Welcome to EECS 354 Network Penetration and Security

About This Presentation

Title:

Description:

Number of Views:21

Avg rating:3.0/5.0

Slides: 16

Provided by: fei1

Learn more at: https://users.cs.northwestern.edu

Category:

more less

Transcript and Presenter's Notes

Title: Welcome to EECS 354 Network Penetration and Security

1
Welcome to EECS 354Network Penetration and
Security
2
Why Computer Security

The past decade has seen an explosion in the
concern for the security of information
Malicious codes (viruses, worms, etc.) caused
over 28 billion in economic losses in 2003, and
will grow to over 75 billion by 2007
Jobs and salaries for technology professionals
have lessened in recent years. BUT
Security specialists markets are expanding !
Full-time information security professionals
will rise almost 14 per year around the world,
going past 2.1 million in 2008 (IDC report)

3
Why Computer Security (contd)

Internet attacks are increasing in frequency,
severity and sophistication
Denial of service (DoS) attacks
Cost 1.2 billion in 2000
1999 CSI/FBI survey 32 of respondents detected
DoS attacks directed to their systems
Thousands of attacks per week in 2001
Yahoo, Amazon, eBay, Microsoft, White House,
etc., attacked

4
Why Computer Security (contd)

Virus and worms faster and powerful
Melissa, Nimda, Code Red, Code Red II, Slammer
Cause over 28 billion in economic losses in
2003, growing to over 75 billion in economic
losses by 2007.
Code Red (2001) 13 hours infected gt360K machines
- 2.4 billion loss
Slammer (2003) 10 minutes infected gt 75K
machines - 1 billion loss
Spams, phishing
New Internet security landscape emerging BOTNETS
!

5
The Spread of Sapphire/Slammer Worms
6
Logistics

7
Why Learn to Hack

If you can break into computer systems, then you
can defend computer systems.
The fundamental idea is to learn how to think as
an attacker.
Defense then becomes second-nature.
The devil is in the details.
Only by understanding low-level details of
vulnerabilities and attacks is it possible to
avoid the introduction of similar flaws and to
design effective protection mechanisms.

8
Logistics

9
Course Overview

This course will emphasize the practical security
techniques rather than the theory
Complementary to EECS 350 Intro to Computer
Security and EECS 450 Internet Security
research course
Satisfy the project course requirement for
undergrads
Security has become one of the depth areas for CS
major requirements
Satisfy the breadth requirement for system Ph.D.
students

10
Course Objective

Be able to identify basic vulnerabilities in
software systems and design corresponding
protection mechanisms
Be able to use some important and popular
security tools for network/system vulnerability
discovery and risk assessment
Be able to use configure a computer/network with
current security software, e.g., firewalls,
intrusion detection systems (IDS)
Compete in the international Capture the Flag
competition

11
Course Contents

12
Course Contents (contd)

13
Prerequisites and Course Materials

Required EECS 213 or (ECE 205 and 231) or any
equivalent operating systems introductory courses
Highly Recommended networking (EECS 340) and OS
(EECS 343) or having some familiarity with Unix
systems programming
No textbooks all readings will come from
handouts

14
Grading

No exams for this class.
Participation in CTF and Practice Competitions is
mandatory
Date December
Participation 25
RTFM classes are very interactive. Students
should come to class prepared and ready to
participate.
Homework 30
Students will be expected to complete weekly
hacking assignments.
Competition 20
Group Project 25