0 évaluation0% ont trouvé ce document utile (0 vote)
67 vues39 pages
Security requirements have changed in recent times. Traditionally security is provided by physical and administrative mechanisms. Computer use requires automated tools to protect files and other stored information.
Security requirements have changed in recent times. Traditionally security is provided by physical and administrative mechanisms. Computer use requires automated tools to protect files and other stored information.
Droits d'auteur :
Attribution Non-Commercial (BY-NC)
Formats disponibles
Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
Security requirements have changed in recent times. Traditionally security is provided by physical and administrative mechanisms. Computer use requires automated tools to protect files and other stored information.
Droits d'auteur :
Attribution Non-Commercial (BY-NC)
Formats disponibles
Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
CS CS 322 376 322 376: Information & : Information &
Communication Technology Communication Technology
Security Security 1-1 2011 Chakchai So-In CS 322 376 Khon Kaen University Chakchai So-In, Ph.D. Department of Computer Science Faculty of Science, Khon Kaen University 123 Mitaparb Rd., Naimaung, Maung, Khon Kaen, 40002 Thailand chakso@kku.ac.th http://web.kku.ac.th/chakso/322376_Fall10/ Agenda Agenda What is SECURITY in CS/IT world? Goal of this Course Contact/Office Hour Grading Contents of the Course Tentative Schedule 1-2 2011 Chakchai So-In CS 322 376 Khon Kaen University Tentative Schedule Term Project and Project Guideline Security Background Security Background Information Security requirements have changed in recent times. Traditionally security is provided by physical and administrative mechanisms. Computer use requires automated tools to protect files and other stored information. Use of networks and communications links requires measures 1-3 2011 Chakchai So-In CS 322 376 Khon Kaen University Use of networks and communications links requires measures to protect data during transmission. Definitions Definitions Computer Security - generic name for the collection of tools designed to protect data and to thwart hackers Network Security - measures to protect data during their transmission Internet Security - measures to protect data during their transmission over a collection of interconnected networks Information security - about how to prevent attacks, or failing 1-4 2011 Chakchai So-In CS 322 376 Khon Kaen University Information security - about how to prevent attacks, or failing that, to detect attacks on information-based systems Security Components Security Components Confidentiality: Need access control, Cryptography, Existence of data Integrity: No change, content, source, prevention mechanisms, detection mechanisms Availability: Denial of service attacks, Confidentiality, Integrity and Availability (CIA) 1-5 2011 Chakchai So-In CS 322 376 Khon Kaen University Services, Mechanisms, Attacks Services, Mechanisms, Attacks Need systematic way to define requirements Consider three aspects of information security: Security Attack Security Mechanism Security Service Consider in reverse order 1-6 2011 Chakchai So-In CS 322 376 Khon Kaen University Consider in reverse order Security Service Security Service Is something that enhances the security of the data processing systems and the information transfers of an organization Make use of one or more security mechanisms to provide the service Replicate functions normally associated with physical documents E.g. have signatures, dates; need protection from disclosure, 1-7 2011 Chakchai So-In CS 322 376 Khon Kaen University E.g. have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded or licensed Security Mechanism Security Mechanism A mechanism that is designed to detect, prevent, or recover from a security attack No single mechanism that will support all functions required However one particular element underlies many of the security mechanisms in use: cryptographic techniques Hence our focus on this area 1-8 2011 Chakchai So-In CS 322 376 Khon Kaen University Services and Mechanisms Relationship Services and Mechanisms Relationship Security Attack Security Attack Any action that compromises the security of information owned by an organization Have a wide range of attacks Can focus of generic types of attacks Note: often threat & attack mean same Threat a potential for violation of security 1-10 2011 Chakchai So-In CS 322 376 Khon Kaen University Threat a potential for violation of security Attack an assault on system security, a deliberate attempt to evade security services OSI Security Architecture OSI Security Architecture Defines a systematic way of defining and providing security requirements ITU-T X.800 Security Architecture for OSI (Open Systems Interconnection) X.800 defines it as: a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers 1-11 2011 Chakchai So-In CS 322 376 Khon Kaen University of the systems or of data transfers RFC 2828 (Request for Comment) defines it as: a processing or communication service provided by a system to give a specific kind of protection to system resources X.800 defines it in 5 major categories Authentication, Access Control, Data Confidentiality, Data Integrity, Non-Repudiation 5 5 Categories (X. Categories (X.800 800)) Authentication - assurance that the communicating entity is the one claimed Access Control - prevention of the unauthorized use of a resource Data Confidentiality protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an 1-12 2011 Chakchai So-In CS 322 376 Khon Kaen University Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Classify Security Attacks as Classify Security Attacks as Passive attacks - eavesdropping on, or monitoring of, transmissions to: Obtain message contents, or Monitor traffic flows Active attacks modification of data stream to: Masquerade of one entity as some other Masquerade of one entity as some other Replay previous messages Modify messages in transit Denial of service Model for Network Security Model for Network Security Using this model requires us to: Design a suitable algorithm for the security transformation Generate the secret information (keys) used by the algorithm Develop methods to distribute and share the secret information Model for Network Access Security Model for Network Access Security Using this model requires us to: Select appropriate gatekeeper functions to identify users Implement security controls to ensure only authorised users access designated information or resources Goal of This Course Goal of This Course Our focus is on Internet Security Comprehensive course on Computer/Information Technology/Network Security Broad coverage of key areas Consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information 1-16 2011 Chakchai So-In CS 322 376 Khon Kaen University Lots of independent reading (also on basic computer networking) Lab-based independent learning WhiteHat vs. BlackHat Attack Independent Study on Term Group Project (Information Technology, Computer and Network Security) + Small Project (Translation) Contact and Office Hour Contact and Office Hour Instructor: Chakchai So-In, Ph.D. chakso@kku.ac.th Office: SC 6706 Office Hours: Wednesday from 09.00am to 12.00pm at SC6706 Location: Section I = Wednesday 02.30pm to 05.30pm @SC8405 Section II = Monday 09.00am to 12.00pm @SC6204C 1-17 2011 Chakchai So-In CS 322 376 Khon Kaen University Section II = Monday 09.00am to 12.00pm @SC6204C Section III = Monday 01.00pm to 04.00pm @SC8505 Class Homepage: http://web.kku.ac.th/chakso/322376_Fall11/ Teaching Assistance: Natnicha Veeramongkonleod, nattyjang42@gmail.com, Friday 05.00pm to 07.00pm @6706 Kanokmon Rujirakul, ace.kamikaze@hotmail.com, Tuesday 05.00pm to 07.00pm @Ph.D. Common Room Contact and Office Hour (Cont.) Contact and Office Hour (Cont.) Facebook Group: http://www.facebook.com/groups/268896419808221/ All of you MUST join = HW0 Class Email: cs322376@gmail.com 1-18 2011 Chakchai So-In CS 322 376 Khon Kaen University Textbooks and Supplementary Textbooks and Supplementary Textbooks: please READ all Computer and Network Security Wiki related topics. Cryptography and Network Security: Principles and Practice by William Stallings, 2010 Master in Security 2nd edition (Thai) by Jatuchai Pangjun, 2010 1-19 2011 Chakchai So-In CS 322 376 Khon Kaen University Textbooks and Supplementary (Cont.) Textbooks and Supplementary (Cont.) Supplementary Network Security: Private Communication in a Public World by Charlie Kaufman, Radia Perlman, and Mike Specimner, 2002 Law (ICT) Thailand Network and Computer Security Specialist #1, #2, #3 (Thai) by Minister of ICT, Thailand 1-20 2011 Chakchai So-In CS 322 376 Khon Kaen University (Thai) by Minister of ICT, Thailand Hands-on Ethical Hacking and Network Defense by Michael T. Simpson, Kent Backman, and James E. Corley, 2010 Hacking Exposed: Network Security Secrets and Solutions by Stuart McClure, Joel Scambray, and George Kurtz, 2009 CISSP Certified Information Systems Security Professional STUDY GUIDE by SYBEX, 2010 Prerequisite Prerequisite Basic Data Communication/ Computer Networks OR any Computer Networking/Inter-Networking Computer Networks: A Top-Down Approach (5th edition) by J. F. Kurose and K. W. Ross, 2009 Computer Networks by a.. .-a ., 2011 Basic Operating System Operating System Concepts by Abraham Silberschatz, 2008 ..::v:.. (OPERATING SYSTEMS) by u++ .++, 2002 Basic Computer Architecture Computer Organization and Architecture: Designing for Performance by William Stallings, 2009 av.a...+.u.... (COMPUTER ORGANIZATION AND ARCHITECTURE) by +ar .....a, 2003 Basic Programming Language, e.g., C/C++/C#/Java/Python Grading Grading Midterm Exam 20% Final Exam 25% Homework + Lab Homework + Quiz + Class Participation 20%+5% Small Project 5%+5% Term Project 25+5% Term Project 25+5% Group Project but grading individually *write who do what?* Extra Credits +5% 1 st round competition; +10% = winner (Published Paper/NSC/Network Security Contest/CISSP Certification/CCNA or CCIE Security Certification/Imagine Cup) Taking Network Security Contest Exam >1% (31/10-Register) Time Management Average 12 Hrs/week/person on project Average 9 Hrs/week/person on class Homework Homework #Homework: 4 to 6 throughout the semester Submission: Hard-copy ONLY; MUST turn in 7 min. before class (except HW0 = email) For any reasons, late penalty (~30%) will be applied. No late homework is accepted more than ONE day OR after the answer has been discussed. 1-23 2011 Chakchai So-In CS 322 376 Khon Kaen University Due: 2 weeks after announcement (except HW#0 - 1week) Emergency = Soft-copy allowed: include 322376_Fall2011_XX:HWY in subject (XX = Section Number, Y = Homework Number); cs322376@gmail.com Tentative Homework: Basic Computer and Network Security I, PKI and Digital Signature, Authentication Protocols, Application Security Homework/Lab Submission Homework/Lab Submission Each homework/lab submission /******************322 376: Information and Communication Technology Security Name/Last Name: Student ID: . Section No: . Section No: . Date: . I have worked with other students listed below WITHOUT copying word by word! all penalties will be concurred otherwise .. *******************/ http://web.kku.ac.th/chakso/cover.pdf Homework/Lab WILL NOT be credits without the beginning part! Exam Exam 2 exams (Midterm and Final) Allow: calculator (talks to the department for specific models) The final exam material will be after the mid-term; however, all related contents will be also covered. Each exam includes True/False (+1, -1, and 0) 1-25 2011 Chakchai So-In CS 322 376 Khon Kaen University True/False (+1, -1, and 0) Numerical and Analysis Fill in the blank Providing detailed description and/or explanation The final grade will be curved based on the overall performance of the whole class (also scale based on the standard, say, A 80) Academic Integrity Academic Integrity Cheating: (not limited to) Submission of work that is not the student's own for papers, assignments or exams. Submission or use of falsified data. Theft of or unauthorized access to an exam. Use of unauthorized material including textbooks, notes or 1-26 2011 Chakchai So-In CS 322 376 Khon Kaen University Use of unauthorized material including textbooks, notes or computer programs in the preparation of an assignment or during an examination. Supplying or communicating in any way unauthorized information to another student for the preparation of an assignment or during an examination. Ref: [http://www.cmu.edu/policies/documents/Cheating.html] Academic Integrity (Cont.) Academic Integrity (Cont.) Collaboration in the preparation of an assignment. Unless specifically permitted or required by the instructor, collaboration will usually be viewed by the university as cheating. Submission of the same work for credit in two courses without obtaining the permission of the instructors beforehand. 1-27 2011 Chakchai So-In CS 322 376 Khon Kaen University beforehand. Plagiarism includes, but is not limited to, failure to INDICATE the source with quotation marks or footnotes where appropriate if any of the following are reproduced in the work submitted by a student: A phrase, written or musical; A graphic element; A proof; Specific language; An idea derived of another person. Tentative Schedule (Subject to Change) Tentative Schedule (Subject to Change) Class Day Date Topic 1 Monday 10/10/2011 Course Overview 2 Monday 10/17/2011 Encryption Techniques 3 Monday 10/24/2011 Block Ciphers and Encryption Standards 4 Monday 10/31/2011 Advanced Encryption Standard 5 Monday 11/07/2011 Public Key Infrastructure + Encouragement + Project Topic Selection 1-28 2011 Chakchai So-In CS 322 376 Khon Kaen University + Project Topic Selection 6 Monday 11/14/2011 (Cont.) 7 Monday 11/21/2011 Proposal Project Presentation + Paper Selection + Dhamma #1 8 Monday 12/12/2011 MAC and Hashing 9 Monday 12/19/2011 Review for Midterm 10 Monday 12/26/2011 Mid-Term Exam (week 12/23-12/29) For Section I; date+2 say Monday 10/10 = Wednesday 10/12 Tentative Schedule (Cont.) Tentative Schedule (Cont.) Class Day Date Topic 11 Monday 01/02/2012 2012 New Year (no class) 12 Monday 01/09/2012 Authentication Protocols 13 Monday 01/16/2012 Email Security + IP Security 14 Monday 01/23/2012 Web Security + Small Project Submission 15 Monday 01/30/2012 Firewall + Intruder 16 Monday 02/06/2012 Review for Midterm + Final Project 1-29 2011 Chakchai So-In CS 322 376 Khon Kaen University 16 Monday 02/06/2012 Review for Midterm + Final Project Presentation/Demo 17 Monday 02/13/2012 Final Exam (week 02/13-03/01) For Section I; date+2 say Monday 10/10 = Wednesday 10/12 Project Project ONLY hands-on projects on topic of your choice (3-6 students) The final outcome MUST be something VISUAL working and running . Worth for National Software Contest, Microsoft Imagine Cup, Samart Innovation submission (NSC, Samart, MS Imagine Cup) Both Coding and Final Report Submission +PPT+Poster Both Coding and Final Report Submission +PPT+Poster There is about 20 mins for story board and 30 mins for final presentation and/or demo. Project Ideas: Ideas at Stanford.edu; Ideas at Berkeley.edu; Ideas at MIT.edu; Ideas at DotCrime; Ideas at Sunysb.edu; Ideas at Berkeley.edu; Ideas at Udel.edu; Ideas at Fsu.edu; Ideas at Upenn.edu *Think if you can use this project for your senior project. Project Ideas (Cont.) Project Ideas (Cont.) Network Attack Tools Network Protection Tools Wireless Network Attack Tools Wireless Network Protection Tools Digital Forensic Tools Bot Nets 1-31 2011 Chakchai So-In CS 322 376 Khon Kaen University Bot Nets Cross-Site Scripting Anti-DNS Pinning War Driving Techniques and Tools Compilation of Security Algorithms in C Efficient Algorithm to find the private key from a public key Develop a root kit for Windows/Linux/MAC Secure E-Voting With Blind Signature Project Ideas (Cont.) Project Ideas (Cont.) A tool to collect passwords in wireless A tool to monitor network traffic in open ports Using one the wireless attack tools to monitor the traffic and Develop a web site to collect passwords Firewall bypass using port 80 A honey pot to catch crackers 1-32 2011 Chakchai So-In CS 322 376 Khon Kaen University A honey pot to catch crackers Multi-Pot (multiple base stations to lure victims) WEP crackdown using passive monitoring and plain text attacks A tool to fool routers Identity Stealing Tool using web sites Identity Stealing Tool using phishing SPAM without detection Hardware to locate/pinpoint wireless access points Project Topics: Example Project Topics: Example (NSC (NSC11 11//12 12)) .u+v+.++.u+.!.v..r .u.a:. :v..++- ..::!:...+u+ ... .a::v+a.a ..::v:. . ClearOS a.aa!v. P2P Traffic ..a+... a:a. aaa!-.+. .+- - a..::v:. .++u..:+....a!.+...u. ++..u 1-33 2011 Chakchai So-In CS 322 376 Khon Kaen University ++..u .:a +.+a.. . ..::...:.4 .....+..a.a+++ ..::.v:+ ..::a.a+....:...a+.+ua....a::...+a ..::.a.a....aa+.v.a....a!.+.a....a.a .. a..a+....:..::.+.a.aa::..- Project Topics: Example Project Topics: Example (NSC (NSC11 11//12 12)) ..::.u.+..v+a.a .:..::v :. ..+.v... ..::...:a+.:.+..:+.. .... ..::.4 .....+... a+r!.+.a:... ..::......a..a.a+.au...a ..::...:.+a...- .u.....:..::v:. ..a. 1-34 2011 Chakchai So-In CS 322 376 Khon Kaen University ..::...:.+a...- .u.....:..::v:. ..a. ..::...:a+.+aaa.vv + av. aa..+..u.....!-. a.+. .:.+.:+...+.u..::.+..v+a.a .:+.u+a... Small Project Small Project Paper (Recent Journal >2007) translation (computer and network security) (Don't Submit the paper only after google translator) Examples: (ieeexplore.ieee.org OR www.sciencedirect.com = Search "computer network security survey") OR Security issues and solutions in multicast content distribution Intrusion detection in wireless ad hoc networks A survey of covert channels and countermeasures in computer A survey of covert channels and countermeasures in computer network protocols A security framework for wireless sensor networks Survey of networksecurity systems to counter SIP-based denial-of-service attacks Wireless mesh networksecurity: A traffic engineering management approach WhiteHat vs. BlackHat Hacking (two team = admin+hacker) Set Linux/Window Server; mail/dns/web/ftp/ etc. then HACK Project Schedule Project Schedule Class Date/Topic #1 11/07/2011 Project Topic Selection+5 mins Presentation (what is it?) #2 11/21/2011 1. Outline Due+20 mins Presentation (story board - theory/objective/limitation/use case/activity diagram/..etc.) theory/objective/limitation/use case/activity diagram/..etc.) Click here for detail (page 33) 2. Paper Selection (Translation) #3 01/23/2012 1. Small Project Submission (Translation) 2. CS Whitehat/Blackhat Hacker Report #4 02/06/2012 Final Submission Click here for detail (page 36)+30 mins Presentation/Demo + Poster Thank you and Question? Thank you and Question? 1-37 2011 Chakchai So-In CS 322 376 Khon Kaen University Homework Homework 0 0 ((1 1 week due) week due) 1) Mail list below to cs322376@gmail.com, Subject = 322376_Fall2011_XX:HW0 Name (English/Thai): Email (including your gmail also): Tel: Year/ ICT or CS or SI Track: Academic Advisor: 1-38 2011 Chakchai So-In CS 322 376 Khon Kaen University Academic Advisor: Research/Project Interest: What do you want to do after graduation? Join Facebook Group Yet?: Yes/No By submitting Homework 0 and entering this class, the student has accepted all rules abiding by Chakchai So-In as a lecturer without exception. Yes/No Homework Homework 0 0 (Cont.) (Cont.) 2) How much point have you got on Quiz0? . 3) List your group members (3-6 students) - StudentID SecNo. Name LastName - StudentID SecNo. Name LastName - . 4) List of 5 Computer or Network Security application/tools (at 1-39 2011 Chakchai So-In CS 322 376 Khon Kaen University 4) List of 5 Computer or Network Security application/tools (at least 3 opensource) - Title = - Description = What/Platform/Language/How to use/ - Opensource = Yes/No - Website (Reference) =