Things discussed or mentioned during classes
From Inforail
Contents
Course
3.Feb
- Network architecture, network stack
- Passing the message from one layer to another, adding headers or tails to a message
- Protocols
- Noise, sources of noise
- Error detection
- Checksum
- Parity bit
- Types of modulation
- RZ, NRZ
- Self-clocking
- Bit slipping
10.Feb
- Taxonomy of networks
- By size, PAN, LAN, MAN, WAN; "internet" vs "Internet"
- Network topologies
- Bus, ring, star, mesh
- Broadcast, multicast, unicast
- Switched channels
- Circuit switched, packet switched, message switched
17.Feb
The UDP protocol
- UDP datagram header
- Non connection-oriented protocol
- UDP ports
24.Feb
The TCP protocol
- The cost of reliability
- TCP header
- Connection-oriented protocol
- TCP ports
- The three-way handshake
3.Mar
The IPv4 protocol
- IPv4 header
- Evil bit [1]
10.Mar
- IP address
- Class of IP addresses
- Running out of IP addresses
- Subnetworks
- CIDR notation
- Determining the network address and the broadcast address
17.Mar
- ARP, DHCP
- NAT
- Port forwarding
- What is happening inside a router
- Gateway
- Shannon's channel capacity
- Signal to noise ratio (SNR)
- Capacity, bandwidth
- Baud rate
24.Mar
<holidays>
31.Mar
- Error detection and correction
- Compression algorithms.
- Shannon compression method
- Huffman method
- Hamming encoding
7.Apr
- Computer security
- Worm, Virus, Trojan
- Objectives of computer security
- Attack vector
14.Apr
- Things that make computerized attacks more dangerous
- automation,
- remote action,
- technique propagation
- Different approaches in computer security
- security reuse
- security through obscurity
- over-engineering
- compartmentalization
- need-to-know
- choke point
- surveillance
- Security in depth
- The security model of an OS
- Primitives of computer security (ciphers encryption, one-way hash, MAC)
- Hashes; tamper-evident vs tamper-resistant
- MAC (message authentication codes)
- Encryption
- Shift cipher
- Transposition cipher
- Symmetric cipher
- Asymmetric cipher
28.Apr
- Digital signatures
- PKI
- CA, CA chains, root CA
- CRL, OCSP
- Block ciphers
- Stream ciphers
- Randomizers, pseudo-randomizers, sources of random data, determinism vs non-determinism
- Key lengths
- Kerchoffs' principle [2]
5.May
- Zero knowledge password proof [3]
- Security in networks
- Firewall
- hardware vs software
- the differences between firewalls operating at different layers, application layer firewall
- Port scanner
- Vulnerability scanner
- Blacklisting vs Whitelisting
- Proxy server
- Content filtering/processing
- NAT in the context of network security
12.May
TODO:
- VPN
- SSL
- TOR (TOR overview)
- SSH tunnel (SSH tunnelling video tutorial by Irongeek)
Materials:
- http://creativepark.net/blog/entry/id/1182 (on SSL, TOR)
- http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ?action=fullsearch&value=linkto%3A%22TheOnionRouter/TorFAQ%22&context=180 (TOR FAQ)
19.May
- Computer security from the perspective of a programmer
- Errors that lead to vulnerabilities
- Reduce error count by minimizing the scope and lifetime of a variable
- Incorrect memory management
- mixing new/free and malloc/delete
- calling free twice on the same pointer
- solutions: smart pointers, higher level languages
- Unsafe string handling
- use the _s functions
- STL, or other libraries that do the work for you
- use a language that provides easy ways to manipulate strings
- Memory leaks
- Buffer overflows
- Forgetting to initialize a randomizer with a seed
- Uninitialized variables
- Not checking the results returned by functions
- Trusting user input
- Not verifying the command executed by 'system'
- SQL injections
- Integer overflows
- Floating point math
- Clear memory that contains sensitive data before freeing it (memset, ZeroMemory, SecureZeroMemory)
- File system ACLs
- Jail, chroot
- SELinux
Other materials:
26.May
- Errors that lead to vulnerabilities, continued
- hardcoded passwords
- unchanged default passwords
- Letting a user in:
- Identification - who are you?
- Authentication - is that really you?
- Authorization - you're in, you can use the system within these constraints
- Biometry
- types of scanners
- approaches to fooling a biometric scanner
- why is biometry good for identification, but not good for authentication
- Multiple factors of authentication
- Sandbox
- Honeypot
- Virtual machines for isolated tests
- Attack tree
- The system is as secure as secure is its weakest link
- Rainbow tables
- The importance of backups
- Automated
- Regular
- Verified
- Stored in a safe place
Things to cover
- HTTP/2 and comparison with HTTP
- Websockets
- MQTT
- AMQP
- Digital forensics
- Timing attacks
- Read random memory location as a feature (expecting it to provide random data); someone fixed the 'trick' thinking it was a bug, because the comments didn't say this was a feature. vs fill the memory with a known pattern - so this is still a bug.
- Port knocking
- Homograph attacks //phishing
- /biteme0x80 0x80 0x80 0x80 0x80 0x80 (backspaces in directory name to hide it from ls)
Lab
Lab 1, 12.Feb
- BSD sockets API
- Client-server applications
- Using Telnet to "talk" to a server by sending raw commands
- Ephemeral ports
- How a new port is allocated when a connection is accepted
- Ephemeral port ranges on different systems
- Denial of Service
Lab 2 x.Feb
- Wake on LAN, magic packet
- UDP datagram
- Broadcast
- HTTP
- RFC (read the description of HTTP)
- Resuming a broken download
- Network sniffer (see how an existing download manager works)
Lab 3, 6.Mar
- Writing a simple network sniffer
- Wireshark (Ethereal)
- IPv4 header
- Raw sockets
- Parsing raw data
Lab 4, 19.Mar
- Reverse engineering a network protocol
- Using a network sniffer
- Analyzing a protocol and writing a compatible client with extended features
- Exploiting the insecurity of a design
- Spoofing a message
Lab 5, 23(?).Apr
- Implement a shift cipher
- Write a program that cracks a shift cipher without human intervention (if it is known that the text is in English)
- by analyzing the frequency of characters in a text
- or using a dictionary
- Implement a transposition cipher
- Padding a message, choosing what to pad it with
Lab 6, 30.Apr
- Implement Diffie-Hellman key-exchange
- Integer types, arbitrary-precision arithmetic libraries