CS423/523

Download Report

Transcript CS423/523 

CSCD 434
Network Security
Spring 2012
Lecture 1
Course Overview
Contact Information
• Instructor
Carol Taylor
315 CEB
Phone: 509-359-6908
E-mail: [email protected]
• Office Hours:
M, W, F 10-11 am or other times I am in my
office
Course Information
• Course number:
CSCD 434 Network Security
• Course Web Page
http://penguin.ewu.edu/cscd434
Overview
• Today’s Topics
• What is network security and how does it fit
within EWU curriculum?
• Network Security fits within the broader
topic of general security
• Some expectations
• Learning Objectives for this course
• Pre-test of network security
Network Security Defined
• Network Security
– How would you define it?
– Protection of networks and their services from
unauthorized modification, destruction, or
disclosure
– Study of both attack and defense techniques
that affect the network
Our Curriculum
• CSCD 330 – Network programming
– Basic networking course with an emphasis on
programming
• CSCD 433/533 – Advanced Networking
– More depth, cover network principles, design
– Cover other protocols, real-time, QOS
– Some programming
Our Curriculum
• CSCD 434 Network Security
– Computer networks focus of both threats and
defense.
– Begin with coverage of Attacks and Attackers
• What they typically do to gain access to
computers on a network
• Examine different phases of an attack
• Learn tools and techniques attackers use
– Try some out in the lab
• Try to answer, Why attack?
Our Curriculum
• CSCD434 continued …
– Talk about Defense Mechanisms against
attackers
• Detection/Prevention – Network security
policies
• Authentication, users and machines
• Firewalls and Intrusion Detection
• Use of Cryptography as network defense
– Whats its real value?
– Where it works and where it doesn’t work
General Computer Security
• How do you define computer security?
– Application of hardware, firmware and
software security
• To a computer system in order to protect
against, or prevent,
• Unauthorized disclosure,
• Manipulation, and deletion of information or
• Denial of service
General Computer Security
• Where does network security fit within a security
curriculum?
– Introductory Security class, CSCD303
• Basics of computer security, code and
hardware vulnerabilities, OS protection
mechanisms, cryptography based protection,
authentication
– Cryptography
• Algorithms and math that define cryptography
General Computer Security
• CSCD496 - Computer or Digital Forensics
• Capture data related to proof of electronic
crimes
• Recoverability of data from both host and
network
• CSCD437 - Secure Coding taught by Tom Capul
• Learn how to avoid software vulnerabilities
• Attacks that can take advantage of code
vulnerabilities and how to create more secure
programs
Network and General Security
Overlap of Topics
Cryptography
Secure
Coding
Network
Security
Forensics
General Security
Pre-requisite Knowledge
• Pre-requisites
– Network course
• Should know basic TCP/IP networks
– Knowledge of programming such as C, C++,
C# or Java, Python or Pearl
• We will review some networking concepts
– Point you to some supplemental material on
TCP/IP Networks to fill in the gaps
Student Learning Objectives
• By end of this course you should
– Understand threats to computer systems
through network
– Understand and be able to set up defense
mechanisms used to counteract threats
– Understand role of cryptography in network
defense
– Know how to continue learning about network
security beyond this class
• Certifications, Journals, Web Sites
Expectations for You
• Come to Class
– Listen, learn and ask lots of questions
• Download lecture notes
• Do reading if assigned
– There will be outside reading!!!!
• Want in-class participation
• There will be group exercises in class
• Labs
Expectations for You
• Produce a project
• Programming or experiment
• Short write up of results
• Presentation of your results
Or
• Create a research paper
• Survey paper
• And do a presentation of a topic
Project or Program
• This will be a substantial part of your grade
• And, you can become a group too
– Groups need to outline who is doing which job
– Work should reflect greater effort from a group
Conclusion
• Interesting class, increase everyone’s
knowledge of network security
• Topic is challenging
• Broad and changes constantly
• Nothing really difficult, but is a large topic
• Naturally interdisciplinary
–Extends beyond the technical
• Social and people-related issues
• Policy and laws
• We will cover some of this
The End
• This week no Lab
• Next Time
– General Security Overview