Midterm Review

Midterm Review - VNSA220 VNSA220 Cyber Self Defense Midterm...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: VNSA220 VNSA220 Cyber Self Defense Midterm Review Erik Golen 1 Midterm Overview • 20 Multiple Choice and T/F Questions – 3 points each – Phishing (slides) – Social Engineering (slides) – Port Scanning (slides) – Firewalls (slides) – General Networking (notes from lecture, eBook, this set of slides) – General Security (slides from Week 1 and in this set of slides) 2 Midterm Overview (continued) • 2 Essay(ish) Questions – 20 points each – First one is about general networking – Second one is about general security 3 Simple Communication • Computers must have two things in order to communicate with one another – A piece of hardware that allows them to communicate – A medium they can communicate across • The communication itself requires 3 elements – Syntax – Semantics – Synchronization 4 Communication Models OSI Model Application Layer Presentation Layer Session Layer Transport Layer Network Layer Data Link Layer Physical Layer 5 TCP/IP Model Application Layer Transport Layer Network Layer Data Link Layer Physical Layer TCP/IP Model “Addressing” Computer A Application Layer Transport Layer Network Layer Data Link Layer Physical Layer Port Number IP Address MAC Address Computer B Application Layer Transport Layer Network Layer Data Link Layer Physical Layer 6 TCP/IP Model Data Transmission Application Layer Transport Layer Network Layer Data Link Layer Physical Layer Application Data Datagram Packet DL Layer Header Net Layer Header Net Layer Header Trans Layer Header Trans Layer Header Trans Layer Header Payload Payload Payload Payload Frame 7 What is Security? • Computer Security ­ generic name for the collection of tools designed to protect data and to thwart hackers during their transmission • Network Security ­ measures to protect data • Internet Security ­ measures to protect data during their transmission over a collection of interconnected networks 8 Services, Mechanisms, Attacks • need systematic way to define requirements • consider three aspects of information security: – security attack – security mechanism – security service • consider in reverse order 9 Security Service • is something that enhances the security of the • • • data processing systems and the information transfers of an organization intended to counter security attacks make use of one or more security mechanisms to provide the service replicate functions normally associated with physical documents – eg. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed 10 10 Security Mechanism • • • • implements one or more security services a mechanism that is designed to detect, prevent, or recover from a security attack no single mechanism that will support all functions/services required however one particular element underlies many of the security mechanisms in use: cryptographic techniques 11 11 Security Attack • any action that compromises the security of • • • information owned by an organization information security is about how to prevent attacks, or failing that, to detect attacks on information­based systems have a wide range of attacks note: often threat & attack mean same 12 12 Model for Network Security 13 13 Security Services • Authentication ­ assurance that the • • • • communicating entity is the one claimed Access Control ­ prevention of the unauthorized use of a resource Data Confidentiality – protection of data from unauthorized disclosure Data Integrity ­ assurance that data received is as sent by an authorized entity Non­Repudiation ­ protection against denial by one of the parties in a communication 14 14 Security Mechanisms • Cryptography ­ used to prevent others from reading your data others – Implements data confidentiality • Digital signatures ­ identifies who you are to – Implements authentication and non­repudiation – Provides a means to begin implementing access control • Hashing ­ prevents others from modifying your data – Implements data integrity 15 15 Diffie­Hellman Key Exchange (not on exam) These values are known to everybody (public), including attackers α = base q = prime Problem is using discrete logarithm to determine XA and XB is computationally infeasible (intractable) 16 16 Classify Security Attacks as • passive attacks ­ eavesdropping on, or monitoring of, transmissions to: – obtain message contents, or – monitor traffic flows active attacks – modification of data stream to: – masquerade of one entity as some other – replay previous messages – modify messages in transit – denial of service 17 17 • ...
View Full Document

This note was uploaded on 05/27/2009 for the course NSSA 4050-220 taught by Professor Golen during the Fall '08 term at RIT.

Ask a homework question - tutors are online