1 Chapter 1: Understanding Networks and Computers 1 Chapter 1: Understanding Networks and Computers

Purpose: This chapter is designed to provide key background information the cyber environment, including the technological infrastructure of cyberspace and the technology involved in transferring information securely. It is divided into three units: the first covers the basic architecture and vulnerability of electronic systems; the second covers the design principles and building blocks of the Internet; the third introduces some vulnerabilities inherent to the cyber environment. Concepts Covered: Operating systems, Applications, routers, packets, TCP/IP, DNS, dial-up and WiFi connections, undersea cables, satellites, wireless networks, encryption and authentication, critical infrastructure, cloud computing, man-in-the-middle attacks, and phishing scams.

1.1 1.1 Introduction to Computers and Computer Vulnerabilities 1.1 1.1 Introduction to Computers and Computer Vulnerabilities

Purpose: Provide a framework through which to examine issues pertaining to securing the electronic environment, such as hardware, software, and the supply chain.

1.1.1 1.1.1 Computer Architecture Overview 1.1.1 1.1.1 Computer Architecture Overview

1.1.2 1.1.2 Computer Sources of Vulnerability 1.1.2 1.1.2 Computer Sources of Vulnerability

1.2 1.2 Introduction to Internet Infrastructure 1.2 1.2 Introduction to Internet Infrastructure

Purpose: Provide an overview of network infrastructure, elements, and architecture philosophy.

1.2.1 1.2.1 Architecture Philosophy 1.2.1 1.2.1 Architecture Philosophy

Many of the current security and vulnerability concerns associated with the Internet are the product of deliberate design philosophy and choices regarding functionality that characterized the early days of the Internet.

1.2.2 1.2.2 Elements of the Network (ISPs, Routers, Protocols and packets view) 1.2.2 1.2.2 Elements of the Network (ISPs, Routers, Protocols and packets view)

This sub-section provides an overview on the network, the protocols it employs to transfer data, and the various ways computers connect to the Internet. Its purpose is to consider the different domains of cyberspace--systems, applications, and human--and provide an “under-the-hood” understanding of how they interact.

1.2.3 1.2.3 Communication Channels 1.2.3 1.2.3 Communication Channels

1.2.3.1 1.2.3.a Cables 1.2.3.1 1.2.3.a Cables

About 99 percent of Internet traffic travels through undersea cables maintained by private providers. Securing and monitoring the cables raises questions regarding private/public cost-burden, territoriality, and international cooperation.

1.2.3.2 1.2.3.b Satellites 1.2.3.2 1.2.3.b Satellites

1.2.3.3 1.2.3.c Wireless Networks 1.2.3.3 1.2.3.c Wireless Networks

A variety of wireless technologies have been standardized and commercialized, but no single technology is considered the best because of different coverage and bandwidth limitations.

1.2.4 1.2.4 Data Provenance 1.2.4 1.2.4 Data Provenance

1.2.4.1 1.2.4.a Encryption (public and private keys, hash functions) 1.2.4.1 1.2.4.a Encryption (public and private keys, hash functions)

Public key cryptography enables encryption and decryption of data transferred between two parties, the authentication of data’s origin, and indication of data tampering.

1.2.4.2 1.2.4.b SSL Certificates 1.2.4.2 1.2.4.b SSL Certificates

Many of the online authentication mechanisms that enable transactions rely on faith in the Secure Sockets Layer protocol and Certificate Authorities. Growing evidence suggests that this mechanism is highly vulnerable, and there has been much discussion surrounding alternatives.

1.2.4.2.2 1.2.4.b.ii Moxie Marlinspike on SSL and Authenticity 1.2.4.2.2 1.2.4.b.ii Moxie Marlinspike on SSL and Authenticity

Marlinspike has released several follow-up materials which are useful for an updated view of the ongoing debate.

1.3 1.3 Sources of Network Vulnerability 1.3 1.3 Sources of Network Vulnerability

Purpose: This unit provides an overview of points of vulnerability, exploring how different aspects of the cyber environment are particularly exposed to attack, and how vulnerability may be defined.

1.3.1 1.3.1 Overview 1.3.1 1.3.1 Overview

1.3.2 1.3.2 Critical Infrastructure 1.3.2 1.3.2 Critical Infrastructure

The reliance on critical infrastructure, such as the power grid, electronic information systems, and the increased interoperability of these systems makes them more susceptible to cyber threats.

1.3.3 1.3.3 DNS and Man-in-the-Middle Attacks 1.3.3 1.3.3 DNS and Man-in-the-Middle Attacks

The DNS translates domain names into IP addresses. There is a whole family of vulnerabilities in which the DNS on one’s computer can be fooled in accepting different IP addresses for a given domain, allowing adversaries to extract information under the pretence of a trusted site. Such vulnerabilities including cache poisoning, packet sniffing, and session hijacking. In a similar fashion, Man-in-the-Middle attacks can cause users to disclose sensitive information without being aware of a third-party’s involvement in the transfer of data.

1.3.4 1.3.4 Could Computing 1.3.4 1.3.4 Could Computing

In recent years, many computer and Internet functions have moved from users’ computers to remote servers that make up a “cloud” of data and processing power. The increasing prevalence of cloud-based services, including a federal policy to transition to the cloud, raises several concerns regarding data.

1.3.5 1.3.5 User-based Vulnerabilities 1.3.5 1.3.5 User-based Vulnerabilities

Some vulnerabilities do not rely on specific technical hacks, but simply on the susceptibility of individual users.

1.3.5.1 1.3.5.a Phishing 1.3.5.1 1.3.5.a Phishing

Phishing is the process of enticing people into visiting fraudulent websites and persuading them to enter identity information such as usernames, passwords, addresses, social security numbers, personal identification numbers and anything else that can be made to appear to be plausible.

1.3.5.2 1.3.5.b Insiders 1.3.5.2 1.3.5.b Insiders

A rogue employee presents risks similar to those of a feckless user in the periphery of an open system, as computer systems are now designed in a distributed way that would not allow an individual to cause much damage without being traced.

1.3.6 1.3.6 Communication Channels 1.3.6 1.3.6 Communication Channels

1.3.6.1 1.3.6.a Cables 1.3.6.1 1.3.6.a Cables