1 Chapter 1: Understanding Networks and Computers 1 Chapter 1: Understanding Networks and Computers
Purpose: This chapter is designed to provide key background information the cyber environment, including the technological infrastructure of cyberspace and the technology involved in transferring information securely. It is divided into three units: the first covers the basic architecture and vulnerability of electronic systems; the second covers the design principles and building blocks of the Internet; the third introduces some vulnerabilities inherent to the cyber environment. Concepts Covered: Operating systems, Applications, routers, packets, TCP/IP, DNS, dial-up and WiFi connections, undersea cables, satellites, wireless networks, encryption and authentication, critical infrastructure, cloud computing, man-in-the-middle attacks, and phishing scams.
1.1 1.1 Introduction to Computers and Computer Vulnerabilities 1.1 1.1 Introduction to Computers and Computer Vulnerabilities
Purpose: Provide a framework through which to examine issues pertaining to securing the electronic environment, such as hardware, software, and the supply chain.
1.1.1 1.1.1 Computer Architecture Overview 1.1.1 1.1.1 Computer Architecture Overview
1.1.1.1. William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Committee on Offensive Information Warfare, National Research Council; The Basic Technology of Cyberattack in Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, 2009, pp82-91
1.1.1.2. John Savage, Computer Architecture, Lecture slides from CSCI 1800: Cybersecurity and International Relations, Feb 1, 2012
1.1.2 1.1.2 Computer Sources of Vulnerability 1.1.2 1.1.2 Computer Sources of Vulnerability
1.1.2.1. William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Committee on Offensive Information Warfare, National Research Council; Appendix E: Technical Vulnerabilities Targeted by Cyber Offensive Actions in Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, 2009, pp360-367
1.1.2.2. John Savage, Operating Systems and Applications, Lecture slides form CSCI 1800: Cybersecurity and International Relations, Feb 8, 2012
1.2 1.2 Introduction to Internet Infrastructure 1.2 1.2 Introduction to Internet Infrastructure
Purpose: Provide an overview of network infrastructure, elements, and architecture philosophy.
1.2.1 1.2.1 Architecture Philosophy 1.2.1 1.2.1 Architecture Philosophy
Many of the current security and vulnerability concerns associated with the Internet are the product of deliberate design philosophy and choices regarding functionality that characterized the early days of the Internet.
1.2.1.1. David Clark, The Design Philosophy of the DARPA Internet Protocols, ACM SIGCOMM Computer Communication Review, 1988
1.2.1.2. Lawrence Lessig, Code 2.0, Ch. 4: Architectures of Control, 2006
1.2.1.3. David G. Post, In Search of Jefferson’s Moose, Ch. 1: Chaos, 2009
1.2.2 1.2.2 Elements of the Network (ISPs, Routers, Protocols and packets view) 1.2.2 1.2.2 Elements of the Network (ISPs, Routers, Protocols and packets view)
This sub-section provides an overview on the network, the protocols it employs to transfer data, and the various ways computers connect to the Internet. Its purpose is to consider the different domains of cyberspace--systems, applications, and human--and provide an “under-the-hood” understanding of how they interact.
1.2.2.1. David Clark, An Insider’s Guide to the Internet, 2004
1.2.2.2. Elihu Zimet and Edward Skoudis, Cyberpower and National Security, Ch. 4: A Graphical Introduction to the Structural Elements of Cyberspace, eds. Kramer, Starr, and Wentz, 2009
1.2.2.3. Preston Gralla, How the Internet Works, Ch. 1-10, 8th edition, 2007
1.2.3 1.2.3 Communication Channels 1.2.3 1.2.3 Communication Channels
1.2.3.1 1.2.3.a Cables 1.2.3.1 1.2.3.a Cables
About 99 percent of Internet traffic travels through undersea cables maintained by private providers. Securing and monitoring the cables raises questions regarding private/public cost-burden, territoriality, and international cooperation.
1.2.3.1.1. Global Bandwidth Research Service, TeleGeography Submarine Cable Map, 2011
1.2.3.2 1.2.3.b Satellites 1.2.3.2 1.2.3.b Satellites
1.2.3.2.1. Dave Lee, Sky-high Thinking for African Internet, BBC, Aug 6, 2012
1.2.3.2.2. BBC, Lybia Jamming ‘exposed Vulnerability’, Jan 13, 2006
1.2.3.3 1.2.3.c Wireless Networks 1.2.3.3 1.2.3.c Wireless Networks
A variety of wireless technologies have been standardized and commercialized, but no single technology is considered the best because of different coverage and bandwidth limitations.
1.2.3.3.1. Shin, M., Wireless Network Security and Interworking, Proceedings of the IEEE, Vol. 94 (2), Feb 2006. pp455-466
1.2.4 1.2.4 Data Provenance 1.2.4 1.2.4 Data Provenance
1.2.4.1 1.2.4.a Encryption (public and private keys, hash functions) 1.2.4.1 1.2.4.a Encryption (public and private keys, hash functions)
Public key cryptography enables encryption and decryption of data transferred between two parties, the authentication of data’s origin, and indication of data tampering.
1.2.4.1.1. Steven Levy, Crypto Ch. 3: Public Key, 2001
1.2.4.1.2. Introduction to Public-Key Cryptography, Mozilla Developer Network, 2005
1.2.4.1.3. D. Richard Kuhn et al., Introduction to Public Key Technology and the Federal PKI Infrastructure, NIST, 2001
1.2.4.2 1.2.4.b SSL Certificates 1.2.4.2 1.2.4.b SSL Certificates
Many of the online authentication mechanisms that enable transactions rely on faith in the Secure Sockets Layer protocol and Certificate Authorities. Growing evidence suggests that this mechanism is highly vulnerable, and there has been much discussion surrounding alternatives.
1.2.4.2.1. Introduction to SSL, Mozilla Developer Network, 2005
1.2.4.2.2 1.2.4.b.ii Moxie Marlinspike on SSL and Authenticity 1.2.4.2.2 1.2.4.b.ii Moxie Marlinspike on SSL and Authenticity
Marlinspike has released several follow-up materials which are useful for an updated view of the ongoing debate.
1.2.4.2.2.1. Moxie Marlinspike, BlackHat USA 2011: SSL and the Future of Authenticity, 2011
1.2.4.2.2.2. Moxie Marlinspike, New Tricks For Defeating SSL In Practice, BlackHat DC, 2009
1.2.4.2.2.3. Moxie Marlinspike, SSL and the Future of Authenticity, Thoughtcrime Blog, 2011
1.2.4.2.3. Gregg Keizer, Hackers Stole Google SSL Certificate, Dutch Firm Admits, Computerworld, Aug 30, 2011
1.3 1.3 Sources of Network Vulnerability 1.3 1.3 Sources of Network Vulnerability
Purpose: This unit provides an overview of points of vulnerability, exploring how different aspects of the cyber environment are particularly exposed to attack, and how vulnerability may be defined.
1.3.1 1.3.1 Overview 1.3.1 1.3.1 Overview
1.3.1.1. Martin C. Libicki, Cyberdeterrence and Cyberwar: Ch. 2: A Conceptual Framework, RAND, 2009
1.3.2 1.3.2 Critical Infrastructure 1.3.2 1.3.2 Critical Infrastructure
The reliance on critical infrastructure, such as the power grid, electronic information systems, and the increased interoperability of these systems makes them more susceptible to cyber threats.
1.3.2.1. William D. O’Neil, Cyberpower and National Security Ch. 5: Cyberspace and Infrastructure, eds. Kramer, Starr, and Wentz, 2009
1.3.3 1.3.3 DNS and Man-in-the-Middle Attacks 1.3.3 1.3.3 DNS and Man-in-the-Middle Attacks
The DNS translates domain names into IP addresses. There is a whole family of vulnerabilities in which the DNS on one’s computer can be fooled in accepting different IP addresses for a given domain, allowing adversaries to extract information under the pretence of a trusted site. Such vulnerabilities including cache poisoning, packet sniffing, and session hijacking. In a similar fashion, Man-in-the-Middle attacks can cause users to disclose sensitive information without being aware of a third-party’s involvement in the transfer of data.
1.3.3.1. Bruce Schneier, Lessons from the DNS Bug: Patching Isn’t Enough, Wired, Jul 23, 2008
1.3.3.2. Callegati, F., Man-in-the-Middle Attack to the HTTPS Protocol, Security & Privacy, IEEE, 2009
1.3.3.3. Seth Schoen, The Message of Firesheep:”Baaaad Websites, Implement Sitewide HTTPS Now!”, EFF, Oct 29, 2010
1.3.4 1.3.4 Could Computing 1.3.4 1.3.4 Could Computing
In recent years, many computer and Internet functions have moved from users’ computers to remote servers that make up a “cloud” of data and processing power. The increasing prevalence of cloud-based services, including a federal policy to transition to the cloud, raises several concerns regarding data.
1.3.4.1. Chris Clayton, Standard Cloud Taxonomies and Windows Azure, MSDN, 2011
1.3.4.2. Harvard Law National Security Research Group, Cloud Computing and National Security Law, 2010
1.3.5 1.3.5 User-based Vulnerabilities 1.3.5 1.3.5 User-based Vulnerabilities
Some vulnerabilities do not rely on specific technical hacks, but simply on the susceptibility of individual users.
1.3.5.1 1.3.5.a Phishing 1.3.5.1 1.3.5.a Phishing
Phishing is the process of enticing people into visiting fraudulent websites and persuading them to enter identity information such as usernames, passwords, addresses, social security numbers, personal identification numbers and anything else that can be made to appear to be plausible.
1.3.5.1.1. David Goldman, Massive Gmail Phishing Attack Hits Top U.S. Officials, CNN Money, Jun 1, 2011
1.3.5.1.2. Tyler Moore and Richard Clayton, Examining the Impact of Website Take-down on Phishing, APWG eCrime Researchers Summit, 2007
1.3.5.2 1.3.5.b Insiders 1.3.5.2 1.3.5.b Insiders
A rogue employee presents risks similar to those of a feckless user in the periphery of an open system, as computer systems are now designed in a distributed way that would not allow an individual to cause much damage without being traced.