Date: Thursday, 31 July 2003 17:51:41 -0500 (CDT) From: Mark Jacobson To: 810-088-90@uni.edu Subject: Final exam note.... Network Security... The final exam will be held in CEEE 20 and will begin at 7:30 a.m. There will NOT be a hands-on portion to the final exam. The final exam will be worth 80 points. The midterm exam was worth 40 points. Study suggestions and/or exam topics: 1. Review exam #1 and practice answering all of those questions as if you had twice as much reading and background and classes behind you. There will be questions similar to exam one on the final exam. 2. Know PGP and how it works and how it takes care of the three main issues in the CIA triad. It also illustrates many of the key aspects from the field of cryptography, both symmetric key conventional secret key cryptography and asymmetric public key cryptography. 3. Know the IAAAP acronym and review your handout and notes from the CISSP study guide. 3 Identification = IAAAP or IA P Authentication Accountability Authorization Privacy 4. Know what a RM (Risk Management) process must include: a. Perform a risk analysis, including a cost-benefit analysis of the protections that are being considered. RA = risk analysis. b. Implement, review and maintain protections. What are protections? Everything from firewalls, to VPN's, to using encryption for email, to training employees in security awareness and risks to the companies computer information and services, to training to not be taken in by social engineering attacks, to deploying an IDS (instrusion detection system), to doing periodic vulnerability assessments to the company systems, to using anti-virus software, etc. Protections can be just software, or can be both hardware and software (a stand-alone firewall, new bridges to segment the network and lessen the impact and scope of sniffers on any portion of the LAN), or can be training employees one on one or in workshops and memos and so on. 5. If you do a question on the final exam, where you have plenty of time to check your work, here is a suggestion: Convert the following number from decimal to binary. a. I would carefully convert from base 10 to base 2 showing my work. b. Take your binary answer and write it down on a sheet of scratch paper and convert it back to base 10 decimal. c. Circle your answer and make sure your work is clearly shown, if you got back the original base 10 number in step b above. If your base 10 number is NOT the one you started with, you know you made an error somewhere. Carefully redo step a again! 6. Look at the presentations that have been presented in class that I have published or linked to. The presentations that covered stuff that has been emphacized in class will be helpful in developing further and deeper understanding of the topic. There are currently 11 presentations available from our class web page. 7. Be able to encipher or decipher using cryptography approaches such as Vignere or Caesar. Know that the letter E is the most common (12% according to today's presentation) of the letters in normal English writing. That statistical fact can be very helpful in cryptographic attacks. 8. Know what a product cipher is. It uses both tranposition and substitution. Why is transposition so effective and helps to obscure patterns? ee and oo are a couple of the most common double letter patterns in the english language. transposition separates them! th is very common. How many times does the word the occur in normal prose? This and that and there and their and thing and something -- -- -- -- -- -- Then you have thanks and think -- -- -- What does transposition do? It separates the t and the h - - Makes it harder to guess the plaintext from the ciphertext, because it obscures that statistical pattern. 9. Know three-way handshakes. [SYN], [SYN,ACK], and [ACK] 10. Know about ports and why ports are needed. 11. Know why reuse of ports would occur. I just saw a commercial for a phone service. Only 3 cents per minute to anywhere, with a 39 cents charge for making the phone call. What better example could there be for illustrating the analogy discussed in class of how ridiculous it would be for you: a. to call home and talk to your Mom for a few minutes, say 4 minutes: 39 cents plus 12 cents = 51 cents b. then hang up the phone, redial and talk to your Dad for 3 minutes: 39 cents plus 9 cents = 48 cents c. then hang up the phone, redial again, and talk to your youngest brother or sister for 6 minutes: 39 cents plus 18 cents = 57 cents Total cost of the establishing the three connections from your household to your parents household = $1.56 Now, what would the total cost be to re-use the same port, which is exactly what your homework and analysis of day15.ethereal discovered that a web server can and your web browser client software can do over TCP? 39 cents plus 12 cents plus 9 cents plus 18 cents = 78 cents jacobson@drone-21:~$ bc 39+12+9+18 78 Establishing a TCP connection via a three-way handshake is a costly and a time-consuming process. And it has to be taken down with a four-way [FIN] [FIN, ACK] [FIN] [FIN, ACK] series of packets between the machines. 12. Be able to explain why it is a simple matter to crack Vignere encryption, if you know the length of the original key. THESE ARE THE TIMES THAT TRY THE PATIENCE OF THE ESTABLISHED METHODS THERE ARE. Suppose we know that the length of the Vignere key is three: --- UNI --- THE Suppose that UNI is the Vignere key. SEA RET ABCDE HET UVWXY E maps to Y if U UUUUUUU Y substitutes for E IME STH ABCDE ATT NOPQR E maps to R if N NNNNNNN R substitutes for E RYT HEP ABCDE ATI IJKLM E maps to M if I IIIIIII M substitutes for E ENC EOF THE EST ABL ISH EDM ETH ODS THE REA There are 5 E's in column 1 (they would all be Y's in ct). RE --- There are 5 E's in column 2 (they would all be R's in ct). UNI There are 3 E's in column 3 (they would all be M's in ct). Note that column 1 and column 2 have 22 letters. Column 3 has 21 letters. Using the bc calculator: jacobson@drone-21:~$ bc -l 5/22 .22727272727272727272 <------- 23% of the letters are the same in column 1 <------- ditto for column 2. Educated guess: I bet in column 1, that letter was originally an E! If the letter you see is Y, you know that the Caesar cipher is value = 21 and the first letter of the key is U! :-) And in column 2, assuming that UNI was the Vignere cipher, we would see 22.7% of the letters in that column (5 of the 22 letters) are: RRRRR R R RRRRR R R R R R R Educated guess: The 2nd letter of the three letter long Vignere cipher was the letter that is 4 letters before R, which is N. The column two Vignere translation would be: ABCDEFGHIJKLMNOPQRSTUVWXYZ NOPQRSTUVWXYZABCDEFGHIJKLM This is the same as saying the Caesar cipher key is 13, since N is 13 letters after A in our favorite alphabet. 3/21 .14285714285714285714 This is only .14 or 14%, but that is still a high value. One in 7 of the letters in column 3 would be the same. Since 3 out of 21 letters would be M, you would assume the 3rd Vignere cipher key letter would be whatever maps letter E to M, and try I. Thus UNI key is cryptoanalyzed easily, knowing that the cipher text was: ------ 1. encrypted using a Vignere cipher approach, and 2. the length of the Vignere key was 3 characters. ----------------------------------------------------------------------------- This is enough of a study guide for the exam. Study your lecture notes and handouts and assignment #1 and the previous exam. Study this guide. Study the web site, including the published student presentations, especially where those presentations have been over things emphacized in class such as PGP and firewalls and social engineering. See you tommorrow morning. ---- ---- ---- HPPE KVDL on the FYBN! <---- Some words have been encrypted... ---- ---- ---- Mark