CS 642 - Introduction to Information Security - Spring 2019

Networking background:
- http://pages.cs.wisc.edu/~akella/CS640/F18/lectures.html Lecture 8 (IP), 9_10 (ARP), 14 (TCP)

Ethernet MAC spoofing

Most organizations put a MAC filter on network ports, meaning that they will only allow traffic from a single MAC address to arrive over that cable plugged into that port.
1. What security does this provide? What does it make harder?
2. Suppose you are an attacker and find an ethernet port in an empty conference room. Can you do anything to connect your computer through this port?
ARP poisoning: What is ARP poisoning, and how does it compromise a network?
DoS: List three kinds of DoS attack, in increasing power (number of packets sent to the victim) and difficult of stopping.
What is reflection, and what properties are needed for it to amplify an attack?

Firewall / IDS

What are the layers of the network where a firewall/IDS can be deployed?
At each levels, describe an attack where a stateless firewall at that level cannot detect the attack
What is the difference between an IDS and an IPS system? What are the different performance requirements?
Explain how you would use a firewall/IPS to stop buffer overflow attacks on HTTP processing in a web server.
Explain an algorithmic attack on a firewall that uses a binary tree to store flow information: source and destination IP addresses, protocol (e.g., UDP or TCP) and port numbers.
What is the outcome of an algorithmic attack on a firewall? What is the outcome on an IDS?
Which is better able to detect attacks: an IDS on sitting in the network between the internet and your computer, or one running on your computer, and why? What kinds of attacks are better detected in each location?

For each approaches to censorship, explain what you must do to evade the censor
1. DNS filtering
2. IP address filtering
3. URL filtering
4. Protocol filtering
5. Deep packet inspection
What surveillance approaches can TOR protect against that a single-hop network proxy cannot protect against?