1 / 24

Advanced Computer and Network Security Course Overview

Advanced Computer and Network Security Course Overview. Instructor: Dijiang Huang. What This Course Is For?. Course philosophy and goals The theory and practice of security in networked environment Hands-on work: Yes!

avak
Télécharger la présentation

Advanced Computer and Network Security Course Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Computer and Network SecurityCourse Overview Instructor: Dijiang Huang

  2. What This Course Is For? • Course philosophy and goals • The theory and practice of security in networked environment • Hands-on work: Yes! • Exposure to different aspects of security and become familiar with basic crypto and new technologies.

  3. What This Course Is About? • Course organization and information • Network security – principles and practices • Access control, Authentication • Key management • Security infrastructure and applications (SSL, IPSec, VPN) • Network management security • Wireless network security (network coding) • Advanced network security topics (future Internet technologies) • Test platforms

  4. Who should not take this course? • I do not want to do any program (C, C++, program in NetFPGA, etc.) and just want to learn the theory. • I do not have previous backgrounds and I do not want to learn them within two weeks. • Experience on Linux. • Computer networks such as TCP/UDP, IP, protocol layers, network interconnections. • Basic cryptography such as DES, AES, RSA. • I don’t like to play with math.

  5. Universal portal MyASU (Blackboard) Grades and communications Lecture notes, assignments, projectshttp://dj.eas.asu.edu/courses/CSE548/2012spring/ Grading 10% Problem sets 30% Final Exams 60% Group Project Text book and additional materials No textbook, lecture notes will be provided, handouts and course materials will be distributed. Suggested readings “Network Security…” by Kaufman, Perlman, and Speciner “Cryptography and Network Security”, third edition, by William Stallings Instructor office hour 1:00-2:00pm M/W TA Office Hour (Larry Xu, le.xu@asu.edu) 12-1pm Th/Th/Fri Course Information

  6. Class Policies • Cheating • Cheating is a serious problem!!! • Laptop in class • Laptop is only allowed in the last row of the classroom. • Late submission • Late submission is not accepted! • Late in class • If you are late 5 minutes after the class starts, please do not enter the classroom. • Exam • No make up will be given, unless two week in advance notice is required and must have reasonable reason.

  7. Network Security: Past, Current, and Future

  8. In 1978, Digital Equipment Corp. marketing guy Gary Thuerk gets technical assistance to send what's regarded as the first "spam" message to thousands on the government-funded Arpanet, predecessor of today's Internet. Arpanet management decries the mass e-mail as a "flagrant violation" of Arpanet rules. Good thing they nipped that in the bud.

  9. First Internet Panic. • In 1988, Cornell student Robert Morris claimed he unleashed this bad boy not to cause damage but to estimate the size of the Internet. True or not, his handiwork cascaded into a denial-of-service attack that hit an estimated 6,000 Unix computers in an era when only about 60,000 such machines comprised the Internet.

  10. In 2000, Amazon, eBay, Yahoo, Dell, E-trade and CNN are all struck down by a massive distributed denial-of-service attack traced to a Montreal-area teen calling himself Mafiaboy; real name, Mike Calce. He's caught and sentenced under the Canadian youth-court system to eight months of "open custody," whatever that means, a light fine and restricted use of the Internet.

  11. In 2000, the ILoveYou worm, also called VBS/Loveletter and the Love Bug Worm, scoots from Hong Kong around the globe in no time, infecting an estimated 10% of all connected computers. Inboxes overflowed at many organizations, including the Pentagon, CIA and British Parliament. Business servers were brought to their knees.

  12. In 2001, the first Code Red attack exploits buffer-overflow vulnerabilities in unpatched Microsoft Internet Information Servers, infects an estimated 395,000 computers in one day alone, defaces Web sites and launches Trojan code in a denial-of-service attack against fixed IP addresses, including the White House and Microsoft. The event prompts the director of the FBI's National Infrastructure Protection Center to hold a press conference. A few weeks later, Code Red II surfaces as a variant that tries to infect computers on the same subnet. The Code red assaults raises awareness about patching and pave the way for future worms: SQL Slammer, Blaster, Sobig, Sasser, Netsky and Witty.

  13. In 2005, the Department of Defense discovers computer systems at the Naval Warfare Center and the Defense Information Systems Agency have been compromised and turned into a botnet to send spam, launch DoS attacks and commit other crimes. Investigators follow the forensic trail to Jeanson James Ancheta, 20, who's arrested in 2005. Ancheta admits to generating more than $107,000 in payment for sending spam or launching DoS attacks through 400,000 infected computers. He gets five years and fines.

  14. First noticed in early 2007, the Storm botnet works by bringing compromised machines under a command-and-control system, hard to shut down, for purposes of spam and phishing. Estimates of Storm-compromised machines range from a few million to 50 million.

  15. In 2005, Framingham, Mass.-based retailer discloses massive data breach of its network that has compromised an estimated 45.7 million customer records and personal records. Analysts call it the largest known data breach involving card data in history.

  16. In 2007, Estonia, a country of about 3 million people bordering Russia, has a well-developed network infrastructure that came under a crushing cyberattack that made its most important government, banking and media Web sites unavailable. Security experts analyzing the cyberattack believe it was triggered by the "Russian blogosphere," which triggered a second phase that included specially designed bots, dropped onto home computers. Some suspect the Russian government was involved, a charge dismissed by the Kremlin.

  17. In 2008, Societe Generale, the large French financial services firm, discloses that one of its low-level options traders, Jerome Kerviel, has committed stock fraud worth an astonishing $7 billion, the largest in history traced to rogue trading . Kerviel placed huge bets in unauthorized trades and covered up his tracks with fake e-mail. In a case still playing out in the French legal system, the 31-year-old Kerviel has admitted to masterminding the scheme but is publically saying Societe Generale was "complacent" about his activities as long as his bets were winning.

  18. 2010/2011 CSI/FBI Security Survey • The following are the key findings from this year’s survey, covering the period from July 2009 through June 2010: • Malware infection continued to be the most commonly seen attack, with about two-thirds of respondents reporting it, and it appears to be on the rise. • Respondents reported markedly fewer financial fraud incidents than in previous years, with less than 9% saying they’d seen this type of incident during the covered period. • Of the approximately half of respondents who experienced at least one security incident last year, just over 45% of them reported they’d been the subject of at least one targeted attack. • Respondents said that regulatory compliance (e.g., HIPAA/HITECH, breach notification laws, SOX, PCI DSS/PAS, international privacy/security laws, FISMA, and GLBA) efforts have had a positive effect on their security programs. • By and large, respondents did not believe that the activities of malicious insiders (as opposed to non-malicious insiders) accounted for much of their losses due to cybercrime. • Slightly over half of the respondents said that their organizations do not use cloud computing. Ten percent, however, say their organizations not only use cloud computing, but have deployed cloud-specific security tools. A total of 5,412 surveys were sent out, with 351 surveys returned

  19. Evolution of Network Security • Who and where are the bad guys? • The bad guys are not outside • The bad guys are smart (persistent advanced threat: PAT) • The perimeter is gone • What they can do? • They can do anything that goes wrong!

  20. Network Security for current hot areas… • Virtualization and Clouds (a buzz word) • Mobile and wireless applications • Identity management (i.e., trust management) • Social network security • Malware through web, email, etc. • Future Internet

  21. Understand an Attack: Attack Model • Attack Sources • Who are attackers? Insider/outsider? Passive attackers/Active attackers? • Attack Goals • What attackers want to achieve? • Attack Methods • What approaches that attackers deployed • Attack Consequences • What impacts to the security system and society?

  22. Projects Schedule • Two persons are in a group • The project is starting now • First project report by 3/7 (with your designs) • Second project report by 3/26 (with your progress updates) • Final project report by 4/11 • Demos start from 4/11-4/23 • The project will be presented on 4/23

  23. Introduction to our project environment • All projects will be conducted in our virtual environment (Mobicloud system) • A set of servers with programmable networking devices and storages • Using component design for your project • http://en.wikipedia.org/wiki/Component-based_software_engineering

  24. Projects, ideas, starting now! Go to project page for more details. • Developing traffic dispatching/load balancing solutions with security policy control based on flowvisor (Terry) • Developing audit and report services based on syslog, sflow, snort, etc. (Terry) • Developing a secure collaborative data sharing system based on GIT, SAN, and Openstack (Huijun) • Developing a certificate management system to support network supporting system such as DNSSEC (AB) • Developing a Moble VPN solution considering continuous network connectivity (AB) • Developing a Wireless traffic monitoring system (Bing Li) • Developing an identity management framework (based on database & MobiID, Oauth) and create APIs to interface various network services (HuiJun & Zhijie) • Developing a traffic virtualization/visualization system by using mirroring functions such as SPAN/ESPAN (James) • Developing a secure signaling/control system based on XMPP and REST (Larry) • Developing efficient Mobiguard security solutions including IP/certificates verifier, phishing site checker (Larry) • Developing an intrusion detection system based on vulnerability databases (Pankaj).

More Related