Introduction to Network Security - CS 285 (Fall 2012)
This course focuses on the principles and practices of network security, exploring critical concepts, threats, and solutions. Taught by Yuan Xue at Vanderbilt University, the course features lectures, discussions, hands-on experiences, and a mix of both theoretical and practical learning methodologies. Key topics include cryptography, secure protocols, system vulnerabilities, and contemporary security challenges. Participants will engage in assignments and projects to develop a robust understanding of security measures in computing environments.
Introduction to Network Security - CS 285 (Fall 2012)
E N D
Presentation Transcript
CS 285 Network Security Fall 2012 Yuan Xue
Course Information • When and Where • Tuesday/Thursday 1:10pm-2:25pm • 298 Featheringill Hall • Instructor: Yuan Xue (yuan.xue@vanderbilt.edu) • Office: 383 Jacobs Hall, Phone: 615-322-2926 • Office hours: Monday/Thursday 3:00pm-4:00pm or by appointment. • Web:http://vanets.vuse.vanderbilt.edu/dokuwiki/doku.php?id=teaching:cs285-fall2012
Books and References • Textbook • [WS] Cryptography and Network Security: Principles and Practice (4th/5th Edition) by William Stallings • Reference books • [KPS] Network Security: Private Communication in a Public World (2nd Edition), by Charlie Kaufman, Radia Perlman, Mike Speciner [AND] Security Engineering: A Guide to Building Dependable Distributed Systems, by Ross J. Anderson [CSP] Security in Computing (3rd Edition), by Charles P. Pfleeger, Shari Lawrence Pfleeger [BIS] Computer Security: Art and Science, by Matthew A. Bishop[DM] The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws, by Dafydd Stuttard and Marcus Pinto
Course Component • Lecture • Slides + white board • Take note • Online digest/slides • Participation • Discussion • Presentation • Homework • 5 assignments • Pencil/paper + programming • Midterm • Project • Important component • Start early • Potential topics Grading Policy • Participation: 10% • Homework: 35% • Midterm: 25% • Project: 30%
What you will learn from this course • What is “Security”? • Where the security problems come from? • Potential threats to a system or an application • What are the solutions? • Apply an appropriate mix of security measures • Knowing what has worked, what has failed • Both theory, design, principle as well as hands-on experience • Security involves many aspects • Operating system, programming language, administration and policy • Our Focus: Network Security (Algorithm, protocol, mechanism) • We will also discuss OS, programming related security issues.
Course Topics • Security Basics and Principles • Symmetric/ Asymmetric Cryptography • Basic concept, algorithm, mechanism, • Design principles • Security Practices • Secure protocols, systems and applications (SSL, IPSec, PGP) • Hand-on experiences (system/network exploits, defenses) • Hot Topics and Recent Development • Web security, Wireless Network security, Smartphone, Cloud computing, Worm, DoS attack, etc.
Survey and Feedback • Your input is important • Online Survey • http://www.zoomerang.com/Survey/WEB22GJ2LF2VGD/ • Feedback
What is security? • In general, security is the condition of being protected against danger or loss. (Wikipedia) • In computer security and network security • What are the subjects that need to be protected? • Let’s start with some terms • System • computer, network, application, data, resource • Principal: an entity that participate in a system • user, person
Refer to [MB]1.1 What is security? • Computer Security • Confidentiality means that only authorized people or system can access the data or resource. it’s about the receiver • Integrity refers to the trustworthiness of data or resources. about the source • Data integrity means that data can only be modified by authorized people or system in authorized ways • Origin integrity (also called source authentication) means that the source of the data is trustworthy. • Message authentication (= data integrity + origin integrity) means messages received are exactly as sent (i.e. no modification, insertion, deletion, or replay), and the ID of the sender is valid. • Note: timing information (timestamp) is also considered as part of the message. • Availability means that people has the ability to use the information or resource desired.
Where the security problem comes from? Let’s look at some example systems • Bank • Bookkeeping • Core operations • customer account, journals recording the transactions • Who has the access to the information? • Bank’s own staff – what if they cheat? • ATM • Authenticate users based on card and ID number • Let’s go Internet • The user – how do we know they are the “real” (authenticate) user? • Protect web servers and bookkeeping database
Where the security problem comes from? • Hospital • Patient record system • Who can access the record? – • Many parties – insurance company, care giver, researcher, • Complicated -- role can change • Privacy issue – HIPPA • Anonymize the record for research • Is it sufficient? • Show me all records of 59-year-old males who were treated for a broken collarbone on September 15, 1966 • Drug management • Let’s go to Internet/Web • Patient Portal, Electronic Medical Record
Where the security problem comes from? In real world where systems interact with each other… imagine physical systems controlled by computers, communicated via networks (cyber-physical system) Let’s watch a video clip..
