Computer Security Revision Week Delivered by: Dr Leila Musavian Leila.Musavian@essex.ac.uk

General guides Lecture slides are important Revise example questions Revise past papers This revision is to give you guides for each week material

Week 16 Summary Things to know very well What I will not ask about Virus definition and characteristics what are the targets of viruses Ways a virus will attach to a program. How it works? Their comparisons What is Stealth Virus? What is Polymorphic virus? Prevention System and data recovery What I will not ask about Specific questions about particular viruses, e.g., What is Melissa and how it works?

Week 17 Summary Things to know very well Malware, Trojans, worms, and trapdoor definition, behaviour, protection (as much as there is in the slides) Rootkit (definition, how it works, detection and removal) XSS (definition, the two types, how it works, its dangers)

Week 17, Part II Risk analysis Security goals Different steps Being able to calculate Security goals Definition What I will not ask about Questions about specific examples of malwares that are covered in the lecture slides, e.g., Zeus trojan

Week 18 Things to know very well What I will not ask about General understanding of cryptography, How Brute forth attack works What is symmetric block cipher Different type of symmetric block cipher, e.g., Caesar, Vigenere, What is a substitution cipher Frequency analysis for an attack on a ciphertext Symmetric and asymmetric keys What I will not ask about Ascii codes

Week 19 Things to know very well What I will not ask about Shift cipher, stream cipher and block cipher AND, OR and XOR Permutation What I will not ask about Differential cryptanalysis

Week 20 Things to know very well What I will not ask about Confusion and diffusion S-Box General characteristics of DES, triple DES and AES What I will not ask about Remembering all the steps of the baby DES What year a certain cryptography was designed.

Week 21 Things to know very well What I will not ask about Public key cipher What is the public key, what is the private key? RSA Man-in-the middle attack What I will not ask about What mathematical function can be used in RSA The slides in Lecture 21 on Message authentication

Week 22 Things to know very well All of it

Week 23 Things to know very well What I will not ask about Three different methods of user authentication, examples, advantages, disadvantages (some of them are in week 24 slides) Hash or checksum The four characteristics of Cryptography checksums Birthday attack What I will not ask about Other names of checksum or hash? What is MD5 Rainbow attack

Week 24 Things to know very well What I will not ask about Three different methods of user authentication, examples, advantages, disadvantages (some of them are in week 23 slides) Challenge response authentication Attacks against passwords What I will not ask about Choosing password

Week 24-Part II Things to know very well Malicious code vulnerabilities and non-malicious code vulnerabilities Cross-site Scripting (XSS) SQL Injection Buffer Overflow Setuid Security in operating systems Objects Sharing resources Access control methods

Week 24-Part II What I will not ask about How memory is organized for a process What is the stack (I will not ask you to explain what is stack, but if you want to explain about buffer overflow vulnerability, you may want to refer to stack)

Week 25 Summary We summarized one of the past year exam, how to solve each question, how the marks are allocated.