1 / 25

ITP 457 Network Security

ITP 457 Network Security. Joseph Greenfield joseph.greenfield@usc.edu. Overview. Introduction Syllabus What are your expectations? Questions? Current affairs with Network Security Introduction to Network Security. Student Introductions. Name Major Experience with Linux / Windows.

priscillaa
Télécharger la présentation

ITP 457 Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITP 457 Network Security Joseph Greenfield joseph.greenfield@usc.edu

  2. Overview • Introduction • Syllabus • What are your expectations? • Questions? • Current affairs with Network Security • Introduction to Network Security

  3. Student Introductions • Name • Major • Experience with Linux / Windows

  4. My expectations • Pre-requisites • Basic Knowledge of Computers • No networking experience required !!! • We will teach you everything you need to know • Ideally you should have taken or be currently enrolled in ITP 325 – Web Security • We are working to remove all of the overlap between the two • My expectations • Show up to class • At the end of the semester, I expect you to have a good understanding of the basic principles of network security • I don’t expect you to be experts, and I will not grade you as if you are an expert • Guest Lectures • We are hoping to have two guest lecturers this semester. Attendance is absolutely mandatory. An absence from either lecture will result in a grade penalty of one-third (i.e. a B+ will be lowered to a B)

  5. Brief History of the World

  6. Course Philosophy “The most important step towards securing your network Is trying to break into it.” Attacks vs. Countermeasures

  7. Course Outline • Computer Networking Fundamentals • Networking technologies, products, methodologies • Hackers • Mentality and Mindset • Methodology • Network Node Security • Windows XP, 2000, and 2003 • Vista will NOT be covered • Linux/Unix Network Security • Perimeter Security • Firewalls • Intrusion Detection Systems • Router Security • Wireless Network Security • Security Policy

  8. Hacking Today • Congressional Aide is caught trying to solicit hackers for hire(12/22/06): • http://www.securityfocus.com/brief/391 • UCLA breach exposes 800,000 individual’s personal information • http://www.securityfocus.com/brief/391

  9. Loss due to Computer Incidents

  10. Technologies used by companies

  11. Overview • What is Security? • Why do we need Security • Who is vulnerable?

  12. What is Security? • Dictionary.com says: • 1. Freedom from risk or danger; safety. • 2. Freedom from doubt, anxiety, or fear; confidence. • 3. Something that gives or assures safety, as: • 1. A group or department of private guards: Call building security if a visitor acts suspicious. • 2. Measures adopted by a government to prevent espionage, sabotage, or attack. • 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant.

  13. Why do we need Security • Protect vital information while still allowing access to those who need it • Trade secrets, medical records, etc. • Provide authentication and access control for resources • Guarantee availability of resources • Ex: 5 9’s (99.999% reliability)

  14. Who is vulnerable? • Financial institutions and banks • Internet service providers • Pharmaceutical companies • Government and defense agencies • Contractors to various government agencies • Multinational corporations • Educational Institutions • Basically ANYONE ON A NETWORK

  15. Who gets hacked? • Everybody • http://www.2600.com/hacked_pages/ • Government servers • Swordfish – Hugh Jackman’s character hacked Department of Defense • Banks, e-commerce sites • Ebay!!! • Educational institutions • UCLA recently  • USC in the past 

  16. What is a Hacker? • Wikipedia has three definitions: • Hacker: Highly skilled programmer • One who has l33t c0ding skillz • Generally, then can get the job done when no one else can by writing “hack-job” code • Downside – impossible to maintain without the “hacker” • Hacker: Computer and network security expert • One who specializes in access control mechanisms for computer and network systems • In a sense, you are taking this class to become hackers • Hacker: Hardware Modifier • Not normally used anymore; they are called “modders”

  17. What does the rest of the world think a hacker is? • Media definition of hacker = our definition of cracker • Someone who maliciously breaks into networks and systems for personal gain • Crack (v) – to break into a system with malicious intent

  18. Who are these hackers? • Internal threats (rogue insiders) • Bored students • Disgruntled employees • External threats • Bored people (lots of them out there worldwide!), • political action groups • Example: Phil Angelides, Democratic Candidate for Governor of California http://www.theregister.co.uk/2006/09/13/schwarzenegger_audio_hack/ • crackers & hackers • ex-employees

  19. Levels of Hackers • Script kiddies/Cyberpunks • Novices • Very little actual knowledge of what goes on behind the scenes. They simply find a cool tool on the net • Media stereotype (pimply faced, lives in his mom’s basement, etc) • Sloppy, leave all sorts of digital evidence of their actions • Most annoying and cause the most headaches • Intermediate Hackers • “halfway hackers” • Know enough to cause serious damage • Most want to be advanced (l33t), and will get there if they’re not caught • Advanced Hackers • Criminal Experts • Uber/l33t hackers • These are the authors of the hacking tools, viruses, and malware • They know enough to hide their tracks – most of the time you won’t even know that your system has been compromised

  20. Why Hack? • Because they can! • Curiosity, notoriety, fame • Profit ($$$ or other gain) • Hackers for Hire • Korean National Police Agency busted the Internet’s largest known organized hacking mafia • 4,400 members!!!!! • Sell people’s personal information on the black market

  21. Why hack? • Underlying the psyche of the criminal hacker is a deep sense of inferiority • Consequently, the mastery of computer technology, or the shut down of a major site, might give them a sense of power • "Causing millions of dollars of damage is a real power trip“ • Hacktivism – hactivist.net • “Free Kevin” messages that were put onto websites without the owners permission • Cyberterrorists • Crash critical systems, bring down power grids & air traffic control towers • US fights this through the Department of Homeland Security • Customs, FBI & CIA

  22. Hacker Methodology 1. Gather target information 2. Identify services offered by target to the public (whether intentional or not) 3. Research the discovered services for known vulnerabilities 4. Attempt to exploit the services 5. Utilize exploited services to gain additional privileges from the target 6. Reiterate steps 1-5 until goals are achieved

  23. Most notorious hacker ever was a… • USC Student!!!  • “Hacking is a noble, honorable art” – Kevin Mitnick • Inverview

  24. Dangers of Security • Fine line between legal and illegal hacking • No laws in place to protect hackers from technically illiterate lawyers • Ethics

  25. Assignment • Read “Hacker Hall of Fame” • http://tlc.discovery.com/convergence/hackers/bio/bio.html • Visit the following websites and search for security related articles in the past 2 weeks. • www.cnn.com, www.news.com, www.nytimes.com and www.latimes.com

More Related