CSUS College of Engineering and Computer Science Department of Computer Science C Sc 254 Network Security SEMESTER: Fall 2006 Ghansah STUDY GUIDE FOR FINAL EXAM NOTE1: The Exam will be Closed Book & Notes. Only one 8 1/2 X 11 Sheet of Notes will be permitted. NOTE2: The exam format will be a mixture of true/false, fill in the blanks, short answer, describing and explaining security protocols. The exam will test the knowledge of outcomes stated in the syllabus. Thorough understanding of: 1. Network and Internet security threats 2. Network attacks techniques and countermeasures 3. Cryptography based protocols at multiple layers of the TCP/IP stack Basic understanding of: 1. Wireless network security 2. Freeware and commercially available software tools for Internet security. Exposure to: 1. History of network attacks 2. Career paths in network security 3. Ethical issues related to network security The exam will be based on the following specific topics. 1. Threats, attacks, and vulnerabilities, security concepts a. Attacker’s process b. Attacker’s goals and exploits c. TCP/IP Network vulnerabilities. d. What do the terms in SAAAINT (secrecy, authentication, authorization, availability, integrity, nonrepudiation, and trust) and CIA (confidentiality, integrity, and availability) mean. Compare SAAINT and CIA. 2. Footprinting. a. What is it? b. What are the steps? c. What are some of the major tools? 3. Scanning and Enumeration. a. What is it? b. What are the steps? c. What are some of the major tools? d. e. 4. NMAP TOOL a. How does it work b. What are it major capabilities? c. What are the good and the bad uses of a tool such as nmap? 5. Network Attacks a. What are the weaknesses/vulnerabilities of current TCP/IP protocols (ie TCP, IP, ICMP, etc)? b. How to attackers exploit the vulnerabilities (eg. IP/ARP spoofing, DNS poisoning, DoS attacks, etc)? 6. Secure Communication Protocol Examples. a. Kerberos b. SSL/TLS c. IPSec d. PGP / GnuPG e. ? 7. Viruses, Worms, Trojans, Malicious Ware. a. What is a Trojan horse? b. What is a backdoor and what is its purpose? c. Know the terms virus, worm adware, malware, spyware, bacterium/rabbit, logic bomb etc and distinguish between them. d. What is an antivirus? Where should it be installed (client or server), giving reasons for your answer? e. Polymorphic viruses and how they are designed. f. Worm, virus, etc evasion techniques. g. Malicious code countermeasures. Note: It is not enough to simply say ‘use Antivirus’. 8. Fundamentals of Cryptography a. Understand secret shared key and public key systems b. Know their advantages and disadvantages. c. Know how to encrypt/decrypt with secret shared keys using the notation in class. d. Electronic Code Book (ECB), Cipher Block Chaining (CBC), and Initialization Vectors (IV) e. Know how to encrypt/decrypt/sign/verify using public keys. f. Know how secret shared keys and public keys are integrated in real world systems and why? g. What are message digests (ie hashes), digital signatures, their properties, and how they are used in securing systems. h. What are these tools used for: MD5, SHA, DES, AES, IDEA, RSA i. What is a certificate and what problem is it intended to solve? j. What is PKI and what are its components? k. How to do BOTH and encryption and signing of the same LARGE document using notations we developed in class. How to decrypt and verify signatures of same document. l. Oblivious transfer protocols and applications. m. Blind signatures. n. Secret sharing – simple one involving random #s and XORs. o. Zero knowledge proof protocols and applications 9. Sniffers, Firewalls and Honeypots. a. What is a sniffer? b. What is active/passive sniffer? Give examples? c. What are the capabilities of major sniffers such as ethereal, packetyzer, snort? d. Know the methods used to accomplish both active and passive sniffing. e. Explain how the following spoofing techniques work, how they are used in sniffing, and how they are defended against: arpspoofing, dnsspoofing, dns poisoning, etc.… f. Know the purpose of firewalls and different firewall configurations including advantages and disadvantages. g. Know firewall evasion techniques and how to mitigate them. h. What is honeypot/honeynet and what are its purposes and components? 10. Denial of Service. a. What is denial of service attack? b. What is local, remote, and distributed DoS (DDoS)? c. How is spoofing used in DNS attacks? d. Know the different DoS/DDoS attack methods. Eg, SYN flood, ping of death, etc. and how they are used. e. Know DDoS attack defenses. 11. Social Engineering. a. What is Social Engineering? b. Know the common types of social engineering techniques. c. Know the terms Phishing, pharming, reverse social engineering, etc d. Know the social engineering countermeasures. 12. Trusted OS. a. Explain the rationale behind such systems? b. Explain some business objectives of such systems? c. Know the various components and concepts used in such systems (ie., attestation, DRM, TPM, etc)? d. Know the purpose of cryptographic keys and hierarchy of these keys used in Trusted OS systems. e. What are the security and privacy issues in these systems? 13. Secure Coding a. What is buffer overflow and explain how stack-based buffer overflow works? b. What damages can buffer overflow exploits typically do to systems? c. How do we defend against buffer overflow attacks? d. What are heap overflow and format string attacks? e. 14. Intrusion Detection (IDS) a. What are the features of IDS b. Distinguish between Network IDS, Host IDS, and IPS including their advantages and disdadvantages. c. Distinguish between false positive and false negative as applied to IDS and their implications. d. Know examples of tools (e.g. Snort, Tripwire, etc) that can be used to implement IDS e. What is an Intrusion Prevention System (IPS)? f. Distinguish between signature-based and anomaly-based IDS systems. g. 15. Overview a. Know the various steps attackers use to attack systems b. Know and explain the general countermeasures that have to be employed to defend the system (eg. Firewalls, IDS, Crypto tools and VPNs, Patching, Antivirus, training and education – human element, policies etc). 16. Wireless Security. a. Know the various wireless security weaknesses and defenses we discussed in class. b. IEEE 802.11b security weaknesses and countermeasures. 17. Everything covered in the assignments is part of this study guide. 18. Everything covered till the last day of class is part of this study guide.