Midterm Review
To enhance the security and to get another chance for practicing the certificate generation/installation process, we will use client certificate
together with password based protection. We also move the web page to athena.uccs.edu.
Use the client certificate signed by me to access the above midterm web page. Follow the steps in the part6 of hw4 for obtaining the client certificate. You can test the access by entering the midterm test web page url: https://athena.uccs.edu/secure/cs591/CS591F2009midtermTest.html and enter your answers and click the submit button to see if it is processed properly.
Enter your UFP login, the Student ID without dash as password, and
your answers on the web page. After completing your answers, print a copy for
your own record then push the submit button. You have until 10/21/2009
11:59pm to finish the midterm.
Previous Exams:
Midterm Topics:
Introduction
- Threat, vulnerability.
- Type of Threat: Interception, interruption, modification, and Fabrication.
What are the related defenses?
Given an attack, classify it. It may include several threat.
- Three important security aspects (goals) of computer related systems: Confidentiality,
Integrity, Availability.
Exploits
- Buffer Overflow attacks and their related defenses
- Why there are NOPs in the beginning part of the exploit date sequence
in Smashing Stack paper?
- What are the addresses at the end of the exploit date sequence in
Smashing Stack paper? What they are pointed to?
- Given a piece source code, answer questions such as can we exploit it?
what buffersize to use?
- Understand Slammer worm
- Metasploit usage.
Basic Crypto
- Crypto techniques related to encryption of data.
- Substitution Cipher
- Transposition Cipher
- 3DES, AES
- Block Cipher Operating Mode: CBC
- Crypto techniques related to authentication, identification.
- Key Exchange: Diffe-Hellmann
- Public Key Algorithm: RSA
- Message Digest: MD5, SHA1
- Digitial certificates
- Openssl command for encryption/decryption.
- Applications: Secure Web Access, Secure Email.