All People Seem To Need Data Processing
Application, Presentation, Session, Transport, Network, Data Link, Physical
7 application layer
interface between the user's application and the network
types of communication: email, file transfer, client/server
6 presentation layer
provides a context for communication between layers
handles encryption, data conversion
5 session layer
controls the dialogs between computers; also controls duplexing, termination, and restarts
maintains order
4 transport layer
provides end to end communication control
ensures delivery of entire file/message
3 network layer
provides connections between hosts on different networks
routes data to different LANs and WANs based on network address
2 data link layer
provides connections between hosts on the same network
transmits packets from node to node based on station address
1 physical layer
describes electrical and physical specifications on devices
electrical signals or cabling
subnet mask
A 32-bit number assigned to each host for dividing the 32-bit binary IP address into network and node portions. (ex. 255.255.255.255)
default gateway
address that tells computer where the router is and allows computer to access the internet
internal/private ip address
usually starts with a 10 or a 192 (class b and c addresses)
routers give these ip addresses to private end users so that they can connect to the internet
ex: ipad, laptops, computers, etc.
external/public ip address
the ip address that is given to the router by the isp
allows router to communicate w/ all other publicly available routers
central area for internet, allows the internet to identify the router
common ports
25/2525/465/587 (STMP)
80/443 (HTTP)
110/995 (POP3)
143/993 (IMAP4)
23 (Telnet)
20, 21 (FTP)
53 (DNS)
389 (Lightweight Directory Access Protocol)
well known port
port number reserved for use by a particular application. allows a client to send a TCP or UDP segment to a server, to the correct destination port for that application.
registered port
port that can be used by network users and processes that are not considered standard processes. Default assignments of these ports must be registered with IANA.
dynamic (private) port
port number that can be assigned by a client or server as the need arises
inbound port
port for when a connection was initiated from outside of your computer and traffic flows inward
ex: a server that you own gets requests from people
outbound port
port for when a connection was initiated from your computer and the traffic flows outward to the destination intended
ex: connecting to a server
switch
a computer networking device that connects network segments
occurs at layer 2 (Data Link)
router
a device that transfers data from one network to another in an intelligent way
occurs at layer 3 (Network)
hub
a device that uses its ports to connect devices (computers, printers, etc.) together
outdated
occurs at layer 1 (Physical)
dhcp server
automatically provides and assigns ip addresses, default gateways, and subnet masks to devices
handles having to find your own ip address, default gateway, and subnet masks every time you connect
Some People Fear Birthdays
Segments, Packets, Frames, Bits.
segment
data in the transport layer
packet
data in the network layer
frame
data in the data link layer
bits
data in the physical layer
ipv4
the dominant protocol for routing traffic on the Internet
32 bit PROS
simple prefixes
system handling is good CONS
running out of addresses
ipv6
a new protocol developed to replace IPv4, addressing the issue of IP address exhaustion
128 bit PROS
unique addresses
no subnetting issues CONS
long addresses that can be hard to type
computer routing issues
threat environment
the types of attackers and attacks that companies face
Sony data breach
2014 incident where malware installed on a company computer allowed hackers to steal scripts, emails, and personal information of employees and customers
hacking
unauthorized access, modification, or use of an electronic device or some element of a computer system
social engineering
technique for breaching a system's security by exploiting human nature
uses standard techniques to get users to give up info needed to gain access to a target system by getting preliminary info about a target organization and leveraging it to obtain additional info from system users
denial of service attack (dos)
when hackers flood a website with so many requests for service that it slows down or crashes the site
cyberwarfare
State-sponsored activity designed to cripple and defeat another state or nation by damaging or disrupting its computers or networks
Cyberterrorism
politically motivated attacks on information systems
hacktivism
hacking that is intended as political activism
cybercriminal
Someone who attacks a computer system or network for financial gain
cryptography
the art of protecting information by transforming it into an unreadable format, called cipher text
initial authentication
authentication at the beginning of a communication session, before the two sides exchange working data.
public key encryption (asymmetric)
one key (public key) is used to encrypt a message, and another (private key) is used to decrypt the message
Kerckhoff's Law
law that says that in order to have confidentiality, communication partners only need to keep the key secret, not the cipher.
birthday attack
an attack that searches for any two digests that are the same.
data in transit
Any data sent over a network. It's common to encrypt sensitive data-in-transit.
data in use
Any data currently being used by a computer. Because the computer needs to process the data, it is not encrypted while in use.
data at rest
Data that is stored on electronic media.
worm
A destructive computer program that bores its way through a computer's files or through a computer's network.
virus
A program that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data
malware
software that is intended to damage or disable computers and computer systems.
phising
an identity theft tool that appears in the form of an E-mail or pop-up message; usually looks like it's from a legitimate financial institution and prompts you to provide your personal infromation in order to fix a problem with your account
spearfishing
Phishing expedition that targets groups
trojan horse
a program that appears desirable but actually contains something harmful
payload
Malware delivered by social engineering and/or by exploiting vulnerability in software.
threat surface
The total set of penetrations of a boundary or perimeter that surrounds or contains systems elements.
logic bomb
A computer program or part of a program that lies dormant until it is triggered by a specific logical event.
shoulder surfing
Watching an authorized user enter a security code on a keypad.
eavesdropping
listening secretly to a conversation for the purpose of getting sensitive information
dumpster diving
combing through trash to identify valuable assets
baiting
When a malicious individual leaves malware-infected removable media, such as a USB drive or optical disc, lying around in plain view.
piggybacking
The process of connecting to a wireless network without the permission of the owner of the network.
wateringhole attack
A malicious attack that is directed toward a small group of specific individuals who visit the same website.
mantraps
pretexting
a form of social engineering in which the
privilege escalation
a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications
backdoor attack
An attack that exploits an unprotected access method or pathway.
boot sector
________ viruses are often transmitted by a flash drive left in a USB port.
session hijacking
An attack in which an attacker attempts to impersonate the user by using his session token.
session theft
When an attacker attempts to steal a user's session using the owner's cookie and authentication information
tcp hijacking
A form of man-in-the-middle attack whereby the attacker inserts himself into TCP/IP-based communications.
spyware
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
rootkits
a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
ransomware
a type of malicious software designed to block access to a computer system until a sum of money is paid.
adware
software that automatically displays or downloads advertising material (often unwanted) when a user is online.
grayware
software that isn't benign nor malicious and tends to behave improperly without serious consequences
teardrop attack
Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine to halt/freeze it
smurf attack
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.
SYN flood attack
An attack that takes advantage of the 3 way handshake to flood servers
fraggle attack
Smurf attack variation that uses ports 7 & 19 to a broadcast address
ping flood attack
Ping utility used to send large number of echo request messages and overwhelms server
diversion theft
When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.
spear phising
a phishing method in which the emails are carefully designed to target a particular person or organization
whaling
A phishing attack that where the attacker attempts to compromise information about a specific highly valuable employee
vishing
a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information
malicious insider
An employee or contractor who attempts to gain financially and/or disrupt a company's information systems and business operations
CIAAAN
Confidentiality: information kept private and secure
Integrity: data not modified, deleted, or added
Availability: systems available to whom requires them
Authenticity: providing verification of the identities
Accountability: assurance by recording identities and activities
Non-repudiation: assuring the identities of the parties in a transaction
symmetric encryption
type of encryption where only one key is used to encrypt and decrypt electronic information
require a shorter key length to be secure
faster than asymmetric encryption
cipher suite
a complete, packaged set of methods (algorithms) needed to secure a network connection through SSL/TLS (ex: Cisco AnyConnect)
cipher suite negotiation
method for establishing secure communication
stage 1: selecting security methods and parameters
stage 2: authentication
stage 3: keying
hashing (hashing vs encryption)
used for signing plaintext
1 way, non-reversible
ex: taking a person's finger-print -ex: used for storing Windows passwords or verifying an ISO file
encryption (hashing vs encryption)
used for encoding plaintext
2 way, reversible
ex: putting a lock on a box -ex: using an ATM and needing info to be protected
transposition cipher (transition vs substitution)
symmetric cipher that does not change individual letters or bits of a plaintext, but it changes their order
substitution cipher (transition vs substitution)
symmetric cipher that substitutes one letter (or bit) for another in each place of a plaintext
electronic signature
used to verify that someone intended to sign something, the identity was verified, and that the document did not change after the signature was made
digital signature
a code digitally signed by a company or person that verifies who sent a message
sender selects the file they want to send, then their computer creates a hash for it.
the hash value is encrypted with the sender's private key and is sent to the receiver
the receiver gets the file, opens it in the correct app, and the app verifies that it was digitally signed
the receiver's computer decrypts the digital signature using the sender's public key
digital certification
used to validate the authenticity and integrity of a message
generates a hash of a message and encrypts it using the sender's private key. Then, the message is signed and sent to the recipient
The recipient generates their own hash of the message and decrypts the sender's hash using the sender's public key
If both hashes match the document wasn't modified and the sender was authenticated
one time pad (OTP)
secure method of encryption information that involves using random generated key only once
botnets
a logical computer network of zombies under the control of an attacker
controlled via a handler (compromised hosts used to manage large groups of bots)
zombies
computers that have been taken control by hackers
used to directly attack victims
can floor victims with different requests and can be updated for new functionality
macro
viruses that infect the macros in office documents
program
a detailed plan or procedure for solving a problem with a computer