CST3607 Class Notes 2022-02-10

New & Tools

DNS Hijacking

DNS hijacking is a type of malicious attack in which an individual redirects queries to a domain name server via overriding a computer’s transmission control protocol/internet protocol (TCP/IP) settings – generally by modifying a DNS server’s settings.

NoMoreRansom.org

  • The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
  • Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection.

ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem (https://atcommands.org/)

  • AT commands, originally designed in the early 80s for controlling modems, are still in use in most modern smartphones to support telephony functions.
  • The role of AT commands in these devices has vastly expanded through vendor-specific customizations, yet the extent of their functionality is unclear and poorly documented.
  • Functionality exposed, including the ability to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, perform screen unlocks, and inject touch events solely through the use of AT commands.

Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

  • mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages (WhatsApp, Facebook Messenger), contacts, notes and location data secretly collected from phones running the stealthy spyware.

QuickTime must be uninstalled from all Microsoft Windows systems


Better Focus and Efficient Studying When Not Multitasking / Multi-Focusing


Panopticlick

The Electronic Frontier Foundation (EFF) has online tracker-testing in its Panopticlick, helping you analyze the privacy protections in your Web browser.

Web Browser Plugins

How would you know a network has been compromised?

Network Analyzer/Packet Sniffer

Segment Your Network / Isolate Guests & IoT devices from your main segment

See: Network Best Practices

  • Use a router like the Ubiquity EdgeRouter X to segment your LAN.
  • For example, having a Guest network, Private network, IoT (Internet of Things) network, all in the one device.

Cisco IOS and Router Command Reference

  • Also accessible from the Technology > Networking menu

TCP/UPD

Connection-oriented service vs Connectionless service

  • Connection-Oriented Service
    • In a connection-oriented service:  
      • A connection is first established between the sender and the receiver.
      • Data is transferred.
      • At the end, the connection is released.
    • TCP and SCTP are connection-oriented protocols.
  • Connectionless Service
    • In a connectionless service, the packets are sent from one party to another with no need for connection establishment or connection release.
    • The packets are not numbered; they may be delayed or lost or may arrive out of sequence.
    • There is no acknowledgment of the packet arrived at its destination
    • UDP is connectionless.
  • Reliable vs Unreliable
    • The transport layer service can be reliable or unreliable
    • If the application layer program needs reliability, we use a reliable transport layer protocol by implementing flow and error control at the transport layer.
  • On the Internet, there are three common transport layer protocols.

Data Encapsulation

  • Data encapsulation is a process whereby information is added to the frame from each layer of the OSI model. This is also called packet creation. Each layer communicates only with its peer layer on the receiving device.

OSI Reference Model [re-post]

Deprecated / Deprecation

  • In several fields, deprecation is the discouragement of use of some terminology, feature, design, or practice; typically, because it has been superseded or is no longer considered efficient or safe – but without completely removing it or prohibiting its use.
  • Deprecation may indicate that the feature will be removed in the future.
  • Features are deprecated—rather than immediately removed—in order to provide backward compatibility, and give programmers who have used the feature time to bring their code into compliance with the new standard.

Wireless Network Security

PMKID Vulnerability that bypasses WPA/WPA2 4-way Handshake

WPA3

Virtual Private Network (VPN)

virtual private network (VPN) enables users to send and receive data while remaining anonymous and secure online.

In the simplest terms, a VPN is used to create a secure, encrypted connection between your computer and a server operated by the VPN service.

Autonomous System (AS)

  • A group of networks and routers under a common administrative control.
    • Routing inside and autonomous system is referred to as intradomain routing.
    • Routing between autonomous systems is referred to as interdomain routing.

Microsoft OneNote

  • A good tool to help you stay organized.

Cisco Learning Network

  • Get access to the Packet Tracer router simulator
  • Free learning resources
  • Cisco certification exam topics
  • CCNA, CCNP study groups
  • Sample CCENT, CCNA, CCNP study questions
  • Career resources
  • IT learning games
  • Community manager support
  • Social learning with IT experts
  • Cisco Exam Preparation – Studying for Results

Synchronizing Using Allway Sync

Subnetting Tutorial & Reference Page

Read / Do

CCNA Certification Study Guide, Volume 2

  • Read Chapter 3: Easy Subnetting
  • Do the Written Labs
  • Answer the Review Questions
    • Do not submit your answers for this chapter. The answers are in the Appendix

Do

Make sure to always have access to a calculator which has an Exponent function (^key) ( x) for every class.

Sign up for a free Cisco Learning Network account

  • [A paid membership is not necessary to access a lot of the material]
  • Download, install, and test the current version of Cisco Packet Tracer.