The Midterm Exam will be posted on https://athena.uccs.edu/secure/cs591/CS591F2009midterm.html 10/21/2009 5:50pm.

To enhance the security and to get another chance for practicing the certificate generation/installation process, we will use client certificate together with password based protection. We also move the web page to athena.uccs.edu.

Use the client certificate signed by me to access the above midterm web page. Follow the steps in the part6 of hw4 for obtaining the client certificate. You can test the access by entering the midterm test web page url: https://athena.uccs.edu/secure/cs591/CS591F2009midtermTest.html and enter your answers and click the submit button to see if it is processed properly.

Enter your UFP login, the Student ID without dash as password, and your answers on the web page. After completing your answers, print a copy for your own record then push the submit button.  You have until 10/21/2009 11:59pm to finish the midterm.

Previous Exams:

• S2007 midterm. http://cs.uccs.edu/~cs591/CS591S2007midterm.html

Introduction

• Threat, vulnerability.
• Type of Threat: Interception, interruption, modification, and Fabrication. What are the related defenses?
  Given an attack, classify it. It may include several threat.
• Three important security aspects (goals) of computer related systems: Confidentiality, Integrity, Availability.
  

Exploits

Buffer Overflow attacks and their related defenses

• Why there are NOPs in the beginning part of the exploit date sequence in Smashing Stack paper?
• What are the addresses at the end of the exploit date sequence in Smashing Stack paper? What they are pointed to?

Given a piece source code, answer questions such as can we exploit it? what buffersize to use?

Understand Slammer worm

Metasploit usage.

Basic Crypto

• Crypto techniques related to encryption of data.
  • Substitution Cipher
  • Transposition Cipher
  • 3DES, AES
  • Block Cipher Operating Mode: CBC
• Crypto techniques related to authentication, identification.
  • Key Exchange: Diffe-Hellmann
  • Public Key Algorithm: RSA
  • Message Digest: MD5, SHA1
• Digitial certificates
• Openssl command for encryption/decryption.
• Applications: Secure Web Access, Secure Email.