Quiz 5

Question 1

Where did the internet first come from?

Answer 1

In response to Sputnik, the U.S. Government created the Advanced Research Projects Agency (ARPA), whose initial role was to ensure that the U.S. was not surprised again. It was from ARPA, now called DARPA (Defense Advanced Research Projects Agency), that the Internet first sprang.

Question 2

First 4 nodes of ARPANET and first transmission

Answer 2

Professor Len Kleinrock of UCLA along with a group of graduate students were the first to successfully send a transmission over the ARPANET. The event occurred on October 29, 1969 when they attempted to send the word “login” from their computer at UCLA to the Stanford Research Institute. You can read their actual notes. The first four nodes were at UCLA, University of California, Stanford, and the University of Utah.

Question 3

Internet and TCP/IP

Answer 3

So as long as your network supported TCP (transmission control protocol) /IP (internet protocol), you could communicate with all of the other networks running TCP/IP. TCP/IP quickly became the standard protocol and allowed networks to communicate with each other. It is from this breakthrough that we first got the term Internet, which simply means “an interconnected network of networks.”

This progression—application at the source to TCP at the source (slice up the data being sent), to IP (for forwarding among routers), to TCP at the destination (put the transmission back together and make sure it’s perfect), to application at the destination—takes place in both directions, starting at the server for messages coming to you, and starting on your computer when you’re sending messages to another computer.

Question 4

Packet

Answer 4

The fundamental unit of data transmitted over the Internet. When a host (PC, workstation, server, printer, etc.) intends to send a message to another host (for example, your PC sends a request to YouTube to open a video), it breaks the message down into smaller pieces, called packets.

Question 5

Switch

Answer 5

A network device that connects multiple hosts together and forwards packets based on their destination within the local network which is commonly known as a Local Area Network (LAN).

Question 6

Router

Answer 6

A device that receives and analyzes packets and then routes them towards their destination.

Question 7

IP Address

Answer 7

Every device on the Internet (personal computer, a tablet, a smartphone, etc.) is assigned a unique identifying number called an IP (Internet Protocol) address.
The IP address simply tells the computers that you’re communicating with where they can find you right now. IP addresses can also be used to identify a user’s physical location, to tailor search results, and to customize advertising.
Issues with running out of names- originally 4 bit now 6. Before a technique known as NAT (network address translation) uses a gateway that allows multiple devices to share a single IP address. But NAT slows down Internet access and is complex, cumbersome, and expensive to administer

Question 8

Domain name

Answer 8

A domain name is a human-friendly name, convenient for remembering a website. These names generally consist of a descriptive word followed by a dot (period) and the Top-Level Domain (TLD). For example, Wikipedia’s domain name is wikipedia.org. Wikipedia describes the organization and .org is the TLD

Think of the domain name as the name of the network you’re trying to connect to, and think of the host as the computer you’re looking for on that network.

Question 9

DNS

Answer 9

DNS stands for “domain name server or system.” DNS acts as the directory of websites on the Internet. When a request to access a host with a domain name is given, a DNS server is queried. It returns the IP address of the host requested, allowing for proper routing.
It’s like a big, hierarchical set of phone books capable of finding Web servers, e-mail servers, and more. These “phone books” are called nameservers—and when they work together to create the DNS, they can get you anywhere you need to go online.

Question 10

Packet Switching

Answer 10

When a message’s packets are sent on the Internet, routers try to find the optimal route for each packet. This can result in packets being sent on different routes to their destination. After the packets arrive, they are re- assembled into the original message for the recipient.

Question 11

Protocol

Answer 11

A protocol is the set of rules that govern how communications take place on a network. For example, File Transfer Protocol (FTP) are the communication rules for transferring files from one host to another.

A protocol is a set of rules for communication—sort of like grammar and vocabulary in a language like English. The http protocol defines how Web browser and Web servers communicate and is designed to be independent from the computer’s hardware and operating system. It doesn’t matter if messages come from a PC, a Mac, a huge mainframe, or a pocket-sized smartphone; if a device speaks to another using a common protocol, then it will be heard and understood.

Question 12

The dot com bubble

Answer 12

In 1991, the NSF transferred its role to three other organizations, thus getting the US government out of direct control over the Internet and essentially opening up commerce online.
This new commercialization of the Internet led to what is now known as the dot-com bubble. A frenzy of investment in new dot-com companies took place in the late 1990s with new tech companies issuing Initial Public Offerings (IPO) and heating up the stock market.
After the dot- com bubble burst, a new reality became clear. In order to succeed online, e-business companies would need to develop business models appropriate for the online environment.

Question 13

Killer app for the internet

Answer 13

the invention of electronic mail drove demand for the Internet. While this wasn’t what developers had in mind, it turned out that people connecting with people was the killer app for the Internet.

Question 14

Internet vs world wide web

Answer 14

The Internet is an interconnected network of networks. Services such as email, voice and video, file transfer, and the World Wide Web all run across the Internet. The World Wide Web is simply one part of the Internet. It is made up of web servers that have HTML pages that are being viewed on devices with web browsers.

Question 15

Broad band tech

Answer 15

High speed access, also known as broadband, is important because it impacts how the Internet is used. Communities with high speed Internet have found residences and businesses increase usage of digital resources. Access to high speed Internet is now considered a basic human right by the United Nations

Question 16

Wi-Fi

Answer 16

Wi-Fi takes an Internet signal and converts it into radio waves. These radio waves can be picked up within a radius of approximately 65 feet by devices with a wireless adapter.

Question 17

Mobile Network

Answer 17

As the cellphone has evolved into the smartphone, the desire for Internet access on these devices has led to data networks being included as part of the mobile phone network.

Question 18

Voice over IP (VoIP)

Answer 18

Voice over IP (VoIP) allows analog signals to be converted to digital signals, then transmitted on a network. By using existing technologies and software, voice communication over the Internet is now available to anyone with a browser (think Skype, WebEx, Google Hangouts)

Question 19

LAN and WAN

Answer 19

local area networks (LANs), which allowed computers to connect to each other and to peripherals.
A LAN is a local network, usually operating in the same building or on the same campus. A Wide Area Network (WAN) provides connectivity over a wider area such as an organization’s locations in different cities or states.

Question 20

Client-Server

Answer 20

Client-server computing provides stand-alone devices such as personal computers, printers, and file servers to work together.

Question 21

Intranet vs Extranet

Answer 21

An intranet, as the name implies, provides web-based resources for the users within an organization. These web pages are not accessible to those outside the company. The pages typically contain information useful to employees such as policies and procedures

Sometimes an organization wants to be able to collaborate with its customers or suppliers while at the same time maintaining the security of being inside its own network. In cases like this a company may want to create an extranet, which is a part of a company’s network that can be made available securely to those outside of the company. Extranets can be used to allow customers to log in and place orders, or for suppliers to check their customers’ inventory levels.

Question 22

Metcalf’s law

Answer 22

Metcalfe’s Law describes the power of networking.Metcalfe’s Law states that the value of a telecommunications network is proportional to the square of the number of connected users of the system, or N^2 . If a network has 10
2 nodes, the inherent value is 100.

Question 23

Internet service provider (ISP)

Answer 23

If the network at your university, your employer, or in your home has Internet access, it connects to an Internet service provider (ISP). Many (but not all) ISPs are big telecommunications companies like Verizon, Comcast, and AT&T. These providers connect to one another, exchanging traffic, and ensuring your messages can get to any other computer that’s online and willing to communicate with you.

Question 24

URL - uniform resource locator

What does http stand for

Answer 24

When you type an address into a Web browser (sometimes called a URL for uniform resource locator), you’re telling your browser what you’re looking for. The http:// you see at the start of most Web addresses stands for hypertext transfer protocol.

Question 25

Load of incoming requests

Answer 25

Assigning several computers to a host name offers load balancing and fault tolerance, helping ensure that all visits to a popular site like http://www.google.com won’t overload a single computer, or that Google doesn’t go down if one computer fails.

Question 26

I want my own domain

Answer 26

You don’t really buy a domain name; you simply pay a registrar for the right to use that name, with the right renewable over time. While some registrars simply register domain names, others act as Web hosting services that are able to run your Web site on their Internet-connected servers for a fee.
knowingly registering a domain name to profit from someone else’s firm name or trademark is known as cybersquatting and that’s illegal.

Question 27

path name and file name

Answer 27

Look to the right of the top-level domain and you might see a slash followed by either a path name, a file name, or both. If a Web address has a path and file name, the path maps to a folder location where the file is stored on the server; the file is the name of the file you’re looking for.
Most Web pages end in “.html,” indicating they are in hypertext markup language. While http helps browsers and servers communicate, html is the language used to create and format (render) Web pages. A file, however, doesn’t need to be .html;

Question 28

cache

Answer 28

The system also remembers what it’s done so the next time you need the IP address of a host you’ve already looked up, your computer can pull this out of a storage space called a cache, avoiding all those nameserver visits. Caches are periodically cleared and refreshed to ensure that data referenced via the DNS stays accurate.

Question 29

Peering

Answer 29

When different ISPs connect their networking equipment together to share traffic, it’s called peering. Peering usually takes place at neutral sites called Internet exchange points (IXPs), although some firms also have private peering points. Carriers usually don’t charge one another for peering. Instead, “the money is made” in the ISP business by charging the end-points in a network—the customer organizations and end users that an ISP connects to the Internet.

Question 30

Internet 2

Answer 30

Internet2 is a research network created by a consortium of research, academic, industry, and government firms. These organizations have collectively set up a high-performance network running at speeds of up to one hundred gigabits per second to support and experiment with demanding applications. Examples include high-quality video conferencing; high- reliability, high-bandwidth imaging for the medical field; and applications that share huge data sets among researchers.

Question 31

Internet backbone

Answer 31

The Internet backbone is made of fiber-optic lines that carry data traffic over long distances. Those lines are pretty speedy. But when considering overall network speed, remember Amdahl’s Law: a system’s speed is determined by its slowest component. More often than not, the bottleneck isn’t the backbone but the so-called last mile, or the connections that customers use to get online.

Question 32

Cable broadband

Answer 32

Roughly 90 percent of U.S. homes are serviced by a cable provider, each capable of using a thick copper wire to offer broadband access. That wire (called a coaxial cable or coax) has shielding that reduces electrical interference, allowing cable signals to travel longer distances without degrading and with less chance of interference than conventional telephone equipment.
One potential weakness of cable technology lies in the fact that most residential providers use a system that requires customers to share bandwidth with neighbors.

Question 33

DSL

Answer 33

Digital subscriber line (DSL) technology uses the copper wire the phone company has already run into most homes. Even as customers worldwide are dropping their landline phone numbers, the wires used to provide this infrastructure can still be used for broadband. The Achilles heel of the technology lies in the fact that DSL uses standard copper telephone wiring. These lines lack the shielding used by cable, so signals begin to degrade the further you are from the connecting equipment in telephone company offices.

Question 34

Fiber

Answer 34

Fiber to the home (FTTH) is the fastest last-mile technology around. It also works over long distances. The problem with fiber is that unlike cable or DSL copper, fiber to the home networks weren’t already in place. That means firms had to build their own fiber networks from scratch.
The cost of this build out can be enormous.

Question 35

GSM vs CDMA

Answer 35

3G standards can be narrowed down to two camps: those based on the dominant worldwide standard called GSM (global system for mobile communications) and the runner-up standards based on CDMA (code division multiplex access). Most of Europe and a good chunk of the rest of the world use GSM. In the United States, AT&T and T-Mobile use GSM-based 3G. Verizon Wireless and Sprint use the CDMA 3G standard. Typically, handsets designed for one network can’t be used on networks supporting the other standard. CDMA has an additional limitation in not being able to use voice and data at the same time.
The two major 3G standards (popularly referred to as GSM and CDMA) will be replaced by two unrelated 4G standards (LTE and WiMAX)

Question 36

Net Neutrality

Answer 36

Net neutrality is the principle that all Internet traffic should be treated equally. Google and other firms say it is vital to maintain the openness of the Internet. Telecommunications firms say they should be able to limit access to services that overtax their networks, and some have suggested charging Google and other Internet firms for providing access to their customers.

Question 37

The security triad (CIA)

Answer 37

Confidentiality- Protecting information means you want to want to be able to restrict access to those who are allowed to see it. This is sometimes referred to as NTK, Need to Know
Integrity- Integrity is the assurance that the information being accessed has not been altered and truly represents what is intended.
Availability- information can be accessed and modified by anyone authorized to do so in an appropriate timeframe. Depending on the type of information, appropriate timeframe can mean different things

Question 38

Authentication

Answer 38

Authentication can be accomplished by identifying someone through one or more of three factors:
Something they know, Something they have, or Something they are.
For example, the most common form of authentication today is the user ID and password. In this case, the authentication is done by confirming something that the user knows (their ID and password).

Question 39

Access Control

Answer 39

Access control determines which users are authorized to read, modify, add, and/ or delete information. Several different access control models exist. Two of the more common are: The Access Control List (ACL) and Role-Based Access Control (RBAC). An information security employee can produce an ACL which identifies a list of users who have the capability to take specific actions with an information resource such as data files. With RBAC, instead of giving specific users access rights to an information resource, users are assigned to roles and then those roles are assigned the access. This allows the administrators to manage users and roles separately, simplifying administration and, by extension, improving security.

Question 40

Encryption

Answer 40

Encryption is a process of encoding data upon its transmission or storage so that only authorized individuals can read it. This encoding is accomplished by software which encodes the plain text that needs to be transmitted (encryption). Then the recipient receives the cipher text and decodes it (decryption). In order for this to work, the sender and receiver need to agree on the method of encoding so that both parties have the same message. Known as symmetric key encryption, both parties share the encryption key, enabling them to encode and decode each other’s messages.
An alternative to symmetric key encryption is public key encryption. In public key encryption, two keys are used: a public key and a private key. To send an encrypted message, you obtain the public key, encode the message, and send it. The recipient then uses their private key to decode it.

Question 41

Security measures

Answer 41

Backups- Not only should the data on the corporate servers be backed up, but individual computers used throughout the organization should also be backed up.
Firewalls- A firewall can exist as hardware or software, or both. A hardware firewall is a device that is connected to the network and filters the packets based on a set of rules. One example of these rules would be preventing packets entering the local network that come from unauthorized users. A software firewall runs on the operating system and intercepts packets as they arrive to a computer.
Intrusion detection systems- Intrusion Detection Systems (IDS) can be placed on the network for security purposes. An IDS does not add any additional security. Instead, it provides the capability to identify if the network is being attacked. An IDS can be configured to watch for specific types of activities and then alert security personnel if that activity occurs.
Physical Security- Physical security is the protection of the actual hardware and networking components that store and transmit information resources. To implement physical security, an organization must identify all of the vulnerable resources and take measures to ensure that these resources cannot be physically tampered with or stolen.

Question 42

Cybercrime

Answer 42

data harvesters sell to cash-out fraudsters: criminals who might purchase data from the harvesters in order to buy (then resell) goods using stolen credit cards or create false accounts via identity theft. These collection and resale operations are efficient and sophisticated.

Question 43

Botnets

Answer 43

Botnets of zombie computers (networks of infiltrated and compromised machines controlled by a central command) are used for all sorts of nefarious activity. This includes sending spam from thousands of difficult-to-shut-down accounts, launching tough-to-track click fraud efforts or staging what’s known as distributed denial of service (DDoS) attacks (effectively shutting down Web sites by overwhelming them with a crushing load of seemingly legitimate requests sent simultaneously by thousands of machines).

Question 44

types of hackers

Answer 44

white hat hackers and black hat hackers. The white hats are the good guys who probe for weaknesses, but don’t exploit them. Instead, they share their knowledge in hopes that the holes they’ve found will be plugged and security will be improved. Many firms hire consultants to conduct “white hat” hacking expeditions on their own assets as part of their auditing and security process. “Black hats” are the bad guys. Some call them “crackers.”
Others are hacktivists, targeting firms, Web sites, or even users as a protest measure.

Question 45

social engineering

Answer 45

Con games that trick employees into revealing information or performing other tasks that compromise a firm are known as social engineering in security circles.

Question 46

Phishing

Answer 46

Phishing refers to cons executed through technology. The goal of phishing is to leverage the reputation of a trusted firm or friend to trick the victim into performing an action or revealing information. The cons are crafty.

Question 47

Malware

Answer 47

Malware (for malicious software) seeks to compromise a computing system without permission. Client PCs and a firm’s servers are primary targets, but as computing has spread, malware now threatens nearly any connected system running software, including mobile phones, embedded devices, and a firm’s networking equipment.
Viruses. Programs that infect other software or files.
Worms. Programs that take advantage of security vulnerability to automatically spread, but unlike viruses, worms do not require an executable.
Trojans. Exploits that, like the mythical Trojan horse, try to sneak in by masquerading as something they’re not.
If a hacker manages to exploit the vulnerability before software developers can find a fix, that exploit becomes known as a zero day attack

Question 48

Dumpster diving and shoulder surfing

Answer 48

Hackers and spies sometimes practice dumpster diving, sifting through trash in an effort to uncover valuable data or insights that can be stolen or used to launch a security attack. This might include hunting for discarded passwords written on Post-it notes, recovering unshredded printed user account listings, scanning e-mails or program printouts for system clues, recovering tape backups, resurrecting files from discarded hard drives, and more.
Other compromises might take place via shoulder surfing, simply looking over someone’s shoulder to glean a password or see other proprietary information that might be displayed on a worker’s screen.

Question 49

Protective measures

Answer 49

Patch- Firms must be especially vigilant to pay attention to security bulletins and install software updates that plug existing holes, (often referred to as patches). Firms that don’t plug known problems will be vulnerable to trivial and automated attacks
Lock down hardware- While some large firms such as Kraft are allowing employees to select their own hardware others issue standard systems that prevent all unapproved software installation and force file saving to hardened, backed-up, scanned, and monitored servers.
Lock down the network- Network monitoring is a critical part of security, and a host of technical tools can help. Some firms deploy honeypots—bogus offerings meant to distract attackers. Many firms also deploy blacklists—denying the entry or exit of specific IP addresses, products, Internet domains, and other communication restrictions. While blacklists block known bad guys, whitelists are even more restrictive—permitting communication only with approved entities or in an approved manner.
Lock down partners- Insist partner firms are compliant, and audit them to ensure this is the case.
Lock down systems- Audit for SQL injection and other application exploits.
Have failure/recovery plans