CSCE 465 Lecture 1

From Notes
Jump to navigation Jump to search

« previous | Tuesday, January 15, 2013 | next »

Begin Exam 1 content


Lecture Slides


Computer & Network Security

Dr. Guofei Gu Office: R 14:30–15:30

TA: Chao Yang (yangchao@cse.tamu.edu)

Course Web Page Piazza eLearning


Security

Security is asymmetric:

  • It's easier to prove something is insecure than secure
  • Security is a "game"
  • Favors the attacker: only needs to choose one piece of hardware, one place in time and space, one piece of software

Scareware: attempts to "scare" the user into installing malware

Antivirus can only protect against 50% of malware

  • They can barely keep up


security
(informally) the prevention of certain types of intentional actions from occurring
threats
potential actions we want to prevent
attacks
when threats are carried out
attacker
one who performs intentional attacking
assets
objects of attack
  1. Prevention: We can't prevent all attacks
  2. Detection: Detect if there is an attack going on
  3. Recovery: Stop the attack, assess and repair damage
  4. Survivability: Continue to function correctly even if attack succeeds

Components of Security

(CIA)

  • Confidentiality: keeping data and resources hidden/confidential
  • Integrity: preventing unauthorized changes to data (data integrity = integrity, origin integrity = authentication)
  • Availability: Enabling access to data and resources

Why Take This Course?

Increased volume of security incidents

Threats (Malware: viruses, worms, spyware; spam; botnet; DDoS attacks; phishing)

My reasons: Learn vulnerabilities and prevent abuse of work and personal systems; learn more about how they work

Objectives

  • Security goals and threats
  • Network security
  • System security
  • Introduction to Cryptography
  • Determine appropriate mechanisms for protecting

This course has different styles:

descriptive
what's out there
critical
what's wrong with...
skill-oriented
homework and labs
hands-on hacking
interactive
discussion and questions are encouraged and considered in grade
information sharing
home page, piazza, email.


  1. Background
    1. (CIA)
    2. Security policies
  2. Network and System Security
    1. fundamental theories, access control
    2. Program/software security
    3. Malware
    4. Vulnerability analysis
    5. Firewalls
    6. Intrusion detection
  3. Cryptography
    1. Secret key
    2. Hashes and message digests
    3. Public key
  4. More (time permitting)
    1. Authentication handshakes pitfalls


Requirements

  • CSCE 313
  • Experience in C/C++
  • Knowledge in data communication and networking
  • Other basic knowledge: operating systems, discrete mathematics
  • motivation!


Textbooks

  • [Bishop] Matt Bishop Introduction to Computer Security ISBN 0-321-24744-2
  • [KPS] Network security: PRIVATE communication in a PUBLIC world by Kaufman, Perlman, and Speciner

Available online through campus lirary links (SAFARI database)


Grading

  • Assignments 50%
  • Midterm Exam 20%
  • Final Exam 25%
  • Participation 5%

5 homework assignments

  • written questions
  • programming problems
  • Bonus points

TURN IN ON TIME! 20% reduction in grade for each late day

Optional Honor Project

Form a team (2–3) to design/implement/evaluate some useful and new attack/defense/system/tool/service

Can do this instead of doing the fifth homework and taking final exam

Let Dr. Gu know by St. Valentine's Day

Teammates

  • Max Leutermann
  • Juan Burgos

Idea: sniff out all ARP packets ("Who has IP 0.0.0.0? Tell 0.0.0.0"), find all active IP addresses on network, display all information available about that computer (open ports, computer/NetBIOS name,


Until Next Time

  • Get Textbooks
  • Find a Windows or Linux machine on which to hack
Retrieved from "https://notes.komputerwiz.net/w/index.php?title=CSCE_465_Lecture_1&oldid=2592"