Day 3/7: Securing Systems

Important links:

💫 Pro tip at end

What type of cybersecurity threat is perhaps most uniquely, given the nature of it, a risk in a research project like SETI@Home, and how might that threat materialize?

Data manipulation or poisoning by malicious volunteers stands out as the cybersecurity threat most uniquely tied to SETI@Home's distributed volunteer model, where untrusted participants process and return scientific data chunks.

What are zero-day attacks and why are they a threat?

Zero-day attacks are attacks that exploits software, hardware or firmware unknown vulnerabilities before developers can patch them.

What is port scanning and how is it a threat?

Port scanning is a technique to scan which network ports on a system are open, closed or filtered. Attackers send crafted packets (e.g., TCP SYN, UDP, or ICMP) to ports 1-65535 on a host or range, analyzing responses like SYN-ACK (open), RST (closed), or timeouts (filtered). Tools like Nmap automate this, fingerprinting OS, versions, and firewalls.

What are supercookies? Via what means do we most commonly obtain/receive them, and how do they create threats to our systems?

Supercookies are persistent tracking mechanisms, more resilient than standard browser cookies, that store user data in unconventional locations like HTTP headers, browser caches, Flash storage, or device fingerprints. Users most commonly obtain supercookies unknowingly via ISPs or mobile carriers, who detect HTTP traffic leaving a device and insert unique identifiers (UIDHs) into packet headers post-departure. They can also embed through browser fingerprinting by ad networks/tech firms or hide in caches during visits to tracking-heavy sites, surviving cookie deletions. They enable indefinite cross-device tracking, compiling detailed profiles (browsing history, logins, preferences up to 100KB+) for targeted ads or sales often secretly, infringing privacy without consent. Maliciously, this data fuels breaches if exploited (e.g., by hackers accessing ISP logs), enables device fingerprinting to bypass anti-tracking tools, and resists removal, undermining antivirus/browser privacy controls.

What makes a worm distinct from a virus?

A computer worm stands apart from a virus primarily because it self-replicates and spreads independently across networks without needing a host file or user activation. Worms are standalone programs that exploit vulnerabilities (e.g., in email protocols or OS flaws) to propagate automatically, consuming bandwidth and resources as they copy themselves to new machines. Viruses, by contrast, attach to legitimate files or programs, requiring a user to execute the infected host like opening an email attachment for activation and spread.

Provide a technological example of "security through obscurity".

Changing SSH from port 22 to port 2222 without other protections

Distinguish the concepts of SSH and VPN.

SSH (Secure Shell) operates at the application layer, mainly for logging into remote servers, running commands, or tunneling specific ports/services via tools like PuTTY or OpenSSH. VPN (Virtual Private Network) works at the network layer (e.g., via OpenVPN, WireGuard), masking your entire IP and encrypting all device traffic browsing, apps, etc.as if on a private LAN.