Final Exam Study Guide

General

In preparation for the Final Exam, complete the following activities:

Compiled Learning Objectives

Cyber Domain Basics

Introduction to the Cyber Domain:

  • Describe the aspects of the cyber domain
  • Describe the interaction of the aspects of the cyber domain

Pillars of Cyber Security:

  • Explain the DoD Security Model; i.e. the Pillars of Cyber Security
  • Describe cyber attacks in terms of compromise to the Pillars of Cyber Security

Risk:

  • Explain what a formalized risk assessment process supports/allows.
  • Describe the general steps of a risk assessment process.
  • Explain the factors of assessing risks.

Information System Basics

Digital Data – Bits & Bytes:

  • Define terms such as bit, byte, hex
  • Convert between binary, decimal, and hex number representations

Digital Data – Files:

  • Define the term encoding; e.g. ASCII, Unicode
  • Explain what is meant by the terms file type, file format, file header, and file extension
  • Explain how a file extension is used and abused

Computer Architecture:

  • Describe a computer as a device that manipulates digital data through input, processing, and output
  • Name the major physical components of a computer, and describe their function
  • Explain program launch and the CPU fetch-decode-execute cycle

PC Dissection Lab:

  • Remove major physical components from a and reassemble them into a working computer
  • Identify major physical components of a computer: hard drive, RAM, processor

Operating Systems – Basics & File Systems:

  • Define the purpose of an Operating System (OS) and these core services it provides: hardware interfaces; access control; and file system, process, and user account management
  • Describe the interfaces an operating system provides to users and programs: GUI, shell, API
  • Explain the concept of absolute and relative file system pathnames

Operating Systems – Windows Shell & Permissions:

  • Perform shell commands on a local system to accomplish common file system tasks
  • Describe the distinction between a program and a process
  • Explain the role of the OS with respect to security in relation to user accounts, logins, and file/process ownership and access permissions
  • Explain the significance of a super-user account (Administrator, root)

Operating Systems – Remote Access & UNIX Shell:

  • Explain the concept of being able to use a computer remotely
  • Perform shell commands on remote systems to accomplish common file system tasks
  • Explain the role of the OS with respect to security in relation to user accounts, logins, and file/process ownership and access permissions

Programs – Statements & Variables:

  • Explain the concepts of data types, expressions, and variables
  • Declare and assign values to variables in a programming language
  • Use variables in statements and expressions

Programs – Input/Output:

  • Explain the concepts of reading data (input) from a user, and writing data (output) to a user display
  • Read data from a user, store the data in a variable in a program
  • Process data input from a user in a program
  • Write data so that a user can read the data in a program

Programs – Conditionals:

  • Explain how conditionals affect control flow in simple programs
  • Describe boolean logic operations: and, or, not
  • Describe comparison operations: less than, less than equal to, greater than, greater than equal to, equality, inequality
  • Relate issues regarding basic programs to more complex programs and information systems

Programs – Loops:

  • Explain how loops affect control flow in simple programs
  • Describe the concept of a loop control variable
  • Describe code injection
  • Relate issues regarding basic programs to more complex programs and information systems

Information System Networks

Networking – Introduction & Physical Layer:

  • Explain the basic purpose of networking
  • Describe terms associated with general communications, or general services: network, host, protocol, service, utility
  • Explain the purpose of each of the layers of the TCP/IP Stack
  • Explain the concepts of data encapsulation, and data de-encapsulation
  • Describe terms associated with the Physical Layer: transmission medium, digital signal
  • Explain the problems that the Physical Layer handles; i.e. the services the Physical Layer provides
  • Explain the problems that the Physical Layer does not handle; i.e. the issues that other layers need to address

Networking – Data Link Layer:

  • Describe terms associated with the Data Link Layer: frame, interface, address, MAC address
  • Explain the purpose of the following protocols: Ethernet, ARP
  • Explain the problems that the Data Link Layer protocols above handle; i.e. the services the Data Link Layer protocols provide
  • Explain the problems that the Data Link Layer protocols above do not handle; i.e. the issues that other layers need to address
  • Describe the purpose/functionality of the following hardware devices: hub, switch, Ethernet card

Networking – Network Layer:

  • Describe terms associated with the Network Layer: packet, IP address, routing, private IP space, internet
  • Explain the purpose of the following protocols: IPv4, ICMP, IPv6
  • Explain the problems that the Network Layer protocols above handle; i.e. the services the Network Layer protocols provide
  • Explain the problems that the Network Layer protocols above do not handle; i.e. the issues that other layers need to address
  • Describe the purpose/functionality of the following hardware devices: router

Networking – Transport Layer:

  • Describe terms associated with the Transport Layer: datagram, port
  • Explain the purpose of the following protocols: TCP, UDP
  • Explain the problems that the Transport Layer protocols above handle; i.e. the services the Transport Layer protocols provide
  • Explain the problems that the Transport Layer protocols above do not handle; i.e. the issues that other layers need to address
  • Explain the concept of Network Address Translation

Networking – Application Layer:

  • Explain the purpose of the following protocols: DNS, DHCP, HTTP, HTTPS, SSH
  • Describe the Transport Layer protocols used by, and why that Transport Layer protocol is used for the following protocols: DNS, DHCP, HTTP, SSH
  • Explain the problems that the protocols above do not handle; i.e. security concerns associated with the protocol

Networking – Build-a-LAN Lab:

  • Setup a wired network.
  • Interconnect multiple wired networks forming a simple internet.
  • Use and explain the use of: arp, ipconfig, ping, tracert, netstat, netcat (nc)
  • Use networking utilities to configure and test network communications.
  • Analyze output of networking utilities to determine: host information, network topology, and services in use.

Networking – Wireless:

  • Describe the TCP/IP Stack layers that change and do not change between wired and wireless networks.
  • Describe the following wireless networking terms: base station, Basic Service Set (BSS), Basic Service Set Identifier (BSSID), Service Set Identifier (SSID), Extended Service Set Identifier (ESSID).
  • Describe the purpose of encryption on a wireless network.
  • Compare and contrast WEP, WPA, WPA2.

Networking – Build-a-WLAN Lab:

  • Setup a wireless network.
  • Interconnect multiple wireless networks forming a simple internet.
  • Use networking utilities to configure and test network communications.
  • Describe the purpose of encryption on a wireless network.
  • Discuss risks associated with unencrypted wireless networks, and broken cryptographic protocols.

World Wide Web – The Web and HTML:

  • Describe the World Wide Web (www, web) as a client-server system that uses HTTP/HTTPS.
  • Explain the components of a URL.
  • Describe the basic structure of an HTML Document.
  • Describe the use of HTML Tags to markup content in an HTML Document.
  • Describe the interactions between a client and server based on a simple HTML Document.
  • Explain the information that is logged in a web server access log.

World Wide Web – Build-a-Web-Site Lab:

  • Describe the syntax and semantics of basic HTML Tags.
  • Design and create a simple website using HTML.
  • Upload web content to a web server using a secure file transfer protocol.
  • Describe how basic HTML will be rendered by a web browser.
  • Explain the concept of absolute and relative HTML references.

World Wide Web – Client Side Scripting: Non-Event Driven:

  • Describe how basic HTML with client side scripting will be rendered by a browser.
  • Describe the client-server interaction for a dynamic web page.
  • Explain how an email containing HTML with embedded scripts is a security risk.
  • Analyze scenarios involving the web in terms of services, risk, security, and forensics.

World Wide Web – Client Side Scripting: Event Driven:

  • Describe how basic HTML with client side scripting will be rendered by a browser.
  • Describe the client-server interaction for a dynamic web page.
  • Analyze scenarios involving the web in terms of services, risk, security, and forensics.

World Wide Web – HTML Forms:

  • Describe how basic HTML will be rendered by a browser.
  • Describe client-server interaction for a dynamic web page that involves user input to a form.
  • Discuss trade offs between client-side and server-side scripts, and explain why client-side input validation is weaker than server-side.
  • Analyze scenarios involving the web in terms of services, risk, security, and forensics.

World Wide Web – Server Side Scripting:

  • Describe client-server interaction for a dynamic web page that involves user input to an HTML Form and server side scripts.
  • Discuss trade offs between client-side and server-side scripts, and explain why client-side input validation is weaker than server-side.
  • Analyze scenarios involving the web in terms of services, risk, security, and forensics.
  • Relate to other network services an understanding of the web as a client-server based network service.

World Wide Web – Injection Attacks and XSS:

  • Explain how cookies are used by both the web browser, and the web server.
  • Explain how reflection, injection, and cross-site scripting work, and why they may fail.
  • Analyze scenarios involving the web in terms of services, risk, security, and forensics.
  • Relate to other network services an understanding of the web as a client-server based service.

Cyber Security Tools

Firewalls:

  • Design an Access Control List (ACL) for an idealized router to achieve a desired availability of services.
  • Relate the use of a firewall to the Pillars of Cyber Security.
  • Describe a firewall's role in implementing decisions concerning tradeoffs between service and security.
  • Compare and contrast the operation of and security benefits of NAT and firewalls.

Cryptography – Symmetric Encryption:

  • Describe symmetric encryption, and explain its roles in providing the Pillars of Cyber Security
  • Describe key management for symmetric encryption.
  • Explain and use representative symmetric encryption techniques that are done by hand; e.g. Caesar Cipher, Vigenere Cipher).
  • Explain the workings of attacks such as frequency analysis, chosen plaintext.

Cryptography – Hashing and Password Activity:

  • Describe hashing and explain its role in providing the Pillars of Cyber Security.
  • Explain and actually use a representative hashing technique that is done by hand (Rubik's Cube hash algorithm).
  • Describe common tools such as MD5, relate their use to cyber security, and demonstrate their use.
  • Discuss authentication by password, password attacks, hashing, salt, and password strength
  • Discuss two-factor authentication

Cryptography – Asymmetric Encryption:

  • Describe and contrast symmetric encryption, and asymmetric encryption and explain their roles in providing the Pillars of Cyber Security
  • Describe and contrast key management for symmetric and asymmetric encryption.

Cryptography – Digital Certificates Lab:

  • Describe the purpose of Public key Infrastructure (PKI) and how it works.
  • Relates PKI to Man-in-the-Middle attacks.
  • Obtain an X.509 Certificate from a Certificate Authority.
  • Explain the guarantee that comes with a valid X.509 Certificate.
  • Describe reasons a certificate may be invalid.
  • Describe how user actions with respect to X.509 certificates can affect security.

Cryptography – Digital Cryptography Tools and Applications:

  • Describe and contrast symmetric encryption, asymmetric encryption, and hashing and explain their roles in providing the Pillars of Cyber Security.
  • Describe common tools such as AES and MD5, relate their use to cyber security, and demonstrate their use.
  • Describe and contrast key management for symmetric and asymmetric encryption.

Cyber Operations

Digital Forensics:

  • Describe Locard's Exchange Principle.
  • State the forensic evidence given activities leave behind and where the evidence can be found.

Digital Forensics Lab:

  • Describe the use of and use MD5 in digital forensics.
  • Perform basic digital forensics activities.
  • Analyze basic forensic artifacts to deduce events that occurred in information systems.

Cyber Reconnaissance:

  • Describe the phases of a cyber attack, relating them to the Pillars of Cyber Security.
  • Describe passive reconnaissance tools and techniques.
  • Describe active reconnaissance tools and techniques.

Cyber Reconnaissance Lab:

  • Conduct passive reconnaissance of a target network.
  • Conduct active reconnaissance of a target network.

Malware:

  • Explain what malware is.
  • Describe different types of malware: virus, worm, trojan.
  • Give an example of malware used in an operational context.

Cyber Attack (Offensive Cyber Operations):

  • Explain the following types of cyber domain attacks: Denial of Service (DoS), Distributed Denial of Service (DDos), brute force.
  • Explain the following types of cyber domain vulnerabilities and exemplar exploits: buffer overflow, configuration settings.
  • Explain the following types of cyber domain attack techniques: pivot, privilege escalation.

Cyber Attack Lab:

  • Conduct basic cyber attack operations by infiltrating a target network.
  • Conduct basic cyber attack operations by maneuvering within a target network.
  • Conduct basic cyber attack operations by exfiltrating sensitive data from a target network.
  • Conduct basic cyber attack operations by disrupting networked services of a target network.

Cyber Defense (Defensive Cyber Operations):

  • Describe the principles of Defensive Cyber Operations (DCO).
  • Describe best practices of Defensive Cyber Operations (DCO).
  • Explain what a zero-day vulnerability is.
  • Explain what and how principles and best practices can be used to mitigate risks of Offensive Cyber Operations (OCO).

Cyber Defense Lab:

  • Apply the principle of least privilege to defend networked hosts and services against an adversary.
  • Apply the principle of defense in depth to defend networked hosts and services against an adversary.
  • Conduct basic cyber attack operations by infiltrating a target network.
  • Conduct basic cyber attack operations by maneuvering within a target network.
  • Conduct basic cyber attack operations by exfiltrating sensitive data from a target network.
  • Conduct basic cyber attack operations by disrupting networked services of a target network.
  • Exploit a zero-day vulnerability.
  • Relate the concept of a zero-day exploit to the principle of vigilance.

Cyber Domain Case Studies:

  • Apply knowledge of the Cyber Battlefield, Cyber Security Tools, and Cyber Operations to analyze case studies identifying technical and human security failures.