cs 6v81 - network security introduction. course organization web: ksarac/netsec/ instructor: dr....
Post on 02-Jan-2016
217 Views
Preview:
TRANSCRIPT
CS 6v81 - Network Security
Introduction
Course organization Web: www.utdallas.edu/~ksarac/netsec/
Instructor: Dr. Kamil Sarac E-mail: ksarac@utdallas.edu Office: ECS South 4.207 Phone: 972 883 2337 Office Hours: Monday (10am to 11am)
Monday (5:30pm to 6:30pm)
TA: TBA E-mail: TBA Office Hours: TBA
2
Course organization E-Learning: I’ll use it to send e-mails, to post
lectureslides, homework announcements and grades; will also use it to turn assignments in
Recommended textbook: Network Security, Private Communication in a Public World, by Kaufman, Perlman, Speciner, 2nd Edition.
Grading: Two exams – each 30% of the grade Homework assignments – 16% of the grade
Details – TBA Programming project – 20% of the grade Participation in hands on activities – 4% of the grade
3
Course organization Topics (tentative):
Crypto tools and their use in various protocols, Authentication, Standards
Kerberos, PKI, IPsec, SSL/TLS, TCP/IP security
Fundamental protocols in TCP/IP suite and related attacks ARP, IP, ICMP, TCP, UDP, etc.,
Protocols for network applications and their vulnerabilities DNS, SMTP, Telnet, FTP, HTTP, web, e-mail
Wireless security, Security of Internet routing (BGP security), DoS attacks and counter measures, Firewalls and Internet security, …
4
Course organization Hands on activities:
Hands on component of the course Basic attack life cycle exercises
A lab session where your will attack and defend More info later on during the semester
A 2-day long cyber game session where you will attack a server system
Powerpoint slides: Will post on e-Learning
Questions on course organization?
5
Network security in a nutshell Computer networks are composed of hosts
interconnected by a communication infrastructure
The communication infrastructure’s task is to deliver traffic between endpoints
Hosts provide services and store information Users access services and exchange/store
information Need to assure:
Privacy/Confidentiality Integrity/Consistency Availability
in a distributed setting6 Following slides modified from those of G. Vigna
The solution to network security
7
Strong authentication of both services and users
Reliable authorization/access control Effective abuse control Flawless protocols, infrastructure, operating
systems, and applications Perfect policy Perfect policy enforcement …and every user is a security expert
The real world
8
Effective security protections are not deployed Administrators do not keep up with vendor
updates/patches Sites do not monitor or restrict access to their
internal hosts Organizations do not devote enough
staff/resources to improve and maintain security (e.g., user education)
Sites do not implement policies (if they have one!) Infrastructure service providers are driven by
market/service, not security Users insist on using flawed applications (e.g., mail
reader that automatically execute attachments)
Goals
10
Understand network security issues Networks Network services and protocols Applications
Learn about protection mechanisms and techniques
Learn about detection techniques
What is secure communication?
1. Bob understands the message 2. Bob knows that message is sent by Alice and
no one else tampered it
3. Is privacy part of this? Can others see the message? Can we hide the fact that
Message is coming from Alice Message is destined to Bob Both of the above
11
MessageAlice Bob
What is secure communication? What can go wrong?
Eavesdropping (passive) Send/fabricate messages Impersonate an address and lie in between Replay recorded message Modify a message in transit Write malicious code and trick people to run it
Trojan horse – hidden instruction on a program Virus – hidden instructions added on a program afterwards Worm – a program that replaces itself by installing its copies Trapdoor – undocumented entry point to a system Logic bomb – malicious instructions triggered by an event Zombie – malicious instructions remotely triggered over the
network
12
The Internet
13
A network of networks A network composed of a set of autonomous
subnetworks Open architecture Different administrative domains with
different and possibly conflicting goals Governments, companies, universities,
organizations rely on the Internet to perform mission-critical tasks
Ethics
34
Is hacking legal? NO! Is it legal to discuss vulnerabilities and how
they are actually exploited? YES, provided that… The goal is to educate and increase awareness The goal is to teach how to build a more secure
computing environment A full disclosure policy has been advocated by
many respected researchers provided that… The information disclosed has been already
distributed to the parties that may provide a solution to the problem (e.g., vendors)
The ultimate goal is to prevent similar mistakes from being repeated
UTD IR acceptable use policy
35
Check it out at http://www.utdallas.edu/business/admin_manual/pdf/a51300.pdf
top related