CSCD 303 Essential Computer Security Spring 2013 Lecture 17 Buffer Overflow Attacks.
CSCD 434 Network Security Spring 2014
-
Upload
ignatius-leonard -
Category
Documents
-
view
56 -
download
3
description
Transcript of CSCD 434 Network Security Spring 2014
![Page 1: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/1.jpg)
CSCD 434Network Security
Spring 2014
Lecture 1 Course Overview
![Page 2: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/2.jpg)
Contact Information
• InstructorCarol Taylor315 CEB Phone: 509-359-6908E-mail: [email protected]
Office hours: M, W, F 1 – 2 pm
• Course TimeMon, Wed 2 – 4:30 pmRoom: CEB 227 Lecture and CEB 342 Lab
![Page 3: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/3.jpg)
Course Information
• Course number: CSCD 434 Network Security
• Course Web Pagehttp://penguin.ewu.edu/cscd434
![Page 4: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/4.jpg)
Overview
• Today’s Topics• What is network security and how
does it fit within EWU curriculum?• Network Security fits within the
broader topic of general security• Some expectations• Learning Objectives for this course• Pre-test of network security
![Page 5: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/5.jpg)
Network Security Defined
• Network Security – How would you define it?– Protection of networks and their services
from unauthorized modification, destruction, or disclosure– Study of both attack and defense
techniques that affect the network
![Page 6: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/6.jpg)
Our Curriculum
• CSCD 330 – Network programming– Basic networking course with an emphasis
on programming
• CSCD 433/533 – Advanced Networking–More depth, cover network principles,
design – Cover other protocols, real-time, QOS– Some programming
![Page 7: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/7.jpg)
Our Curriculum
• CSCD 434 Network Security– Computer networks focus of both threats and
defense. – Begin with coverage of Attacks and
Attackers• What they typically do to gain access to
computers on a network• Examine different phases of an attack• Learn tools and techniques attackers use– Try some out in the lab
• Try to answer, Why attack?
![Page 8: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/8.jpg)
Our Curriculum
• CSCD434 continued …– Talk about Defense Mechanisms against
attackers• Detection/Prevention – Network security
policies• Authentication, users and machines• Firewalls and Intrusion Detection• Use of Cryptography as network defense–Whats its real value?–Where it works and where it doesn’t
work
![Page 9: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/9.jpg)
General Computer Security
• How do you define computer security?– Application of hardware, firmware and
software security• To a computer system in order to
protect against, or prevent,• Unauthorized disclosure,• Manipulation, and deletion of
information or• Denial of service
![Page 10: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/10.jpg)
General Computer Security• Where does network security fit within a
security curriculum?– Introductory Security class, CSCD303• Basics of computer security, code and
hardware vulnerabilities, OS protection mechanisms, cryptography based protection, authentication
– Cryptography• Algorithms and math that define
cryptography
![Page 11: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/11.jpg)
General Computer Security• CSCD496 - Computer or Digital Forensics
• Capture data related to proof of electronic crimes• Recoverability of data from both host and
network
• CSCD437 - Secure Coding taught by Tom Capul
• Learn how to avoid software vulnerabilities • Attacks that can take advantage of code
vulnerabilities and how to create more secure programs
![Page 12: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/12.jpg)
Network and General Security
Overlap of Topics
General SecurityNetwork
Security
Cryptography
Forensics
Secure Coding
![Page 13: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/13.jpg)
Pre-requisite Knowledge
• Pre-requisites – Network course • Should know basic TCP/IP networks
– Knowledge of programming such as C, C++, C# or Java, Python or Pearl
• We will review some networking concepts– Point you to some supplemental
material on TCP/IP Networks to fill in the gaps
![Page 14: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/14.jpg)
Student Learning Objectives
• By end of this course you should– Understand threats to computer
systems through network– Understand and be able to set up
defense mechanisms used to counteract threats– Understand role of cryptography in
network defense– Know how to continue learning about
network security beyond this class• Certifications, Journals, Web Sites
![Page 15: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/15.jpg)
Expectations for You• Come to Class– Listen, learn and ask lots of questions
• Download lecture notes • Do reading if assigned – There will be outside reading!!!!
• Want in-class participation • There will be group exercises in class• Labs
![Page 16: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/16.jpg)
Expectations for You
• Produce a project • Programming or experiment• Short write up of results• Presentation of your resultsOr
• Create a research paper• Survey paper• And do a presentation of a topic
![Page 17: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/17.jpg)
Project or Program
• This will be a substantial part of your grade
• And, you can become a group too– Groups need to outline who is doing
which job–Work should reflect greater effort from a
group
![Page 18: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/18.jpg)
Conclusion• Interesting class, increase everyone’s
knowledge of network security• Topic is challenging
• Broad and changes constantly• Nothing really difficult, but is a large topic
• Naturally interdisciplinary – Extends beyond the technical• Social and people-related issues • Policy and laws• We will cover some of this
![Page 19: CSCD 434 Network Security Spring 2014](https://reader035.fdocuments.us/reader035/viewer/2022081503/568137f2550346895d9fb089/html5/thumbnails/19.jpg)
The End
• This week no Lab• Next Time– General Security Overview