 Strategic Cybersecurity Module 5, Vulnerabilities and Vectors Once you have completed the readings, lecture, activity, and assessment, you will be able to describe the five layers of the Internet from which all vulnerabilities arise. As your readings for this module have noted, the Internet was originally designed to be an open system for sharing information, but securing its infrastructure was largely an afterthought. Rosenweig provides a relatively easy to understand classification of the Internet into five distinct layers. A geographic layer, a physical network layer, a logic layer, a cyber persona layer, and a persona layer. Each of these layers has its own specific vulnerabilities, which we will discuss in this module. The geographic layer of the Internet comprises its physical location of its components, such as computers, servers, routers, and cables that are linked throughout the world. Due to the diverse locations of these components, they are subject to various legal and political jurisdiction, making open, unadulterated access difficult to ensure. One vulnerability of the geographic layer then might be an authoritarian government that filters information it deems subversive. The physical network layer of the Internet comprises its actual equipment and components, such as the computers, servers, routers, and cables just mentioned. One example of a vulnerability to the physical layer is a major geological event, such as the 2006 earthquake off the coast of Taiwan. That earthquake damaged several communications cables, disrupting the Internet service in Japan, Taiwan, South Korea, China, and other Asian countries. Another example of a physical layer vulnerability is the accidental cut of a fiber optic cable during construction work. This error can disrupt Internet service for an entire building or neighborhood. The logic layer represents the binary system of the Internet's integrated circuits, storing and transmitting the ones and zeros as needed. Vulnerability in this layer includes disruption of the computer code for illicit purposes, a primary focus of malware. Another example of vulnerability to the logic layer is a zero-day exploit in which a user identifies a weakness in the computer program's code and sells or uses this information to gain unlawful access to the program or even to crash it. Once the vulnerability is realized by the owners of the computer code, it is generally immediately patched. The cyber persona layer represents merely how users of the Internet are identified. The cyber persona layer includes such elements as your email addresses and the IP addresses associated with your communication devices. Let's say you receive a message from an email address that at first glance appears to be from your bank, but it is in fact slightly different. It asks you for confidential information such as your user name and password. You have now just experienced a vulnerability of the cyber persona layer of the Internet. The fifth layer of the Internet, the persona layer, comprises the actual people using the Internet, not just their representations with email or IP addresses. In many ways, the persona layer is most vulnerable to malicious actions such as socially engineered phishing emails. When we are tired or overwork, we may unwittingly open a spoofed email, not realizing that what we thought was our bank's email address is actually one character off and from a criminal instead. In addition to the description of the five layers of the Internet, this module's readings highlighted several common types of cyber attacks. One of the more common attacks you will see is a distributed denial of service or DDoS attack. A DDoS attack occurs when hundreds or thousands of computers infected with a specific form of malware barrage a specific server with requests for information. This barrage of a quest can overburden a server to a point that it crashes. Quiz question one. Which of the following is not part of Rosenweig's five layers of the Internet? A. Geographic layer B. Bioslayer C. Physical network layer D. Logic layer E. Persona layer The answer is B. Bioslayer C. Quiz question two. True or false? The geographic layer of the Internet comprises its actual equipment and components such as computers, servers, routers, and cables. The answer is false. The physical network layer comprises its actual equipment and components such as computers, servers, routers, and cables. Quiz question three. Which type of cyber attack is defined as when hundreds or thousands of computers infected with a specific form of malware barrage a specific server with requests for information resulting in a server crash? A. Zero-day exploit B. Fishing email C. DDoS attack D. Botnet The answer is C. DDoS attack The activity for this module asks that using a paper and pen or any type of drawing app illustrate the five distinct layers of the Internet as well as one vulnerability that might occur in that layer. You may use images, text, or anything else to communicate your thoughts. One finished. Consider if you are more vulnerable in some layers versus others.