1. Computer Security II Lecturer – Lynn Ackler – Office – CSC 222 – Office Hours 9:00 – 10:00 M,W Course – CS 457 – CS 557

2. Course Objectives Critical Security Controls Networks Weaknesses, Defenses and Vigilances Protection, Detection and Decontamination Past, Current and Theoretical

3. CSIA WARNING The material that you will learn in the CSIA track is dual use. The ethical and legal implications of your use of information and techniques presented should always be part of your decisions.

4. Outline Intro to Course Critical Security Controls LAN Network Security LAN Network Assessment Intrusion Detection Systems Vulnerability Assessment Internet Security (IPSec, VPN's and SSL) Secure Computing Environment Design

5. Course Requirements 1 Hour Test20% 1 Final Exam (3/24/06 @ 7:30) 30% Lab Reports & Exercises30% Security +20%

6. Texts Suggested – Linux Firewalls, 2nd, Ziegler, New Rider – ISBN 0-73571-099-6

7. Schedule Week 1- Intro &Critical Security Controls Week 2- Network review Week 3 - LAN Security Week 4 - Firewalls Week 5- LAN Assessment Week 6- Midterm Week 7 - Intrusion Detection Week 8- Network Design Week 9-10- IPSEC & SSL

8. Lab Reports Significant portion of the course 2 people to a workstation Collaborative work Independent reports Reports are important Well written in English

9. Lab Projects 1.Stateful Trace 2.Use of net tools 3.Firewall – Installation and test 4.Nmap exercisae 5.IDS – Installation, configuration and evaluation 6.IPSEC Trace

10. Lab Report Description Purpose Step by step description Justification Test and evaluation Conclusions

11. Lab Grades Adherence to requirements Innovation Completeness Correctness Clarity Independence

12. Information Security Model Confidentiality Integrity Availability Transmission Storage Processing Technology Policies Training Information States Critical Information Characteristics Security Measures

13. Information Systems Security Engineering ISSE Art and science of discovering users' information protection needs. Designing systems with economy and elegance, so that safely resists the forces to which they will be subjected. Building and testing such systems.

14. Network Security The Perimeter Design Firewalls Routers Design NAT

15. Network Assessment Be careful Vulnerability scanners Port scanners Audits

16. Intrusion Detection Systems Who's after me? What did they get? What did I do wrong? How did they do it?

17. Internet Security Cryptography IPSec and VPN's SSH SSL

18. Network Design Perimeter Security Security in depth Layered protection

19. Server Configuration Gateway configuration Apache installation and configuration DNS installation and configuration Design of a small home/office network

20. Security Dogma Policy of least privilege Deny all Permit only with a lot of whining

21. Network Security Fundamentals Definitions Defense in Depth – The perimeter – The DMZ – The internal networks

22. Definitions – The perimeter – Border router – Firewall – IDS – Secure session – Software architecture – DMZ – Screened subnets

23. The Perimeter The perimeter is a fortified boundary controlling ingress and egress. Routers Firewalls IDS Software Screened subnets Secure sessions

24. Border Router The first point of ingress The last point of egress Choke point between the organization and the Internet First and last line of defense

25. Firewall Application or device with rules that accepts or rejects network traffic Types Hardware, application or script Static, stateful or proxy – Static – Nortel Accellar – Stateful – iptables, Cisco pix, Linksys – Proxy -Secure Computing's Sidewinder

26. IDS Intrusion Detection System Consists of a set of sensors and an analysis program Sensors – host based and network based Sensors collect data on network traffic patterns Analysis program – Suspicious activity – Predefined signatures Sends alerts on suspected intrusion

27. Secure Session Secure communication from outside the network to inside the network VPN – virtual private networks ssl & ssh https Encrypted communication channel

28. Software Architecture The collection of applications that the organization makes available outside the organization's network. Includes supporting applications e-commerce site Web sites

29. DMZ DeMilitarized Zone Portion of the network between the border router and the non-public computing services

30. Screened Subnets Subnetworks that are protected by a firewall Each subnet has a particular function within the organization. It's firewall has rules specific for that function.

31. Defense in Depth Architecture of an onion but no odor Every layer has a single point of egress and ingress All layers have a specified configuration Each configuration must be maintained

32. Internal Networks Ingress & egress filtering on every router Internal firewalls to segregate resources Proxy firewalls at certain choke points IDS sensors on each subnet and router

33. Configuration Management Windows boxes are patched at level x Linux boxes are running kernel.x.x.x. Anti-virus, spyware updated daily Accepted acceptable use policy Remote access protected and source is hardened

34. Audit Check configuration periodically Enforce the configuration policy Issue final audit report Follow up on recommendations

35. Hardened Hosts Every host both remote and local must be hardened in accordance with policy – Personal firewalls – Anti-virus protection – OS hardening

36. Host Hardening Local attacks Network attacks Application attacks

37. Hardening against Local Attacks Restrict administrative utilities Levels of administrative privileges File permissions Derive from policies Users and groups Derive from policies Strict adherence Log everything that is important and that will be analyzed

38. Hardening against Network Attacks Eliminate unnecessary accounts Enforce strong password policy Disable all unnecessary network services Disable resource sharing Disable remote access services SNMP

39. Hardening against Application Attacks Controlling access of applications Application passwords Patch everything always