HACS208P Extended

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Evolution of ARPANET into the 1980s

"Inter networking" became increasingly popular. Several purpose-built networks then exist, with ARPANET being at the heart of them Goal was soon to have networks independently communicate with one another, such as with IP and TCP - birth of the modern internet

Application Layer

- Acts as an interface between your computer and the programs on it and the network you want to communicate on - Translating human domain names into computer friendly IP addresses is done by the DNS protocol - Lots of instructions

World Wide Web Consortium (W3C)

- An international community of organizations and the public work to develop web standards - Develops protocols and guidelines for web development purposes (CSS, HTML, etc)

Factors in evolution of internet

- Evolutionary process - Multiple players and stakeholders - Academic inspiration - Key government support - Private sector ingenuity

Network Layer

- Information that deals with routing is done at the network layer - Locations on the internet are established by internet protocol - Autonomous systems are large networks that manage thousands of internet protocol addresses - Autonomous systems maintain peering relationships

Technical Rule Making Bodies

- Internet Architecture Board - Internet Engineering Task Force - Internet Research Task Force

Physical Layer

- Moves data encoded on different points on the electromagnetic spectrum - Fiber optics help traverse long distances - Microwave used for point to point transmission - Satellites used to move data over radio waves - Internet Exchange Points (IXP) physically connect networks together in accordance to logical peering relationships

Internet of things def

- Networks of objects that communicate with other objects and with computers through the Internet. "Things" may include virtually any object for which remote communication, data collection, or control might be useful, such as vehicles, appliances, etc. - An object is a part of this web of interconnected devices if it has 1. A unique identifier (IPv6) and 2. Internet connectivity

Internet as a global commons Trends (early 2000's)

1. Cloud computing 2. Mobile Computing

Rules of the internetwork

1. Each distinct network stands on its own 2. Communications get transferred on a best effort basis (if they make it they make it, if they don't then they don't) 3. Black boxes would connect internet 4. No global control of the operations Assumed only 256 networks would be enough

History and evolution of the internet (detailed)

1. Ideological origins 2. Govt support and prototyping to build a prototype (ARPANET) 3. Privatizing and scaling the internet 4. Govt research support

Cloud computing: security concerns

1. Privileged User Access: Company data processed outside of the organization brings a degree of risk 2. Regulatory Compliance: Customers are ultimately responsible for the integrity of their data regardless of where it resides. 3. Data Location: When you use cloud services you don't always know where your data is physically located 4. Data Segregation: Organizational data is collocated with other systems 5. Recovery: Cloud providers need to be able to articulate recovery procedures in case of total failure

Describe prototype of the internet

1960s, DARPA (Defense Advanced Research Projects Agency) funds project called ARPANET @ academic institutions. ARPANET started first packet switching protocol. (Internet protocol and Transmission control protocol were developed at this time), both of which still exist today.

OSI Model Layers

7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical

A firm's stock price that falls 20% after a cyber event is an example of a

A Secondary Effect

Which definition best describes an Autonomous Systems?

A collection of connected Internet Protocol (IP) under the control of one or more network operators.

OceanLotus is a hacking group that is best described as a

A nation state group that was highly focused on acquiring information against economic and political targets

Tallinn Manual

A non-binding document that is the cyber equivalent of the Geneva Convention, specifying the rules of cyberwarfare

The OSI model is

A representation of how information from a user is encapsulated, transmitted, and received across networks, and the global telecommunications infrastructure

The Onion Network is a

A series of servers who route traffic through devices, peeling away encrypted layers of routing information to use in anonymous internet browsing or proxy to another server

APT is an acronym for

Advanced Persistent Threat

Who said they invented the internet?

Al Gore

Supercomputer Network Study Act

Allocated 600 million to study high performance computing

The size and complexity of an organization's publicly facing internet presence is known as the firm's

Attack Surface

What is the key protocol that is leveraged to "provide the map" between networks?

BGP

IP Address

Basically the address on the Internet. it is where you are going. the address of the outside of an envelope

Describe WWW in 90s and 2000s

Boom of people using it in the 90s, but the .com bubble burst in the 2000s. Afterwards, there was boom of blogs, wikis, social networking, etc with "Web 2.0"

Regional Internet Registries are

Both A and C (A = Managed by ICANN, C = A core part of the internet that helps domain names with internet protocol addresses)

The effects of cyber attack against specific industries can be best described as

Both B and D (B = Varying in the types of exploitative and disruptive category types across all sectors, D = Varying in number across all sectors in the economy)

What is encapsulation

Bundling instructions for any communication together and hiding details

Internet

Collection of networks working together to transmit, receive, manipulate, and process information for a variety of purposes

According to the taxonomy what kind of cyber event was the Maersk line attack?

Data Attack

Spearphishing is a tactic in which part of the Lockheed Martin Kill Chain Model?

Delivery

Fancy Bear is a threat actor that is best categorized as what type of threat actor?

Either C or D (C = APT, D = Nation State)

The OSI Data Model utilizes the concept of ______ to move data from one point of the Earth to another

Encapsulation

Internet Engineering Task Force (IETF)

Engineering group which focuses on short term immediate technology needs

Threat Landscape def

Entirety of potential and identified cyberthreats affecting a particular sector, group of users, time period, and so forth. Internet, hackers, tools tactics and processes, effects, and attack surfaces all define threat landscape.

The Target, Home Depot, or Eddie Bauer cyber events are examples of what type of attack in the taxonomy presented in the course

Exploitation of Sensor

According to international law, a country DOES NOT have an obligation to take measures to ensure the establishment of international telecommunications infrastructure that is required for the rapid and uninterrupted international telecommunications

False

IT System Administrators often can easily identify who attackers are and submit their identities to law enforcement for prosecution

False

Public Policy is strictly limited to the laws passed at the federal, state, or local level

False

Russia is considered a medium tier cyber threat

False

The global telecommunication infrastructure is managed by nation states who come to agreement on where to invest and who should have access

False

The government was the only actor in scaling the internet for wide adoption by the 1990s

False

Internet Research Task Force (IRTF)

Focused on long-term research related to Internet and TCP/IP protocols such as Anti-Spam Research Group (ASRG), Crypto Forum Research Group (CFRG), and Peer-to-Peer Research Group (P2PRG).

Birth of the modern internet

Goal: allow networks to independently communicate with one another; previous work on internet protocol (IP) and transmission control protocol (TCP) is adopted universally in 1984

Data governance in industries

Gramm-Leach-Bailey Act - modernizes security in banking industry to safeguard info

A hacker who defaces a government website to protest the arrest of a political prisoner would be considered what type of threat actor?

Hacktivist

Which of the following is NOT considered a cyber threat actor?

Hobbyists who are curious about how technology works and reports vulnerabilities to organizations and authorities

How is Data governed in the US

In US, there is no uniform data protection legislation federally, but there are laws to protect information in some industries

Encapsulation def

Instructions for data to be packaged, routed, and transmitted

What did origins of the internet look like?

Interconnected computers transmitting large amounts of data. (1950s and 1960s)

Which description best describes The Internet Corporation for Assigned Names and Numbers (ICANN)?

Internationally organized non-profit responsible for coordinating the maintenance and procedures of several databases related to the namespace on the internet

What is ITU

Internet Telecommunications Union, forum for governments and the private sector to coordinate technical and policy matters related to global telecommunications networks and services

International weightlifting competition website defacement

Iranian weightlifter couldn't complete final lift, so hacker defaced competition website with motivational message to support the weightlifter.

Autonomous system

Kind of like local roads. Is a grouping of IP addresses which make routing information between independent networks easier. Companies like Verizon, Sprint, AT&T each have AS which they manage to communicate with each other

Internet Architecture Board (IAB)

Long range technical direction for internet development

Mirai botnet

Mirai is a malware that can control certain IOT devices which have hardcoded credentials on them

Describe another trend (Mobile computing)

Mobile web technology began at end of 90s, but by end of 2000s, 3g speeds allowed for better speeds.

First web browser

Mosaic (1993)

in 1993, what was most popular web browser, and what was the most common way to utilize the internet?

Mosaic, and way to utilize internet was with WWW and webpages

Scaling internet

NSFNET (National Science Foundation) builds high speed connections between research groups. Private sector became incentivized to build its own private networks to expand the capacity of the internet

Internet Corporation for Assigned Names and Numbers (ICANN)

Non-profit which coordinates maintenance and procedures of databases

The origin and evolution of the Internet was a product of

None of the above (Professors, Private Sector, and the Government)

OSI Model def

Open systems interconnection model; a way to think about the communications functions independent of the technology or structure

Threat landscape tactics, techniques, and procedures

Phising, ransomware, ddos, c2 infrastructure, virus, trojan, malware-less attacks, ics attacks

What is DNS

Phonebook of the internet, finds out where on the Internet to establish a connection. There are different types of DNS

The specific attack on a Ukraine Power grid in which 27 substations were taken off line was an example of

Physical Attack

autonomous vehicles concerns

Physical threats with potential access, lack of internet security, safety, liability

The use of _____ often makes it difficult for victims of cyber attack to identify the threat actor involved.

Proxies

Investigating the organizational chart of a target is which part of the Lockheed Martin Kill Chain Model?

Reconnaissance

Monde TV 5 Cyber attack 2015

Russian government / ISIS defaced this French news channel

Degradation to a customers logistic supply chains would be an example of a

Second Order Effect

How would you describe the $300M dollar loss by Maersk Line to a Policy Maker utilizing the model in the class?

Secondary Effect

Describe one trend (cloud computing)

Shared resources under the cloud emerged in 2006.

What was standard protocol in 1980s

TCP and IP. Before, it was Arpanet

What is the goal of the policy maker with cybersecurity?

Take advantage of beneficial aspects of technology, while minimizing security risks. However, not all issues are of public concern (Joe's crab shack)

Which of the following is a not a statue (i.e. a law) which deals with cybersecurity issues?

Tallinn Manual Rule 61

One major limitation of terrestrial microwave technology for use in long haul communications is

The curvature of the Earth prevents long distance communications, without the need for a repeater

Cyber def

The electronic world created by interconnected networks of information technology and the information on those networks. It is a global commons where... people are linked together to exchange ideas, service, and friendship

ARPANET

The first packet-switched network, the predecessor to the Internet.

Cybersecurity def

The organization and collection of resources, processes, and structures used to protect cyberspace and cyberspace-enabled systems

Which definition best describes the Internet Exchange Point (IEX)

The physical infrastructure through which Internet service providers (ISPs) and content delivery networks (CDNs) exchange internet traffic between their networks

Attack Surface def

The point at which an attacker can research, scan, exploit, and enter your organization; the publicly identifiable pieces of your network exposed to a potential attacker 1. Website 2. Internet connected sensors (Webcam) 3. File servers

Governance def

The process by which we manage the technical, informational, and organizational problems that arise from the complexity of the Internet; multiple stakeholders are involved

According to Director of National Intelligence, James Clapper, how are the threats of cyberattacks best described?

Threats to US national and economic security are increasing in size, scale, and severity of impact. Increase of targeted attacks

Who developed concept of World Wide Web, and writes first version of HTML and web pages in 1993?

Tim Berners Lee.

The Definition for the Term "cyber" includes the interplay between humans and humans

True

US CLOUD act

US Law enforcement can demand data stored outside of the US An individuals right to information depends on if the cloud provider objects Foreign gov can be granted permission to get info of people in the US if there is minimal effect

The 2018 Nuclear Posture Review introduced which of the following considerations into US nuclear policy?

Use of significant non-nuclear attacks on the country might be ground for the employment of nuclear weapons

Writing an exploit to leverage a vulnerability in the Windows 10 OS would be included in which phase of the Lockheed Martin Cyber Kill Chain?

Weaponization

Peering relationships

When an AS broadcasts a list of other networks it has a relation with, to forward information to an AS that does know where to direct you

Tim Berners Lee founded what?

World Wide Web Consortium in 1994

The Introduction of Senate Bill 2594, the "Super Computer Network Study Act" of 1986, the former president Al Gore helped

bring together industry, academia, and government in a joint effort to accelerate development and deployment of gigabit networking

What is DNS poisoning?

changes the DNS records on a system to point to false servers where the data is recorded Can be used to collect passwords, trick users into installing malware, redirecting searches

Important public policy considerations include

cyber physical systems, crime, activism, privacy

The definition of the Internet as a global information system includes all EXCEPT the following

includes the technology required to store and manipulate content in corporate networks

Internet governance forum

is a multi-stakeholder forum for policy dialogue on issues of Internet governance.

Bringing government policy makers, civil society (i.e. NGO, and the private sector to govern/manage a problem is known as

multi-stakeholder governance

Which browsers emerged to compete with Mosaic?

windows 95 and Internet Explorer, and Netscape


Ensembles d'études connexes

Chapter 10: Antitubercular Drugs - ML3

View Set

Two Worlds Meet Vocabulary (NACA - 2020)

View Set

Theatre History Medieval to Elizabethan

View Set