1 / 15

Foundations of Network and Computer Security

Foundations of Network and Computer Security. J ohn Black. CSCI 6268/TLEN 5550, Spring 2014. Announcements. Today: Final Review Final Exam on Monday 5/5, 1:30-4pm, this room. About the Final. Same format as Midterm Short answers, extended topic questions, Justified True/False. Coverage.

nanda
Download Presentation

Foundations of Network and Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Foundations of Network and Computer Security John Black CSCI 6268/TLEN 5550, Spring 2014

  2. Announcements • Today: • Final Review • Final Exam on Monday • 5/5, 1:30-4pm, this room

  3. About the Final • Same format as Midterm • Short answers, extended topic questions, Justified True/False

  4. Coverage • Everything • Lectures • Quizzes and Midterm • Know the answers! • Assigned Readings • Projects • But does not include: • Material I said you were specifically not responsible for • Reading on the web page or from lecture that was not “assigned reading”

  5. What to Study • Blockciphers • Definition, Security Notions, Feistel, Attacks, DES, AES, DDES, TDES • Modes of Operations • ECB, CBC, CTR • One-time-pad • Attack models • COA, KPA, CPA, CCA

  6. Review (cont) • MACs • Syntax, ACMA model • CBC MAC, XCBC, UMAC, HMAC • Hash Functions • Syntax, applications, MD paradigm, MD theorem, security notions (inversion resistance, 2nd-preimage resistance, collision resistance), SHA-1, MD5 • Birthday problem • Bounds, how to apply to hash functions

  7. Review (cont) • Groups • Definition, examples • Zm, Zm*, Zp* • Euler’s  function, Lagrange’s theorem • RSA Cryptosystem • Key generation, encryption • Security • Basic RSA bad, factoring is best known attack, factoring technology • Implementation • Not much…, know the diff between primality testing and factoring!

  8. Review (cont) • Digital Signatures • Definition, ACMA model, RSA sigs, hash-then-sign • SSL • Outline of protocol, CAs, Man-in-the-middle attacks • OpenSSL • Symmetric key and IV derivation • Salt, passphrase, base64 encoding • Certificates, administration • Structure of projects 1 and 2

  9. Review (cont) • Networking Basics • Routing, basic protocols (IP, UDP, TCP, Eth, ARP, DHCP, DNS, ICMP, BGP), packet formatting • IP addresses, NAT boxes • Viruses • High-level history (Morris worm, Windows worms, macro viruses) • Propagation methods • How to 0wn the Internet

  10. Review (cont) • Trojans • Thompson’s Turing Award lecture • Rootkits • Phishing • Denial of Service • Gibson story • Bandwidth saturation, filtering, zombie armies • SYN Floods • Mechanics, SYN Cookies • Reflection attacks, smurfing • Backscatter, Traceback, Ingress Filtering

  11. Review (cont) • Session Hijacking • Technique, prevention • Know what a half-open connection is • Vulnerabilities • Buffer overruns • Idea, techniques, machine architecture, calling conventions, stack layout, shellcode

  12. Review (cont) • Overruns, cont • Prevention • Non-executing stack, canaries • Ways around them • Static analysis (just the basic idea)

  13. Review (cont) • Password Crackers • /etc/passwd, salt, shadowed password files • Wireless Security • War driving, SSIDs, MAC Filters, WEP, WPA2, WPS

  14. Review (cont) • WEP • Protocol problems • Dictionary attack on pads, authentication doesn’t work, etc • Protocol Attacks • ARP cache poisoning (ettercap), DNS spoofing, prevention (AuthARP, DNSSEC)

  15. And finally • Upside-down ternet • Squid proxy, mogrify • Bitcoin • Overall protocol, proof of work, target value, mining, transaction fees

More Related