A Layer-7 Secure Security Posture

This paper intends on applying the lessons learned from the lower levels of the OSI model to the upper layers. The following figure shows the OSI model. The seven layers are also looked at as two groups of layers - Application and Data Transport layers. It is within the boundary between the application and data transport layers that we cross the philosophical split on whether your site needs to take a 'default deny' or a 'default permit' stance. End users and system administrators wholeheartedly believe that anything that hasn't clearly been prohibited should be fair game while network engineers intuitively see the need for the 'default deny' stance.