CS 356 - System Security 2nd-Half Semester Review Fall 2013
Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This is to assess your understanding of the material covered. There will be concepts, terminology and problems to be solved. The final exam will cover topics discussed all semester, but emphasis will be on topics from the 2nd half of the class. 2
3
Chapter 2: Cryptographic Tools introduced cryptographic algorithms symmetric encryption algorithms for confidentiality message authentication & hash functions public-key encryption digital signatures and key management random numbers
Chapter 3: User Authentication the four means of authenticating user identity are based on: something the individual knows password, PIN, answers to prearranged questions something the individual possesses (token) smartcard, electronic keycard, physical key something the individual is (static biometrics) fingerprint, retina, face something the individual does (dynamic biometrics) voice pattern, handwriting, typing rhythm
Chapter 3: User Authentication four means of authenticating a user s identity something the individual knows something the individual possesses something the individual is something the individual does vulnerability of passwords offline dictionary attack specific account attack popular password attack password guessing against single user workstation hijacking exploiting user mistakes exploiting multiple password use electronic monitoring hashed password and salt value password file access control password selection strategies user education computer generated passwords reactive password checking proactive password checking Bloom filter token based authentication memory cards smart cards biometric authentication remote user authentication password protocol token protocol static biometric protocol dynamic biometric protocol
DNS & DNSSEC DNS is essential internet service Very little security Cache Poisoning Kaminsky attack DNSSEC - security extensions for DNS adds authentication to existing DNS protocol via new record types employing crypto RRSIG, DNSKEY, NSEC DNS Signing DNS Validating Trust Anchor (root of trust) Chain of Trust: DS record 7
Chapter 4: Access Control introduced access control principles subjects, objects, access rights discretionary access controls access matrix, access control lists (ACLs), capability tickets UNIX traditional and ACL mechanisms role-based access control case study
Chapter 5 Data Base Security not discussed, not on exam 9
Chapter 6: Malicious Software types of malicious software (malware) terminology for malicious software viruses infected content infection mechanism, trigger, payload dormant, propagation, triggering, and execution phases boot sector infector, file infector, macro virus, and multipartite virus encrypted, stealth, polymorphic, and metamorphic viruses worms vulnerability exploit replicates via remote systems e-mail, file sharing, remote execution, remote file access, remote login capability scanning/fingerprinting spam e-mail/trojans social engineering payload system corruption data destruction, real world damage ramsomware, logic bomb payload attack agent bots remote control facility payload information theft credential theft, keyloggers, spyware phishing, identity theft payload stealthing backdoor/trapdoor rootkit kernel mode rootkits virtual machine/external rootkits countermeasures prevention detection, identification, removal host based scanners/behavior blocking software digital immune system
IP Hijacking If this is on the exam, the ONLY area I will consider as valid for questions are in the first 5 slides: definition of IP hijacking Consequences of IP hijacking: blackhole, eavesdrop, impersonation, spam, etc.
Chapter 7: Denial of Service introduced denial of service (DoS) attacks classic flooding and SYN spoofing attacks ICMP, UDP, TCP SYN floods distributed denial of service (DDoS) attacks reflection and amplification attacks defenses against DoS attacks responding to DoS attacks
Midterm Slides after this are from 2nd half of semester 13
Intrusion Detection intruders masquerader misfeasor clandestine user intruder behavior patterns hacker criminal enterprise internal threat security intrusion/intrusion detection intrusion detection systems host-based network-based sensors, analyzers, user interface host-based anomaly detection signature detection audit records distributed host-based intrusion detection network-based sensors: inline/passive distributed adaptive intrusion detection intrusion detection exchange format honeypot SNORT
Firewalls firewalls need for characteristics of techniques capabilities/limitations types of firewalls packet filtering firewall stateful inspection firewalls application proxy firewall circuit level proxy firewall bastion host host-based firewall personal firewall firewall location and configurations DMZ networks virtual private networks distributed firewalls intrusion prevention systems (IPS) host-based IPS (HIPS) network-based IPS (NIPS) Snort Inline UTM products
Application Security software security issues defensive/secure programming handling program input key concern for input: size /interpretation injection attack command /SQL /code cross-site scripting attacks XSS reflection validating input syntax input fuzzing handling program output writing safe program code correct algorithm implementation ensuring machine language corresponds to algorithm correct interpretation of data values correct use of memory preventing race conditions interacting with the operating system and other programs environment variables
Buffer Overflow buffer overflow (buffer overrun) more input placed into a buffer than the allocated capacity stack buffer overflows targeted buffer is located on the stack function call mechanisms stack frame stack overflow vulnerabilities shellcode shellcode development position independent cannot contain NULL values compile-time defenses resist attacks in new programs run-time defenses detect and abort attacks in existing programs stack protection mechanisms replacement stack frame off-by-one attacks return to system call heap overflows global data area overflows
OS Security system security planning operating systems hardening initial setup and patching remove unnecessary services configure users and groups test system security application security application configuration encryption technology security maintenance data backup virtualization security virtualization alternatives Linux/Unix security patch management application configuration users, groups, permissions remote access security testing windows security patch management users administration and access controls application and service configuration security testing
Internet Security Protocols secure E-Mail and S/MIME DomainKeys Identified Mail Internet mail architecture DKIM strategy Secure Sockets Layer (SSL) and Transport Layer Security (TLS) SSL architecture SSL record protocol change cipher spec protocol alert protocol handshake protocol HTTPS connection initiation connection closure Virtual Private Networks (VPN) IPv4 and IPv6 security IP security overview scope of IPsec security associations encapsulating security payload transport and tunnel modes
Internet Authentication Applications Kerberos Kerberos protocol Kerberos realms Kerberos versions 4 and 5 Kerberos performance issues X.509 public-key infrastructure PKIX management functions PKIX management protocols federated identity management
Wireless Security wireless security overview wireless network threats wireless security measure IEEE 802.11 wireless LAN overview Wi-Fi alliance IEEE 802 protocol architecture IEEE 802.11 network components and architectural model IEEE 802.11 services IEEE 802.11i IEEE 802.11i Services IEEE 802.11i Phases of Operation Discovery Phase Authentication Phase Key Management Phase Protected Data Transfer Phase the IEEE 802.11i Pseudorandom Function