Cyber Security Tools Learning Objectives.

The second portion of the course introduces a few broad categories of tools, e.g., firewalls, encryption, and hashing, that we combine in different ways to provide the Pillars of Cyber Security. Such a framework allows students to make principled decisions about security. Specific objectives are:

  1. Firewalls.

    1. Design an access control list (ACL) for an idealized router to achieve a desired offering of services.

    2. Relate use of a firewall to the Pillars of Cyber Security.

    3. Describe a firewall's role in implementing decisions concerning trade offs between service and security.

  2. Authentication and Cryptography.

    1. Describe and contrast symmetric encryption, asymmetric encryption and hashing and explain their roles in providing the Pillars of Cyber Security.

    2. Describe and contrast key management for symmetric and asymmetric encryption.

    3. Explain and actually use representative symmetric encryption and hashing techniques that are done "by hand" (e.g., Vigenere Cipher, Rubik's Hash).

    4. Identify the user's vs. the technology's responsibilities in situations where cryptography is used (e.g., HTTPS).

    5. Describe common tools such as AES and MD5, relate their use to Cyber Security, and demonstrate their use.

    6. Discuss authentication by password, password attacks, hashing, salt, and password strength.

    7. Discuss two-factor authentication.

    8. Explain the workings of attacks such as frequency analysis, chosen plain text, and man-in-the-middle.

    9. Describe the purpose of Public Key Infrastructure (PKI) and how it works; relate PKI to man-in-the-middle attacks.

    10. Obtain an X.509 Certificate from a Certificate Authority. Explain the guarantee that comes with a valid certificate, describe reasons a certificate may be invalid, and how user actions with respect to certificates can affect security.
    11. Describe steganography and explain what information steganography is intended to keep confidential.
    12. Explain simple exemplar steganography techniques.
  3. Risk

    1. Explain what a formalized risk assessment process supports/allows.
    2. Describe the general steps of a risk assessment process.
    3. Explain the factors of assessing risks.
    4. Apply the risk assessment process to cyber domain scenarios.