Application layer(7) Recognized as the top layer of the OSI model, this layer serves as the window for application services. home of email programs, FTP, Telnet, web browsers, and office productivity suites, a viruses, worms, Trojan horse programs,

Presentation layer(6) The Presentation layer is responsible for taking data that has been passed up from lower levels and putting it into a format that Application layer programs can understand. The most critical process handled at this layer is encryption and decryption.

Session layer(5) Its functionality is put to use when creating, controlling, or shutting down a TCP session. Items such as the TCP connection establishment and TCP connection occur here. Session-layer protocols include items such as Remote Procedure Call and SQLNet from Oracle. The Session layer is vulnerable to attacks such as session hijacking. A session hijack can occur when a legitimate user has his session stolen by a hacker.

Transport layer(4) ensures completeness by handling end-to-end error recovery and flow control. Transport-layer protocols include TCP, a connection-oriented protocol. TCP provides reliable communication through the use of handshaking, acknowledgments, error detection, and session teardown, as well as User Datagram Protocol (UDP), a connectionless protocol. UDP offers speed and low overhead as its primary advantage. Security concerns at the transport level include Synchronize (SYN) attacks, Denial of Service (DoS), and buffer overflows.

Network layer(3). logical addressing and routing. The Network layer is the home of the Internet Protocol (IP), which makes a best effort at delivery of datagrams from their source to their destination. Security concerns at the network level include route poisoning, DoS, spoofing, and fragmentation attacks. Fragmentation attacks occur when hackers manipulate datagram fragments to overlap in such a way to crash the victim’s computer. IPSec is a key security service that is available at this layer.

Data Link layer(2). is responsible for formatting and organizing the data before sending it to the Physical layer. The Data Link layer organizes the data into frames. A frame is a logical structure in which data can be placed; it’s a packet on the wire. When a frame reaches the target device, the Data Link layer is responsible for stripping off the data frame and passing the data packet up to the Network layer. The Data Link layer is made up of two sub layers, including the logical link control layer (LLC) and the media access control layer (MAC). You might be familiar with the MAC layer, as it shares its name with the MAC addressing scheme. These 6-byte (48-bit) addresses are used to uniquely identify each device on the local network. A major security concern of the Data Link layer is the Address Resolution Protocol (ARP) process. ARP is used to resolve known Network layer addresses to unknown MAC addresses. ARP is a trusting protocol and, as such, can be used by hackers for ARP poisoning, which can allow them access to traffic on switches they should not have.

Physical layer(1). bit-level communication takes place. The bits have no defined meaning on the wire, but the Physical layer defines how long each bit lasts and how it is transmitted and received. From a security standpoint, you must be concerned anytime a hacker can get physical access. By accessing a physical component of a computer network—such as a computer, switch, or cable—the attacker might be able to use a hardware or software packet sniffer to monitor traffic on that network. Sniffers enable attacks to capture and decode packets. If no encryption is being used, a great deal of sensitive information might be directly available to the hacker.

from CEH

Mounting criticism has forced the social network to revert to its old terms of service.

MetaData: Facebook Face-Off

The social network's members fret about how it will turn chitchat into cash.

The blogsphere erupted Sunday evening following an observation by the blog Consumerist that Facebook, the watercooler of this generation, recently tightened its policies for using the data that we all so freely share on its platform. The blog summed up the problem succinctly by asserting the new Facebook rules amount to: "We Can Do Anything We Want With Your Content. Forever."

Facebook founder Mark Zuckerberg fired back but sounded a bit wounded by the attack. "We wouldn't share your information in a way you wouldn't want," he said in a blog post on Facebook on Monday. "The trust you place in us as a safe place to share information is the most important part of what makes Facebook work."

Do people really think that their private information is sacred anywhere on the Web? You can read some detailed accounts of the specifics of this dustup here and here, among other places. Zuckerberg has gone to some lengths to say that Facebook's recent changes in its terms of service simply enable the service to let you save copies of your messages and photos and that of your friends. "We still have work to do to communicate more clearly about these issues," Zuckerberg wrote.

Even so, it's lunacy to think that Facebook isn't scrambling to figure out how to make use of all those comments about what movie you liked the most last week or your favorite brand of jeans. Yes, its traffic is spectacular: in 2008, a staggering 6.6 billion "friendships" were made on Facebook. If real life mimicked Web life, that would mean that just about everybody on the planet could have at least one friend.

But unless Facebook gets better turning chatter into cash, it won't have much of a business.

So far, Facebook has made limited headway in weaving advertising into its site. Small-time operations can pay a few cents per ad to deliver their message to people with a certain set of demographics. But earning pennies for ads isn't a passport to a great business.

If Facebook really wants to collect serious money for sharing its "friends" with the highest bidder, that could mean giving up some of the innocent, playful gestalt of the site and yielding to advertisers' demands for a more intimate look at users' characteristics. That may not sit well with Zuckerberg, who cherishes the aura of Facebook more than he does its income stream.

Is the Web finally ready for a patent-busting site?

The Pentagon has banned, at least temporarily, the use of external computer flash drives because of a virus threat officials detected on Defense Department networks.

While defense officials would not publicly confirm the ban, messages were sent to department employees informing them of the new restrictions. As part of the ban, the Pentagon was collecting any of the small flash drives that were purchased or provided by the department to workers, according to one message distributed to employees.

Workers are being told there is no guarantee they will ever get the devices back and it is not clear how long the ban will last.

Pentagon spokesman Bryan Whitman would provide no details on the virus Friday, but he described it as a "global virus" that has been the subject of public alerts.

"This is not solely a department problem, this is not solely a government problem," Whitman said.

The Pentagon has acknowledged that its vast computer network is scanned or probed by outsiders millions of times each day. Last year a cyber attack forced the Defense Department to take up to 1,500 computers off line.

Officials said then that a penetration of the system was detected, but the attack had no adverse impact on department operations.

However, military leaders have consistently warned of potential threats from a variety of sources including other countries -- such as China -- along with other self-styled cyber-vigilantes and terrorists.

The issue has also been of concern at the Department of Homeland Security. A September audit by the DHS Inspector General recommended that the agency implement greater procedures to ensure that only authorized computer flash drives or other storage devices can be connected to the network there and that an inventory of those devices be set up.

DHS agreed with the recommendations and said some of that is already being done. DHS also said more software enhancements are in the works that will provide more protection.

Network Security Breaches Plague NASA

Repeated attacks from abroad on NASA computers and Web sites are causing consternation among officials and stirring national security concerns

Space Shuttle Discovery preparing for launch in July 2005 NASA/SSPL/The Image Works

By Keith Epstein and Ben Elgin

America's military and scientific institutions—along with the defense industry that serves them—are being robbed of secret information on satellites, rocket engines, launch systems, and even the Space Shuttle. The thieves operate via the Internet from Asia and Europe, penetrating U.S. computer networks. Some of the intruders are suspected of having ties to the governments of China and Russia, interviews and documents show. Of all the arms of the U.S. government, few are more vulnerable than NASA, the civilian space agency, which also works closely with the Pentagon and American intelligence services.

In April 2005, cyber-burglars slipped into the digital network of NASA's supposedly super-secure Kennedy Space Center east of Orlando, according to internal NASA documents reviewed by BusinessWeek and never before disclosed. While hundreds of government workers were preparing for a launch of the Space Shuttle Discovery that July, a malignant software program surreptitiously gathered data from computers in the vast Vehicle Assembly Building, where the Shuttle is maintained. The violated network is managed by a joint venture owned by NASA contractors Boeing (BA) and Lockheed Martin (LMT).

Undetected by the space agency or the companies, the program, called stame.exe, sent a still-undetermined amount of information about the Shuttle to a computer system in Taiwan. That nation is often used by the Chinese government as a digital way station, according to U.S. security specialists.

By December 2005, the rupture had spread to a NASA satellite control complex in suburban Maryland and to the Johnson Space Center in Houston, home of Mission Control. At least 20 gigabytes of compressed data—the equivalent of 30 million pages—were routed from the Johnson center to the system in Taiwan, NASA documents show. Much of the data came from a computer server connected to a network that tracks malfunctions that could threaten the International Space Station.

BEYOND HACKERS

Seven months after the initial April intrusion, NASA officials and employees at the Boeing-Lockheed venture finally discovered the flow of information to Taiwan. Investigators halted all work at the Vehicle Assembly Building for several days, combed hundreds of computer systems, and tallied the damage. NASA documents reviewed by BusinessWeek do not refer to any specific interference with operations of the Shuttle, which was aloft from July 26 to Aug. 9, or the Space Station, which orbits 250 miles above the earth.

The startling episode in 2005 added to a pattern of significant electronic intrusions dating at least to the late 1990s. These invasions went far beyond the vandalism of hackers who periodically deface government Web sites or sneak into computer systems just to show they can do it. One reason NASA is so vulnerable is that many of its thousands of computers and Web sites are built to be accessible to outside researchers and contractors. Another reason is that the agency at times seems more concerned about minimizing public embarrassment over data theft than preventing breaches in the first place.

In 1998 a U.S.-German satellite known as ROSAT, used for peering into deep space, was rendered useless after it turned suddenly toward the sun. NASA investigators later determined that the accident was linked to a cyber-intrusion at the Goddard Space Flight Center in the Maryland suburbs of Washington. The interloper sent information to computers in Moscow, NASA documents show. U.S. investigators fear the data ended up in the hands of a Russian spy agency.