in Ethernet packets or PPP packets for transport over telephone or DSL lines. For layer 8, this means that interaction is only possible between individuals in the user layer of the two systems involved. This also applies if this interaction does not take place directly between people, but rather via a telephone line. This only serves as a transport medium via which the user layer of system A communicates with that of system B. If you want to counter the risks not only by promoting social awareness, but also with technical measures, then these must either completely prevent communication or decode communication at higher levels. The former is often not possible because communication is necessary for the operational process. The latter requires eavesdropping on the communication as well as an automated evaluation and is also not without problems. A strengthening of social awareness for security problems on layer 8 in the extended OSI model can be achieved through information campaigns.