The Midterm Exam will be posted on https://vinci.uccs.edu/secure/cs591/CS591S2007midterm.html 3/21/2007 5:50pm.

To enhance the security and to get another chance for practicing the certificate generation/installation process, we will use client certificate together with password based protection. We also move the web page to vinci.uccs.edu.

Use the thawte free email certificate to access the above midterm web page. If you request another certificate on the browser you intend to retrieve web page. Follow the steps in the part3 of hw1 for the thawte free email certificate.

Enter your CS login, the last four digits of your Student ID as password, and your answers on the web page. After completing your answers, print a copy for your own record then push the submit button.  You have until 3/21/2007 11:59pm to finish the midterm.

Introduction

• Threat, vulnerability.
• Type of Threat: Interception, interruption, modification, and Fabrication. What are the related defenses?
  Given an attack, classify it. It may include several threat.
• Three important security aspects (goals) of computer related systems: Confidentiality, Integrity, Availability.
  

Exploits

Buffer Overflow attacks and their related defenses

• Why there are NOPs in the beginning part of the exploit date sequence in Smashing Stack paper?
• What are the addresses at the end of the exploit date sequence in Smashing Stack paper? What they are pointed to?

Given a piece source code, answer questions such as can we exploit it? what buffersize to use?

Understand Slammer worm

Basic Crypto

• Crypto techniques related to encryption of data.
  • Substitution Cipher
  • Transposition Cipher
  • 3DES, AES
  • Block Cipher Operating Mode: CBC,
• Crypto techniques related to authentication, identification.
  • Key Exchange: Diffe-Hellmann
  • Public Key Algorithm: RSA
  • Message Digest: MD5, SHA1
• Digitial certificates
• OpenSSL
• Applications: Secure Web Access, Secure Email.

Firewall

• What is DMZ?
• What is the advantage of having two separate firewalls in DMZ set up? What security principle apply for using two instead of one firewall?
• What are the firewall rules that apply the fail-safe default principle in your hw4?
• How you use DNAT and Masquerade in hw4? Which machine(s) in your Secure Perimter Testbed implement DNAT and Masquerade service?