J ohn Black CSCI 6268TLEN 5550 Spring 2014 Announcements Today Final Review Final Exam on Monday 55 1304pm this room About the Final Same format as Midterm Short answers extended topic questions Justified TrueFalse ID: 1029954
Download Presentation The PPT/PDF document "Foundations of Network and Computer Secu..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. Foundations of Network and Computer SecurityJohn BlackCSCI 6268/TLEN 5550, Spring 2014
2. AnnouncementsToday:Final ReviewFinal Exam on Monday5/5, 1:30-4pm, this room
3. About the FinalSame format as MidtermShort answers, extended topic questions, Justified True/False
4. CoverageEverythingLecturesQuizzes and MidtermKnow the answers!Assigned ReadingsProjectsBut does not include:Material I said you were specifically not responsible forReading on the web page or from lecture that was not “assigned reading”
5. What to StudyBlockciphersDefinition, Security Notions, Feistel, Attacks, DES, AES, DDES, TDESModes of OperationsECB, CBC, CTROne-time-padAttack modelsCOA, KPA, CPA, CCA
6. Review (cont)MACsSyntax, ACMA modelCBC MAC, XCBC, UMAC, HMACHash FunctionsSyntax, applications, MD paradigm, MD theorem, security notions (inversion resistance, 2nd-preimage resistance, collision resistance), SHA-1, MD5Birthday problemBounds, how to apply to hash functions
7. Review (cont)GroupsDefinition, examplesZm, Zm*, Zp*Euler’s function, Lagrange’s theoremRSA CryptosystemKey generation, encryptionSecurityBasic RSA bad, factoring is best known attack, factoring technologyImplementationNot much…, know the diff between primality testing and factoring!
8. Review (cont)Digital SignaturesDefinition, ACMA model, RSA sigs, hash-then-signSSLOutline of protocol, CAs, Man-in-the-middle attacksOpenSSLSymmetric key and IV derivationSalt, passphrase, base64 encodingCertificates, administrationStructure of projects 1 and 2
9. Review (cont)Networking BasicsRouting, basic protocols (IP, UDP, TCP, Eth, ARP, DHCP, DNS, ICMP, BGP), packet formattingIP addresses, NAT boxesVirusesHigh-level history (Morris worm, Windows worms, macro viruses)Propagation methodsHow to 0wn the Internet
10. Review (cont)TrojansThompson’s Turing Award lectureRootkitsPhishingDenial of ServiceGibson storyBandwidth saturation, filtering, zombie armiesSYN FloodsMechanics, SYN CookiesReflection attacks, smurfingBackscatter, Traceback, Ingress Filtering
11. Review (cont)Session HijackingTechnique, preventionKnow what a half-open connection isVulnerabilitiesBuffer overrunsIdea, techniques, machine architecture, calling conventions, stack layout, shellcode
12. Review (cont)Overruns, contPreventionNon-executing stack, canariesWays around themStatic analysis (just the basic idea)
13. Review (cont)Password Crackers/etc/passwd, salt, shadowed password filesWireless SecurityWar driving, SSIDs, MAC Filters, WEP, WPA2, WPS
14. Review (cont)WEPProtocol problemsDictionary attack on pads, authentication doesn’t work, etcProtocol AttacksARP cache poisoning (ettercap), DNS spoofing, prevention (AuthARP, DNSSEC)
15. And finallyUpside-down ternetSquid proxy, mogrifyBitcoinOverall protocol, proof of work, target value, mining, transaction fees