CSCI 454/554 Computer and Network Security. Final Exam Review

Similar documents
APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Cryptography and network security CNET4523

IP Security. Ola Flygt Växjö University, Sweden

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Chapter 32 Internet Security

Dr. Arjan Durresi. Baton Rouge, LA These slides are available at:

Chapter 5: Network Layer Security

NETWORK ADMINISTRATION AND SECURITY

CS Final Exam

Network Security - ISA 656 Review

Securing IP Networks with Implementation of IPv6

Protocol Security Where?

Firewalls, Tunnels, and Network Intrusion Detection

Chapter 10. Network Security

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Chapter 7 Transport-Level Security

Network Access Security. Lesson 10

CS 494/594 Computer and Network Security

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Network Security. Lecture 3

Chapter 4 Virtual Private Networking

CSCI 4250/6250 Fall 2015 Computer and Networks Security

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

CSC Network Security

CSC 474 Information Systems Security

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

CPS Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang

Chapter 49 IP Security (IPsec)

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Network Security Part II: Standards

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Internetwork Security

Part III-b. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Computer security Lecture 9

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Laboratory Exercises V: IP Security Protocol (IPSec)

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

True False questions (25 points + 5 points extra credit)

Chapter 8 Virtual Private Networking

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

CS 4803 Computer and Network Security

Transport Level Security

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

This section provides a summary of using network location profiles to identify network connection types. Details include:

IPSEC: IKE. Markus Hidell Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers

NETWORK SECURITY (W/LAB) Course Syllabus

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

CISCO IOS NETWORK SECURITY (IINS)

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Standards and Products. Computer Security. Kerberos. Kerberos

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Outline. INF3510 Information Security. Lecture 10: Communications Security. Communication Security Analogy. Network Security Concepts

CCNA Security. IINS v2.0 Implementing Cisco IOS Network Security ( )

Enterprise Security Architecture

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

Lecture 10: Communications Security

Chapter 17. Transport-Level Security

Security + Certification (ITSY 1076) Syllabus

IPSec Pass through via Gateway to Gateway VPN Connection

Security vulnerabilities in the Internet and possible solutions

VPNs. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Chapter 11 Security Protocols. Network Security Threats Security and Cryptography Network Security Protocols Cryptographic Algorithms

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

IPSec and SSL Virtual Private Networks

Insecure network services. Firewalls. Two separable topics. Packet filtering. Example: blocking forgeries. Example: blocking outgoing mail

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

Internet Protocol Security IPSec

Network Security Web Security and SSL/TLS. Angelos Keromytis Columbia University

Site to Site Virtual Private Networks (VPNs):

This paper is a follow-on to an earlier paper 1 and. An architecture for the Internet Key Exchange Protocol. by P.-C. Cheng

Solutions in this chapter: What IS a VPN? Public Key Cryptography. IPSec. SSL VPNs. SSH Tunnels. Others. Summary. Solutions Fast Track

Chapter 8. Network Security

Network Security Fundamentals

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Securing Cisco Network Devices (SND)

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Computer and Network Security

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

Web Security Considerations

Lecture 17 - Network Security

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

The BANDIT Products in Virtual Private Networks

Transcription:

CSCI 454/554 Computer and Network Security Final Exam Review

Topics covered by Final Topic before Midterm 20% Topic after Midterm 80% Date: 05/13/2015 9:00am noon Place: the same classroom Open book/notes exam No laptop/tablet/smartphones etc. 2

Topics covered by MidTerm Topic 1. Basic Concepts Topic 2. Basic Cryptography Topic 3. Secret Key Cryptography Topic 4. Hash Functions Topic 5. Basic Number Theory and Public Key Cryptography 3

Topics covered after MidTerm Topic 6. Identification and Authentication Topic 7. Trusted Intermediaries Topics 8.1-2 IPsec and IKE Topic 8.3 SSL/TLS Topic 8.4 Firewalls and IDS Topic 8.5 Malicious Logic 4

Topic 6. Identification and Authentication Be able to explain the concepts of authentication and identification. Be able to give examples of authentication mechanisms. Be able to explain general approaches for authentication in large networks using trusted intermediaries (KDC and CA), and explain what are KDC, CA, and CRL. Be able to explain the general basis of user authentication (what the user knows, where the user can be reached, what the user is, and what the user has). 5

Topic 6. Identification and Authentication (cont d) Be able to explain what is password based user authentication, threats to password based authentication, how to store user passwords in computer systems. Be able to explain dictionary attacks (both online and offline). Be able to describe the password salt mechanism used to mitigate dictionary attacks and its effectiveness against online and offline dictionary attacks. Be able to explain the one-time password mechanisms, including S/Key and time synchronized authentication tokens. Be able to explain biometrics based user authentication and give examples of such approaches. Be able to explain the key metrics for biometrics authentication, including false positives and false negatives. 6

Topic 6. Identification and Authentication (cont d) Be able to explain typical attacks against authentication protocols, including eavesdropping, deleting, forging, modifying, replaying, reflection attacks, and delaying attacks. Be able to illustrate the above attacks using examples. Be able to describe defenses against the above attacks. Be able to describe the Needham-Schroeder protocol. Be able to explain the "old-key attack" against the Needham- Schroeder protocol and the three countermeasures (timestamp, expanded N-S, and Ottay-Ree protocol). 7

Topic 7. Trusted Intermediaries Be able to explain the general way KDC based trusted intermediaries are used. Be able to describe the Kerberos V4 protocol, and explain which parts of the protocol help achieve (1) centralized authentication service, (2) protection of user passwords, and (3) anti-replay attack capability. Be able to describe Kerberos inter-realm authentication. 8

Topic 7. Trusted Intermediaries (cont d) Be able to explain the general way PKI is used. Be able to explain what is a CA, and describe the ways that multiple CAs are organized in large networks. Be able to explain what is CRL and delta CRL. 9

Topics 8.1-2 IPsec and IKE Be able to describe the IPsec architecture, IPsec Security Association (SA), SA bundle, Security Parameter Index (SPI). Explain the purpose of Security Policy Database (SPD), Secure Association Database (SAD), and Internet Key Exchange (IKE) modules in the IPsec architecture. Be able to describe the IPsec Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols as well as Tunnel and Transport modes. Be able to describe the difference in the authentication capabilities provided by AH and ESP. 10

Topics 8.1-2 IPsec and IKE (cont d) Be able to describe the anti-replay feature in IPsec ESP. Be able to explain the IPsec outbound processing and inbound processing. Be able to explain the security principles for Internet key management, particularly the property of Perfect Forward Secrecy (PFS). Be able to describe the (only known) way to achieve PFS (ephemeral D-H). Be able to describe the separation of key establishment and key management in Internet key management. Be able to describe the SKIP protocol for sessionless IPsec key management. 11

Topics 8.1-2 IPsec and IKE (cont d) Be able to describe the Oakley key establishment protocol and explain the mechanisms to defeat (1) resource clogging attacks (i.e., Cookie), (2) replay attacks (i.e., nonce), and (3) man-in-the-middle attacks (i.e., with authentication). Be able to explain high-level issues of ISAKMP protocol, including the protocol structure (2 phases), protocol message construction (i.e., with different types of payloads), and exchange types. Be able to explain the following ISAKMP exchanges: basic exchange, ID protection exchange, authentication only exchange, aggressive exchange, and informational exchange. 12

Topics 8.1-2 IPsec and IKE (cont d) Be able to explain the IKE protocol, including the phase 1 exchanges using (1) signature authentication, (2) authentication with public key encryption, (3) authentication with revised public key encryption, and (4) authentication with pre-shared key in both main mode and aggressive mode. In each case, be able to explain how authentication is achieved, how PFS is achieved, and how ID protection is achieved. 13

Topic 8.3 SSL/TLS Be able to explain the basic facts of SSL/TLS, including its protocol architecture, its subprotocols and their objectives, basic SSL functionalities (authentication, secrecy, compression, generation and distribution of keys, security parameter negotiation), and SSL connection and session. Be able to describe the SSL record protocol operations (outbound and inbound). Be able to describe the SSL handshake protocol operations (4 phases), the generation of master secret and cryptographic parameters. 14

Topic 8.3 SSL/TLS (cont d) Be able to describe the change cipher spec protocol, and explain how the cryptographic parameters negotiated in the handshake protocol take effect through the change cipher spec protocol. Be able to give examles of application protocols that run on top of SSL (https, smtps, nntps, ftps, pop3s, imaps). 15

Topic 8.4 Firewalls and IDS Be able to explain the following concepts: firewall DMZ firewall capabilities, including logging traffic, network address translation, encryption/decryption, application payload transformation limitations of firewalls Be able to explain basic firewall technologies packet filters session filters application-level proxies circuit level proxies 16

Topic 8.4 Firewalls and IDS (cont d) Be able to explain the following basic concepts on IDS Anomaly detection misuse detection (or signature-based detection, rule-based detection) False positive rate False negative rate Host-based IDS Network-based IDS Base rate fallacy 17

Topic 8.5 Malicious Logic Be able to explain the following basic idea of malicious logic Trojan horses Computer viruses Worms Rabbits and bacteria Logic bombs Trapdoor DDoS Be able to explain the basic defenses against malicious logic 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information