Course: Wireless network Security

Lecturer: Dasgupta

Location: MH422

Times:

Lecture

Date

Time

1

T 7/28

13:15 - 14:45

2

T 7/28

15:00 - 16:30

3

W 7/29

13:15 - 14:45

4

W 7/29

15:00 - 16:30

5

Th 7/30

9:00 - 10:30

6

Th 7/30

10:45 - 12:00

7

M 8/3

9:00 - 10:30

8

M 8/3

10:45 - 12:00

9

W 8/5

9:00 - 10:30

10

W 8/5

10:45 - 12:00

11

F 8/7

13:15 - 14:45

12

F 8/7

15:00 - 16:30

 

Student Roster:

BAYARTOGTOKH

Turbat

CSULB

BUJARD

Alexandre

HEIG-VD

Blanchard

Nicolas

HEIG-VD

Broennimann

Florian

HEIG-VD

COLESON

Andrew

ASU

Cornu

Romain

HEIG-VD

DELVAUX

Michael

HEIG-VD

DESAI

Nitisha

ASU

DONFOUET ZANGUE

Brice

HEIG-VD

DONGRE

Ankush

CSULB

DUBOSSON

Aurelien

HEIG-VD

Deng

David

SJSU

Di Fulvio

Marco

HEIG-VD

Dinant

Gabriel

HEIG-VD

FOALENG TAFE

Raoul Landry

HEIG-VD

Ikekoka

Steve

SJSU

Jaggi

Christophe

HEIG-VD

Jimenez

Lorena

CSULB

Keller

S�bastien

HEIG-VD

LALLATHIN

Geddy

CSULB

Lala

Alain

HEIG-VD

PALACIO

Daniel Sepulveda

CSULB

ROBERT

Vincent

HEIG-VD

Rayroud

Christian

HEIG-VD

Rinaldini

Julien

HEIG-VD

SPINNENHIRN

Fabian

ASU

Steiner

Pierre

HEIG-VD

Tran

Thai

SJSU

WEHRLI

Johan

HEIG-VD

 

Description

Security I: Computer and Network Security

Instructor: Partha Dasgupta, Arizona State University

Evaluation: final exam, lab assignments

Prerequisites:�����������������������������������

         Programming,

         Data Structures,

         Basic knowledge of Networking and Operating Systems

 

Security is at the forefront of the currents of computing news. Fraud has taken a front seat in the Internet, and is already causing significant financial losses that are climbing. The innovation in computer crime has blown the lid on many inherent flaws in our computing infrastructure (i.e. use of passwords) and financial infrastructure (i.e. use of credit card and account numbers). We are coasting in denial and spreading the losses and hoping things will get better. From "Evil Twins" to "Pharming", from "SQL Injection" to "Rootkits", the march of attack discovery is outpacing the fixes. The sinister truth is well stated by a trade magazine that said: "Computing at home has never been so powerful - and treacherous. Just as millions of consumers are buying new PCs and signing up for blur-fast Internet connections, cybercrooks are hatching schemes to take control of their machines."

 

We cover the techniques used by attacks to gain personal information and financial gains. We cover the countermeasures that are being deployed with limited success. We cover the variety of new tricks that play cat and mouse between fraudsters and security experts. We cover the inherent design defects that to unintended consequences. In addition we cover the latest research techniques and academic protocols that can stem the tide of attacks (virtualization, integrity checking, link farm detection and so on).

 

         Part 1: Security Basics (Security Principles, Threats and Attacks, Vulnerabilities, Countermeasures, False solutions (e.g. shared secrets), Threat Models, Hardening Systems)

         Part 2: Attacks (Virus, Trojans and Worms, Buffer Overflows, SQL Injection, Spam, Pharming, Link farms, Attacking software systems, Attacking Networks, Attacking Hardware, Rootkits and other Esoteric attacks, Social engineering)

         Part 3: Countermeasures (Patches and security fixes, Awareness and Education, Cryptographic Solutions, Embedding security in software and hardware, Out of band notifications, Simple yet effective)

         Part 4: Cryptography (Encryption and Hashing, Shared secrets, Challenge response, Public Key Systems, Digital Certificates, Digital Signatures, Key Management, Applications of cryptography in Web Transactions)

         Part 5: Network Security (Secret Communication, Authentication, SSL and IPSec, PGP and Email, Intrusion Detection, Denial of Service, Honeypots and Tarpits)

         Part 6: Operating System and Application Security (Programming secure software, Bugs and vulnerabilities, Application and Operating Systems, Firewalls, Virus Detectors, Software Signatures, "Kernel Integrity Checkers", "Application Integrity Checkers")

         Part 7: State of the Art? (Are we in a sorry state?, Software trust management, Hardware trust management, Innovative tricks, Evasive virus scanning, Return of Obscurity Techniques (e.g. Steganography))

 

         Lab exercises will cover topics as virtualization, rainbow tables for password recovery or RSA public key encryption.