MIS 561 Exam 2

All People Seem To Need Data Processing

Application, Presentation, Session, Transport, Network, Data Link, Physical

7 application layer

- interface between the user's application and the network
- types of communication: email, file transfer, client/server

6 presentation layer

- provides a context for communication between layers
- handles encryption, data conversion

5 session layer

- controls the dialogs between computers; also controls duplexing, termination, and restarts
- maintains order

4 transport layer

- provides end to end communication control
- ensures delivery of entire file/message

3 network layer

- provides connections between hosts on different networks
- routes data to different LANs and WANs based on network address

2 data link layer

- provides connections between hosts on the same network
- transmits packets from node to node based on station address

1 physical layer

- describes electrical and physical specifications on devices
- electrical signals or cabling

subnet mask

A 32-bit number assigned to each host for
dividing the 32-bit binary IP address into
network and node portions. (ex. 255.255.255.255)

default gateway

address that tells computer where the router is and allows computer to access the internet

internal/private ip address

- usually starts with a 10 or a 192 (class b and c addresses)
- routers give these ip addresses to private end users so that they can connect to the internet
- ex: ipad, laptops, computers, etc.

external/public ip address

- the ip address that is given to the router by the isp
- allows router to communicate w/ all other publicly available routers
- central area for internet, allows the internet to identify the router

common ports

- 25/2525/465/587 (STMP)
- 80/443 (HTTP)
- 110/995 (POP3)
- 143/993 (IMAP4)
- 23 (Telnet)
- 20, 21 (FTP)
- 53 (DNS)
- 389 (Lightweight Directory Access Protocol)

well known port

port number reserved for use by a particular application. allows a client to send a TCP or UDP segment to a server, to the correct destination port for that application.

registered port

port that can be used by network users and processes that are not considered standard processes. Default assignments of these ports must be registered with IANA.

dynamic (private) port

port number that can be assigned by a client or server as the need arises

inbound port

- port for when a connection was initiated from outside of your computer and traffic flows inward
- ex: a server that you own gets requests from people

outbound port

- port for when a connection was initiated from your computer and the traffic flows outward to the destination intended
- ex: connecting to a server

switch

- a computer networking device that connects network segments
- occurs at layer 2 (Data Link)

router

- a device that transfers data from one network to another in an intelligent way
- occurs at layer 3 (Network)

hub

- a device that uses its ports to connect devices (computers, printers, etc.) together
- outdated
- occurs at layer 1 (Physical)

dhcp server

- automatically provides and assigns ip addresses, default gateways, and subnet masks to devices
- handles having to find your own ip address, default gateway, and subnet masks every time you connect

Some People Fear Birthdays

Segments, Packets, Frames, Bits.

segment

data in the transport layer

packet

data in the network layer

frame

data in the data link layer

bits

data in the physical layer

ipv4

- the dominant protocol for routing traffic on the Internet
- 32 bit
PROS
- simple prefixes
- system handling is good
CONS
- running out of addresses

ipv6

- a new protocol developed to replace IPv4, addressing the issue of IP address exhaustion
- 128 bit
PROS
- unique addresses
- no subnetting issues
CONS
- long addresses that can be hard to type
- computer routing issues

threat environment

the types of attackers and attacks that companies face

Sony data breach

2014 incident where malware installed on a company computer allowed hackers to steal scripts, emails, and personal information of employees and customers

hacking

unauthorized access, modification, or use of an electronic device or some element of a computer system

social engineering

- technique for breaching a system's security by exploiting human nature

- uses standard techniques to get users to give up info needed to gain access to a target system by getting preliminary info about a target organization and leveraging it to obtain additional info from system users

denial of service attack (dos)

when hackers flood a website with so many requests for service that it slows down or crashes the site

cyberwarfare

State-sponsored activity designed to cripple and defeat another state or nation by damaging or disrupting its computers or networks

Cyberterrorism

politically motivated attacks on information systems

hacktivism

hacking that is intended as political activism

cybercriminal

Someone who attacks a computer system or network for financial gain

cryptography

the art of protecting information by transforming it into an unreadable format, called cipher text

initial authentication

authentication at the beginning of a communication session, before the two sides exchange working data.

public key encryption (asymmetric)

one key (public key) is used to encrypt a message, and another (private key) is used to decrypt the message

Kerckhoff's Law

law that says that in order to have confidentiality, communication partners only need to keep the key secret, not the cipher.

birthday attack

an attack that searches for any two digests that are the same.

data in transit

Any data sent over a network. It's common to encrypt sensitive data-in-transit.

data in use

Any data currently being used by a computer. Because the computer needs to process the data, it is not encrypted while in use.

data at rest

Data that is stored on electronic media.

worm

A destructive computer program that bores its way through a computer's files or through a computer's network.

virus

A program that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data

malware

software that is intended to damage or disable computers and computer systems.

phising

an identity theft tool that appears in the form of an E-mail or pop-up message; usually looks like it's from a legitimate financial institution and prompts you to provide your personal infromation in order to fix a problem with your account

spearfishing

Phishing expedition that targets groups

trojan horse

a program that appears desirable but actually contains something harmful

payload

Malware delivered by social engineering and/or by exploiting vulnerability in software.

threat surface

The total set of penetrations of a boundary or perimeter that surrounds or contains systems elements.

logic bomb

A computer program or part of a program that lies dormant until it is triggered by a specific logical event.

shoulder surfing

Watching an authorized user enter a security code on a keypad.

eavesdropping

listening secretly to a conversation for the purpose of getting sensitive information

dumpster diving

combing through trash to identify valuable assets

baiting

When a malicious individual leaves malware-infected removable media, such as a USB drive or optical disc, lying around in plain view.

piggybacking

The process of connecting to a wireless network without the permission of the owner of the network.

wateringhole attack

A malicious attack that is directed toward a small group of specific individuals who visit the same website.

mantraps

pretexting

a form of social engineering in which the

privilege escalation

a network intrusion attack that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications

backdoor attack

An attack that exploits an unprotected access method or pathway.

boot sector

________ viruses are often transmitted by a flash drive left in a USB port.

session hijacking

An attack in which an attacker attempts to impersonate the user by using his session token.

session theft

When an attacker attempts to steal a user's session using the owner's cookie and authentication information

tcp hijacking

A form of man-in-the-middle attack whereby the attacker inserts himself into TCP/IP-based communications.

spyware

software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

rootkits

a set of software tools that enable an unauthorized user to gain control of a computer system without being detected.

ransomware

a type of malicious software designed to block access to a computer system until a sum of money is paid.

adware

software that automatically displays or downloads advertising material (often unwanted) when a user is online.

grayware

software that isn't benign nor malicious and tends to behave improperly without serious consequences

teardrop attack

Attack that breaks apart packets into IP fragments, modifies them with overlapping and oversized payloads, and sends them to a victim machine to halt/freeze it

smurf attack

An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim.

SYN flood attack

An attack that takes advantage of the 3 way handshake to flood servers

fraggle attack

Smurf attack variation that uses ports 7 & 19 to a broadcast address

ping flood attack

Ping utility used to send large number of echo request messages and overwhelms server

diversion theft

When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.

spear phising

a phishing method in which the emails are carefully designed to target a particular person or organization

whaling

A phishing attack that where the attacker attempts to compromise information about a specific highly valuable employee

vishing

a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information

malicious insider

An employee or contractor who attempts to gain financially and/or disrupt a company's information systems and business operations

CIAAAN

- Confidentiality: information kept private and secure
- Integrity: data not modified, deleted, or added
- Availability: systems available to whom requires them
- Authenticity: providing verification of the identities
- Accountability: assurance by recording identities and activities
- Non-repudiation: assuring the identities of the parties in a transaction

symmetric encryption

- type of encryption where only one key is used to encrypt and decrypt electronic information
- require a shorter key length to be secure
- faster than asymmetric encryption

cipher suite

a complete, packaged set of methods (algorithms) needed to secure a network connection through SSL/TLS (ex: Cisco AnyConnect)

cipher suite negotiation

method for establishing secure communication

- stage 1: selecting security methods and parameters
- stage 2: authentication
- stage 3: keying

hashing (hashing vs encryption)

- used for signing plaintext
- 1 way, non-reversible
- ex: taking a person's finger-print
-ex: used for storing Windows passwords or verifying an ISO file

encryption (hashing vs encryption)

- used for encoding plaintext
- 2 way, reversible
- ex: putting a lock on a box
-ex: using an ATM and needing info to be protected

transposition cipher (transition vs substitution)

symmetric cipher that does not change individual letters or bits of a plaintext, but it changes their order

substitution cipher (transition vs substitution)

symmetric cipher that substitutes one letter (or bit) for another in each place of a plaintext

electronic signature

- used to verify that someone intended to sign something, the identity was verified, and that the document did not change after the signature was made

digital signature

- a code digitally signed by a company or person that verifies who sent a message

- sender selects the file they want to send, then their computer creates a hash for it.

- the hash value is encrypted with the sender's private key and is sent to the receiver

- the receiver gets the file, opens it in the correct app, and the app verifies that it was digitally signed

- the receiver's computer decrypts the digital signature using the sender's public key

digital certification

- used to validate the authenticity and integrity of a message

- generates a hash of a message and encrypts it using the sender's private key. Then, the message is signed and sent to the recipient

- The recipient generates their own hash of the message and decrypts the sender's hash using the sender's public key

- If both hashes match the document wasn't modified and the sender was authenticated

one time pad (OTP)

secure method of encryption information that involves using random generated key only once

botnets

- a logical computer network of zombies under the control of an attacker

- controlled via a handler (compromised hosts used to manage large groups of bots)

zombies

- computers that have been taken control by hackers

- used to directly attack victims

- can floor victims with different requests and can be updated for new functionality

macro

viruses that infect the macros in office documents

program

a detailed plan or procedure for solving a problem with a computer