1 / 14

Final Exam Review

This document provides a review of the topics covered in the CS461/ECE422 final exam, including security policies, cryptography, access control, network security, and more. It also includes information about the exam logistics, such as time, location, and rules.

salinan
Download Presentation

Final Exam Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS461/ECE422 Fall 2010 Final Exam Review

  2. Exam guidelines • A single page of supplementary notes is allowed • Closed book • No calculator • Students should show work on the exam. They can use supplementary sheets of paper if they run out of room. • Students can use scratch paper if desired.

  3. Topic Distribution • The final is cumulative • Material from the first two exams • Plus material from after Thanksgiving • Follows same structure as midterm exams • But longer • Aiming for 1.5-2 hours

  4. Exam Logistics • 8am Thursday, December 16 • 1320 DCL • Conflict exam as needed

  5. Course Goals • Introduction to computer security information • Basis for deeper study • Ability to interpret security articles/information more critically • Improve your security awareness as a computer professional • Some fun party tricks

  6. Topics First Half • Introductory definitions • Security Policies • Risk Analysis • Historical Cryptography • Symmetric Cryptography • Public or Asymmetric Cryptography • Authentication • Key Management

  7. Topics Second Half Access Control • Access Control Matrix • Discretionary OS models • Database Access Control • Mandatory Models • Assured Systems • Design and development • Evaluation • Malware • Network Security Controls and Architecture

  8. Topics Third Portion • Security and Law • Physical Security • Forensics • EMSEC • SSL and IPSec

  9. Law and Security • Different laws apply for service providers, law enforcement, intelligence, war fighter • Privacy • 4th amendment • Wiretapping and ECPA • CALEA • FISA

  10. Law and Security • Crime • CFAA • Economic Espionage Act • International laws • Cryptography and the law • Computer Use and Configuration • FISMA • SOX • GLB • HIPAA

  11. Physical Security • Must consider physical world in security planning • Forensics/Spying • Chain of custody • Finding data on disk • Paper disposal

  12. EMSEC • Emanations Scanning • TEMPEST • Use AM radio to detect screen radiation • Hide information in dither • Tempest fonts • Protections • Shielding • Physical separation. red/back • RFID

  13. SSL and IPSec • Examples of crypto techniques and protocols used in the real world • SSL – transport layer • Session vs connections • Handshake protocol • Authenticate and agree upon common data • Compression, encryption, and integrity • IPSec – network layer • Tunnel and transport mode • AH/ESP • Nested tunnels • Encryption and integrity

  14. Thanks for participating!Good Luck!

More Related