White background, black text

OSI Model, Small-Business Networking, and Web Hosting

A practical reference with ASCII diagrams you can reuse in documentation and proposals. Includes short explanations and credible sources.

Jump to OSI Model

OSI Model (7 Layers)

The OSI model provides a conceptual framework for how networked systems communicate. While the Internet largely follows TCP/IP, OSI remains a useful reference for layering and responsibilities.

Layer	Name	Primary Responsibilities	Common Examples
7	Application	End-user protocols, resource sharing	HTTP, SMTP, DNS, TLS (handshake surface)
6	Presentation	Data representation, serialization, encryption at message level	JSON, XML, TLS record/serialization
5	Session	Session management, dialog control	HTTP cookies/sessions, RPC sessioning
4	Transport	End-to-end transport, reliability, flow control	TCP, UDP, QUIC
3	Network	Logical addressing, routing	IP, ICMP, routing protocols
2	Data Link	Framing, MAC addressing, switching	Ethernet (802.3), Wi-Fi (802.11), VLANs (802.1Q)
1	Physical	Signals, media, connectors, rates	UTP fiber/copper, radio, optics

ASCII Diagram

+---------------------------+
| 7 Application             |  HTTP, DNS, SMTP
+---------------------------+
| 6 Presentation            |  JSON, TLS records
+---------------------------+
| 5 Session                 |  Sessions, dialogs
+---------------------------+
| 4 Transport               |  TCP, UDP, QUIC
+---------------------------+
| 3 Network                 |  IP, routing
+---------------------------+
| 2 Data Link               |  Ethernet, Wi-Fi, VLANs
+---------------------------+
| 1 Physical                |  Copper, fiber, RF
+---------------------------+

Tip: When troubleshooting, move layer-by-layer (physical first). For web issues, inspect DNS (L7/L3), TLS (L6), and HTTP (L7) alongside transport (L4).

Small-Business Networking Setup

A pragmatic topology with segmentation for security, manageable growth, and clear fault isolation. It emphasizes least-privilege network access and simple maintainability.

ASCII Diagram (Logical Topology)

                        ┌─────────────────────────── Internet ────────────────────────────┐
                        │                                                                │
                  [ ISP / Modem ] ── [ Edge Router + Stateful Firewall ] ── [ L3 Switch ]
                                                          │
                                           ┌───────────────┴────────────────┐
                                           │                                │
                                     [ VLAN 10: Corp ]                [ VLAN 20: Guest ]
                                           │                                │
                              ┌────────────┴────────────┐                  [ AP-Guest ]
                              │                         │
                         [ L2 Switch ]             [ AP-Corp ]
                          /    |    \                    │
                         /     |     \                   │
                 [PCs/Thin] [Printers] [VoIP]       (WPA2/3-Enterprise)
                         │
                   [ VLAN 30: IoT ]
                         │
                  [ Cameras / IoT Hub ]
                                           │
                                           │  ┌───────────────────────────────────────── DMZ / Services ─────────────────────────────────────────┐
                                           └──┤                                                                                                 │
                                              │  [ Reverse Proxy / WAF ]  ──  [ App Server ]  ──  [ DB Server ]  ──  [ Backups / NAS ]         │
                                              │         (TLS)                         (L7)             (L4/SQL)            (Snapshots)          │
                                              └────────────────────────────────────────────────────────────────────────────────────────────────┘

Notes:
- Corp, Guest, and IoT networks are isolated via VLANs. Inter-VLAN routing only where necessary.
- APs map SSIDs to VLANs (Corp → VLAN 10; Guest → VLAN 20; IoT devices wired/wireless on VLAN 30).
- The DMZ (or “services” segment) hosts externally reachable services behind a reverse proxy/WAF.
- Centralized logging & monitoring recommended on the Corp side with restricted access to DMZ.

Key Design Considerations

Segmentation: Separate Guest and IoT from Corp; restrict lateral movement.
Identity & Wi-Fi: Prefer WPA2/WPA3-Enterprise with RADIUS for corp SSIDs; captive portal or simple pre-shared key for guests.
Firewalling: Default-deny between VLANs; allow only required ports (e.g., HTTPS to reverse proxy).
DNS Hygiene: Use reputable recursive DNS with filtering for malware/phishing where acceptable.
Asset Management: Keep an inventory; label switches/ports/VLANs and document changes.
Backups & Logs: Centralize syslog, rotate, and back up configuration files and critical data.
Updates: Patch network gear firmware; automate workstation/server updates with maintenance windows.

Small-Business Web Hosting Setup

This example emphasizes a reverse proxy front end, clean TLS, and separation of concerns for application and database tiers. It fits on-prem or in a VPS/Cloud environment.

ASCII Diagram (Typical Deployment)

 Users ──▶ Internet ──▶ DNS (A/AAAA, CNAME) ──▶ CDN/Edge (opt) ──▶ Reverse Proxy / WAF (Nginx/HAProxy)
                                                          │
                                                          ▼
                                                     TLS Termination
                                                          │
                               ┌───────────────────────────┴───────────────────────────┐
                               │                                                       │
                        [ App Server #1 ]                                      [ App Server #2 ]
                        (PHP/Node/Python)                                       (Autoscale/HA)
                               │                                                       │
                               └───────────────▶  Message Queue / Cache (Redis/RabbitMQ)  ◀──────────────┘
                                                          │
                                                          ▼
                                                    [ Database Server ]
                                                   (PostgreSQL/MySQL)
                                                          │
                                                          ▼
                                                     [ Backups / NAS ]
                                            (Daily full + hourly incrementals)
                                                          │
                                                          ▼
                                             [ Off-site / Object Storage ]
Notes:
- Reverse proxy handles TLS (ACME automation), security headers, request limits, WAF rules.
- App tier is stateless where possible; session storage externalized (DB/Redis).
- DB isolated from Internet; backups versioned and tested with restoration drills.
- CI/CD deploys new versions; blue-green or rolling updates reduce downtime.

Operational Practices

TLS & Headers: Automate certificates (ACME). Set HSTS, CSP, and secure cookie flags.
Least Privilege: Separate app/DB credentials; rotate secrets; avoid shared admin accounts.
Monitoring & Logs: Access/error logs, application metrics, DB slow queries, and WAF events.
Backups: 3-2-1 rule (three copies, two media, one off-site). Test restores regularly.
Patch Policy: Track “known exploited” vulnerabilities; prioritize those patches.
Change Control: CI/CD with rollbacks; tag releases; keep infra as code where feasible.

Sources Used (APA)

International Organization for Standardization. (1994). Information technology — Open Systems Interconnection — Basic Reference Model: The Basic Model (ISO/IEC 7498-1:1994). ISO.
Braden, R. (Ed.). (1989). Requirements for Internet Hosts — Communication Layers (RFC 1122). IETF.
Braden, R. (Ed.). (1989). Requirements for Internet Hosts — Application and Support (RFC 1123). IETF.
Scarfone, K., & Hoffman, P. (2009). Guidelines on Firewalls and Firewall Policy (NIST SP 800-41 Rev.1). National Institute of Standards and Technology.
Souppaya, M., & Scarfone, K. (2016). User’s Guide to Telework and Bring Your Own Device (BYOD) Security (NIST SP 800-114 Rev.1). National Institute of Standards and Technology.
Grimes, R. A. (2019). Malware, Rootkits & Botnets (2nd ed.). McGraw-Hill. (General network defense context.)
OWASP Foundation. (2021). OWASP Top Ten. OWASP.
Cisco Systems. (n.d.). Small Business Network Design Basics. Cisco Press/Docs. (Design patterns for segmentation and WLAN/VLAN.)
Internet Security Research Group. (n.d.). Let’s Encrypt & ACME Client Documentation. ISRG.
National Institute of Standards and Technology. (2010). Contingency Planning Guide for Federal Information Systems (NIST SP 800-34 Rev.1). NIST. (Backup/restore guidance.)

Note: OSI is a conceptual reference; modern Internet stacks follow TCP/IP. The above resources inform the security and operational guidance reflected here.