Lecture |
Date |
Time |
1 |
T 7/28 |
13:15 - 14:45 |
2 |
T 7/28 |
15:00 - 16:30 |
3 |
W 7/29 |
13:15 - 14:45 |
4 |
W 7/29 |
15:00 - 16:30 |
5 |
Th 7/30 |
9:00 - 10:30 |
6 |
Th 7/30 |
10:45 - 12:00 |
7 |
M 8/3 |
9:00 - 10:30 |
8 |
M 8/3 |
10:45 - 12:00 |
9 |
W 8/5 |
9:00 - 10:30 |
10 |
W 8/5 |
10:45 - 12:00 |
11 |
F 8/7 |
13:15 - 14:45 |
12 |
F 8/7 |
15:00 - 16:30 |
BAYARTOGTOKH |
Turbat |
CSULB |
BUJARD |
Alexandre |
HEIG-VD |
Blanchard |
Nicolas |
HEIG-VD |
Broennimann |
Florian |
HEIG-VD |
COLESON |
Andrew |
ASU |
Cornu |
Romain |
HEIG-VD |
DELVAUX |
Michael |
HEIG-VD |
DESAI |
Nitisha |
ASU |
DONFOUET ZANGUE |
Brice |
HEIG-VD |
DONGRE |
Ankush |
CSULB |
DUBOSSON |
Aurelien |
HEIG-VD |
Deng |
David |
SJSU |
Di Fulvio |
Marco |
HEIG-VD |
Dinant |
Gabriel |
HEIG-VD |
FOALENG TAFE |
Raoul Landry |
HEIG-VD |
Ikekoka |
Steve |
SJSU |
Jaggi |
Christophe |
HEIG-VD |
Jimenez |
Lorena |
CSULB |
Keller |
Sébastien |
HEIG-VD |
LALLATHIN |
Geddy |
CSULB |
Lala |
Alain |
HEIG-VD |
PALACIO |
Daniel Sepulveda |
CSULB |
ROBERT |
Vincent |
HEIG-VD |
Rayroud |
Christian |
HEIG-VD |
Rinaldini |
Julien |
HEIG-VD |
SPINNENHIRN |
Fabian |
ASU |
Steiner |
|
HEIG-VD |
Tran |
Thai |
SJSU |
WEHRLI |
Johan |
HEIG-VD |
Security I: Computer
and Network Security
Instructor:
Evaluation: final
exam, lab assignments
Prerequisites:
ˇ
Programming,
ˇ
Data Structures,
ˇ
Basic knowledge of Networking and Operating Systems
Security is at the forefront of the
currents of computing news. Fraud has taken a front seat in the Internet, and
is already causing significant financial losses that are climbing. The
innovation in computer crime has blown the lid on many inherent flaws in our
computing infrastructure (i.e. use of passwords) and financial infrastructure
(i.e. use of credit card and account numbers). We are coasting in denial and
spreading the losses and hoping things will get better. From "Evil
Twins" to "Pharming", from "SQL
Injection" to "Rootkits", the march of
attack discovery is outpacing the fixes. The sinister truth is well stated by a
trade magazine that said: "Computing at home has never been so powerful -
and treacherous. Just as millions of consumers are buying new PCs and signing
up for blur-fast Internet connections, cybercrooks
are hatching schemes to take control of their machines."
We cover the techniques used by
attacks to gain personal information and financial gains. We cover the
countermeasures that are being deployed with limited success. We cover the
variety of new tricks that play cat and mouse between fraudsters and security
experts. We cover the inherent design defects that to unintended consequences.
In addition we cover the latest research techniques and academic protocols that
can stem the tide of attacks (virtualization, integrity checking, link farm
detection and so on).
ˇ
Part 1: Security Basics (Security Principles,
Threats and Attacks, Vulnerabilities, Countermeasures, False solutions (e.g.
shared secrets), Threat Models, Hardening Systems)
ˇ
Part 2: Attacks (Virus, Trojans and Worms,
Buffer Overflows, SQL Injection, Spam, Pharming, Link
farms, Attacking software systems, Attacking Networks, Attacking Hardware, Rootkits and other Esoteric attacks, Social engineering)
ˇ
Part 3: Countermeasures (Patches and security
fixes, Awareness and Education, Cryptographic Solutions, Embedding security in
software and hardware, Out of band notifications, Simple yet effective)
ˇ
Part 4: Cryptography (Encryption and Hashing,
Shared secrets, Challenge response, Public Key Systems, Digital Certificates,
Digital Signatures, Key Management, Applications of cryptography in Web
Transactions)
ˇ
Part 5: Network Security (Secret Communication,
Authentication, SSL and IPSec, PGP and Email, Intrusion Detection, Denial of
Service, Honeypots and Tarpits)
ˇ
Part 6: Operating System and
Application Security (Programming secure software, Bugs and vulnerabilities, Application
and Operating Systems, Firewalls, Virus Detectors, Software Signatures,
"Kernel Integrity Checkers", "Application Integrity
Checkers")
ˇ
Part 7: State of the Art? (Are we in a sorry state?,
Software trust management, Hardware trust management, Innovative tricks,
Evasive virus scanning, Return of Obscurity Techniques (e.g. Steganography))
ˇ
Lab exercises will cover topics as virtualization, rainbow tables for
password recovery or RSA public key encryption.