CST3607 Class Notes 2022-02-03

News and Tools

Hundreds of Subway Riders Evacuated After Power Surge Shut Down Service On Eight Lines

• Even though there are two emergency generators designed to automatically replace the battery power in cases of power outages, the generators failed to turn on
• And the MTA’s alert system failed to send alerts the back-up generators weren’t working

SolarWinds Hack!!!! (A must know)

• Here’s a simple explanation of how the massive SolarWinds hack happened and why it’s such a big deal

M.E.Doc Backdoor & Maersk NotPetya Recovery

• The Untold Story of NotPetya, the Most Devastating Cyberattack in History by Andy Greenberg
• The Untold Story of NotPetya, the Most Devastating Cyberattack in History by Andy Greenberg (Wired.com)
• M.E.Doc Software Was Backdoored 3 Times, Servers Left Without Updates Since 2013 By Catalin Cimpanu (BleepingComputer.com)

Prepare for Shipping Delays and Price Hikes

• A record-breaking 44 container ships are stuck off the coast of California

Other news

• A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to those who would be interested in mitigating the vulnerability (including the vendor of the target software).
• Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months
• Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC (Proof of Concept))
• Meltdown/Specter-based Malware Coming Soon to Devices Near You, Are You Ready?
• Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit
• Heat Map Released by Fitness Tracker Reveals Location of Secret Military Bases
• Inside the Massive 711 Million Record Onliner Spambot Dump
  • Have i been pwned?
• It’s About To Get Even Easier to Hide on the Dark Web
• This security camera was infected by malware 98 seconds after it was plugged in

Identity Theft is a big problem.

• Malware is one of the many ways that identity thieves can get your personal information. Educated yourself and your people.
• IdentityTheft.gov is the federal government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process.
• A Life or Death Case of Identity Theft? — Krebs on Security
• Is Your Mobile Carrier Your Weakest Link? : Tips to ensure your mobile device (or, more specifically, your mobile carrier) isn’t the weakest link in your security chain.
• The Value of a Hacked Email Account
• Worried About Your #Privacy Now? Here’s How to Protect It via @Wired

Password Managers

Protecting Your Accounts and Identity from Theft

• Slides and notes from the presentation I did at WordCamp NYC

Resume Privacy

• If you’re going to post, or have posted, your resume on-line, that is publicly accessible, make sure to edit it to remove your address and phone number.
• Your address should be remove from your resume, even if you’re not posting it publicly.

Credit Freezes Are Now Fee-Free

• As of Sept. 21, 2018 it is free to freeze and unfreeze your credit file and those of your children or dependents throughout the United States.
• All of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents.
• Consumer Financial Protection Bureau (CFPB) lists all of the known entities that maintain, sell or share credit data on U.S. citizens.
• FTC (Federal Trade Commission) The Equifax Data Breach: What to Do

Two Factor Authentication (2FA) / Multi-factor Authentication (MFA)

• Two Factor Auth (2FA): List of websites and whether or not they support 2FA.
• Authy | Two-factor Authentication (2FA)
  • A software token that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP), for authenticating users.
  • Authy is alternative to Google Authenticator
  • The initial setup/registration must be done using the Authy App on your phone.
  • Backup: Prevent account lockout when you lose access to your phone.
• Google Authenticator is a software token that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP), for authenticating users

Best Practices

• 4 things you should be doing right now so you won’t get hacked
  1. Use passwords with at least 14 characters that can’t be found in the dictionary.
  2. Use a password manager so you won’t have to remember all of them.
  3. Turn on two-factor authentication and your account will remain secure even if your password is hacked. Unless your phone has been SIM-jacked.
  4. Be especially wary of e-mails asking you to do something, or phone calls about the security of your accounts.
• Network Best Practices

Disable UPnP (Universal Plug-and-Play) on Your Network

• If your router has UPnP (Universal Plug and Play) enabled, your printers, (or anything else on your network), may have punched a hole through your border router’s stateful NAT firewall to make itself “available” to anyone on the public Internet in the world.
• More than 150,000 Internet-facing printers were scanned, located, and used

Protocol Review:

• DHCP (Dynamic Host Configuration Protocol)
• DNS (Domain Name System) (or Service or Server)
• NAT (Network Address Translation)
  • Network Address Translation is an Internet Engineering Task Force (IETF) standard used to allow multiple PCs or devices on a local area network to share a single, globally routable IP address.
  • NAT is also used to avoid address renumbering in a LAN when topology outside the private network changes.
• ARP (Address Resolution Protocol)

Protocol & Standards you should be familiar with:

• LDAP (Lightweight Directory Access Protocol)
• SAML (Security Assertion Markup Language)
  • Introduction to SAML – Chalktalk on what is it, how it is used (Centrify)
• OAuth (Open standard for Authorization)
  • The Difference Between SAML 2.0 and OAuth 2.0
• Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms

What is a network?

• LAN (internal, private) vs WAN (external, public)

Cisco’s Three-Layer Hierarchical Model

• Core layer or Backbone
• Distribution layer
• Access layer

Types of Ethernet cabling

Straight-through cables are used to connect unlike devices.

• e.g. Host to Switch, Router to Switch
• On a host: Pins 1 & 2 are transmit, and 3 & 6 are receive.

Crossover cables are used to connect like devices.

• e.g. Switch to switch, Router to host, Router to Router
• It is possible to connect switches using a straight-through cable because many switches have auto configuring ports.  Usually referred to as Auto-MDIX. a.k.a. Auto Uplink.

Roll-over cables are used to connect a hosts’ RS-232 / EIA-TIA-232 serial interface to a routers console port.

• The default COM port settings for Cisco routers & switches are:
  • Bits per Second: 9600, Data bits: 8, Parity: None, Stop Bits: 1, Flow Control: None

Unicast, Broadcast, Multicast

The Internet Protocol and other network addressing systems recognize three main addressing methodologies:

• Unicast addressing uses a one-to-one association between the destination address and the network endpoint: each destination address uniquely identifies a single receiver endpoint.
• Broadcast addressing uses a one-to-many association, datagrams are routed from a single sender to all endpoints, in the broadcast domain, simultaneously in a single transmission. The network automatically replicates datagrams as needed for all network segments (links) that contain an eligible receiver.
• Multicast addressing is the sending of the same message simultaneously to to multiple endpoints simultaneously in a single transmission, but not to all. The network automatically replicates datagrams as needed for all network segments (links) that contain an eligible receiver.

Collision and Broadcast Domains

• Collision Domain
  • On a network switch, each port is its own collision domain.
  • On a hub, all ports are part of the same collision domain.
  • Wireless for Beginners Part 2: Avoiding Collisions
• Broadcast Domain
  • Routers are used to separate broadcast domains
• How a Broadcast Address Works

Telemetry, Logging, Monitoring

Telemetry is an automated communications process by which measurements and other data are collected at remote or inaccessible points and transmitted to receiving equipment for monitoring.

• Telemetry is used to report OS, software, and hardware issues so they can be tracked and addressed.
• When it comes to Windows 10 privacy, don’t trust amateur analysts by Ed Bott via ZDNet
  • “Faulty” Windows 10 telemetry network traffic analysis by CheesusCrust
    • “What I have done for this analysis: 4. I have configured the DD-WRT router to drop and log all connection attempts via iptables through the DD-WRT router by Windows 10 Enterprise.”
    • When a router drops all connection attempts from a host, what will that host do?
• Is Windows 10 telemetry a threat to your personal privacy?
• Windows 10 and telemetry: Time for a simple network analysis by Simon Bisson

Monitoring & Logging

• syslog and SNMP are common tools used to monitor systems.
• Syslog (System Logging Protocol) [RFC 5424] is a standard protocol used to send system log or event messages to a syslog server. It is primarily used to collect various device logs from several different machines in a central location for monitoring and review.

Read / Watch

CCNA Certification Study Guide, Volume 2: Exam 200-301

• Read Chapter 2: TCP/IP
• Do the Written Labs
• Answer the Review Questions
  • Do not submit your answers for this chapter. The answers are in the Appendix

Subnetting Tutorial & Reference Page

Do

Check if your router has UPnP, or any other ports/protocols, exposed to the Internet

• Go to GRC.com > Services Menu > ShieldsUP!
• Run GRC’s Instant UPnP Exposure Test
• Run GRC’s “All Service Ports Test“
• Report your results at our next class:
  • Was UPnP exposed to the public?
  • Did you find any open ports?
  • Did you find any closed ports?
  • Were all port stealth?