UPDATED COMP 344 NOTES

Here's a detailed study guide based on your exam review topics:

Exam #1 Review Guide

Introduction

• CIA Triad

  • Confidentiality – Protecting information from unauthorized access. Example: Encryption.

  • Integrity – Ensuring data has not been altered. Example: Checksums, Hashing.

  • Availability – Ensuring authorized users have access when needed. Example: Redundant servers, DDoS mitigation.

• Threat vs. Vulnerability vs. Asset

  • Threat – A potential danger that could exploit a vulnerability. Example: A hacker attempting SQL injection.

  • Vulnerability – A weakness in a system that could be exploited. Example: Outdated software with known exploits.

  • Asset – Anything of value that needs protection. Example: Customer data.

• Type of Virtual Machine Used in Class

  • Likely a Linux-based VM, possibly Kali Linux for security exercises.

Cryptography

• Symmetric vs. Asymmetric Encryption

  • Symmetric – Same key for encryption/decryption (e.g., AES).

  • Asymmetric – Public and private keys (e.g., RSA, ECC).

• Basic Encryption/Decryption Process

  • Encrypt: Convert plaintext → ciphertext using an algorithm and key.

  • Decrypt: Convert ciphertext → plaintext using the same (symmetric) or private key (asymmetric).

• Role of Salt in Encryption

  • A salt is random data added to passwords before hashing to prevent rainbow table attacks.

  • It is stored along with the hash but does not need to be secret.

• Encoding vs. Encryption

  • Encoding is for data representation (Base64, ASCII). It is not secure.

  • Encryption protects data using keys and algorithms.

• Encryption Algorithms

  • Should Use: AES, RSA, ECC, PBKDF2

  • Should NOT Use: DES (weak key length), ECB mode (predictable patterns).

• PBKDF2 vs. AES

  • PBKDF2: Used for password hashing with key stretching.

  • AES: Used for encrypting data at rest/in transit.

• Hashing and Attacks

  • Hashing creates a fixed-size output from input (SHA-256, MD5).

  • Attacks: Rainbow tables, collision attacks.

• Digital Signature

  • Used to verify integrity and authenticity.

  • Created by signing a hash with a private key.

Certificates

• Certificate Authority (CA) and Root CA

  • CA: Issues digital certificates to verify identity.

  • Root CA: Top-level trusted authority.

• TLS Certificates and Let’s Encrypt

  • TLS: Secures data in transit with encryption.

  • Let's Encrypt: Free, automated, open CA for HTTPS.

• TLS Encryption and Handshake

  • Uses asymmetric encryption for key exchange, then switches to symmetric encryption (AES).

  • Steps: Client Hello → Server Hello → Key Exchange → Encrypted Communication.

Network Security

• Protocol Attacks

  • TCP SYN Flood: Exploits handshake by sending many SYN requests without completing them.

• TCP vs. IP Responsibilities

  • TCP: Manages data transmission, error checking.

  • IP: Routes packets to destinations.

• IP and Port Together

  • IP identifies devices; ports specify services (e.g., HTTP = port 80).

• Network Zones and Firewalls

  • Network zones separate internal/external traffic.

  • Firewalls (Packet Filter vs. Stateful):

    • Packet Filter: Simple, checks headers.

    • Stateful: Monitors connection state.

• Network Scanning

  • whois: Identifies domain ownership.

  • nmap: Scans open ports/services.

• DNS Service and Attacks

  • Resolves domain names to IPs.

  • DNS Attacks: Cache poisoning, DDoS.

Operating System Security

• Principle of Least Privilege

  • Limit user permissions to minimize risk.

• System Hardening

  • Regular updates, disable unnecessary services, log monitoring.

• Securing Apache & SSH

  • Disable root login, use key-based authentication, limit access by IP.

Malware and Threats

• Virus vs. Trojan

  • Virus: Attaches to files, spreads.

  • Trojan: Disguised as legitimate software.

• Spyware vs. Malware

  • Spyware: Secretly collects data.

  • Malware: Broad term for harmful software.

• Phishing

  • Social engineering attack to steal credentials.