QoS - Three Primary Planes

 QoS (Quality of Service) 3 Planes

In network functions related to Quality of Service (QoS), the three primary planes are the Control Plane (making decisions about traffic prioritization and switching), the Data Plane (handling the actual switching of traffic), and the Management Plane (monitoring traffic conditions).

Control Plane:

This plane determines the best path for data packets based on network topology, routing protocols, and QoS policies. It essentially decides which traffic should be prioritized and where it should be routed, updating routing tables accordingly.

Data Plane:

Once the Control Plane has made its decisions, the Data Plane executes those instructions by forwarding packets according to the established routing paths. This is the part of the network that actually moves data across the network.

Management Plane:

This plane configures and monitors the network device, including managing QoS settings, viewing traffic statistics, and performing administrative tasks.

Key points to remember:

QoS implementation:

The Control Plane is where QoS policies are defined. It determines which traffic should receive preferential treatment based on factors like delay sensitivity or bandwidth requirements.

Separation of concerns:

Network devices can efficiently manage traffic flow by separating these functions into different planes while clearly separating decision-making (Control Plane) and data forwarding (Data Plane).

Traffic Shaping

 Traffic Shaping - Network+

Traffic shaping, or packet shaping, is a network bandwidth management technique that controls data flow into and out of a network. It ensures that critical applications and time-sensitive data are delivered without delay.

Here's how traffic shaping works:

• Categorize traffic: Traffic is categorized according to network policies.
• Queue traffic: Traffic that exceeds the average bit rate is buffered in a queue.
• Delay packets: The transmission of less important packets is slowed so priority applications can be delivered without delay.

Traffic shaping is important because:

• It helps ensure the performance of critical applications
• It helps deliver time-sensitive data
• It helps defend against bandwidth-abusing DDoS attacks
• It's an essential requirement for a network firewall 

USB 2.0, 3.0, & 3.1

 USB Speeds

USB 2.0, also known as Hi-Speed USB, has a maximum data transfer speed of 480 megabits per second (Mbps).

Here are the maximum data transfer speeds for some other USB standards:

USB 1.0/Low-Speed: 1.5 Mbps

USB 1.1/Full-Speed: 12 Mbps

USB 3.0/SuperSpeed: 5 gigabits per second (Gbps) labeled as SS (SuperSpeed) on the PC

USB 3.1/SuperSpeed: 10 Gbps labeled as SS+ on the PC

USB 2.0 devices can also provide a power output of up to 500 milliamps (mA) at 5 volts. 

USB 2.0

USB 3.0 & 3.1

USB 2.0 Type B & Type B Micro are not compatible with 3.0

 Vulnerable Software

Vulnerable software is software that contains a security flaw, glitch, or weakness that an attacker could exploit. These flaws can be caused by a number of things, including coding errors, design oversights, outdated software, unintended interactions between components, and poor management of data or access control settings.

Vulnerabilities can impact software performance and security and compromise the security and functionality of the system, network, or data it interacts with.

Software patches are often released to fix identified vulnerabilities, but some remain unknown (zero days), and others have not been patched. The risk of a vulnerability being exploited depends on its nature and the value of the surrounding system.

Here are some ways to reduce the risk of vulnerable software:

Use third-party software with Code Signing to ensure the component is authentic, trustworthy, and safe.

Regularly scan for vulnerabilities and subscribe to security bulletins.

Fix or upgrade the underlying platform, frameworks, and dependencies promptly.

Secure the components' configurations.

 Threat Vector

A threat vector is a method or path that cybercriminals use to gain access to a network, device, or system. The term is often used interchangeably with "attack vector."

Here are some examples of threat vectors:

• Phishing emails
• Malicious websites
• SQL injection
• Social engineering
• Cross-site scripting
• Denial of service
• Brute force attacks
• Malware
• Exploiting vulnerabilities

Understanding threat vectors is essential for developing effective cybersecurity strategies. Organizations can recognize and track an adversary's attack vectors to better defend against targeted attacks.

 Shadow IT

Shadow IT uses IT systems or software without the knowledge or approval of an organization's IT department. It can include using cloud services, hardware, or software.

Shadow IT can occur in several ways, including:

• Using an unapproved tool to access, store, or share corporate data
• Accessing an approved tool in an unauthorized manner
• Sharing work files on a personal cloud storage account
• Holding meetings through an unauthorized video conferencing platform
• Creating an unofficial group chat without IT approval

Shadow IT can create serious security concerns and costs. Because the IT team is unaware of the use of these services, they are not protected by the organization's cybersecurity solutions or protocols. This can increase the risk of data breaches, noncompliance, and other liabilities.

Organizations can use a data protection solution to detect shadow IT. This solution provides visibility into all data movement and can automatically prioritize security risks based on the context of the file and user.

Nation-State / APT Advanced Persistent Threat

 Nation-State Threat Actor

A nation-state threat actor is a government-affiliated hacker who carries out malicious activities on behalf of a country or nation-state. These actors are often motivated by political or economic interests and can be tasked with a variety of objectives, including:

• Disrupting critical infrastructure
• Stealing industrial secrets
• Gaining access to policy discussions
• Taking down companies that offend leaders
• Conducting disinformation or propaganda campaigns
• Influencing elections
• Disrupting a country's security, economy, or government departments

Nation-state actors are often well-funded and can use sophisticated cyberattacks and advanced persistent threats (APTs) to operate undetected in a victim's network. APTs can be challenging to detect and expensive, allowing threat actors to infiltrate computer systems, steal data, and escalate privileges.

Some examples of nation-state threat actors include:

Camaro Dragon

This threat group from China is also known as the Mustang Panda, Bronze President, Earth Preta, Luminous Moth, Red Delta, and Stately Taurus.

Gamaredon

Also known as Primitive Bear, UNC530, ACTINIUM, Shuckworm, UAC-0010, and Aqua Blizzard, this is a threat group from Russia.

RedHotel

A threat actor reportedly backed by the Chinese government has targeted the space industry and other critical sectors.