CS591 S2007 Final Exam Review

CS591 S2007 Final Review

Final exam will be 5/14 4:30-7 pm Monday in EN149, open book with Internet access, no chatting.

The final exam will cover the following topics:

Penetration Testing
- What are 9 potential hacking steps of the hacking methodology discussed in "Hacking exposed" by McClure et al?
- How the nmap detects the OS version?
- How the scanning tools evades the detection?
- Given an example of how fpipe can be used to avoid blocking by the firewall.
- How can netcat be used to set up a backdoor connection? How the information collected with footprinting, scanning, and enumeration can help gain access to the system? Give three examples
- How can a security officer detect that an employee has set up a backdoor dialup server using his office phone/cellphone and his office desktop? How can one prevent that?
Firewall
- Why the servers in DMZ are not allowed to initiate the connections to the systems in the intranet?
- What would happen if a machine in Internet pings a machine in the intranet?
- When should we use SNAT instead of MASQUERADE?
- How DNAT is used? Is it applied in PREROUTING or POSTROUTING?
- A web site uses the cgi-scripts of a DMZ web server to process the credit card/purchase information filled by the customers, how can we protected the credit card/purchase info before the data is transferred back to an intranet database server for processing.
IDS
- How can zero-day worm be detected?
- With the possibility of the inside attack, where should IDS devices be located?
- What are two basic types of IDS devices?
- If a hacker changes the content of the TFN DDoS attack msg from "1234" to "haha", what will be the new snort rule, you will add?
- The above scenario indicates the problems with IDS detection with specific patterns. If the attacker changes the content, the existing rules will produce false negatives. What is your solution to this.
- Give three examples of designs or syntax in snort rules, that tries to improve the efficiency of intrusion detection process.
- Explain how honeypot can be used to reduced the false positives.
Security Policies
- Explain what is WURD policy? Why it prevent classified info from leaking out?