Study Guide for CyberSecurity Comprehensive Exam, Study notes of Computer Networks

Study Guide for CyberSecurity Comprehensive Exam. Recommended books: • Conklin et al., Principles of Computer Security. • William Stallings, Cryptography ...

Typology: Study notes

2022/2023

Uploaded on 05/11/2023

tarquin
tarquin 🇺🇸

4.3

(15)

260 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
StudyGuideforCyberSecurityComprehensiveExam
Recommendedbooks:
Conklinetal.,PrinciplesofComputerSecurity
WilliamStallings,CryptographyandNetworkSecurity,PrinciplesandPractices,
MarieWrightandJohnKakalik,InformationSecurityContemporaryCases
SimsonGarfinkel,WebSecurity,PrivacyandECommerce
ReviewTopicsandDesiredLearningOutcomes,groupedbyarea:
SecurityArchitectureandThreats
1. UnderstandwhatconstitutesOSIX.800securitymodelandITUTX.805model
2. Understandkindsofsecurityattacks,securitymechanisms,andsecurityservices.
3. Understandtherelationshipbetweenservicesandattacks,andbetweenmechanismsand
attacks.
4. UnderstandC(Confidentiality),I(Integrity)A(availability)andhowCIArelatestosecurity
services,mechanismsandattacks.
Cryptography
1. Understandthetypesofattacksforcryptography.
2. Understandthebasicsubstitutionandtranspositiontechniques,solveitbyexamples.
3. Understandtheblockcipherandstreamcipher,thedifferencebetweentwoandthecipher
algorithmsthatusethem.
4. Understandwhatthelinktolinkencryptionandendtoendencryptionare.
5. Understandmultipleencryptions,solveitbysimpleexamples
6. Abletodescribevariantsof3DESwithtwokeysandthreekeys.
7. AbletodescribewhattheManinthemiddleattackis.UnderstandwhyDiffieHellmankey
exchangeprotocolissubjecttothemaninthemiddleattack.
8. UnderstandthemeaningofeachBlockCiphermodesandtheircorrespondingapplications.
Abbreviationofeachmode.LikeCBCandCFB,.etc.
9. UnderstandinhighlevelhowRC4works,andwhataretheapplicationsusingRC4.Doyoualso
knowwhereDESmightbeused?AnswerforDESisGovernments,financialsectors,andVPN.
10. Understandtheprinciplesofpublickeycryptographyanditssixcomponents.
11. UnderstandthedifferencesbetweenAsymmetricandSymmetricalgorithmsintermsof
algorithms,efficiency,security,applications,.etc.
12. DescribeRSAalgorithminhighlevel,andknowhowtouseitbyexamplesshownintheslides
andattheonlinesession.
13. UnderstandDSSandECCandtheirapplication.
14. AbletodescribehowDigitalSignatureworks.
AuthenticationandemailSecurity
pf3

Partial preview of the text

Download Study Guide for CyberSecurity Comprehensive Exam and more Study notes Computer Networks in PDF only on Docsity!

Study Guide for CyberSecurity Comprehensive Exam

Recommended books:

  • Conklin et al., Principles of Computer Security
  • William Stallings, Cryptography and Network Security, Principles and Practices,
  • Marie Wright and John Kakalik , Information Security‐Contemporary Cases
  • Simson Garfinkel, Web Security, Privacy and E‐Commerce Review Topics and Desired Learning Outcomes, grouped by area: Security Architecture and Threats
  1. Understand what constitutes OSI X.800 security model and ITU‐T X.805 model
  2. Understand kinds of security attacks, security mechanisms, and security services.
  3. Understand the relationship between services and attacks, and between mechanisms and attacks.
  4. Understand C(Confidentiality), I (Integrity) A (availability) and how CIA relates to security services, mechanisms and attacks. Cryptography
  5. Understand the types of attacks for cryptography.
  6. Understand the basic substitution and transposition techniques, solve it by examples.
  7. Understand the block cipher and stream cipher, the difference between two and the cipher algorithms that use them.
  8. Understand what the link to link encryption and end to end encryption are.
  9. Understand multiple encryptions, solve it by simple examples
  10. Able to describe variants of 3 ‐DES with two keys and three keys.
  11. Able to describe what the Man‐in‐the‐middle attack is. Understand why Diffie Hellman key exchange protocol is subject to the man in the middle attack.
  12. Understand the meaning of each Block Cipher modes and their corresponding applications. Abbreviation of each mode. Like CBC and CFB, .etc.
  13. Understand in high level how RC4 works, and what are the applications using RC4. Do you also know where DES might be used? Answer for DES is Governments, financial sectors, and VPN.
  14. Understand the principles of public key cryptography and its six components.
  15. Understand the differences between Asymmetric and Symmetric algorithms in terms of algorithms, efficiency, security, applications, .etc.
  16. Describe RSA algorithm in high level, and know how to use it by examples shown in the slides and at the on‐line session.
  17. Understand DSS and ECC and their application.
  18. Able to describe how Digital Signature works. Authentication and email Security
  1. Understand approaches to Message Authentications.
  2. Understand how Kerberos works, its weakness, and its requirements.
  3. Understand the differences between Kerberos 4 and 5.
  4. Understand what X.509 is. What it does. Difference between version 2 and version 3?
  5. Understand what PKI (public Key Infrastructure) is.
  6. Summarize the PGP services (digital signature, encryption, compression, email compatibility and segmentation).
  7. What is the key rings in PGP?
  8. Describe the functions of S/MIME IP and Web Security
  9. Understand the functions of each SSL layer.
  10. Able to list three functional areas of IPsec, and describe applications of IPsec.
  11. Understand services, able to identify which protocols (AH, ESP only and ESP with authentication) provides which service(s).
  12. Able to identify services provided by IPsec and key management schemes used by IPsec.
  13. Understand the difference between IPsec tunnel mode and transport mode.
  14. Understand how to combine security association with two ways: transport adjacency and iterated tunneling. Intrusion Detection and Password Management
  15. Identify three types of intruders
  16. Identify two approaches of intruder detection (Statistical anomaly detection) and Rule‐based detection.
  17. Understand the relationship among measures, models, and detected intrusions.
  18. Understand the concepts of honeypot why it is needed?
  19. Able to list at least two password selection strategies Firewall Design
  20. Understand 4 general techniques that firewall uses to control access and enforce its site’s security.
  21. What attacks can be made to packet filtering firewall.
  22. Understand Access control matrix model and Bell La‐Padula model.
  23. What is capability table and access control list? Row or column in the access matrix.
  24. Understand different types of firewall, packet filtering, application proxy, and circuit level gateway.
  25. What is stateful inspection firewall and how it differs from traditional packet filtering? Malicious Software
  26. Understand the meaning of each type of malicious software, like virus, worm, Trojan horse, .etc… And identify if host program is required to launch an attack?