ITIS 6167/8167 Final Exam Review

  1. Basics of Computer Security
  2. For example, what are symmetric and asymmetric encryptions? What is one time pad? What is brute force attack?
  3. The basics of hash function, key establishment, man-in-the-middle attack.
  4. ARP protocol and Security
  5. What is the purpose of ARP protocol? Why do we need it?
  6. What is the purpose of ARP Cache?
  7. Why does the ARP cache have a lifetime? Why do not we keep there forever?
  8. What is gratuitous ARP message and what are the purposes of the message?
  9. Difference between ARP poisoning and promiscuous mode of Ethernet
  10. Man-in-the-middle attack using ARP poisoning (why do we need to disable the ICMP redirect function in the attacker?)
  11. How to use ARP poisoning to escape IP address based authentication
  12. IP protocol and security
  13. The basics of the IP header
  14. What is trace-route and how to use TTL to implement it
  15. Why do we need IP fragmentation
  16. The procedure to fragment and to set the corresponding fields
  17. Fragment of fragment
  18. Where and how to reassemble the packets
  19. Attacks on IP fragmentation: buffer overflow, DoS, how to use fragmentation to penetrate firewall
  20. ICMP and its security
  21. Why we will not send ICMP for errors caused by ICMP? Why ICMP packets will be sent only to the original source?
  22. Us what information can a computer match the ICMP echo request and ICMP echo reply
  23. How to use ICMP source quench to conduct attacks to reduce the quality of connection?
  24. What is a smurf attack using ICMP
  25. How to use ICMP redirect message to conduct winfreeze attack
  26. UDP and its security
  27. How can we distinguish a UDP header without a checksum from a checksum equal to “0”
  28. What is UDP ping-pong attack and how to conduct it
  29. What is DoS attack on UDP and how to conduct it
  30. TCP
  31. Does the TCP protocol assume the data to be structured or structure-free
  32. What is the difference between the URGENT and PUSH data in TCP
  33. Understand the three-way hand shake procedure of the TCP protocol
  34. The slow start procedure of TCP to handle congestion
  35. Silly window and the countermeasures from the sender and receiver’s view
  36. Why in TCP we want the sender and receiver to choose random numbers as the sequence number? Use example to show how difficult or easy to guess the sequence number.
  37. Attacks on TCP: blind connection reset, blind throughput reduction, and blind performance degrading attack.
  38. DNS and NMAP
  39. What is the IDLE scanning technique used in NMAP
  40. Is a domain in DNS a geometric concept?
  41. Recursive queries and iterative queries in DNS
  42. The different between a domain and a zone in DNS
  43. DNS ID hacking procedure
  44. DNS related and unrelated data attack
  45. Email safety
  46. The advantages that the emails are delivered through specific servers instead of end-to-end (from sender to receiver directly)
  47. Please describe the major components inthe format of a mail message and the functionality of each component. What is the difference between the header in a mail message and the SMTP encapsulation?
  48. In the email distribution list, what are the two methods to map a single list name to a group of email addresses? How to prevent the formation of email forwarding loops? What are the advantages of the local exploder and remote exploder?
  49. Please shortly describe the coding procedures of base64 and how it enables various file formats to be sent through the email system.Understand how the MIME standard allows an email to contain multiple multimedia components.
  50. The difference between the POP3 and IMAP protocols.
  51. When a sender needs to send an email to multiple receivers and needs to enforce the confidentiality of the contents, what will be an efficient approach?
  52. How to use onion routing to achieve email anonymity?
  53. How to use a proxy to achieve email anonymity?
  54. What are the major factors that restrict the wide adoption of the PEM protocol?
  55. Fighting the spam emails
  56. Please use an example to illustrate how the attacker can use the comment lines in HTML to help spam emails avoid detection.
  57. Please describe the trick of invisible ink to help the spam email avoid detection.
  58. Please describe the tricks of “catch a wave” and “the rake”to help the spam email avoid detection.
  59. Please explain the basic idea of the CRM 114 spam detector. If the sliding window contains 6 words, how many order-preserving sub-phases will be generated? For what reasons the authors use hash tables to label the features of the phrases?
  1. Safety of the android system
  2. Please shortly describe the four types of components in an android application and their functionalities; (Section 2 in “Analyzing Inter Application Communication in Android”)
  3. Please shortly describe the difference between explicit and implicit intents. If explicit intents are safer, why do we need the implicit intents? (Section 2 in “Analyzing Inter Application Communication in Android”)
  4. Please use an example to illustrate why using a unique action string to identify the receiver of an implicit intent is not safe. (Section 3.1 in “Analyzing Inter Application Communication in Android”)
  5. Please explain the basic concept of “Lightweight Mobile PhoneApplication Certification”. If you were an attacker, how can you design a mechanism to by-pass the checking procedure? (Hint: the original approach looks at only a single application.)
  6. Please explain the basic idea of TaintDroid. You should be able to calculate the taintvector of some basic operations such as add, times, etc.
  1. Anti Phishing
  2. For the “Dynamic security skin” paper, understand the approaches of “browser generated images” and “server generated images”.
  3. Based on the “PhoolProof Phish prevention” paper, please explain why compromising either the machine or the user’s mobile device alone will not impact the safety of the approach.
  4. Web security
  5. Please fully understand the three examples that we explain in the class for “how to shop for free on the Internet”. If we describe a similar situation, you should be able to identify the vulnerability.

1