Free Essay

Dude

In: Computers and Technology

Submitted By farticus
Words 9561
Pages 39
Learning Objectives - OSI Overview

After working with the content of the OSI model overview, you should be able to:

Draw a diagram showing how communication takes place between two hosts on a network and the software and hardware objects involved in that communication.

Describe the role of layered architectures in networks and data communications.

Differentiate between the logical and physical structure of a network.

Describe the use and importance of protocols in networking.

Describe what data is accessible at each layer of the OSI model during communication and the potential risks avoided based on the placement of protection mechanisms at each layer.
Description - OSI Overview

Welcome to the OSI model. In this learning object, we will describe each of the layers of the OSI model and its associated protocols.

The seven layers of the OSI model are physical, data link, network, transport, session, presentation, and application.

We start with this overview, where you will learn how the seven layers work together to provide to users a seamless integration and operation of functions across networks worldwide in a way that potentially eliminates any indication of where the computing

Protocols - Application Layer

The protocols associated with the application layer include:

DNS (Domain Name Service): resolves domain names to IP addresses

FTP (File Transfer Protocol): transfers data over a network from one computer to another

HTTP (Hypertext Transfer Protocol): used for Web pages

HTTPS: HTTP using SSL

IMAP (Internet Message Access Protocol): an e-mail receiving protocol that maintains messages on a server

LDAP (Lightweight Directory Access Protocol): provides logon to network environments

POP3 (Post Office Protocol Version 3): an e-mail receiving protocol for MTA-to-UA transmissions

SMTP (Simple Mail Transfer Protocol): an e-mail sending protocol for UA-to-MTA or MTA-to-MTA transmissions

SSL (Secure Sockets Layer): a cryptographic protocol that provides secure communications on the Internet (there are hundreds of these protocols - this is an illustrative example).

Telnet: a protocol for virtual terminal-to-host network connections

TFTP (Trivial File Transfer Protocol): a simple, basic file transfer protocol with limited functionalities

X.500 Directory Service: the OSI directory service
Protocols - Presentation Layer

The protocols associated with the presentation layer include:

AES (Advanced Encryption Standard): an NIST standard secret key encryption algorithm

ASN.1 (Abstract Syntax Notation One): an ISO and ITU standard for describing abstract data structures for encoding and decoding data for transmission

CDR (Common Data Representation): a protocol used to represent data that is passed in CORBA object invocations

ITU-T X.216/ISO 8822: the OSI presentation service definition

ITU-T X.226/ISO 8823: the OSI connection-oriented presentation protocol specification

Java Serialization: a Java communication mechanism that saves and restores an object
Protocols - Session Layer

The protocols associated with the session layer include:

NFS (Network File System): accesses remote resources transparently and represents files and directories as if they were local to the user

SAP (Session Announcement Protocol): assists in the advertisement of a multicast session over multicast IP addresses

SCP (Session Control Protocol): designed for multiple sessions over a single TCP Connection

SDP (Session Description Protocol): describes streaming media initialization parameters, published by IETF as RFC 4566

SQL (Structured Query Language): functions as a query language that requests, updates, and manages databases

SSH (Secure Shell): a protocol used in Telnet sessions for remote login

SSL (Secure Sockets Layer): a cryptographic protocol that provides secure communications on the Internet (there are hundreds of these protocols
Protocols - Transport Layer

The protocols associated with the transport layer include:

SCTP(Stream Control Transmission Protocol): a reliable, general-purpose protocol that provides stable, ordered message delivery

SSL (Secure Sockets Layer): a cryptographic protocol that provides secure communications on the Internet (there are hundreds of these protocols - this is an illustrative example).

TCP (Transmission Control Protocol): provides a connection-oriented point-to-point connection between two hosts

TLS (Transport Layer Security): a successor to SSL for providing secured communications on the Internet

UDP (User Datagram Protocol): provides a connectionless communication, which broadcasts message to one or more hosts

Protocols - Network Layer

The protocols associated with the network layer include:

AH (Authentication Header): a protocol that provides source authentication and data integrity

CHAP (Challenge Handshake Authentication Protocol): uses a three-way handshake to provide dial-up security

ESP (Encapsulating Security Payload): a protocol that provides privacy, source authentication, and data integrity

ICMP (Internet Control Message Protocol): used in handling errors and controlling traffic

IP (Internet Protocol): used to carry data in Microsoft and Internet networks

IPSec (Internet Protocol Security): a collection of protocols that provide security for Internet packets

IPX (Internet Packet Exchange): a protocol used to carry data in Novell networks

ISAKMP (Internet Security Association and Key Management Protocol): used to establish security associations and cryptographic keys

OSPF (Open Shortest Path First): a routing protocol based on the shortest path to the destination

PAP (Password Authentication Protocol): used to validate the identity of a dial-up user

RIP (Routing Information Protocol): a routing protocol based on the hop count to the destination
Protocols - Data Link Layer

The protocols associated with the data link layer include:

ATM (Asynchronous Transfer Mode): a high-speed protocol that makes use of 53-byte frames

BSC (Binary Synchronous Control): a character-oriented protocol that uses control characters

CSMA/CD (Carrier Sense Multiple Access/Collision Detect): a protocol that transmits data when the link is clear; and detects any collisions

Frame Relay: a protocol for WAN connections

HDLC (High-Level Data Link Control): a bit-oriented protocol for synchronous transmissions

IEEE 802: a series of data link protocols promulgated by the Institute of Electrical and Electronic Engineers

IEEE 802.3 (Ethernet): also known as CMSA/CD

IEEE 802.4 (Token Bus): a token-passing protocol used on a bus network

IEEE 802.5 (Token Ring): a token-passing protocol used on a ring network

IEEE 802.11: wireless network protocols and standards

PPP (Point-to-a protoPoint Protocol): used for dial-up connections

WEP (Wired Equivalent Privacy): a wireless LAN protocol that provides authentication and encryption

WPA (Wi-Fi Protected Access) and WPA2: wireless LAN protocols that provide authentication and encryption

Protocols - Physical Layer

The protocols associated with the physical layer include:

IrDA: a protocol that supports infrared point-to-point and multipoint communication between devices

V.24: a protocol that transmits data between the Data Terminate Emulator (DTE) and Data Communication Emulator (DCE)

V.92: a protocol for standard dial-up modems

X21:a specification for serial communications over synchronous lines

X21 bis:indicates the connection when flags are detected
Information Assurance Implications

- OSI Overview

The mission of networks is to share, while the goal of information assurance is to limit the sharing to those who should be a part of the community. These two objectives seem to work counter to each other; a good information assurance approach is a balanced one that does not unnecessarily stifle the sharing aspect.

What exactly is information assurance? According to the National Security Agency, it is "the set of measures intended to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities" (http://www.nsa.gov/ia/iaFAQ.cfm?MenuID=10).

The security services of availability, integrity, authentication, confidentiality, and non-repudiation are often referred to as the Five Pillars of Information Assurance. Figure 1 below depicts these five pillars:

Figure 1. The Five Pillars of Information Assurance (source: http://www.defenselink.mil/cio-nii/infoassurance/diap/documents/DIAP2000.pdf)

Information assurance has its own history. The phrase "Information Security" (originally a military term) predates "Information Assurance." Information security means "protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction" (see http://www.law.cornell.edu/uscode/html/uscode44/usc_sec_44_00003542----000-.html for more information). Over time, the concept of information security evolved to become information assurance as we know it today.

Back in the late 1970s when the OSI model was being developed, information assurance was not yet a major consideration. Computer networks were still in their infancy, making access by hackers difficult. The Internet did not exist at this time. However, as the Internet became more prevalent and unauthorized users gained access to networks, information assurance became a priority so that networks and the data that traveled on them would be protected.

The consequence of a layered architecture such as the OSI model is that information assurance design must associate protections with each layer that enables it to best reduce the targeted risk in the least invasive manner. For example, using encryption at the presentation layer protects the data but may leave the details of the actual exchange exposed and vulnerable. Encrypting at the transport layer, on the other hand, can protect more details but potentially interferes with the effectiveness and efficiency of some of the protocols used.

An information assurance model devised by Maconachy et al. can be used to relate information assurance to networks. This model is an extension of an earlier information security model developed by McCumber. As shown in Figure 2 below, computer networks (i.e., the transmission layer) are represented by the top row of the "Rubik's Cube." The five pillars of information assurance are shown across the top, and security countermeasures (e.g., technology) are on the right face of the cube.

Figure 2. Information assurance model (source: http://www.itoc.usma.edu/Workshop/2001/Authors/Submitted_Abstracts/paperW2C3(55).pdf)

This information assurance model shows multiple intersections between the five pillars and the transmission layer. This also holds true for the intersections between the five pillars and the OSI model; the security services can be expected to apply to the OSI model's multiple layers.

Note that the information assurance model has a column labeled "people." Perhaps the OSI model needs an eighth layer to describe information assurance services that must be provided by network users.

Glossary - OSI Overview

AH - Application Header
CAN - Campus Area Network
IA - Information Assurance
INFOSEC - Information Security
IP - Internet Protocol
LAN - Local Area Network
NH - Network Header
SSL - Secure Sockets Layer
TCP - Transmission Control Protocol
TH - Transport Header

Learning Objectives - Application Layer

After working with the content of the application layer, you should be able to:

Associate the appropriate protocols with the application layer.

Understand what lies supra to the application layer.

Describe the association between ports, protocols, sockets, service access points, and layers.

Describe why directory services are required and how they work.

Differentiate between the operating characteristics of application services using e-mail and the World Wide Web as examples.

Recognize the information assurance implications in the application layer.

Description - Application Layer

The application layer is the highest layer of the OSI model. It is the point at which the user or user application utilizes appropriate protocols to gain access to the services of the network. It is really the "network application" layer, as many people mean a suite of software used for a business function when they talk about an application--which implies that there is conceptually a "layer 8" when discusses systems such as the OSI model.

Information Assurance Implications

- Application Layer

As mentioned earlier, the application layer is really the "network application" layer--the access point at which the user or user application gains access to the services of the network. The application layer should not be confused with user applications (i.e., programs) such as Excel or a Web browser. User applications use the application layer to communicate with the network.

From the perspective of the five pillars of information assurance, the application layer faces the following issues:

Confidentiality: Using the application layer's FTP service, a network intruder may attempt to access confidential information in a user's machine.

Integrity: Using the application layer's Telnet service, a network intruder may attempt to destroy or corrupt a user's files from a remote location.

Availability: By using application layer services to corrupt system files, a network intruder may deny a user's timely, reliable access to databases or remote services.

Authentication: A user application may use application layer services to authenticate that he/she is authorized to access certain information via the network.

Non-repudiation: A user application may use application layer services to prove that he/she was the actual sender of a message.

Some information assurance implications in terms of the five pillars and application layer services are summarized in the table below:

Here is an example of how a hacker might launch a cyber attack using application layer services:

The hacker builds a virus and embeds it within a file. He attaches the file to an e-mail and uses his e-mail client (a user application) to send the infected message through his application layer SMTP service and across the network.

The infected message travels across the network to the victim's machine and up the OSI stack to the victim's application layer.

The infected message travels across the network to the victim's machine and up the OSI stack to the victim's application layer.

The victim's machine is also running a user application e-mail client that utilizes the application layer SMTP service.

The unwitting victim opens the e-mail, and his e-mail client writes the infected file to his hard drive.

The infected file uses the application layer SMTP service to transmit copies of itself via e-mail to other machines on the network.

There are many ways that the information assurance threats at the application layer can be mitigated. A few examples follow:

FTP: The File Transfer Protocol service can be turned off unless absolutely needed. If it is turned on, logons by anonymous users should be disabled. If anonymous logons are a requirement, they should be carefully configured and administered.

Telnet: This protocol allows a user to logon to a computer over a network. As with FTP, this service should be turned off unless absolutely needed. If it must be used, it should be configured to disable logons after repeated failed attempts to logon.

HTTP: The Hypertext Transfer Protocol is vulnerable because it transmits unencrypted information (such as credit card numbers) over the network. The use of the Secure Hypertext Transfer Protocol (HTTPS) mitigates this threat to confidentiality by encrypting data prior to transmission.

As mentioned in the Overview, the OSI model really needs an eighth ("people") layer to describe the role that network users play in achieving information assurance. In the example above, user training might have prevented the unfortunate opening of a suspicious e-mail.

Glossary - Application Layer

DNS - Domain Name Service
DoS - Denial of Service
FTP - File Transfer Protocol
HTML - Hypertext Markup Language
HTTP - Hypertext Transfer Protocol
HTTPS - Secure Hypertext Transfer Protocol
IMAP - Internet Message Access Protocol
LDAP - Lightweight Directory Access Protocol
MTA - Mail Transfer Agent
POP3 - Post Office Protocol 3
SMTP - Simple Mail Transfer Protocol
SSL - Secure Sockets Layer
TFTP - "Trivial" File Transfer Protocol
UA or MUA - (Mail) User Agent
WWW - World Wide Web

Learning Objectives - Presentation Layer

After working with the content of the presentation layer, you should be able to:

Describe the role of the presentation layer.

Describe how the presentation layer fits into the OSI model.

Explain what data representation services are and why they are needed.

Explain why the presentation layer is a good fit for encryption and authentication.

Description - Presentation Layer

The presentation layer, the sixth layer of the OSI reference model, sits between the application and session layers. Its two main functions are data representation services and encryption and authentication.

There are two main themes regarding data representation. The first theme is that application layer programmers focus on the business details of solving a problem. They want and need the details of underlying networks to be as transparent as possible. In the best of all worlds, the network will be completely transparent. Programmers like to focus on their problem using the programming models that they have at hand. It is an error-prone distraction for them to have to take their models and break them down into a format that the network can understand.

The second theme is that different machines have different machine architectures. Different machine architectures represent the higher-level data structures in different forms. It is not possible to just point at a structure and send X amount of bytes and have the destination see the same data structure. The classic example is with integers. Some machine architectures like Intel represent integers in memory in a form call Little Endian. Little Endian architectures represent the least significant bytes of the integer in memory first. Big Endian architectures, however, like UMUC's NOVA system, represent the most significant bytes of the integer first.

To illustrate the problem, consider how an integer is represented on two different machines. The outputs shown below are from the same C program that ran first on an Intel-based PC and then on a Sun system. The C program assigned the value 8 to an integer variable and then cast the variable to a character pointer and printed out the 4 bytes that made up the integer.

Intel PC Output byte 1=8 byte 2=0 byte 3=0 byte 4=0

Sun System Output byte 1=0 byte 2=0 byte 3=0 byte 4=8

As you can see from the output, the integer is represented differently on the two machines. This is not a problem when the integer is being used just on that machine. It becomes a problem when machines are trying to send the integer over a network between each other. If the 4 bytes are sent from one system to another and saved to memory, then the machine will read the 4 bytes in reverse order and not see the number 8. Instead, it will see a very large number.

This is where data representation services step in. The application needs to have the logical integer value of 8 passed between the two systems. Somewhere between the two application programs, the 4 bytes that make up the integer need to be reversed. If the application programmers are writing code to do it, they must include that code in every application they write. A better, more efficient idea is to have a layer between the application and session layers that handles this function transparently for the programmers.

This, in a nutshell, is the essence of the presentation layer. The Big Endian/Little Endian issue is just one aspect. Characters have the same issue, where they can be represented by a different byte value depending on which character set is being used. High-level structures like objects and linked lists are packed differently and spread throughout memory. They need to be broken down into component parts, sent separately, and reassembled at the destination. The presentation layer maps the higher-layer application data into forms that are more acceptable to the lower network layers and vice versa; it carries the logical meaning of the data across the network. This data representation service is sometimes called marshalling.

The presentation layer is also best suited for encryption and authentication functions, as it is the last layer where the application data is a whole entity and can be encrypted as an application concept.

Information Assurance Implications - Presentation Layer

- Presentation Layer

Encryption is one of the basic services typically provided by the presentation layer. From the perspective of the five pillars of information assurance, the security services of confidentiality, integrity, authentication, and non-repudiation can be implemented using encryption and related cryptographic techniques.

The presentation layer is uniquely suited to provide these security services since the application laver above it is dealing with business-level entities such as e-mail, documents, Web pages, etc. The presentation layer is the last layer in which the application content is still whole and can be protected as a single entity.

In general, designers of distributed systems need to take steps to secure information, verify identities between processes, and verify signatures. All of these tasks are accomplished through some form of cryptography. Cryptography is the use of encryption algorithms and their associated keys, which are applied to plaintext data to produce encrypted (ciphertext) data. Cryptography is used in different ways to safeguard data and systems. In addition to data encryption, cryptography is used for digital signatures (to provide non-repudiation), authentication, and key distribution.

In general, there are two categories of encryption algorithms: secret key and public key. With secret key algorithms, the encryption key and decryption key are the same. The sender and the receiver share the same key. With public key algorithms, however, the two keys are different. A one-way mathematical function is used to generate a key pair. Knowing one of the keys does not allow one to derive the other. A client who wants to receive messages will generate the key pair and will publish one of the keys; the other key is kept private with the client. Stations wishing to send a message to the client will use the public key to encrypt the message before sending. Only the client with the private key can decrypt the message.

Determining the originator of the application content (such as an e-mail or a document) and figuring out whether it has been altered are very important in distributed systems. Encryption methods can be employed to verify the originator of the application content and to verify that the contents have not been altered by someone other than the sending application. The presentation layer for the sending system can create a digest that represents the application content; the digest may consist of a secure hash algorithm (SHA) of the message or a cyclical redundancy check (CRC) value. The digest is then encrypted and sent with the message. The receiving presentation layer will take the application content and calculate the same digest. If it matches the encrypted digest, then the contents have not been changed. This process ensures the integrity of a transmission.

In practice, both the public and secret key algorithms are often used together because each has different advantages. The strength of the public key algorithm lies in the encryption and decryption keys being different--which provides stronger identity and signature verification. The strength of the secret key algorithm is its speed. From a computational standpoint, it is far less expensive than the public key algorithm.

When both public and secret key algorithms are employed together, the public key algorithm is often used to securely pass a secret key to the destination. The secret key is then used to encrypt the bulk of the data being transferred. This scheme ensures the confidentiality of a transmission.

Some examples of popular secret key algorithms are Triple DES and AES. An example of a popular public key algorithm is RSA.

Learning Objectives - Session Layer

After working with the content of the session layer, you should be able to:

Define the role of the session layer.

Examine how application connections are made in the session layer.

Explain the dialog control that occurs between applications.

Identify the protocols associated with the session layer.

Description - Session Layer

The session layer establishes, maintains, and terminates a session across the network. This happens in four different phases:

Connection establishment
Connection release
Error correction

The session layer also controls the flow of traffic by determining whether the data can flow in a single direction or in both directions at one time.

The higher presentation layer passes e-mail to the session layer. Then, the session layer uses API to determine the services needed to send this e-mail to the proper destination. The application layer has used Simple Mail Transfer Protocol (SMTP) to write the receiving party's address. API software at the session layer activates the Domain Name Service (DNS) application and other processes. It also quantifies the data and places the checkmark at the beginning, middle, and end of the data so that the session layer at the receiving station can determine that it has received the e-mail and terminate the session. This process is also called dialog control. The diagram below illustrates this process:
The session layer creates its own header--which includes an application header and a presentation header--and then passes the session header to the transport layer for transferring the e-mail to its destination.

To see how the session layer functions, follow these steps:

Open a Microsoft Word document, an Excel spreadsheet, or a PowerPoint file.

Press Ctrl Alt Delete.

Select Task Manager.

In the Windows Task Manager dialog box, click on the Processes tab.

On this tab, you can see how the session layer processes are working. If you click on the Applications tab, you will see all the applications you have opened. If you click on End Task in the Applications tab, the session for that application will close. You will be viewing the layer responsible for terminating the application session.
Information Assurance Implications

- Session Layer

The function of the session layer is to establish, manage, and terminate communication sessions between two networked computers. From the perspective of the five pillars of information assurance, the session layer has security issues for each of the individual pillars:

Confidentiality: Sessions established between networked machines are vulnerable to password attacks, session hijacks, and man-in-the-middle attacks--any one of which can potentially compromise sensitive information.

Integrity: The attacks mentioned above can also be used to alter or corrupt database files or data in motion through the network.

Availability: Network attackers may overwhelm a computer by establishing large numbers of illicit sessions; such denial of service attacks can impact availability.

Authentication: Network intruders may establish unauthorized sessions by spoofing legitimate users.

Non-repudiation: Password attacks, hijacking, and man-in-the-middle attacks may compromise the ability to guarantee non-repudiation of network transactions.

Session layer threat mitigation is often implemented by using protocols or services available at other OSI layers. Protocols such as SSL and TLS can play a significant role in minimizing these attacks by using combinations of features deployed at various layers of the OSI model. SSL and TLS (transport layer protocols) use public-key cryptography to provide authentication, confidentiality, and non-repudiation services to processes managed by the session layer.

The session layer is responsible for user IDs and passwords, so a strong password policy can be implemented here. A user logon with a minimum of eight characters which includes one capitalized letter, one number, and one special character (such as @ or #38;) is an example of how to create a strong password. The use of strong passwords can significantly mitigate the security threats described above.

Man-in-the-middle attacks require access to the network media or devices between the source and destination. Wireless LAN technologies are particularly susceptible to this kind of attack. Attackers use captured information (by using sniffers) to launch other attacks that deny service, obtain vital information, subvert applications, or corrupt data stores. To avoid this type of attack, use strong encryption (implemented at other OSI layers)--so that any captured information is useless--as well as mutual authentication (by client and server).
Using two computers, you can conduct an example synchronization process yourself to see the session layer in action. Open up the two computers, one as a client and the other as an e-mail server. Start downloading a large file on the client machine. After a few seconds, unplug the power of one machine and then reconnect it. You will notice that downloading is resumed, at the point prior to the power failure. Although the power connection was suspended for a few seconds, the session layer maintained the session between the two applications.

Learning Objectives - Transport Layer

After working with the content of the transport layer, you should be able to:

Describe the role of the transport layer.

Identify the two most widely used transport layer protocols and their underlying functions.

Describe how transport layer protocols interface with protocols in both the network and session layers.

Explain how transport layer protocols can be applied towards e-mail transmission applications.

Description - Transport Layer

The transport layer is the fourth layer in the OSI Model. Protocols operating in the transport layer can accomplish one or more of the following "quality control" operations:

Ensure that packets are delivered in an error-free sequence.

Provide flow control, error handling, and transmission problem resolution.

Repackage messages into smaller packets when transmitting them to their final destination.

Unpack and reassemble messages when receiving them and in return send an acknowledgement of receipt.

Transport layer protocols receive packets from the lower network layer and add reliability data to the packet header such as a sequence number to maintain a sequence of packets, an acknowledgement number to receive an acknowledgement of receipt from the recipient, and a checksum for the recipient to validate that the received packet matches what the sender intended to send. This added information provides a guaranteed delivery of packets.

Transport layer protocols work with network layer protocols to provide a reliable path for packets received from the network layer. The transport layer determines which protocol to use from the network layer protocol header. The transport layer is handled by protocols running in the host operating systems not within the networking devices themselves such as routers, switches, and hubs. UDP (User Datagram Protocol) is a transport layer protocol that is used for broadcasting packets to multiple destinations.

Transmission Control Protocol (TCP), the most recognized and widely used transport layer protocol, includes in its message header space for the sequence number, acknowledgement number, and checksum. TCP is a connection-oriented protocol; it requires an established network connection between the communicating nodes before it will transmit data. The figure below shows the ports, sequence number, acknowledgement number, checksum, and the data itself which are used in a TCP message format to provide a reliable data delivery:
Figure 1. TCP Message Format

TCP obtains a network socket for established communication from session layer protocols; the socket populates the source and destination port contained in the TCP message. Both the source and destination ports are required for session identification, and they are also used by session layer protocols to establish dialog control and separation during session conduct. All of these functions help provide a reliable path for establishing sessions between the sender and the recipient.

Transport layer protocols are also utilized in e-mail delivery. For example, Transport Layer Security (TLS) is a protocol used for encrypted e-mail communication as well as e-mail client communication. It is used mostly between two Simple Mail Transfer Protocol (SMTP) servers. SMTP transfers e-mail messages to their final destination. When used for e-mail client communication, TLS needs additional configuration since digital certificates are required.

SCTP (Stream Control Transmission Protocol) is gaining increased recognition for enhanced reliability and performance capabilities. SCTP has additional advantages over TCP and UDP which include multi-homing, multi-streaming, and increased security. SCTP provides internetworking capabilities not available with TCP and UDP to carry multiple telephony data within IP-based networks such as ISDN, mobile, and ATM networks.

Information Assurance Implications

- Transport Layer

The transport layer provides some strong information assurance services but also suffers from significant vulnerabilities. From the perspective of the five pillars of information assurance, the transport layer has the following security issues:

Confidentiality: The Secure Sockets Layer (SSL) protocol, which has become the Transport Layer Security (TLS) protocol, provides a mechanism for Web browsers to exchange sensitive confidential information (e.g., credit card numbers) with HTTP servers. Most other transport layer services, however, do not provide confidentiality services.

Integrity: SSL and TLS, through the use of cryptographic hashes, ensure that a third party has not tampered with messages. In addition, the Transmission Control Protocol (TCP) and the Stream Control Transmission Protocol (SCTP) ensure data integrity with respect to transmission errors. Both SCTP and TCP provide error-checking communication between two hosts to ensure the integrity of the delivered message. TCP sits on top of the IP sub-protocol and compensates for IP's known unreliability by providing checksum, flow control, and sequencing information. SCTP provides the level of complexity of checking and then rechecking together with a second tier of acknowledgements. SCTP conserves message boundaries by operating on whole messages instead of single bytes. This means that if one message of several related bytes of information is sent in one step, exactly that message is received in one step.

Availability: SCTP offers a multi-homing capability Šthe use of multiple data transmission paths — thereby increasing transmission efficiency and availability. On the other hand, the transport layer is highly susceptible to denial of service (DoS) attacks, which can adversely impact network availability.

Authentication: SSL and TLS, through the use of public-key cryptography and X.509 certificates, authenticate both network clients and servers to each other. TLS uses client digital certificates to support encrypted authentication for e-mail correspondence. TLS is used to encrypt the clear-text password sent by the basic authentication method. The use of TLS for e-mail applications is mostly applicable towards the communication between two SMTP servers when transmitting e-mail messages.

Non-repudiation: Although SSL and TLS protocols fulfill most of the five pillars, non-repudiation services are not directly provided by the transport layer.

Aside from these security concerns, transport layer protocols contain additional security threats and liabilities—specifically, DoS attacks and session hijacking threats. DoS attacks cause a network service to become unavailable either by shutting down its port or by overloading it with an abundant amount of network connections. The Ping of Death attack, for example, is based on sending a modified formed IP packet to a computer. The recipient's network service shuts down because it can't send an acknowledgement to the actual sender. Session hijacking occurs when a hacker takes over an existing connection between two computers. The hacker will send packets resembling the actual sender and fool the recipient into sending subsequent packets to the hacker itself, allowing the hacker to use transport layer protocols such as TCP to communicate with the recipient.

Glossary - Transport Layer

ATM - Asynchronous Transfer Mode
DoS - Denial of Service
HTTP - Hypertext Transfer Protocol
IP - Internet Protocol
ISDN - Integrated Services Digital Network
SCTP - Stream Control Transmission Protocol
SMTP - Simple Mail Transfer Protocol
SSL - Secure Sockets Layer
TCP - Transmission Control Protocol
TLS - Transport Layer Security
UDP - User Datagram Protocol

Learning Objectives - Network Layer

After working with the content of the network layer, you should be able to:

Describe the role of the network layer in transmitting data across a LAN or WAN.

Associate the appropriate protocols with the network layer.

Compare the different methods of network switching.

Describe the basics of IP addressing, routing, and fragmentation.

Recognize the information assurance implications in the network layer.

Description - Network Layer

The network layer is responsible for delivering data from a source node across the Internet or LAN to a destination node. Within the context of the OSI model, the network layer delivers data, usually packets, from the transport layer to the data link layer; it also receives data from the data link layer which it passes up to the transport layer. In carrying out these duties, it performs the functions of routing, addressing, and fragmentation.

Virtual communication between sending and receiving Network Layers is achieved through a header that is appended to incoming Transport Layer data. The combination of the Network header and data from the Transport Layer is called a packet."

The main function of the network layer is to establish a path across the network for moving the data. There are several choices in how to set up a network to deliver the data. One choice is to establish a circuit-switched network in which the circuit is established, the complete block of data is sent, and then the network is dropped. Dial-up is an example of circuit switching where the circuit is established during the dial-up, the communication occurs, and the circuit is terminated when the connection is broken.

A second choice is known as packet switching, in which the data is broken down into small chunks called packets, and each packet is sent across the network. When all of the packets follow the same path, it is called a virtual-circuit network; when each packet follows its own path through the network, it is a datagram network.

A third choice in setting up a network is message-switching, which is also known as store-and-forward. The entire message is sent from node to node as the circuits become available until the end node is reached. E-mail is implemented using message switching, although the links between nodes are provided by packet or circuit-switched networks.

Data moves across a series of interconnected LANs and WANs through a router. The router is a hardware and software device, which connects at the physical layer and virtually makes connection with the network layer. The router keeps a database of network layer addresses so it can determine the best route between these addresses for any given transmission. These router databases are configured manually or by dynamic routing protocols. All nodes on a LAN or WAN are configured with the IP address of a router or default gateway. Two common dynamic routing protocols are RIP (Routing Information Protocol) and OSPF (Open Shortest Path First). There are also network layer protocols such as ICMP (Internet Control Message Protocol) that manage the network and handle any errors.

When the Network layer receives a segment from the transport layer, it addresses the segment using routing tables and then forwards the ensuing packet to the router. Each packet has a header, which specifies the protocols used (IP or IPX), the source and destination addresses, and the routing protocols. The current IP protocol, known as Internet Protocol version 4 (IPv4), uses 32-bit addresses that could theoretically support approximately four billion unique addresses. Although that may seem like a large number, we are rapidly running out of addresses. A new IP protocol, Internet Protocol version 6 (IPv6), will extend the addresses to 128 bits each.

Packets can travel through different networks as they move toward their end destinations. At each network node, the router extracts the packet from the frame that received it, processes it, and then encapsulates it in a new frame on the outgoing data link layer. In order to move the data across the different networks, it may be necessary to fragment the packet to accommodate the maximum size permitted by the protocol. For example, the maximum size of the Token Ring frame is 4500 bytes and the maximum size of the Ethernet frame is 1500 bytes. If packets are moving from Token Ring to Ethernet, the router will fragment the packets to the maximum size permitted on Ethernet networks because it has a smaller maximum size.

Protocols - Network Layer

The protocols associated with the network layer include:

AH (Authentication Header): a protocol that provides source authentication and data integrity

CHAP (Challenge Handshake Authentication Protocol): uses a three-way handshake to provide dial-up security

ESP (Encapsulating Security Payload): a protocol that provides privacy, source authentication, and data integrity

ICMP (Internet Control Message Protocol): used in handling errors and controlling traffic

IP (Internet Protocol): used to carry data in Microsoft and Internet networks

IPSec (Internet Protocol Security): a collection of protocols that provide security for Internet packets

IPX (Internet Packet Exchange): a protocol used to carry data in Novell networks

ISAKMP (Internet Security Association and Key Management Protocol): used to establish security associations and cryptographic keys

OSPF (Open Shortest Path First): a routing protocol based on the shortest path to the destination

PAP (Password Authentication Protocol): used to validate the identity of a dial-up user

RIP (Routing Information Protocol): a routing protocol based on the hop count to the destination

Information Assurance Implications

- Network Layer

The role of the network layer is to orchestrate the transfer of packets across a data network; the Internet Protocol (IP) is the main network layer protocol for providing this service, but it can be a gateway for intruders to gain access to your data. In terms of the five pillars of information assurance, the following threats exist at the network layer:

Confidentiality: Network eavesdroppers may intercept and read sensitive information contained in IP packets.

Integrity: Network intruders may alter the content of IP packets.

Authentication: Network attackers may spoof the origin of IP packets.

The Internet Protocol as defined in IPv4 does not directly provide information assurance services to mitigate these threats; it requires an additional level of security. If this security is implemented at a higher layer (say at the transport layer, as is the case for SSL), end-to-end security is achieved, but the implementation may be more complex. However, if the security is implemented at the network layer, the service is available to transport layer protocols such as UDP and TCP, making it much more flexible and transparent to higher-layer applications.

IPSec is now available through a suite of protocols and algorithms that provide confidentiality, integrity, and authentication services for IP packets within the network layer. Authentication Header (AH) is an IPSec protocol that authenticates the origin of an IP packet and guarantees its integrity through cryptographic hash functions. Encapsulating Security Payload (ESP), another IPSec protocol, provides encryption to IP packets, thereby ensuring confidentiality.

Glossary - Network Layer

AH - Authentication Header
ESP - Encapsulating Security Payload
ICMP - Internet Control Message Protocol
IP - Internet Protocol
IPSec - Internet Protocol Security
IPX - Internet Packet Exchange
ISAKMP - Internet Security Association and Key Management Protocol
LAN - Local Area Network
OSPF - Open Shortest Path First
PAP - Password Authentication Protocol
SSL - Secure Sockets Layer
RIP - Routing Information Protocol
TCP - Transmission Control Protocol
UDP - User Datagram Protocol
VPN - Virtual Private Network
WAN - Wide Area Network

Learning Objectives - Data Link Layer

After working with the content of the data link layer, you should be able to:

Describe the role of the data link layer in transmitting data across a LAN or WAN.

Compare the different methods used to deal with media contention.

Determine where a frame starts and stops.

Describe how error detection and correction techniques work.

Associate the appropriate protocols and IEEE standards with the data link layer.

Recognize the information assurance implications in the data link layer.

Description - Data Link Layer

The data link layer is responsible for delivering data between nodes in a network. Within the context of the OSI model, the data link layer encapsulates the packets from the network layer into frames and delivers the frames to the physical layer as a series of bits. At the other end of the network, it receives bits from the physical layer, converts them into frames, and extracts the packets from the frames for delivery to the network layer. In carrying out these activities, it performs the functions of determining who has control of the link, determining where the frame starts and stops, keeping the data transparent so that any combination of data can be transmitted without change, and performing error detection and correction.

Virtual communication between sending and receiving data link layers is achieved through a header and a trailer that are appended to incoming network layer data. The combination of the data link header and trailer, and data from the network layer is called a frame. The data link layer is the only layer in the OSI model with both a header and a trailer.
For point-to-point network links, HDLC (High-Level Data Link Control) and PPP (Point-to-Point) protocols can be used on dedicated links between a sender and a receiver. When more than two stations (nodes) are attached to a link, as in a LAN, a method is needed to control media access. The two major strategies for media access control are token passing and contention. In the former, a station at is not allowed to transmit until it has the token. IEEE 802.4 Token Bus Standard and IEEE 802.5 Token Ring Standard are two examples of token passing protocols.

In contention protocols, stations check to see that the link is clear before transmitting. If a transmitted signal does have a collision, the station stops, waits, and retransmits at a later time. IEEE 802.3 (CSMA/CD) and IEEE 802.11 (wireless LANs) are examples of contention protocols. The IEEE 802.3 Standard, also known as Ethernet, is probably the most widely used LAN protocol. Ethernet speeds have increased from 10 Mbps to 100 Mbps to 1000 Mbps.

Character-oriented protocols, such as BSC (Binary Synchronous Control), use control characters to assist them in performing their tasks. These control characters may include SOH for start of header, STX for start of text, ETX for end of text, and DLE for data link escape. Data transparency is achieved by the sending data link inserting a DLE character before any DLE characters in the data, and the receiving data link removing that second DLE character. Error detection is achieved through use of a BCC (block check count) or a CRC (cyclic redundancy check).

Bit-oriented protocols, including HDLC and PPP, use flags such as 01111110 to indicate the start or end of a frame. Data transparency is achieved by the sending data link inserting a 0 after any run of five consecutive 1s in the data and the receiving data link removing that 0. This prevents any run of five 1s in the data from causing a premature flag to occur. Error detection is achieved using CRC codes.

Bridges and switches are used at the data link layer to connect LANs. When a bridge receives a frame, it checks to see the destination of that frame. If the destination is on the other side of the bridge (for example, another LAN), the frame is forwarded. If the frame's destination is in the same LAN as the source, the frame is dropped. A switch is a more sophisticated bridge which acts as a multi-ported device that can reduce bandwidth requirements.

WANs can be connected at the data link layer via Frame Relay and ATM. Frame Relay replaces older WAN technologies with T1(1.544 Mbps) to T3 (44.376Mbps) data rates, and a 9000-byte frame size that can accommodate all LAN frame sizes. Because of the improved performance of digital networks, Frame Relay has reduced error checking and is relatively less expensive than the WAN networks it replaced.

ATM is a cell-switched network that offers high-speed data transfer at rates of 155 Mbps to 622 Mbps when used in conjunction with SONET (Synchronous Optical Network) as the physical layer carrier. ATM operates with fixed-size frames, called cells. Each of the 53-byte cells has a 5-byte header and 48 bytes for data. Using the smaller, but fixed, cell size and moving many of software functions to hardware were two major factors in the increase of speed in ATM.

Protocols - Data Link Layer

The protocols associated with the data link layer include:

ATM (Asynchronous Transfer Mode): a high-speed protocol that makes use of 53-byte frames

BSC (Binary Synchronous Control): a character-oriented protocol that uses control characters

CSMA/CD (Carrier Sense Multiple Access/Collision Detect): a protocol that transmits data when the link is clear; and detects any collisions

Frame Relay: a protocol for WAN connections

HDLC (High-Level Data Link Control): a bit-oriented protocol for synchronous transmissions

IEEE 802: a series of data link protocols promulgated by the Institute of Electrical and Electronic Engineers

IEEE 802.3 (Ethernet): also known as CMSA/CD

IEEE 802.4 (Token Bus): a token-passing protocol used on a bus network

IEEE 802.5 (Token Ring): a token-passing protocol used on a ring network

IEEE 802.11: wireless network protocols and standards

PPP (Point-to-a protoPoint Protocol): used for dial-up connections

WEP (Wired Equivalent Privacy): a wireless LAN protocol that provides authentication and encryption

WPA (Wi-Fi Protected Access) and WPA2: wireless LAN protocols that provide authentication and encryption
Information Assurance Implications

- Data Link Layer

The role of the data link layer is to transfer frames of data via a link between a pair of adjacent network nodes. Data link layer protocols include Ethernet, FDDI (Fiber Distributed Data Interface), Token Ring, and VLAN (Virtual Local Area Network). Ethernet is the dominant LAN protocol. In terms of the five pillars of information assurance, data link layer issues fall mainly in the areas of confidentiality, integrity, and availability.

Confidentiality: Packet sniffers are available to capture and analyze network traffic. If a LAN uses hubs rather than switches, a given computer will "see" all packets on the subnet. A sniffer operates in a promiscuous mode, allowing it to capture packets intended for other machines. A malicious network user can use a sniffer to capture login information (e.g., user IDs, passwords, etc.) as well as other sensitive information.

Integrity: The integrity of network packets may be impacted by errors occurring at the physical layer. These errors may be due to electromagnetic interference to network cables (caused, for example, by fluorescent lights), or radio-frequency interference to wireless links. The data link layer can detect most errors using parity bits. Errors are generally corrected by requesting a retransmission of the entire frame. Error rates are usually very low in cable or fiber network links and much higher in wireless links.

Availability: Several factors can impact network availability at the data link layer. Excessive traffic on Ethernet LANs can result in packet collisions, leading to packet retransmissions. The use of layer 2 switches, rather than hubs, will result in lower traffic and quicker LAN throughput. Another (somewhat rare) event that impacts availability is a babbling node, caused by a failed network interface card (NIC) that is flooding the network with erroneous packets.

As usual, the most effective way to ensure confidentiality is through the use of encryption. IEEE 802.1AE provides data confidentiality as well as data integrity. Encryption at higher OSI layers will also thwart sniffing at the data link level. Sniffers, when used for legitimate purposes, can be used to analyze excessive bit-error rates, which can affect both data integrity and network availability. Wireless networks pose the same data link issues as wired networks, but to a greater degree. It is much easier to intercept wireless packets since a physical connection is not required.
Glossary - Data Link Layer

ATM - Asynchronous Transfer Mode
BCC - Block Check Character
BSC - Binary Synchronous Control
CRC - Cyclic Redundancy Check
CSMA/CD - Carrier Sense Multiple Access/Collision Detection
DLE - Data Link Escape
ETX - End of Text
FCS - Frame Check Sequence
FDDI - Fiber Distributed Data Interface
HDLC - High-level Data Link Control
IEEE - Institute of Electrical and Electronic Engineers
IP - Internet Protocol
LAN - Local Area Network
MAC - Media Access Control
Mbps - Megabits per second
NIC - Network Interface Card
PPP - Point-to-Point Protocol
SOH - Start of Header
SONET - Synchronous Optical Network
STX - Start of Text
VLAN - Virtual LAN
WAN - Wide Area Network
WEP - Wired Equivalent Privacy
WPA - Wi-Fi Protected Access

Learning Objectives - Physical Layer

After working with the content of the physical layer, you should be able to:

Describe the role of the physical layer.

Determine the best cabling for various designs.

Identify various types of mediums used for connecting network devices.

Describe possible problems that can occur on the physical layer.
Description - Physical Layer

The physical layer is the bottom, or first, layer of the OSI model and defines the physical form taken by data when it travels across a cable. It is the first layer in the receiving process and the last layer in the sending process. This layer specifies the medium (coaxial cable, twisted copper wire cable, fiber optic cable, radio frequencies, or infrared pulses), the type of connectors (transceivers, terminators, repeaters, and hubs), the type of interface adapters (network interface card, ISDN adapters, or multi-station access unit [MAU]), and the nature of signaling schemes (Manchester encoding in Ethernet and Differential Manchester in Token Ring) that systems use. This layer also defines the exact type of cables and connectors to be used, how long the cables can be, and how many hubs and populated segments a particular installation can have. The physical layer does not add any new information in the data packet.

The physical layer is responsible for many things, including transmitting signals on the media chosen (copper, fiber, or wireless), translating the binary digits into a physical form that can be used with a specific media type (such as voltages for copper wire, light for fiber optic cable, and radio waves with wireless media). The physical layer also defines the electrical, functional, and physical characteristics of the network hardware.

The physical layer and other layers will only communicate with one another via peer communication. This is when the layers on the source node talk only with the opposite and equivalent layers on the destination node. Each layer will communicate only with its opposite equivalent. For example, think of this as a CEO of a company talking only to another CEO and not to the person working in the mailroom. They are talking to their functional "equivalents." Layers pass information between layers through an interface that is set up between each pair of adjacent layers.

Physical layer specification is directly related to the data link layer protocol in use. These specific conditions are required for the protocol to function properly. If a cable segment is too long in the Ethernet protocol, for example, packet collisions cannot be detected, errors cannot be corrected, and data are lost. The data link layer continues the work of the physical layer by defining how data is packaged for transport as Layer 2 "frames" and using the MAC (Media Access Control) or physical addresses to define the source and destination of "packages" of information. Ethernet is an example of a data link layer protocol.

One of the most commonly used physical layer specifications is the Commercial Building Telecommunication Cabling Standard, a joint venture of the American National Standards Institute (ANSI), the Electronic Industry Association (EIA), and the Telecommunication Industry Association (TIA).
Protocols - Physical Layer

The protocols associated with the physical layer include:

IrDA: a protocol that supports infrared point-to-point and multipoint communication between devices

V.24: a protocol that transmits data between the Data Terminate Emulator (DTE) and Data Communication Emulator (DCE)

V.92: a protocol for standard dial-up modems

X21:a specification for serial communications over synchronous lines

X21 bis:indicates the connection when flags are detected

Information Assurance Implications

- Physical Layer

The role of the physical layer is to enable the transfer of bits across a communication channel. A communication channel may utilize a variety of transmission media, such as electrical cable, optical fiber, or radio frequencies. From an information assurance perspective, the physical layer may be the most vulnerable of the seven layers of the OSI model.

In terms of the five pillars of information assurance, physical layer concerns fall mainly in the areas of confidentiality, integrity, and availability.

Confidentiality: The physical layer is vulnerable to eavesdropping. Network cables (twisted-wire pairs, coax, and even fiber) can easily be tapped, and wireless links can be intercepted.

Integrity: The integrity of transmitted data can be impacted by unauthorized third-party data intercepts.

Availability: The availability of a network link can be impacted by physical damage (either accidental or intentional) to cables or fibers, interference to wireless transmissions, and excessively high bit-error rates.

Confidentiality is of particular concern at the physical layer. Confidentiality in both wired and wireless networks can be compromised by the use of unauthorized network sniffers, either physically connected to a wired network via a network interface card (NIC) or by using a radio receiver to intercept a wireless link. Threats to confidentiality can be mitigated by using physical layer encryption. Symmetric encryption algorithms such as DES, 3DES, or AES are highly efficient at this task. Wireless network connections can be protected with WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access), although WEP is subject to cracking and is no longer considered adequate. Products such as AirSnort can be used to decrypt WEP transmissions. WPA uses TKIP (Temporal Key Integrity Protocol) to provide a greater degree of protection than WEP.

To ensure data integrity at the physical layer, physical access to network facilities can be controlled, unused network connections can be removed, and cable and fiber runs can be inspected periodically for unauthorized taps.

Steps can also be taken to ensure network availability. First, cable and fiber runs should be installed according to standards to minimize bit errors due to electrical interference. Second, redundant/standby links can be provided to carry network traffic in the event of intentional or unintentional damage to a primary link.

Quantum communication (QC) is an emerging technology at the physical layer. QC offers the potential of absolute data confidentiality. For more details on QC, see http://www.quantiki.org/wiki/index.php/Quantum_communication.

Glossary - Physical Layer

3DES - Triple Data Encryption Standard
ANSI - American National Standards Institute
DES - Data Encryption Standard
EIA - Electronic Industry Association
IP - Internet Protocol
ISDN - Integrated Services Digital Network
MAC - Media Access Control
MAU or MSAU - Multistation Access Unit
NIC - Network Interface Card
QC - Quantum Communication
TCP/IP - Transmission Control Protocol/Internet Protocol
TIA - Telecommunications Industry Association
TKIP - Temporal Key Integrity Protocol
WEP - Wired Equivalent Privacy
WPA - Wi-Fi Protected Access

Similar Documents

Premium Essay

Case 12.4: Surfer Dude Duds, Inc.:

...Mark has several options as auditor for Surfer Dude, Inc. Substantial doubt will result in an unqualified audit opinion. An explanatory paragraph regarding the uncertainties is explained to reveal the auditors conclusion. "If the auditor concludes that the entity’s disclosures with respect to the entity’s ability to continue as a going concern are inadequate, a departure from generally accepted accounting principles exists." (Boynton & Johnsonp.907) Mark may also state an adverse opinion to reflect a departure from GAAP, or he could disengage himself from the audit. A going concern explanatory paragraph may cause a “self-fulfilling prophecy” for Surfer Dude, Inc. Mr. Baldwin’s concerns regarding a going concern report are for the future of the company. He believes, as most management, that substantial doubt of going concern would be the start of failure for the company. Baldwin is concerned with the company’s ability to obtain loans or order supplies on account if a doubt for going concern is presented in the audit report. The reputation of the company is also at risk when the going concern is in doubt. Substantial doubt regarding a company’s ability to continue as a going concern is prevalent to the financial statements. The auditor can be reprimanded for excluding an explanatory paragraph. The principles of ethical conduct of auditors would be compromised if the auditor is not compliant with reporting standards. The integrity and concern for the public......

Words: 676 - Pages: 3

Premium Essay

Dudes

...Environmental Legislation For each of the terms and pieces of Legislation, that contain an *, you are to write an index card. The term or Law is on the front of the index card, and the definition or description on the reverse side. Legislation Quizzes will begin on Monday October 1, 2012 *Conservation – “Controlled Use”, “Scientific Management” of natural resources. “Greatest good for the greatest number of people. *Preservation – Remaining wilderness areas on public lands should be left untouched. *Restoration – To bring back to former condition (former natural state/condition), active restoration seeks to reestablish a diverse, dynamic community at sites that have been degraded. *Remediation – Most often used with cleanup of chemical contaminants in a polluted area. *Mitigation – Repairing/Rehabilitating a damaged ecosystem or compensation for damage. Most often by providing a substitute or replacement area; frequently involves wetland ecosystems. *Reclamation – Typically used to describe chemical or physical manipulations carried out in severely degraded sites, such as open-pit mines or large-scale construction. Environmental Legislation/Agreements NAME | Abbr. | Description | Atomic Energy Act | | The act establishes a general regulatory structure for construction and use of nuclear power plants and nuclear weapons facilities. Unlike most environmental statutes, it does not permit citizen suits and affords only limited opportunities for suits by public......

Words: 1725 - Pages: 7

Premium Essay

Surfer Dude Duds Inc

...INTEGRATED CASE STUDY Case 12.4: Surfer Dude Duds, Inc.: Considering the Going-Concern Assumption* *This case was prepared by Mark S. Beasley, Ph.D. and Frank A. Buckless, Ph.D. of North Carolina State University and Steven M. Glover, Ph.D. and Douglas F. Prawitt, Ph.D. of Brigham Young University, as a basis for class discussion. The case was inspired by discussions with Craig Isom, a former audit partner, and we gratefully acknowledge his contribution to its development. Surfer Dude Duds is a fictitious company. All characters and names represented are fictitious; any similarity to existing companies or persons is purely coincidental. Mark S. Beasley, Frank A. Buckless, Steven M. Glover, Douglas F. Prawitt Learning Objectives After completing and discussing this case, you should be able to * Understand the difficulty of assessing the client’s going-concern assumption * Describe the “self-fulfilling prophecy” aspect of a going-concern modified auditor’s report * Identify factors that encourage objective auditor judgments despite the presence of friendly client-auditor relationships Background Mark glanced up at the clock on his office wall. It read 2:30 P.M. He had scheduled a 3:00 P.M. meeting with George “Hang-ten” Baldwin, chief executive officer of Surfer Dude Duds, Inc. Surfer Dude specialized in selling clothing and accessories popularized by the California “surfer” culture. Mark had served as audit partner on the Surfer Dude Duds audit for the......

Words: 2538 - Pages: 11

Premium Essay

Dude

...NC-4 Web 12-09 North Carolina Department of Revenue Marital Status Employee’s Withholding Allowance Certificate Social Security Number Single First Name (USE CAPITAL LETTERS FOR YOUR NAME AND ADDRESS) M.I. Last Name Head of Household Married or Qualifying Widow(er) Address County (Enter first five letters) City State Zip Code (5 Digit) Country (If not U.S.) (See Form NC-4 Instructions before completing this form) 1. Total number of allowances you are claiming (From Line F of the Personal Allowances Worksheet on Page 2) 2. Additional amount, if any, you want withheld from each pay period (Enter whole dollars) , .00 Check Here Check Here 3. I certify that I am not subject to North Carolina withholding because I meet the following two conditions: • Last year I was entitled to a refund of all State income tax withheld because I had no tax liability; and • This year I expect a refund of all State income tax withheld because I expect to have no tax liability. 4. I certify that I am not subject to North Carolina withholding because I meet the requirements of the Military Spouses Residency Relief Act and I am legally domiciled in the state of ____________________________________________. (Enter state of domicile) If line 3 or line 4 above applies to you, enter the year effective 20 and write “EXEMPT” here 5. I certify that I no longer meet the requirements for exemption on line 3 or line 4 (Check applicable box) Therefore,...

Words: 957 - Pages: 4

Free Essay

Dude

...There was a village in Gujrat and story is set in 1947.There was a Bhramin Family consisting of Father,Mother,Son and Daughter.Father was Bhramin and he use to go to houses for doing Prayers and he use to take care of Hanuman Temple.He use to get Dakshina from Rich people and he and his family surviev on it.This story revolves around the Son and Daughter.Name of the Son was Chirag and Daughter name was pooja.Chirag was 14 years old while Pooja was 9 years old.They were studying at the Muncipal Gujrati school in that village. Today is the Birthday of Pooja and she is Dressed up well but she is upset as there parents are going to Temple for Prayers as they are care taker of that Temple.His Father was having cycle on which they used to go to Temple.It was Pooja's Birthday and she was Sad due to her Parents but Parents are trying to convience her that they will come in Afternoon with Sweets.After hearing the name of Sweets she was convienced and before Leaving Home they called Chirag and told him to take care of her Sister and they will come back.They left Home for Temple while both the Parents where traveling from Cycle they loosed Balance and Fell down from the Hills and both Died Immediately.There Dead Body was brought to Home all Relatives gathered there for there Cremation.After Cremation they where thinking what to do about Pooja and Chirag.Uncles and Aunts where not ready to accept them as they were Poor and cant take care of both. Relatives......

Words: 2076 - Pages: 9

Free Essay

Dude

...The DuDe A r by nDreA Angel www.andreaknits.com Pattern Notes The Dude was inspired by the movie, The Big Lebowski. The original, as featured in the movie, is a Pendleton sweater made at Winona Knitting Mills (now closed down) during the sixties and seventies. This version is worked in 1x1 rib. It is designed to be loose fitting with a long body and long sleeves, which can be rolled up if necessary. It is a heavy, warm cardigan and features a zipper closure and short row shawl collar. This project is worked entirely in 1x1 rib, (except for the collar) including the color pattern charts. The cuffs and hem are worked with smaller needles for a tighter gauge for 12 rows. I recommend working the color charts in a needle one size larger than for the main part of the project to maintain gauge. The charts are worked in Fair Isle, stranding the yarn not in use behind the work. You may wish to catch the floats because the color sections are quite long, but be aware that floats may show through if caught because of the black and white color contrast. All of the pieces follow the same color pattern by rows so that the color patterns line up, but the number of stitches varies depending on which piece is being worked. Read the directions on the chart pages before beginning. Sizes & Finished Measurements Sizes: S[M, L, 1X, 2X], shown in size M • Chest Circumference: 36 [38, 42, 46, 50]”/91.5[96.5, 106.75, 116.75, 127] cm • Length Hem to Shoulder: 27.75[27.75, 28.25, 29.25,......

Words: 3386 - Pages: 14

Free Essay

Cool Dude

...Abs Exercises The following exercises are organized according to the major muscle group they work—rectus abdominis or obliques. You can safely work out your abs 4–5 times per week; if you add weighted exercise to your ab routine, cut your ab workouts to 3 times a week. Rectus Abdominis Exercises Crunch [pic] [pic] 1. Lie on your back with your knees bent and your feet on the floor. Rest your fingertips on the back of your head. 2. Crunch up toward your knees. Lift your head, shoulders, and upper torso off the mat. Don’t crunch up more than 45° off the floor. 3. As you crunch, keep your eyes on the ceiling, your belly button drawn in, your upper back flat, and your shoulders lowered. 4. At the top of the movement, tighten your abs a bit. 5. Lower yourself back to the mat. Repeat. [pic] You can add extra difficulty to a crunch by performing a weighted crunch, in which you hold a weight plate across your chest or behind your head. Reverse Crunch [pic] [pic] 1. Lie on your back with your thighs perpendicular to the floor and your knees bent at a 90° angle. If it’s more comfortable, cross one ankle over the other. 2. Rest your fingertips flat against the floor. 3. Use your lower abs to roll your pelvis back and lift your hips an inch or two off the floor until your knees are directly over your chest. 4. Keep your head against the floor and your belly button drawn in. 5. Return to the original position. Repeat. To make......

Words: 1263 - Pages: 6

Free Essay

Dude

...special features, which is why it should eventually occupy the place of the VCR in American households. Introduction I’d like to start things out by taking a survey. How many of you remember having a CD player in your house fifteen years ago? Not very many of you, I see. Of course, we all have CD players now. It took a little over a decade and some major price drops, but eventually we all threw out our old vinyl and cassettes and opted for the excellent sound quality and convenience of CDs. Just as the CD took the place of cassettes, many people believe the DVD, or digital versatile disc, will soon take the place of VHS tapes. Many of you may not even know what a DVD is, so before I go any further, let me show you what one looks like. (Take out DVD disc) It’s the same size as a CD, but it has two sides. Just like a VHS tape, it plays movies directly on your television. DVD video players were originally released in early 1997, and their first year sales were twice that of CD players, which is strong evidence that the DVD is here to stay. Why is the DVD so popular, and what makes it better than VHS? There are three main reasons: sound quality, picture quality, and special features exclusive to DVD. (Transition: Let’s start with the sound quality of DVD) Body I. The sound quality of DVD is far superior than that of VHS. A. DVD discs utilize digital technology, which is the same technology used by compact discs. 1. This means that you will...

Words: 1143 - Pages: 5

Premium Essay

Dude

...1. As an account executive with a marketing research firm, you are responsible for deciding on the type of research to be used in various studies conducted for your clients. For each of the following client questions, list your choices of research approaches and explain why. a. Will television or magazine advertising be more effective for a local bank to use in its marketing communication plan? Television ad would be more effective. Reason behind that is it is quicker to get the word out. Yes the magazine is great but a lot of people today aren’t reading magazines. They are too busy watching TV. If you see the ad on TV you are more likely to go into the bank then reading about it in a magazine. I would stick to the TV just because it gives the watcher more incentive on going to the place you want them to go to. b. Could a new package design for dry cereal do a better job of satisfying the needs of customers and, thus, increase sales. Packaging is of great importance to both sellers and buyers of products. It can prevent spoiling, breakage, tampering, or theft; enhance convenience in use or storage; and make products easier to identify. A significant improvement in packaging can even create a new product by expanding the ways in which it can be used, and thus its potential markets. For example, a soup that is packaged in a microwavable bowl might suddenly increase its sales to working people. c. Are consumers more likely to buy brands that are labeled as......

Words: 882 - Pages: 4

Premium Essay

Dude

...Chapter 1: * Establishing credibility through: * Caring * Competence * Character * Post-trust era: the viewing of companies as being against the publics best interest * Effective communicators establish trust by connecting with others * What determines trust in the workplace: * Honesty * Ethical behavior * Exchanges information willingly * The FAIR test helps examine: * Facts * Access * Impacts * Respect Chapter 2: * Team vs. Private Communication: Many-to-many and one-to-one respectively communication. Depends on if only a few need to hear it or many can hear it. * Telephone calls and video conferences: ambiguity and sensitivity * Written messages: low in richness, constraints and high in planning. * Asynchronous communication with high degree of control: email, blogs, podcasts * In business communication, written is more formal than spoken. * Leadership communication: being able to deliver bad news in a positive light, announce a merger with another company, urge employee to follow in the footsteps of other good ones. * Face-to-face: inefficient channel for scheduling something to a larger group of people. * Noise: barrier that interferes with achieved shared meaning * Types of noise: * Semantic- Strong emotions attached to words; two different meanings to the same phrase. * Physical- Outside noise, bad video call connection, etc. ...

Words: 1005 - Pages: 5

Free Essay

Little Dude

...Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop vvvvvv Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop vvvv Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop vvvvvv Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop vvvv Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop Beeeepp beep bop vvvvvv Beeeepp beep......

Words: 1578 - Pages: 7

Free Essay

Yes Dude

...ESTUDIO DE MERCADO 1. Justificación del estudio de mercado 2. Objetivos del estudio del mercado 3. Definición del producto 4. Análisis de la demanda 5.1. Distribución geográfica del mercado consumo 5.2. Proyección de la demanda 5.3. Tabulación de datos de fuentes primarias 5. Análisis de la oferta 6.4. Competencia 6.5. Proyección de la oferta 6. Demanda Potencial 7. Análisis de precios 8.6. Análisis histórico y proyección de precios 8. Canales de comercialización y distribución del producto 9.7. Descripción de los canales de distribución 9.8. Descripción de los medios de publicidad Justificación del estudio de mercado del estudio de mercado Objetivos del estudio de mercado Determinar los precios que los consumidores están dispuestos a pagar, la cantidad de bienes y servicios demandados, las características de los productos. El producto Se incluye la identificación y la caracterización del producto Delimitación y descripción del mercado Caracterización del mercado meta objetico del proyecto. A quienes se les pretende vender. Mercado consumidor Las características de los potenciales consumidores del producto. ¿Cuáles son las necesidades?, ¿Qué valoran mas del producto?, ¿Cuál es el segmento del mercado a atender?, ¿Tamaño del mercado, del segmento?, Demanda del producto Se presenta el comportamiento histórico, actual y proyectado de la demanda del proyecto. Además indicar......

Words: 380 - Pages: 2

Free Essay

Dude

...Network Administrator This position reports to the IT Service Desk Manager and is responsible for the IT infrastructure of the Direct Sale Distribution (DSD) facilities within the company; the position will assist the Corporate Network administrator when needed in the operation of corporate and manufacturing facilities. The scope of responsibility will include reviewing the system needs of the organization and aid in developing a road map to enhance applications, infrastructure, support, and end-user training; act as an advisor to the operating committee for technology and business related matters, and will ultimately be responsible for quality of the services that are delivered. This position will work with management to help establish and direct strategic long term goals, policies and procedures for the company’s information technology function. As well as, being responsible for developing and assisting the IT Service Desk Manager with the annual capital budgets, this position will focus on acquiring and deploying the hardware and software required to support the company’s short term and long range goals. Key Responsibilities and Accountabilities • Establishes network design and strategies by evaluating network performance issues including availability, utilization, throughput, goodput, and latency. • Planning and executing the selection, installation, configuration, and testing of equipment. • Define network policies and procedures, establishing......

Words: 562 - Pages: 3

Premium Essay

Dude

...1/23/2012 Proposal: Solving/Reducing the growing number of divorces in America? The basis of what is thought to be a lasting marriage in American society, in some cases, is a somewhat complicated issue. Many people fall “in love” only to realize that they are with the wrong person. There are two effortless solutions I will propose to help solve the growing number of divorces in America. In comparison to any other country in the world, more marriages in the United States end in divorce. This trend can be seen throughout America's history. In a consensus report, which was recently posted it showed that the overall U.S. divorce rate experienced a brief increase after World War II, but was followed by a dramatic decline. It started rising again in the 1960's gradually, but even more quickly in the 1970's. From the 1980's till now the rate of increase in divorce has fluctuated. It is predicted that 40-50 percent of marriages will end in divorce if this trend continues. Divorce would not be thought of as such a terrible thing, if negative aspects weren’t connected to it. Divorce greatly increases the chances that children of divorced families will be more likely to experience psychological problems, juvenile delinquency, suicide, and teen motherhood. These problems come to light during and after the divorce process, more than from the actual conflict during the marriage. The increased threat of divorce has led to a generation of children in the U.S, with an increased risk......

Words: 749 - Pages: 3

Premium Essay

Mr. Dude

...Accounting 421 Course Discussion Packet Winter 2012 Tyee Carr Study Guide, Midterm Exam Review and Final Exam Review ***These notes are provided to assist in your own note taking. They are not a substitute for reading the recommended textbook or for taking your own notes during class discussion. The information and examples provided here are subject to technical corrections or other revisions which you won't have without taking notes in class. Contents Taxable Entities, Sources of Tax Law and Tax Administration 5 Case: Firefighting Aircraft 6 Discussion questions 7 Review questions 8 The Individual Income Tax Model 10 Case: George and Sheena Jungle’s 1040 Tax Return 10 Discussion Questions 10 Review questions 11 Gross Income 13 Case: Commissioner v. Glenshaw Glass Co.\William Goldman Theatres Inc. (U.S. 1955) 13 Discussion questions 19 Case: Lucas v. Earl United States Supreme Court. 1930 20 Discussion questions 21 Review questions 21 Exclusions 22 Case study: Tom Daschle withdraws from nomination as HHS Secretary, 2009 23 Discussion questions 23 Case: Sam and Julie 24 Discussion questions 24 Case: Ralph and Betsy are landlords 25 Discussion questions 26 Case: Mark who lives in unit 6 27 Discussion questions 27 Case: Jack’s Restaurants 28 Discussion questions 28 Review questions 29 Tax Basis and Capital Transactions 32 Case: What’s my income on selling this stock? 32 Discussion......

Words: 16572 - Pages: 67