Cyber Security Tools Learning Objectives.
The second portion of the course introduces a few broad categories of tools,
e.g., firewalls, encryption, and hashing, that we combine in different ways to provide the Pillars of Cyber Security. Such
a framework allows students to make principled decisions about security. Specific objectives are:
- Design an access control list (ACL) for an idealized router to achieve a desired offering of services.
- Relate use of a firewall to the Pillars of Cyber Security.
- Describe a firewall's role in implementing decisions concerning trade offs between service and security.
- Authentication and Cryptography.
- Describe and contrast symmetric encryption, asymmetric encryption and hashing and explain
their roles in providing the Pillars of Cyber Security.
- Describe and contrast key management for symmetric and asymmetric encryption.
- Explain and actually use representative symmetric encryption and hashing techniques that
are done "by hand" (e.g., Vigenere Cipher, Rubik's Hash).
- Identify the user's vs. the technology's responsibilities in situations where cryptography is used
- Describe common tools such as AES and MD5, relate their use to Cyber Security,
and demonstrate their use.
- Discuss authentication by password, password attacks, hashing, salt, and password strength.
- Discuss two-factor authentication.
- Explain the workings of attacks such as frequency analysis, chosen plain text, and man-in-the-middle.
- Describe the purpose of Public Key Infrastructure (PKI) and how it works; relate PKI to
- Obtain an X.509 Certificate from a Certificate Authority. Explain the guarantee that comes
with a valid certificate, describe reasons a certificate may be invalid, and how user actions
with respect to certificates can affect security.
- Describe steganography and explain what information steganography is intended to keep confidential.
- Explain simple exemplar steganography techniques.
- Explain what a formalized risk assessment process supports/allows.
- Describe the general steps of a risk assessment process.
- Explain the factors of assessing risks.
- Apply the risk assessment process to cyber domain scenarios.