Final Study Guide
This is simply a guide of topics that I consider important for the final. I don’t promise to ask you about them all, or about any of these in particular; but I may very well ask you about any of these, as well as anything we discussed in class, in the discussion section, or that is in the textbook or readings.
- Anything from before the midterm
- Network Security
- Firewalls
- DMZs
- TLS, SSL
- Access control matrix
- Matrix
- Primitive operations
- Commands
- Harrison-Ruzzo-Ullman result (undecidability of safety)
- Authentication
- Passwords (selection, storage, attacks, aging)
- One-way hash functions (cryptographic hash functions)
- UNIX password scheme, what the salt is and its role
- Password selection, aging
- Challenge-response schemes
- Biometrics and other validation techniques
- Access Control
- ACLs, C-Lists, lock-and-key
- UNIX protection scheme
- Multiple levels of privilege
- Lock and key
- MULTICS ring protection scheme
- Information flow
- Malware
- Trojan horse, replicating Trojan horse
- Computer virus
- Computer worm
- Bacteria, logic bomb
- Keystroke logger
- Ransomware
- Botnets
- Countermeasures
- Common vulnerabilities
- Buffer overflows
- Injections (SQL, command)
- Failure to check inputs
- Execution with unnecessary privileges
- Penetration studies
- Flaw hypothesis methodology
- Scoping the system
- Intrusion detection