Week 6: Announcements and Outstanding Questions

1
Week 6Announcements and Outstanding Questions

• D.A. Clements

2
Announcements

• Oldest first.

3
LIS 541 / LIS 540 / 1 cr. Modules

• Yes, its happening.
• LIS 540 is going away.
• LIS 541 will be replaced by INFX
• How this courses matches up

Choose only the modules you need
4
LIS 541 and the INFX courses

• Ive been making this course line up with the
  three modules that will replace it
• Much as Bob Larson taught it last quarter in
  distance mode
• Ive had to rework this course for a classroom
  audience, while Im prepping for the four modules
  in distance mode
• Im sorry theres been some discontinuitylike
  not enough time for certain discussions, like The
  World is Flat. I wanted to talk about it, too!

5
Resume Project

• Next week well begin the optional resume project

6
nslookup non-authoritative answer

• Short answer Name server has the information
  cached but the name server doesnt have authority
  over the domain
• Long answer When a server receives a query for a
  domain outside its zone,
• The name server sends a referral to the client
  citing better name servers.
• NS records in the authority section point to
  these other servers.
• Name server may recurse by attempting to
  completely resolve the request through a series
  of exchanges with other name servers.
• Most name servers will recurse, since this
  permits them to cache the various resource
  records used to access the foreign domain, in
  anticipation of further similar requests.
• Source http//www.freesoft.org/CIE/Topics/76.
  htm

7
Social Engineering

• Confidence trickster uses social skills to
  engineer a situation to defraud or harm
• Pretexting. Impersonate co-workers, police, bank,
  tax authorities or insurance investigators or
  any other individual who could have perceived
  authority or right-to-know in the mind of the
  target. The pretexter must simply prepare answers
  to questions that might be asked by the target.
  In some cases all that is needed is a voice of
  the right gender, an earnest tone and an ability
  to think on one's feet.
• VoIP is replacing phone because IP addresses are
  harder to track.
• IVR (interactive voice response) phishing. A
  typical system will continually reject logins
  ensuring the victim enters PINs or passwords
  multiple times, often revealing several different
  passwords. More advanced systems will even
  transfer the victim to the attacker posing as a
  customer service agent for further questioning.
• Email phishing. Were all familiar with this
  one.
• Trojan horse gimmes. Get this free download
  carries malware into your computer
• Road Apple. CD, disk, etc., left in bathroom,
  hallway, etc. Printed logo of company on disk.
  Employee picks it up, puts it in computer
  autoplay releases malware.
• Quid pro quo. Attacker calls random numbers,
  claims to be tech support, eventually they hit
  someone with a legitimate problem, grateful for
  help. Attacker actually helps them then directs
  them to enter a series of commands that release
  the malware.
• http//en.wikipedia.org/wiki/Social_engineering_(c
  omputer_security)

8
Public-Key Encryption

• Its active now
• Literature is a little confusing because it
  sounds like its all done manually (except the
  encryption)
• Joe encrypts his document with his private key
  and sends it and his public key to Doris. Doris
  uses the public key to verify that the document
  hasnt been tampered with and decrypts it.
• Total automation, seamless to users. Part of
  https// which uses public keys and certificate
  authorities that verify them.
• The part thats under government debate is
  digital signatures based on this same technology
• Certificate authorities have the root public keys
  that can decrypt everything
• Vulnerability What if a certificate authoritys
  root public key is stolen?
• See new sources listed on course calendar