Tag Archives: learning

A brief introduction to the OSI model

Posted on by
Reply

The goal of this story is to give a brief introduction into the OSI Model and a helpful way to remember the different layers. Not everything translates nicely into a story format.

Disclaimer: Some of the concepts are simplified. If you have any suggestions or issues, feel free to drop a comment below.

Once upon a time. In a lan far far away. A young boy was walking along a dusty path with his teacher, the old wise wizard of ARPANET. So Arthur, for that was the name of our young boy, how is your learning of the OSI model coming? Truth be told master, I am having the hardest time keeping things straight, and even understanding what a Network Model is. Why are there so many layers and remembering if the presentation comes before the transport, or transport before presentation. It is all very confusing. The old wizard nodded, ah yes, it can be a bit of a muddle and the OSI model is not even the primary model used, but alas, it is a relic that is still taught and expected of students in your order. Fortunately, we have just stumbled upon a great example that may help. They had just arrived at a building that was in the middle of nowhere, but appeared to be heavily guarded. Arthur had not been here before and was not sure what to make of it. The wizard continued, this is one of the kings mines and it looks like they are just about to send off some gold over the Internet.

Sit here on this rock and let’s review what the OSI model is. The OSI Model stands for Open Systems Interconnection is a network model developed by the ISO or International Organization of Standardization. The model is a theoretical model of how a network can send and receive data. Technically, applications can be built on top of this model. However this model has been largely abandoned in favor of TCP/IP. There are some similarities and the OSI model is still taught and referenced, but TCP/IP is simpler and is what people preferred. For instance when someone says “that is a layer 7 problem”, they are referring to the Application layer. But now let us get into the layers. Look, they are loading up the gold.

You see the road there that runs in front of the mine? We can compare the road to the first layer of the OSI model, the Physical Layer. The physical layer is well, the physical medium that is used. There are multiple mediums that could be used. Roads are one, rivers another, we can even use the air wirelessly. There are also more esoteric paths like Fiber and Cable.

The next layer is our cart. This is commonly referred to as layer 2 and has everything to do with switching and MAC addresses.

A cart is useless without a driver, and that is the next layer. Our driver and the routing to the treasury is our Network Layer, layer 3. He follows the IP routes from here to there. The signs help route between road networks so he can get to the destination.

You see the boxes that are being loaded? That is Layer 4. The Transport Layer. We typically have two types of transport TCP and UDP. TCP is in closed boxes that keep the contents from bouncing out while going down the road, there are also mechanisms in place to verify that everything gets to the destination and if something is missing, it will make sure to go back and get it. UDP is a simpler protocol. See that cart over there under the apple tree? They just throw all the apples in and hope it all makes it to the destination. There is no verification that it makes it to the destination, they just send it and hope for the best or handle the errors at a higher layer. It is a simpler protocol and faster. And honestly, if a load of apples goes missing, it is not the end of the world.

Now on the journey, the driver is going to need to be let through the gates into the treasury. We can thinks of the guards and gates as our Session Layer or Layer 5. They initiate the session and will tear it down, close the gates, once the load is delivered.

The presentation layer is next, and it is responsible for converting data from one format to another. Things like formatting, encryption and compression are all executed in this layer. For instance, if the load was a bunch of feathers, it could be compressed down to fit a higher quantity of feathers in the same size cart. In this case, the presentation layer is responsible for encrypting, or locking the box. When it gets to its destination, it will be unlocked so it can be accessed.

Finally, Layer 7. The Application Layer can be thought of as the end user interface. In this case the actual gold coins. We can handle it, look at it, and count them.

That is the OSI layer in a nutshell. It is important to remember that it is only a theoretical framework and not exactly how everything works. There are some protocols that have been built on the OSI model, but most of the Internet uses the TCP/IP model.

Arthur sighed, that is a lot to take in, but having the visual will be helpful. Is there a mnemonic or jingle to help remember the names? Aye, we’ve a few, the old wizard replied smiling. One that has been around for ages is, All People Seem To Need Data Processing. Or you can start at the physical layer and go up with, Please Do Not Throw Sausage Pizza Away. Arthur laughed, why would someone throw sausage pizza away? They both chuckled. Hopefully no one does that Wizard said. Now up, let’s see if we can catch the cart so we can continue our learning.

Differences between RTO, RPO, MTBF, and MTFF

Posted on by
Reply

Here is a quick overview of the differences between, RTO, RPO, MTBF, and MTFF.

NameMeaning
RTO (Recovery Time Objective)Time it takes to recover from a disruption, system failure, data loss etc.
RPO (Recovery Point Objective)How much data can you afford to loose? If RPO is 24 hours, then backups need to be performed daily.
MTBF (Mean Time Between Failures)Time between failures. Use for repairable systems
MTTF (Mean Time to Failure)Time before system fails. Use for nor repairable systems.

http://techtarget.com/whatis/definition/recovery-point-objective-RPO

http://rubrik.com/insights/rto-rpo-whats-the-difference

http://en.m.wikipedia.org/wiki/Mean_time_between_failures

A Quick Overview of SAML

Posted on by
Reply

SAML stands for Security Assertion Markup Language. It allows for Single Sign On or SSO to a service.

There are three entities or roles involved when using SAML to sign into a service.

  1. Principal or Subject: a.k.a. you, or the person or service logging in.
  2. Service Provider (SP): This is the service you are accessing. It could be email, a website, etc.
  3. Identity Provider (IdP): This is the entity response for authenticating the Principal.

As an example, let’s say you want to log into a new website utilizing your email SSO credentials. You click the SSO login button, you are redirected to the IdP to login. Once authenticated, your device will receive a token which is then passed back to the Service Provider and allows you access to the new website.

This is a very simplified version of what happens when you login using SAML. It may be helpful to know that the Service Provider and the Identify Provider will have needed to be configured to work together before the user attempts to log in.

https://auth0.com/blog/how-saml-authentication-works

https://infosec.mozilla.org/guidelines/iam/saml.html

Common Power Issue Terminology

Posted on by
Reply

Here is a list of terms associated with power issues.

NameDefinition
FaultMomentary loss of power
BlackoutProlonged power outage
SagMomentary low voltage
BrownoutProlonged Low voltage
SpikeMomentary spike in voltage
SurgeExtended spike in voltage
InrushInitial voltage “surge” when a device is plugged in

Here is a visual image.

Table of Types of Law for Cyber Security

Posted on by
Reply

There are three types of law. Criminal, civil, and administrative.

Type of LawExamplesStandard of ProofBurden of ProofPenalty
Criminal LawMurder, assault, robbery, arsonBeyond a reasonable doubtInnocent until proven guiltyFines, Jail, Prison, Death penalty
Civil LawProperty Disputes, Personal injuryPreponderance of evidenceClaimant must give proof (most cases)Compensation for injuries/damage
Administrative LawDefine standards of performance and conduct for major industries, organizations and government agencies
Table of Law

https://www.diffen.com/difference/Civil_Law_vs_Criminal_Law

List of Laws and Acts

The following is a list of “good to know” legislative acts.

AcronymNameNotes
CFAAComputer Fraud and Abuse ActFirst major cyber crime legislation
Federal Sentencing Guidelines (1991)Responsibility on senior management
ECPAElectronic Communications Privacy Act of 1986Made it a crime to invade the electronic privacy of an individual
CALEAComm Assistance for Law Enforcement Act of 1994Amended ECPA. Made wiretaps possible for law enforcement with a court order.
Economic Espionage Act of 1996Made theft no longer tied to something physical
FISMAFederal Information Security Management ActCyber security requirements for government agencies
DMCADigital Millennium Copyright ActCopyright protection is 70 years +
1st major revision added CD/DVD protections
USA PATRIOTUSA PATRIOT Act of 2001Gave law enforcement and intelligence agencies broader wiretapping authorizations
Identity Theft and Assumption Deterrence Act (1998)Made identity theft a crime. Up to 15 years in prison and $250,000 fine.
HIPPAHealth Insurance Portability and Accountability Act (1996)Regulations for security measures for hospitals, physicians, and insurance companies
HITECHealth Information Technology for Economic and Clinical Health Act of 2009Amended HIPPA. Updated privacy/security requirements for Business Associates (BAs), requires a written contract known as a business associate agreement (BAA). BAs are directly subject to HIPPA and enforcement actions like a covered entity.
HITECH also introduced new data breach notifications.
GLBAGramm-Leach-Bliley ActLimits services that banks, lenders, and insurance agencies can provide and information they can share with each other
COPPAChild Online Privacy Protection ActSeeks to protects children (<13 years old) online
FERPAFamily Educational Rights and Privacy ActGives students certain privacy rights. Deals with adults >18, and Children in school <18
ITARInternational Traffic in Arms RegulationRegulates the export of military and defense related technologies
EARExport Administration RegulationsFor commercial use, but may have military applications.
Table of Laws and Acts

Trademark, Patents, Copyright etc.

NameProtection Length
Trademarks10 Years
Patents20 Years
Copyright 70 Years after the death of the author
Trade SecretsUntil they are leaked.
Table of Trademarks, Patents, Copyright, and Trade Secrets

List of Symmetric Encryption Algorithms. Block and Key Size.

Posted on by
Reply

List of common symmetric encryption algorithms with their block and key size.

NameBlock SizeKey SizeNotes
AES Advanced Encryption Standard128128, 192, 256Is Rijndael
RijndaelVariable128, 192, 256Is AES
Blowfish 6432-448Often used in SSH
DES Data Encryption Standard6456
Triple DES64112-168DES 3 times
IDEA64128Used in PGP
RC4 Rivest Cipher 4Stream Cipher40-2048Insecure/Not used, used in WEP, WPA, and SSL
RC5 Rivest Cipher 532, 64, 1280-2040
RC6 Rivest Cipher 6128128, 192, 256
Skipjack6480Developed by the NSA and supported key escrow
CAST-1286440-128
CAST-256128128, 160, 192, 224, 256
Twofish1281-256
ChaCha20Stream Cipher256
List of Common Symmetric Encryption Algorithms With Block and Key Size

RSTP Alternative Port vs Backup Port

Posted on by
Reply

The following is some basic info on STP and RSTP. This list is not comprehensive. Refer to the link at the bottom of the page for more in depth details.

RSTP Priority

Default Priority is 32768 + VLAN ID

For example, if we are using vlan 10, then our default priority is 32768 + 10 = 32778

RSTP Priority can be set from 0 – 61440 in increments of 4096.

RSTP Port Roles

Ports can fill 1 of 4 roles.

Port RoleDescription
Root PortPort closest to the Root Bridge (Switches going to the Root switch)
Designated PortPorts going away from the Root Bridge (To clients)
Alternate PortA “backup” port for the Root port. If the Root Port fails, this port takes over
Backup PortEssentially a backup port for the designated port
RSTP Port Roles

RSTP Port States

A port can be in one of 3 states. Well technically 4 states if you include down/unplugged.

Port StateDescription
DiscardingPort discards packets (Alternate and Backup Ports)
LearningPort learns MACs and doesn’t forward data
ForwardingPort forwards data and learns MACs
RSTP Port States

RSTP Port Types

There are 3 port Types. Not to be confused with port States or Roles.

Port TypeDescription
Point to PointSwitch to Switch
Point to Point EdgeEdge of Network. Connected to a PC, Printer etc.
SharedHalf Duplex, Port connected to a Hub
STP/RSTP Port Types

RSTP Timers

There are three RSTP timers. STP has the same timers, but the MaxAge is 10 seconds, and the Forward Delay is used for both Learning and Listening states which takes a total of 30 seconds to complete.

Timer NameDefault ValueDescription
Hello Timer2 SecondsTime between Hellos created by Root
MaxAge6 Seconds (Hello Timer * 3)How long a Switch should wait before trying to readjust the network
Forward Delay15 SecondsDelay used for Learning/Listening in STP. Shouldn’t be necessary if legacy bridges are not used.
RSTP/STP Timers

Port Cost

There are technically two types of cost. The newer cost values were introduced so we could use faster ethernet speeds.

By default Cisco switches use the old cost values, but they can be changed to use the new ones.

spanning-tree pathcost method long
Ethernet SpeedOld CostNew Cost
10 Mbps1002,000,000
100 Mbps19200,000
1 Gbps420,000
10 Gbps22000
100 GbpsN/A200
1 TbpsN/A20
STP/RSTP Path Cost

More information can be found at the following link.

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html