Welcome to eecs 354 network penetration and security
Download
1 / 15

Welcome to EECS 354 Network Penetration and Security - PowerPoint PPT Presentation


  • 97 Views
  • Uploaded on

Welcome to EECS 354 Network Penetration and Security. Why Computer Security. The past decade has seen an explosion in the concern for the security of information Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003, and will grow to over $75 billion by 2007

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Welcome to EECS 354 Network Penetration and Security' - leila-thornton


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Welcome to eecs 354 network penetration and security

Welcome to EECS 354Network Penetration and Security


Why computer security
Why Computer Security

  • The past decade has seen an explosion in the concern for the security of information

    • Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003, and will grow to over $75 billion by 2007

  • Jobs and salaries for technology professionals have lessened in recent years. BUT …

  • Security specialists markets are expanding !

    • “ Full-time information security professionals will rise almost 14% per year around the world, going past 2.1 million in 2008” (IDC report)


Why computer security cont d
Why Computer Security (cont’d)

  • Internet attacks are increasing in frequency, severity and sophistication

  • Denial of service (DoS) attacks

    • Cost $1.2 billion in 2000

    • 1999 CSI/FBI survey 32% of respondents detected DoS attacks directed to their systems

    • Thousands of attacks per week in 2001

    • Yahoo, Amazon, eBay, Microsoft, White House, etc., attacked


Why computer security cont d1
Why Computer Security (cont’d)

  • Virus and worms faster and powerful

    • Melissa, Nimda, Code Red, Code Red II, Slammer …

    • Cause over $28 billion in economic losses in 2003, growing to over $75 billion in economic losses by 2007.

    • Code Red (2001): 13 hours infected >360K machines - $2.4 billion loss

    • Slammer (2003): 10 minutes infected > 75K machines - $1 billion loss

  • Spams, phishing …

  • New Internet security landscape emerging: BOTNETS !



Logistics
Logistics

  • Instructors

    Sam Mc

    Yan Chen (ychen@cs.northwestern.edu),

  • TA

    TBD


Why learn to hack
Why Learn to Hack

  • If you can break into computer systems, then you can defend computer systems.

    • The fundamental idea is to learn how to think as an attacker.

    • Defense then becomes second-nature.

  • “The devil is in the details.”

    • Only by understanding low-level details of vulnerabilities and attacks is it possible to avoid the introduction of similar flaws and to design effective protection mechanisms.


Logistics1
Logistics

  • Instructors

    Sam McIngvale (CS alumni)

    Jim Spadaro (undergrad)

    Whitney Young (to be CS alumni)

    Yan Chen

  • TA

    TBD


Course overview
Course Overview

  • This course will emphasize the practical security techniques rather than the theory

    • Complementary to EECS 350 “Intro to Computer Security” and EECS 450 “Internet Security” research course

  • Satisfy the project course requirement for undergrads

  • Security has become one of the depth areas for CS major requirements

  • Satisfy the breadth requirement for system Ph.D. students


Course objective
Course Objective

  • Be able to identify basic vulnerabilities in software systems and design corresponding protection mechanisms

  • Be able to use some important and popular security tools for network/system vulnerability discovery and risk assessment

  • Be able to use configure a computer/network with current security software, e.g., firewalls, intrusion detection systems (IDS)

  • Compete in the international Capture the Flag competition


Course contents
Course Contents

  • Shellcode

  • Buffer Overflows, Heap Overflows

  • Format Strings

  • Web Attacks

    • SQL injection and Shell attacks

    • Cross Site Scripting (XXS)

  • Using Metasploit for Penetration

  • Firewalls and IDSs

  • Wireshark and Finding Illegal Users

    • Looking at tcpdump data with Wireshark


Course contents cont d
Course Contents (cont’d)

  • Reverse Engineering

    • Reverse engineering compiled code

    • Reverse engineering byetcode

  • Windows Hacking

    • Differences between Windows and Linux

    • Example Windows vulnerabilities


Prerequisites and course materials
Prerequisites and Course Materials

  • Required: EECS 213 or (ECE 205 and 231) or any equivalent operating systems introductory courses

  • Highly Recommended: networking (EECS 340) and OS (EECS 343) or having some familiarity with Unix systems programming

  • No textbooks – all readings will come from handouts


Grading
Grading

  • No exams for this class.

  • Participation in CTF and Practice Competitions is mandatory

    • Date: December

  • Participation 25%

    • RTFM classes are very interactive. Students should come to class prepared and ready to participate.

  • Homework 30%

    • Students will be expected to complete weekly hacking assignments.

  • Competition 20%

  • Group Project 25%


Communication
Communication

  • Slides will be made online prior to each class

  • Web page:

    http://cal.cs.northwestern.edu/nuctf

  • Newsgroup on Google Groups: Network Penetration and Security