Web of Data Sciences (WoDS): Our Cyber Devices Layer-to-Layer (Part II of II)

Web of Data Sciences (WoDS): Our Cyber Devices Layer-to-Layer (Part II of II)

By Dr. Sandra Adside Wright, DSc. Cybersecurity, CISSP, CAP, Engineering Solutions, Incorporated (ESi); member of WiCyS MAA, (ISC)2 Item Writers, ISSA-Central Maryland, MADD, and Toastmasters International

Welcome to the second half of Web of Data Sciences (WoDS), Our Cyber Devices Layer-to-Layer. Layers 1-4 (the Physical, Data Link, Network, & Transport Layers) were discussed in Part 1. This segment depicts attacks that occur at the top layers, Layers 5-7 (the Session, Presentation, and Application Layers) of the International Standards Organization (ISO) Open Systems Interconnect (OSI) Model, OSI Stack (OSI, 2017). (Figure 1)

No alt text provided for this image

Why discuss the OSI Stack as opposed to the Transmission Control Protocol (TCP)/Internet Protocol (IP), commonly known as the TCP/IP Suite? OSI and TCP/IP are both highly known principles where we can focus on system resilience. In the world of spiders, some are web-agnostic while others do not dwell in webs at all; nonetheless, all spiders rely on some form of architecture to exercise their defensive mechanisms. There are networks and systems modeled after the 7-Layer OSI model, thus a basic understanding of each layer’s operation and related threats complements a comprehensible knowledge of implementations. However, the TCP/IP model of the Physical, Network Access, Internet, Host-to-Host (Transport), and Application Layers will be briefly referenced in relation to its partner OSI Layers. (Figure 2)

No alt text provided for this image

Stack of WoDS

Everyone using a cyber device and in need of data transference should recognize the varying attacks occurring at OSI Layers 5-7 (e.g., Domain Name Service (DNS) poisoning, exploitation, hijacking, phishing, Requests-Per-Second (RPS), and spoofing). The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) hosts a number of threat alerts, to include RPS attacks. These attacks happen when the number of requests received by a server over a certain period of time exceed the allotted limits resulting in a denial of service (e.g., the Mirai Botnet) (NJCCIC, 2016).

“Denial of Service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend such [resource]” (Federal Register, 2017). Like spider webs (Figure 3), OSI Layers 5 through 7 also have vulnerabilities and relatable cyber defenses. These mechanisms may be deployed in system-agnostic environments where good and less-desirable WoDS can be ubiquitous, yet, undetected by highly-skilled network and cybersecurity professionals.

No alt text provided for this image

Redmond, known as “the BugLady,” writes a series called ‘Bug of the Week’ that is archived at the University of Wisconsin-Milwaukee (UWM) Field Station. An Interpretive Naturalist, Ms. Redmond shares her insight on bugs noting that the gel of a spider when released: …travels through projections called spinnerets located on the underside of the abdomen’s tip and becomes solid when it hits the air. Spinnerets are the external extension of the silk glands…tipped by “spigots” that control the diameter of the emerging thread. (2016)

An uncanny session setup, but a web can provide the pathway for a spider to initiate its excursion, travel abroad, disguise or shelter itself within a webbed location to attack its prey, and make its way back home (Redmond, 2016). OSI Session Layer 5 is subject to Network Basic Input/Out System (NetBIOS) spoofing, which is eerie as well, but attackers can capture user information (e.g., username, passwords); yet, as the name implies, the Session Layer executes secure setup, teardown, and performs session synchs for each session (Wikipedia, 2020). This process can be thought of as similar to a social media conferencing tool (e.g., Zoom, UberConference, & etc.).

According to Zoom Video Communications, Inc. (2020), Zoom’s suite of cloud-based client applications provide secure sessions between host-origination and user endpoints, to include encrypted chat sessions. Correspondingly, the TCP/IP Transport Layer performs encryption and authentication to prevent denial of service attacks with a part of the TCP/IP Presentation Layer. Zoom (2020) offers parameter settings for TCP and UDP involving six ports (80, 443, 3478, 3479, 8801, and 8802) and the identification of five destination Zoom connections to mitigate layer vulnerabilities. Additional details may be obtained from the Zoom Help Center at https://support.zoom.us.

Presenting WoDS

OSI Presentation Layer 6 is vulnerable to RPS and phishing attacks; a little more complicated, but similarly occurs at the TCP/IP Application Layer. Spiders are also complex and unique by design, and according to Baird, Bechinski, and Schotzko (2010), there are roughly 3800 varieties of spiders across the U.S. and Canada: spinners that surreptitiously catch their prey in various webs; and non-spinners that use reconnaissance to track down and attack their prey. Yes, webs and WoDS of things happening on offensive and defensive ends.

The Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA) note, “attackers use SSL to tunnel HTTP attacks to target the server (CISA, 2020)”. Subsequently, these HTTP attacks cause access to data traversing those secure connections to be denied. “[Secure Socket Layer] SSL certificates are files that encrypt the connection from a web server to a web browser (Daniel, 2015)”, ensuring confidentiality, authenticity, and integrity of a connection.

WoDS of Applications

At the top of the OSI stack rests the Application Layer 7, which is where TCP/IP Application Layer have similar OSI Layer 7 characteristics. This layer encompasses the embodiment of data creation, file transfers, electronic mail/message initiation (including POP mail), Telnet, remote access, and Distributed DoS (DDoS) attacks (CISA, 2020). Redmond’s (2016) article on web wonders explains the presentation of a spider’s silk that can have one of nine different applications, such as using the strands to monitor data and its surroundings. Also, monitoring of the two-dimensional, funnel-web, or three-dimensional web is used in line alarm trips, signaling a spider’s catch of its next meal (Redmond, 2016).

“Application monitoring is the practice of monitoring software applications using dedicated set of algorithms (CISA (2020)”. Relating to WoDS, “…attacks can be stopped and traced back to a specific source more easily than other types of DDoS attacks (CISA, 2020)” upon identification. This calls on employing WoDS with stern thinking caps to ensure websites form correct entries, returns that do not fall prey to DoS or DDoS attacks, and are able to “detect zero day and Application Layer attacks” (CISA, 2020).

Conclusion

OSI Layers 1-7 and the TCP/IP Layers are quite similar in terms of functionality of the silky spider webs and the growing technological Web of Data Sciences layer-to-layer. So, recharge your skills through WoDS, mentor others through collaborative efforts, and be forewarned of rules and restrictions that mitigate vulnerabilities found in some of those bring-your-own-devices (BYOD) to work. Lastly, remember to apply the following:

  • Guard up for safe processing layer-to-layer, from the Physical Layer to the Application Layer.
  • Safely operate your cyber devices, browse sites that promote careers in secure software and tool development (e.g., ESi Software Engineering), or take advantage of publicly available training such as the Federal Virtual Training Environment (FedVTE).
  • Visit trusted sites, such as DHS, the Federal Bureau of Investigations, or the National Security Agency who provide publicly available resources (e.g., Ghidra, an open-source coding site) (GitHub, 2020).
  • Avoid walking into a web of trouble at work or at home; be on the lookout and stay informed.
  • Assess, approve, and when necessary prohibit certain BYODs (e.g., thumb drives, cell phones, smart pads, earplugs, & etc.) that add undue risk to the operating environment.
  • And lastly, employ similar precautions with your home network for household members and visitors possessing BYODs.

We are all challenged in the world of WoDS to be cyber-smart and to stay clear of those seemingly transparent spider webs and lurking assailants! Be aware and stay cyber safe!

References

Baird, C., Bechinski, E., & Schotzko, D. (2010). Homeowner Guide to Spiders Around the Home and Yard, BUL 871. University of Idaho Extension.

CISA. (2016, August). Bulletin (SB16-228). Vulnerability Summary for the Week of August 8, 2016. Retrieved from https://us-cert.cisa.gov/ncas/bulletins/SB16-228

CISA. (2020, October). DDoS Quick Guide. Retrieved from http://www.cisa.gov

Daniel, K. (2015). HTTP vs HTTPS: Is it Time for a Change? Retrieved from https://digital.gov/2015/03/25/http-vs-https-is-it-time-for-a-change/

DOS. (2017, January). Federal Register /Vol. 82, No. 8 /Thursday, January 12, 2017 / Proposed Rules, p4011.

ESi. (2017) Software Engineering. Accessed from https://www.enginsol.com/ourservices/system-development/

FedVTE. (n.d.). Public Courses. Retrieved from https://fedvte.usalearning.gov/public_fedvte.php

Ghidra. (2020). In GitHub NSA Wiki ghidra page. Retrieved from https://github.com/NationalSecurityAgency/ghidra/wiki

Mirai. (2016, December). NJCCIC Threat Profile. Retrieved from https://www.cyber.nj.gov/threat-center/threat-profiles/botnet-variants/mirai-botnet

NetBIOS. (n.d.). In Wikipedia, the Free Encyclopedia. Retrieved from https://en.wikipedia.org/wiki/NetBIOS#Session_service OSI Stack. (2017, January).

Federal Register /Vol. 82, No. 8 /Thursday, January 12, 2017 / Proposed Rules, p3893.

Redmond, K. (2016). The Wonders of Webs I – Spider Silk. [Interpretive Naturalist]. Retrieved from https://uwm.edu/field-station/the-wonders-of-webs-i-spider-silk/

Unknown. (n.d.). A Comparison of TCP/IP and OSI Protocol Architectures.

Zoom Help Center. (2020). Retrieved from https://support.zoom.us/hc/en-us/articles/202342006- Network-Firewall-Settings-for-Meeting-Connector

Acronyms:

DHS/CISA – Department of Homeland Security/Cybersecurity & Infrastructure Security Agency

DoS – Denial of Service

DDoS – Distributed DoS

ESi – Engineering Solutions, Incorporated

FEDTVE – Federal Virtual Training Environment

HTTP – Hypertext Transfer Protocol

ISSA – Information Systems Security Association

(ISC)² – International Information System Security Certification Consortium, Inc.

MADD – Mothers Against Drunk Drivers

OSI – Open Systems Interconnect

TCP/IP – Transmission Control Protocol (TCP)/Internet Protocol (IP)

WoDS – Web of Data Sciences

WiCyS MAA – Women in Cybersecurity Mid-Atlantic Affiliate

December 8, 2020in Tech Article, Uncategorizedby Samantha SchwartzLeave a comment

Leave a Reply

Your email address will not be published.

*