• No results found

Lecture 1 - Overview

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Lecture 1 - Overview"

Copied!
15
0
0

Loading.... (view fulltext now)

Download now ( 15 Page )

Full text

(1)

Lecture 1 - Overview

CMPSC 443 - Spring 2012

Introduction to Computer and Network Security

Professor Jaeger

(2)
(3)
(4)

And the rest ...

• Hardware

– E.g., Ford Pinto – E.g., ext2

• Physical Access

– E.g., ATMs

• Users

– E.g., Phishing

– E.g., Social engineering – E.g., Misplaced trust

(5)

Where is all of this going?

• We are at a unique point in history.

– We have little security.

– We have little usable theory on what is secure. – We have little knowledge of how to get it.

– Workable tools are rudimentary, but sometimes effective.

• However, we have a huge amount of risk riding on

computer and network security.

– Financial – Medical

– Personal ...

(6)

This course …

• We are going to explore the tools that the address

these frequent and expected vulnerabilities.

– Why are we doing so poorly in computing systems at protecting our users and data from inadvertent or

intentional harm?

(7)

This course …

• This course is an applied

applied systems

course

covering introductory topics in computer and network

security. We will investigate the tools and problems

of contemporary security:

This course provides an introduction to the theory and application of security in computer and network environments. Students will develop the skills necessary to formulate and address the security needs of

enterprise and personal environments. The course will begin by describing the goals and mechanisms of security as motivated by recent incidents in the area. Topics will cover cryptography,

authentication, secure programming, security in operating systems, network security, secure storage, access control, denial-of-service, and file systems, and conclude with emerging trends in secure systems

(8)

You need a basic understanding of …

• IP Networks

• Operating Systems

• Discrete Mathematics

• Basics of systems theory and implementation

– E.g., File systems, distributed systems, networking, operating systems, ....

(9)

Why are we here? -- Goals

• Our goal:

to provide you with the tools to apply

current and future approaches to computer security

.

– Formulating a security strategy – Basic technologies

– Engineering trade-offs

This is going to be a

hard course

. The key to

success is sustained effort. Failure to keep up with

readings and assignments will likely result in poor

grades, and little understanding of the course

material.

Pay-off: security competence is a necessary, rare,

valuable skill

(10)

Course Challenges

• Security is relative

– Good understanding of other computer technologies are necessary

• Security is terminology

– Each application of security has different terms for concepts

• Security is defensive

(11)

Course Materials

• Website - We are maintaining the course website at

http://www.cse.psu.edu/~tjaeger/cse443-s12

– Course assignments, slides, and other artifacts will be made available on the course website.

• Course textbooks

Kaufman, C., Perlman, R. and Speciner, M., Network

Security (Private Communication in a Public World), 2nd

edition, Prentice Hall 2002.

Selected readings from: Jaeger, T., Operating System

Security, Morgan & Claypool, 2008. Available online.

• Go to http://www.morganclaypool.com/toc/spt/1/1

• Select “Operating System Security” (works within Penn State network)

(12)

Course Calendar

• The course calendar as all the relevant readings,

assignments and test dates • Please check the website

frequently for announcements and changes to the schedule.

Students are responsible for any change on the schedule

(we will try to make

(13)

Grades

• Grading policy

– 20% Mid-term exam (TBD - 8th week) – 35% Course Projects (4-5)

– 15% Quizzes and Class Participation – 30% Final exam (end of semester)

• Lateness policy - Assignments are assessed a 10% per-day

late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give us excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

(14)

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover

technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of

reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these

guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the instructor for advice. Do not

undertake any action which could be perceived as technology misuse under any circumstances unless you have received explicit permission from Professor Jaeger.

(15)

And the rest of this course …

• Outline

1. Overview 2. Basics

3. Cryptography/Authentication 4. Software Security

5. Systems Security 6. Network Security 7. Misc Topics

References

Download now ( PDF - 15 Page - 1.11 MB )

Related documents

Employing Variation in the Object of Learning for the Design-based Development of Serious Games that Support Learning of Conditional Knowledge

In this thesis I pursued contributions in three distinctive areas. These are i) the collection and analysis of evidence demonstrating the benefits of variation for learning

Wake up call for collegiate athlete sleep: narrative review and consensus recommendations from the NCAA Interassociation Task Force on Sleep and Wellness

screening follow-up, including triggers for referral to (campus and/or off- campus) sleep medicine providers. Recommendation 9: Provide evidence- based sleep education to

Helmut Schöfer 1 Arno Göllner 3 Werner Kusche 2 Ulrich Schwantes 3

Topical anti-acne treatment with other medicinal products supplementary to nadi- floxacin cream was documented in 150 patients (27.0%) and 57 patients (10.3%) received

4: Multicast Routing 2 Inter-Domain Routing

y Tree optimizations Technologie-Zentrum Informatik Domain B Domain Hierarchies in BGMP Domain A Domain C R S Domain D allocated root domain for G Multicast data for group G

Konica Minolta Managed Content Services

Konica Minolta also offers software solutions and optimised print services to reduce document output cost, improve productivity and optimise office environment, backed by

The feasibility of conducting manual image segmentation of 3D sonographic images of axillary lymph nodes

The objective of the study was to conduct a feasibility study of the use of manual image segmentation using sonographic images of axillary lymph nodes to create 3D models..

First-improvement vs. Best-improvement Local Optima Networks of NK Landscapes

This paper extends a recently proposed model for combinatorial land- scapes: Local Optima Networks (LON), to incorporate a first-improvement (greedy- ascent) hill-climbing

Request for Entitlement to Plan Collaborative, Online Bachelor of Science Degree Completion Program in Sustainable Management

SMGT 330 Marketing for a Sustainable World Stout SMGT 331 Sustainable Organizational Finance River Falls SMGT 332 Economics of Environmental Sustainability Parkside