Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Copy of CSRIC_WG4EcoCat

advertisement 
Enterprise / Government End Users
Network Operators /Network Providers / Communications Sector
Hacker / Hacktivist / Attacker / Nation States / Criminal orgs / Exploit ‐ Community
Ecosystem to TCP/IP Layers to Cyber Attack Mapping Ecosystem category
* Content producers/distributors
* App developers/distributors
* Operating Systems
* Databases
* Websites
* Cloud (SaaS, PaaS+D36) Operator
* OTT Operators
* Network HW/SW/OS/CPE Vendors
* Web Browsers
* eCommerce Cos.
* Edge Device Cos.
* End User/Consumer
* Relay Service Providers
* Anti‐Virus/Security HW‐Firewall Vndrs
* Public Safety Networks
* Dark Exploit Websites
* Open Source Community
* Electronic Payment Networks
* Backbone Network Operators
* Access Network Operators
* Wireless Network Operators
* Internet Service Providers
* CDN Operators
* Business VPN/VoIP Operators
* OTT Operators
* Utilities (private utility networks)
* Cloud (NaaS) Operator
* Internet Service Provider
* Network HW/SW/OS/CPE Vendors
* Edge Device Cos.
* Social Media Cos.
* Relay Service Providers
* Anti‐Virus/Security HW‐Firewall Vndrs
* Public Safety Networks
* Electronic Payment Networks
* Backbone Network Operators
* Wireless Network Operators
* Utilities (private utility networks)
* Cloud (IaaS) Operator
* Internet Service Provider
* Business VPN/VoIP Operators
* Network HW/SW/OS/CPE Vendors
* Edge Device Cos.
* Anti‐Virus/Security HW‐Firewall Vndrs
* Public Safety Networks
* Backbone Network Operators
* Access Network Operators
* Wireless Network Operators
* Utilities (private utility networks)
* Network HW/SW/OS/CPE Vendors
* Edge Device Cos.
* Internet Service Infras/Clearinghouse
* Anti‐Virus/Security HW‐Firewall Vndrs
* Public Safety Networks
CSRIC WG4 ‐ Ecosystem Feeder Group TCP/IP Layers & Protocols
APPLICATION
HTTP, SMTP, SIP, INAP
BGP, DHCP, DHCPv6, DNS, FTP, ONC/RPC, HTTP, IMAP, IRC, LDAP, NTP, POP,
RTP, RTSP, RIP, SNMP, SOCKS,
SSH, Telnet, TLS/SSL, XMPP
TRANSPORT
TCP, UDP, RUDP, DCCP, CTP, RSVP, TLS, WAP, WTLS
INTERNET
IP (IPv4 & IPv6), ICMP, ICMPv6, ECN, IGMP, IPsec
DNS, DNSSec, MPLS
NETWORK ACCESS/LINK
ARP/InARP, NDP, OSPF, Tunnels (L2TP), PPP, MAC(Ethernet), xDSL,
ISDN, FDDI, DOCSIS, 802.11n, LTE‐VoLTE, SS7, CDMA, GSM, 2G, 3G
Cyber Attack / Threats
* SQL/LDAP Injection
* Email malware/Phishing attacks
* HeartBleed/SSL Attacks
* BrutPOS‐Botnet against POS terminals
* RAM Scraping malware
* Cross‐Site Scripting (XSS)
* Cross‐Site Request Forgery (CSRF)
* Application Layer DDoS (e.g., malformed packet)
* Masquerade Attacks & Exploits
* Fraud/Theft/Customer record breaches
* Distributed ‐Distraction DDoS Attacks
* DNS Spoofing
* CallerID Spoofing
* Authentication/Certificate spoofing
* Zero‐Day/Watering hole attacks
* Password theft & Keylogger Attacks
* POS Intrusions/Trojans
* DEV kit & SDK Exploits
* Bitcoin Theft & spoofing
* Rootkit Injection & Operations
* USB 'Thumb‐drive' injections & exploits
* Zeus/Citadel "Man‐in‐browser" attacks
* DNS Reflection Attacks
* Fraud/Theft/Customer record breaches
* Man‐in‐the‐Middle (MITM)
* DDoS (e.g., traffic flooding, SYN flooding)
* Eavesdropping
* Network Reconnaissance
* Session Hijacking/Session Poisoning
* UDP Floods
* DDoS Attacks (e.g., traffic flooding, amplification ‐ Smurf))
* IP Address Spoofing
* DNS Cache Poisoning
* Malformed Packet Attacks (e.g., Teardrop, Ping of Death, etc.)
* Fraud/Theft
* ICMP Redirect & Flooding
* DNS Spoofing & Reflection Attacks
* MAC Address Spoofing & Flooding
* ARP Cache Poisoning/ARP Spoofing
* CallerID Spoofing
* WiFi Intercept exploits
* DDoS Attacks
* SS7 (point code) Address Spoofing
Definitions Key:
Acronym/Term
DDoS
SQL
LDAP
Zero‐Day Attack
DEV SDK
Rootkit
Man‐In‐Middle Attack
DNS
ICMP
MAC Address Spoofing
ARP Spoofing
UDP
POS
SYN Flood
SSL
SS7
DNS Reflection/Redirection
Descriptions
Source
Distributed denial‐of‐service (DDoS) attacks are sent by two or more persons, or bots
Originally based upon relational algebra and tuple relational calculus, SQL consists of adata definition language and a data manipulation language. The scope of SQL includes data insert, query, update and delete, schema creation and modification, and data access control.
http://en.wikipedia.org/wiki/Denial‐of‐service_attack#Distribute
The Lightweight Directory Access Protocol (LDAP) is an open, vendor‐
neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network
A zero‐day (or zero‐hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, one that developers have not had time to address and patch.[1] It is called a "zero‐day" because the programmer has had zero days to fix the flaw
Dev or indev software, applications or other pieces of computer software still in alpha or beta stages of development, or alternatively, a neutral build or nightly build, a version of a software which represents the current state of its source code, which could be unstable or buggy
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Prot
A software development kit (SDK or "devkit") is typically a set of software development tools that allows the creation of applicationsfor a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar development platform
A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer
The man‐in‐the‐middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the tt k
The Domain Name System (DNS) translates easily memorized domain names to the numericalIP addresses needed for the purpose of locating computer services and devices worldwide. The Domain Name System is an essential component of the functionality of the Internet.
http://en.wikipedia.org/wiki/Software_development_kit
The Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached
MAC spoofing is a technique for changing a factory‐assigned Media Access Control (MAC) address of a network interface on a networked device. The MAC address is hard‐coded on a network interface controller (NIC) and cannot be changed. However, there are tools which can make an operating system believe that the NIC has the MAC address of a user's choosing
ARP spoofing is a technique whereby an attacker sends fake ("spoofed")Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP addressof another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead
With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network without prior communications to set up special transmission channels or data paths
Point of sale (also called POS or checkout) It is the point at which a customer makes a payment to the merchant in exchange for goods or services.
A SYN flood is a form of denial‐of‐service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communication security over the Internet.
Signalling System No. 7 (SS7) is a set of telephony signaling protocols which are being used to set up most of the world's public switched telephone network (PSTN) telephone calls. The main purpose is to set up and tear down telephone calls. Other uses include number translation, local number portability, prepaid billing mechanisms, short message service (SMS), and a variety of other mass market services.
http://en.wikipedia.org/wiki/Internet_Control_Message_Protoco
DNS hijacking or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.
http://en.wikipedia.org/wiki/SQL
http://en.wikipedia.org/wiki/Zero‐day_attack
http://en.wikipedia.org/wiki/Dev#Technology
http://en.wikipedia.org/wiki/Rootkit
http://en.wikipedia.org/wiki/Man‐in‐the‐middle_attack
http://en.wikipedia.org/wiki/Domain_Name_System
http://en.wikipedia.org/wiki/MAC_spoofing
http://en.wikipedia.org/wiki/ARP_spoofing
http://en.wikipedia.org/wiki/User_Datagram_Protocol
http://en.wikipedia.org/wiki/Point_of_sale
http://en.wikipedia.org/wiki/SYN_flood
http://en.wikipedia.org/wiki/Secure_Sockets_Layer
http://en.wikipedia.org/wiki/Signalling_System_No._7
http://en.wikipedia.org/wiki/DNS_hijacking
ed_attack
tocol
ol
Related documents
Exploring Population Statistics
Exploring Population Statistics
Then and Now
Then and Now
3959-20120511092232
3959-20120511092232
US policy making process
US policy making process
Invasive Species PowerPoint - Ithaca City School District
Invasive Species PowerPoint - Ithaca City School District
View File
View File
Download
advertisement