Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exam 2 Review CS461/ECE422 Fall 2009. Exam guidelines Same as for first exam A single page of supplementary notes is allowed  8.5x11. Both sides. Write.

Published byDora Nash Modified over 8 years ago

Similar presentations

Presentation on theme: "Exam 2 Review CS461/ECE422 Fall 2009. Exam guidelines Same as for first exam A single page of supplementary notes is allowed  8.5x11. Both sides. Write."— Presentation transcript:

1 Exam 2 Review CS461/ECE422 Fall 2009

2 Exam guidelines Same as for first exam A single page of supplementary notes is allowed  8.5x11. Both sides. Write as small as you like. Closed book No calculator or other widgets. Students should show work on the exam. They can use supplementary sheets of paper if they run out of room.

3 Exam logistics Exam will be given during normal lecture time in 1310 DCL You will be given 50 minutes to complete the exam.

4 Topics Access Control Data base security Confidentiality and Integrity Policies and Models Trusted Operating Systems System Evaluation Frameworks Trusted System Development Malicious Code Network Security Threats and Controls Security Law

5 Access control Access Control Matrix  Common model for encoding protection state of system  HRU commands and the safety property Access Control Lists  ACM by column  Unix and windows examples Did not address capabilities this semester Did not address hardware based rings in this lecture

6 Database Security Access control model – Griffiths and Wade model  Basic relational model  No single owner of all data/privilege  Use “grant” to delegate privileges  Use view to shared restricted set of data  Revocation issues Integrity  Transactions  Two phase commit

7 Trusted Models and Policies Mandatory Access Control  How does it differ from DAC Bell-LaPadula  MLS – Confidentiality policy  Lattice of Security Labels, e.g., Security:{Proj1, Proj2}  Read down, write up  Basic Security Theorem  Tranquility

8 Integrity Policies Biba models  Low water mark – tries to preserve indirect information flow constraints  Ring policy – Like low water mark but doesn't attempt to address indirect flows  Strict – Dual of the BLP model Did not address this semester  Lipner Matrix model  Clark Wilson

9 Example Trusted OS Guest lecture by Paul McNabb Reviewed common issues  MLS and shared directories  Fine grained privileges  Constraining privileges  Labeling network data  Roles

10 Evaluation Framework Covered TCSEC (Orange book) and Common Criteria Assurance vs functionality requirements TCSEC  Fixed assurance and functionality evaluation levels Common Criteria  Dynamic functionality profiles and fixed assurance levels

11 Design Principles Salzer and Schoeder's principles  Understand and recognize application in systems

12 Assurance Assurance is evidence that system meets requirements Techniques for gathering evidence during product life cycle  Different types of assurance: policy, design, implementation, operational Different development processes and how they gather assurance

13 Secure Software Design Security architecture as focus for tracking and analyzing system security  Security requirements Documentation and requirements tracing Threat analysis  Analyze design/code – identify entry points. Develop data flow diagrams  Identify threats  Build attack trees Security testing

14 Malicious Code Types of malicious code  Trojan programs  Rootkits  Virus Detection and virus evasion  Worms Propagation techniques  NetBots

15 Common Implementation Flaws Buffer Overflow  Stack smashing Incomplete Parameter Validation Time of use to time of check Covered a little bit on ethical hacking and vulnerability research

16 Network Security Concerns Review the network stack Physical/Data link layer and CIA Network Layer  Routing  ARP  ICMP  Smurf

17 Network Security Concerns Transport (UDP/TCP)  Syn flood  Port scan  DHCP Application  Spoofing  DNS Open relay  Preferred server layout Cache poisoning

18 Network Security Architecture Segmentation Perimeters and domains VPNs Common network layout  In, out, DMZ

19 Network Security Controls Firewalls  Application proxy  Packet filter  Stateful packet filter  NAT  Identify and firewalls Intrusion Detection  Did not coverHoney pots  Mis-use/signature detection  Anomaly/statistical detection  IDS vs IPS

20 Law and Security Different laws apply for service providers, law enforcement, intelligence, war fighter Privacy  4 th amendment  Wiretapping and ECPA  CALEA  FISA

21 Law and Security Crime  CFAA  Economic Espionage Act  International laws Cryptography and the law Did not cover the Computer Use slides this semester (Did not cover the Intellectual property hidden slides this semester)

22 Good luck!

Download ppt "Exam 2 Review CS461/ECE422 Fall 2009. Exam guidelines Same as for first exam A single page of supplementary notes is allowed  8.5x11. Both sides. Write."

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Chapter 12 Network Security.

Chapter 12 Network Security.
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
Foundations of Network and Computer Security J J ohn Black Lecture #27 Dec 9 th 2004 CSCI 6268/TLEN 5831, Fall 2004.

Foundations of Network and Computer Security J J ohn Black Lecture #27 Dec 9 th 2004 CSCI 6268/TLEN 5831, Fall 2004.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Network and Server Attacks and Penetration Chapter 12.

Network and Server Attacks and Penetration Chapter 12.
Foundations of Network and Computer Security J J ohn Black Lecture #37 Dec 14 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #37 Dec 14 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.

1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.
Cryptography and Network Security Chapter 20 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 20 Fourth Edition by William Stallings.
Information Systems Security Security Architecture Domain #5.

Information Systems Security Security Architecture Domain #5.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Similar presentations

Ads by Google