Things discussed or mentioned during classes
From Inforail
Contents |
Course
3.Feb.2009
- Network architecture, network stack
- Passing the message from one layer to another, adding headers or tails to a message
- Protocols
- Noise, sources of noise
- Error detection
- Checksum
- Parity bit
- Types of modulation
- RZ, NRZ
- Self-clocking
- Bit slipping
10.Feb.2009
- Taxonomy of networks
- By size, PAN, LAN, MAN, WAN; "internet" vs "Internet"
- Network topologies
- Bus, ring, star, mesh
- Broadcast, multicast, unicast
- Switched channels
- Circuit switched, packet switched, message switched
17.Feb.2009
The UDP protocol
- UDP datagram header
- Non connection-oriented protocol
- UDP ports
24.Feb.2009
The TCP protocol
- The cost of reliability
- TCP header
- Connection-oriented protocol
- TCP ports
- The three-way handshake
3.Mar.2009
The IPv4 protocol
- IPv4 header
- Evil bit [1]
10.Mar.2009
- IP address
- Class of IP addresses
- Running out of IP addresses
- Subnetworks
- CIDR notation
- Determining the network address and the broadcast address
17.Mar.2009
- ARP, DHCP
- NAT
- Port forwarding
- What is happening inside a router
- Gateway
- Shannon's channel capacity
- Signal to noise ratio (SNR)
- Capacity, bandwidth
- Baud rate
24.Mar.2009
<holidays>
31.Mar.2009
- Error detection and correction
- Compression algorithms.
- Shannon compression method
- Huffman method
- Hamming encoding
7.Apr.2009
- Computer security
- Worm, Virus, Trojan
- Objectives of computer security
- Attack vector
14.Apr.2009
- Things that make computerized attacks more dangerous
- automation,
- remote action,
- technique propagation
- Different approaches in computer security
- security reuse
- security through obscurity
- over-engineering
- compartmentalization
- need-to-know
- choke point
- surveillance
- Security in depth
- The security model of an OS
- Primitives of computer security (ciphers encryption, one-way hash, MAC)
- Hashes; tamper-evident vs tamper-resistant
- MAC (message authentication codes)
- Encryption
- Shift cipher
- Transposition cipher
- Symmetric cipher
- Asymmetric cipher
28.Apr.2009
- Digital signatures
- PKI
- CA, CA chains, root CA
- CRL, OCSP
- Block ciphers
- Stream ciphers
- Randomizers, pseudo-randomizers, sources of random data, determinism vs non-determinism
- Key lengths
- Kerchoffs' principle [2]
5.May.2009
- Zero knowledge password proof [3]
- Security in networks
- Firewall
- hardware vs software
- the differences between firewalls operating at different layers, application layer firewall
- Port scanner
- Vulnerability scanner
- Blacklisting vs Whitelisting
- Proxy server
- Content filtering/processing
- NAT in the context of network security
12.May.2009
TODO:
- VPN
- SSL
- TOR (TOR overview)
- SSH tunnel (SSH tunnelling video tutorial by Irongeek)
Materials:
- http://creativepark.net/blog/entry/id/1182 (on SSL, TOR)
- http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ?action=fullsearch&value=linkto%3A%22TheOnionRouter/TorFAQ%22&context=180 (TOR FAQ)
19.May.2009
- Computer security from the perspective of a programmer
- Errors that lead to vulnerabilities
- Reduce error count by minimizing the scope and lifetime of a variable
- Incorrect memory management
- mixing new/free and malloc/delete
- calling free twice on the same pointer
- solutions: smart pointers, higher level languages
- Unsafe string handling
- use the _s functions
- STL, or other libraries that do the work for you
- use a language that provides easy ways to manipulate strings
- Memory leaks
- Buffer overflows
- Forgetting to initialize a randomizer with a seed
- Uninitialized variables
- Not checking the results returned by functions
- Trusting user input
- Not verifying the command executed by 'system'
- SQL injections
- Integer overflows
- Floating point math
- Clear memory that contains sensitive data before freeing it (memset, ZeroMemory)
- File system ACLs
- Jail, chroot
- SELinux
Other materials:
26.May.2009
- Errors that lead to vulnerabilities, continued
- hardcoded passwords
- unchanged default passwords
- Letting a user in:
- Identification - who are you?
- Authentication - is that really you?
- Authorization - you're in, you can use the system within these constraints
- Biometry
- types of scanners
- approaches to fooling a biometric scanner
- why is biometry good for identification, but not good for authentication
- Multiple factors of authentication
- Sandbox
- Honeypot
- Virtual machines for isolated tests
- Attack tree
- The system is as secure as secure is its weakest link
- Rainbow tables
- The importance of backups
- Automated
- Regular
- Verified
- Stored in a safe place
Lab
Lab 1, 12.Feb.2009
- BSD sockets API
- Client-server applications
- Using Telnet to "talk" to a server by sending raw commands
- Ephemeral ports
- How a new port is allocated when a connection is accepted
- Ephemeral port ranges on different systems
- Denial of Service
Lab 2 x.Feb.2009
- Wake on LAN, magic packet
- UDP datagram
- Broadcast
- HTTP
- RFC (read the description of HTTP)
- Resuming a broken download
- Network sniffer (see how an existing download manager works)
Lab 3, 6.Mar.2009
- Writing a simple network sniffer
- Wireshark (Ethereal)
- IPv4 header
- Raw sockets
- Parsing raw data
Lab 4, 19.Mar.2009
- Reverse engineering a network protocol
- Using a network sniffer
- Analyzing a protocol and writing a compatible client with extended features
- Exploiting the insecurity of a design
- Spoofing a message
Lab 5, 23(?).Apr.2009
- Implement a shift cipher
- Write a program that cracks a shift cipher without human intervention (if it is known that the text is in English)
- by analyzing the frequency of characters in a text
- or using a dictionary
- Implement a transposition cipher
- Padding a message, choosing what to pad it with
Lab 6, 30.Apr.2009
- Implement Diffie-Hellman key-exchange
- Integer types, arbitrary-precision arithmetic libraries
