Symantec training course

Symmantec Cert Training
-4 and 1/2 days
-$100(was $200)
-the week before school starts

Pls put in comment if you wan to go

SDT Summary

from past year papers... seems like there will be:
5 true false
5 MCQ
5 structured

first 10 in Section A can tikam if dunno bah =X

Section B important points:
Use case diagram:

names of use case must be verb noun
there can only be solid lines from actor to use case
there can only be dotted lines from use case to use case
"include" and "extend" should be inside "<<" and ">>"
to use include you must have at least 2 include relationship
(convention: actors at
the border to allow boundary)

Activity diagram:

conditions inside guard must be inside '[' and ']'
names of activity must be verb noun
there can be more than 1 end state

Class diagram:

constrain should be inside '{' and '}'
name of association should be
singular verb(with s)

Sequence diagram:

object and actor name should start with ':' most of the time

State diagram:

guard condition should be in '[' and ']'

The abv are actually key points in first few pages in the book before examples. So those with book can ownself study dun care this bah =X

Section A should take all 9 chapters
Section B should only need chapters 2-7

And remember to do quizes on blackboard(compulsary for GP)

acg tips

From Yong Xiang:
- C.I.A (Classical Security Objectives)
- Cryptanalytic attacks.
- Confusion - Permutation /diffusion -

- Classical Cipher
-Caesar (+3,-3) 26 letters
- Playfair (5X5) 36X26 letters/combinations
-Improved security
-Need a 676 entry frequency table to analyse
-The ciphertext depends on diagraph pair
-Reepated digraphs produce same ciphertext each time.
-Decipherment based on digraphs much more diffucult.(NOT IMPOSSIBLE NOW)

-Vigenere (table 26X26) That big table
-Rail Fence up down the alternating letters then take the ciphertext from first and second line.

-STRENGHT OF CIPHERS
-Good ciphers?
-Amount of secrecy needed should determine effort to encrypt and decrypt.
-key set and enciphering algorithm should not be complex.
-Implementation should be as simple as possible
-Errors should not propogate.
-Symetric Algorithm
-DES (64bit block, 56 bit KEY)
-ECB/CBC/CGB.OFB
-How they work?
-Trple DES 3DES
112 and 168 bit key.
-168 bit key (3keys)
-Encryption (E-D-E) 1st 2nd 3rd Key.
-Decryption (D-E-D) 3rd 2nd 1st key

-112-bit key
-Encryption (E-D-E) 1st 2nd 1st key
-Decryption (D-E-D) 1st 2nd 1st Key
-Asymetric
-RSA
- Public Key and Private Key.
-Calculations
c= M to the power of e mod n (pxq)
M = c to the power of d mod n (pXq)

One way hash function
-Message Digest
-One way
-Collision Free
-Fixed length of output
-Examples?
MD4/5, SHA 1,256,512.
Message Authentication code
-Key Hash Function
- Ewquires a secret key
Examples
(need to know)

-Key Distribution issue in symetric key distribution. Key can be lost, forgotten, forged.
-Public Key Infrastructure
-Problems or issues of PKI
-Authentication
-One Way (UserID and password)
-Two way/Mutual (Challenge Response Protocol)
-A Nonce (challenge) to B. Usually encrypted with password.
-B Nonce (message) to A.
-Compare results.
(THIS IS ONLY AN OVERVIEW) WHY NEED TWO WAY?
-Kerberos
-AS
-TGS
-Users subsequently request access to other services from TGS.

-Key exchange protocols
-RSA (public key to encrypt.) need PKI
-Fixed Diffie Hellman (need PKI)
-Anonymous Diffie Hellman (Exchange public parameters.With it and random number to generate a common value.)
-Ephemeral Difie Hellman (need PKI)
-Fortezza
Common value is not secret key. Use it for key exchange, Diffie hellman use to get that common value. So the key won't be seen!

(Need to know)
-IPSec
-SA
-How it works
-Applications
-SSL
-Suite of Protocols
-How it works?
-Applications
-SET
-Suite of protocols
-How it works?
-Applications

Also read on lectures slides, all tutorial exercises for better knowledge.

from Koon Ming:

NETS exam

Chapter 1:
Common ports
IP classes
Tables 1-3
DMZ

Chapter 4:
3 way handshake
4 categories of attack

Chapter 5:
IPSec, IKE
Definition of VPN

Chapter 6*:
Drawing VPN layout
figure 6.5

Chapter 7:
Types of IDS
Glossary

Chapter 8*:
Incidence responce steps
Slide 19
(not too much focus should be put on diagrams)

Chapter 9:
Slide 34
configurating email rules

Chapter 10:
NAT

Note:
The exam is actually on Chapters 1-12, excluding 2,3, including lecture 11 slides
so... it is better to read all slides and book chapters excluding 2,3
also... chapters 10 and abv is said to be "not important" so should just read abit or browse through bah...

ELSA prac test

Things to study:
1. MUST try out and understand mock test(obviously)
2. Read through lecture slides in blackboard
3. Read 3037v2, some keywords to search for are: ssh, samba, apache, syslog, pure-ftp, cron and ntp
4. Try out exercises for those with vmware, read through and try to remember what did you do in prac lessons for those without... =X
5. Be prepared to use man command alot in the prac, "man page for pure-ftp" can be displayed using "pure-ftp --help" i think...

Sorry but there really is no special tip for this lol

SAPD Exam

Things to study:
bean: Week 14>cart.java and cartDemo.zip(not in book)
SQL: know syntax of common queries. eg. select, insert into and update(just incase this comes out, use "delete from" to remove a row)
cookie: 188 and 192(optional since can reference from book)

Not very sure what else to study cos can bring in book lol

Pages to remember:
SQL: "insert into" on page 198, "delete from" on page 206
cookie: as mentioned abv
Appendix A: 358-378(since others behind are not taught)