Web of Data Sciences (WoDS): Our Cyber Devices Layer-to-Layer (Part II of II)
By Dr. Sandra Adside Wright, DSc. Cybersecurity, CISSP, CAP, Engineering Solutions, Incorporated (ESi); member of WiCyS MAA, (ISC)2 Item Writers, ISSA-Central Maryland, MADD, and Toastmasters International
Welcome to the second half of Web of Data Sciences (WoDS), Our Cyber Devices Layer-to-Layer. Layers 1-4 (the Physical, Data Link, Network, & Transport Layers) were discussed in Part 1. This segment depicts attacks that occur at the top layers, Layers 5-7 (the Session, Presentation, and Application Layers) of the International Standards Organization (ISO) Open Systems Interconnect (OSI) Model, OSI Stack (OSI, 2017). (Figure 1)
Why discuss the OSI Stack as opposed to the Transmission Control Protocol (TCP)/Internet Protocol (IP), commonly known as the TCP/IP Suite? OSI and TCP/IP are both highly known principles where we can focus on system resilience. In the world of spiders, some are web-agnostic while others do not dwell in webs at all; nonetheless, all spiders rely on some form of architecture to exercise their defensive mechanisms. There are networks and systems modeled after the 7-Layer OSI model, thus a basic understanding of each layer’s operation and related threats complements a comprehensible knowledge of implementations. However, the TCP/IP model of the Physical, Network Access, Internet, Host-to-Host (Transport), and Application Layers will be briefly referenced in relation to its partner OSI Layers. (Figure 2)
Stack of WoDS
Everyone using a cyber device and in need of data transference should recognize the varying attacks occurring at OSI Layers 5-7 (e.g., Domain Name Service (DNS) poisoning, exploitation, hijacking, phishing, Requests-Per-Second (RPS), and spoofing). The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) hosts a number of threat alerts, to include RPS attacks. These attacks happen when the number of requests received by a server over a certain period of time exceed the allotted limits resulting in a denial of service (e.g., the Mirai Botnet) (NJCCIC, 2016).
“Denial of Service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend such [resource]” (Federal Register, 2017). Like spider webs (Figure 3), OSI Layers 5 through 7 also have vulnerabilities and relatable cyber defenses. These mechanisms may be deployed in system-agnostic environments where good and less-desirable WoDS can be ubiquitous, yet, undetected by highly-skilled network and cybersecurity professionals.
Redmond, known as “the BugLady,” writes a series called ‘Bug of the Week’ that is archived at the University of Wisconsin-Milwaukee (UWM) Field Station. An Interpretive Naturalist, Ms. Redmond shares her insight on bugs noting that the gel of a spider when released: …travels through projections called spinnerets located on the underside of the abdomen’s tip and becomes solid when it hits the air. Spinnerets are the external extension of the silk glands…tipped by “spigots” that control the diameter of the emerging thread. (2016)
An uncanny session setup, but a web can provide the pathway for a spider to initiate its excursion, travel abroad, disguise or shelter itself within a webbed location to attack its prey, and make its way back home (Redmond, 2016). OSI Session Layer 5 is subject to Network Basic Input/Out System (NetBIOS) spoofing, which is eerie as well, but attackers can capture user information (e.g., username, passwords); yet, as the name implies, the Session Layer executes secure setup, teardown, and performs session synchs for each session (Wikipedia, 2020). This process can be thought of as similar to a social media conferencing tool (e.g., Zoom, UberConference, & etc.).
According to Zoom Video Communications, Inc. (2020), Zoom’s suite of cloud-based client applications provide secure sessions between host-origination and user endpoints, to include encrypted chat sessions. Correspondingly, the TCP/IP Transport Layer performs encryption and authentication to prevent denial of service attacks with a part of the TCP/IP Presentation Layer. Zoom (2020) offers parameter settings for TCP and UDP involving six ports (80, 443, 3478, 3479, 8801, and 8802) and the identification of five destination Zoom connections to mitigate layer vulnerabilities. Additional details may be obtained from the Zoom Help Center at https://support.zoom.us.
OSI Presentation Layer 6 is vulnerable to RPS and phishing attacks; a little more complicated, but similarly occurs at the TCP/IP Application Layer. Spiders are also complex and unique by design, and according to Baird, Bechinski, and Schotzko (2010), there are roughly 3800 varieties of spiders across the U.S. and Canada: spinners that surreptitiously catch their prey in various webs; and non-spinners that use reconnaissance to track down and attack their prey. Yes, webs and WoDS of things happening on offensive and defensive ends.
The Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA) note, “attackers use SSL to tunnel HTTP attacks to target the server (CISA, 2020)”. Subsequently, these HTTP attacks cause access to data traversing those secure connections to be denied. “[Secure Socket Layer] SSL certificates are files that encrypt the connection from a web server to a web browser (Daniel, 2015)”, ensuring confidentiality, authenticity, and integrity of a connection.
WoDS of Applications
At the top of the OSI stack rests the Application Layer 7, which is where TCP/IP Application Layer have similar OSI Layer 7 characteristics. This layer encompasses the embodiment of data creation, file transfers, electronic mail/message initiation (including POP mail), Telnet, remote access, and Distributed DoS (DDoS) attacks (CISA, 2020). Redmond’s (2016) article on web wonders explains the presentation of a spider’s silk that can have one of nine different applications, such as using the strands to monitor data and its surroundings. Also, monitoring of the two-dimensional, funnel-web, or three-dimensional web is used in line alarm trips, signaling a spider’s catch of its next meal (Redmond, 2016).
“Application monitoring is the practice of monitoring software applications using dedicated set of algorithms (CISA (2020)”. Relating to WoDS, “…attacks can be stopped and traced back to a specific source more easily than other types of DDoS attacks (CISA, 2020)” upon identification. This calls on employing WoDS with stern thinking caps to ensure websites form correct entries, returns that do not fall prey to DoS or DDoS attacks, and are able to “detect zero day and Application Layer attacks” (CISA, 2020).
OSI Layers 1-7 and the TCP/IP Layers are quite similar in terms of functionality of the silky spider webs and the growing technological Web of Data Sciences layer-to-layer. So, recharge your skills through WoDS, mentor others through collaborative efforts, and be forewarned of rules and restrictions that mitigate vulnerabilities found in some of those bring-your-own-devices (BYOD) to work. Lastly, remember to apply the following:
- Guard up for safe processing layer-to-layer, from the Physical Layer to the Application Layer.
- Safely operate your cyber devices, browse sites that promote careers in secure software and tool development (e.g., ESi Software Engineering), or take advantage of publicly available training such as the Federal Virtual Training Environment (FedVTE).
- Visit trusted sites, such as DHS, the Federal Bureau of Investigations, or the National Security Agency who provide publicly available resources (e.g., Ghidra, an open-source coding site) (GitHub, 2020).
- Avoid walking into a web of trouble at work or at home; be on the lookout and stay informed.
- Assess, approve, and when necessary prohibit certain BYODs (e.g., thumb drives, cell phones, smart pads, earplugs, & etc.) that add undue risk to the operating environment.
- And lastly, employ similar precautions with your home network for household members and visitors possessing BYODs.
We are all challenged in the world of WoDS to be cyber-smart and to stay clear of those seemingly transparent spider webs and lurking assailants! Be aware and stay cyber safe!
Baird, C., Bechinski, E., & Schotzko, D. (2010). Homeowner Guide to Spiders Around the Home and Yard, BUL 871. University of Idaho Extension.
CISA. (2016, August). Bulletin (SB16-228). Vulnerability Summary for the Week of August 8, 2016. Retrieved from https://us-cert.cisa.gov/ncas/bulletins/SB16-228
CISA. (2020, October). DDoS Quick Guide. Retrieved from http://www.cisa.gov
Daniel, K. (2015). HTTP vs HTTPS: Is it Time for a Change? Retrieved from https://digital.gov/2015/03/25/http-vs-https-is-it-time-for-a-change/
DOS. (2017, January). Federal Register /Vol. 82, No. 8 /Thursday, January 12, 2017 / Proposed Rules, p4011.
ESi. (2017) Software Engineering. Accessed from https://www.enginsol.com/ourservices/system-development/
FedVTE. (n.d.). Public Courses. Retrieved from https://fedvte.usalearning.gov/public_fedvte.php
Ghidra. (2020). In GitHub NSA Wiki ghidra page. Retrieved from https://github.com/NationalSecurityAgency/ghidra/wiki
Mirai. (2016, December). NJCCIC Threat Profile. Retrieved from https://www.cyber.nj.gov/threat-center/threat-profiles/botnet-variants/mirai-botnet
NetBIOS. (n.d.). In Wikipedia, the Free Encyclopedia. Retrieved from https://en.wikipedia.org/wiki/NetBIOS#Session_service OSI Stack. (2017, January).
Federal Register /Vol. 82, No. 8 /Thursday, January 12, 2017 / Proposed Rules, p3893.
Redmond, K. (2016). The Wonders of Webs I – Spider Silk. [Interpretive Naturalist]. Retrieved from https://uwm.edu/field-station/the-wonders-of-webs-i-spider-silk/
Unknown. (n.d.). A Comparison of TCP/IP and OSI Protocol Architectures.
Zoom Help Center. (2020). Retrieved from https://support.zoom.us/hc/en-us/articles/202342006- Network-Firewall-Settings-for-Meeting-Connector
DHS/CISA – Department of Homeland Security/Cybersecurity & Infrastructure Security Agency
DoS – Denial of Service
DDoS – Distributed DoS
ESi – Engineering Solutions, Incorporated
FEDTVE – Federal Virtual Training Environment
HTTP – Hypertext Transfer Protocol
ISSA – Information Systems Security Association
(ISC)² – International Information System Security Certification Consortium, Inc.
MADD – Mothers Against Drunk Drivers
OSI – Open Systems Interconnect
TCP/IP – Transmission Control Protocol (TCP)/Internet Protocol (IP)
WoDS – Web of Data Sciences
WiCyS MAA – Women in Cybersecurity Mid-Atlantic Affiliate