CS391 Test 2 Review

Text: Conklin et al. Chapters 9, 15, 16: "How Email Works" and "Security of Email". You should be familiar with the terms introduced in these chapters.

Be able to explain how CIA principles apply to any security concept.
For each type of attack you should be able to describe it, know what tools can be used to perform the attack and what (if anything) you can do to defend against it.
You do not need to know the details of how to use each tool. You should know what they are used for.
You may have to write a SQL statement for an injection attack.

Fundamentals

Network Layers
TCP Handshake
Routers and Switches
su, sudo
IP Addresses
MAC Addresses
DNS
NAT
DMZ
Database Queries
Email
Internet Voting
Block chain

Attacks

Avenues of Attack
Active/Passive Information Gathering
Sniffing
Spoofing
Scanning
Denial of Service
Man in the Middle
Man in the Browser
ARP flooding
ARP spoofing
Password attacks
Syn flood
Backdoors
Ftp/telnet
SQL Injection
Command Injection
Phishing
Replay Attacks
Buffer Overflow
Exploit of RMI

Tools

ping
nslookup
traceroute
netcat (nc)
nmap (db_nmap)
wireshark
metasploit
ifconfig
Hacking lab configuration
Meterpreter
sftp/scp

Clif Presser<cpresser@gettysburg.edu>

Last modified: Tue Nov 5 08:17:09 EST 2019