CSE598k / CSE545 Advanced Network Security Lecture 1 - Introduction - - PowerPoint PPT Presentation

cse598k cse545 advanced network security
SMART_READER_LITE
LIVE PREVIEW

CSE598k / CSE545 Advanced Network Security Lecture 1 - Introduction - - PowerPoint PPT Presentation

Feb 13, 2024 280 likes •452 views

slide-1
SLIDE 1

Systems and Internet Infrastructure Security Laboratory (SIIS) Page

฀฀฀฀ ฀

  • ฀฀฀฀

฀฀฀฀฀ ฀฀฀฀฀฀

CSE598k / CSE545 Advanced Network Security

Lecture 1 - Introduction

  • Prof. Patrick McDaniel

1

slide-2
SLIDE 2

CSE545 - Advanced Network Security - Professor McDaniel Page

Oops ...

2

slide-3
SLIDE 3

CSE545 - Advanced Network Security - Professor McDaniel Page

Network Security

  • No really good definition, so we will accept the following

for this course:

The study of the security of systems, applications, infrastructure, and tools that relate to online computing.

  • Implication
  • Networks: physical layer, protocols, and flows
  • Applications: how they are designed and
  • People and Policy: how do we use these system and what kinds
  • f security do we need?

3

slide-4
SLIDE 4

CSE545 - Advanced Network Security - Professor McDaniel Page

Network Security Questions

  • How is this different than other types of security?
  • Is the distinction between network security and other

types of security meaningful any more?

  • Is there anything more to study?

4

slide-5
SLIDE 5

CSE545 - Advanced Network Security - Professor McDaniel Page

CERT Reports

  • AOL Media Playback
  • OpenSSL FIPS
  • Questions
  • What are the vulnerabilities?
  • How can you exploit them?
  • What is the cause?

5

slide-6
SLIDE 6

CSE545 - Advanced Network Security - Professor McDaniel Page

Why are we here? -- Goals

  • Our goal: to provide you with the tools to perform

research in .

  • Evaluating network security techniques
  • Designing network security solutions
  • Attacking network infrastructure
  • Developing analysis methods
  • This is going to be a time-consuming course. The key

to success is sustained effort. Failure to keep up with readings and assignments will likely result in poor grades, and little understanding of the course material.

  • Pay-off: network security research competence is a

necessary, rare, valuable skill

6

slide-7
SLIDE 7

CSE545 - Advanced Network Security - Professor McDaniel Page

Course Materials

  • Website - We are maintaining the course website at

http://www.cse.psu.edu/~mcdaniel/cse545/index.html

  • Course assignments, slides, and other artifacts will be made

available on the course websites

7

slide-8
SLIDE 8

CSE545 - Advanced Network Security - Professor McDaniel Page

Course Calendar

  • The course calendar as all the

relevant readings, assignments and test dates

  • Please check the website

frequently for announcements and changes to the schedule. Students are responsible for any change on the schedule (we will try to make announcements in class).

8

slide-9
SLIDE 9

CSE545 - Advanced Network Security - Professor McDaniel Page

Grades

  • Grading policy

– 40% Course Project – 20% Assignments – 25% Final Exam – 15% Class Participation, quizzes

  • Lateness policy - Assignments are assessed a 10% per-day late

penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give us excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

9

slide-10
SLIDE 10

CSE545 - Advanced Network Security - Professor McDaniel Page

Activities

  • Homework
  • reductions, logic problems, etc.
  • readings, readings, readings ...
  • Projects
  • perform some limited attack or desgin
  • perform analysis of something interesting
  • Quizzes
  • if you don’t do the reading ...

10

slide-11
SLIDE 11

CSE545 - Advanced Network Security - Professor McDaniel Page

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative

  • channels. Any activity outside the letter or spirit of these

guidelines will be reported to the proper authorities and may result in dismissal from the class. When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse under any circumstances unless you have received explicit permission from Professors Jaeger or McDaniel.

11

slide-12
SLIDE 12

CSE545 - Advanced Network Security - Professor McDaniel Page

Read for Next week

  • Jerome H. Saltzer, David P

. Reed, and David D. Clark. End- to-end arguments in system design. ACM Transactions on Computer Systems 2, 4 (November 1984) pages 277-288.

  • K. Thompson, "Reflections on Trusting Trust,"

Communications of the ACM,

  • Vol. 27, No. 8, August 1984,
  • pp. 761-763.
  • J.H. Saltzer and M.D. Schroeder. Part I-A of The Protection
  • f Information in Computer Systems. Proceedings of the

IEEE, 63(9):1278-1308, 1975.

12

slide-13
SLIDE 13

CSE545 - Advanced Network Security - Professor McDaniel Page

Assignment: Due 1/28

  • Follow these steps:
  • 1. Download on Linux or OS/X a

VM system

  • 2. Install a Linux operating system running in a

VM

  • 3. Install different kinds of network servers
  • 4. Download and install Metasploit tool
  • 5. Compromise the server over the network
  • Write a report, with screen shots and log files that

describes a network attacks ~ at least 1 page text each in deep detail of the attack and how it works.

13