Computer & Network Security Course Overview
Overview What is Security Properties of Security Major Topics in Security Next Page
What is security? In information technology, security is the protection of information assets through the use of technology, processes, and training. Security is about Honest user (e.g., David, Jenny, Greg, …) Dishonest Attacker How the Attacker Disrupts honest David’s use of the system (Integrity, Availability) Learns information intended for David only (Confidentiality) Information Technology Professionals must protect users from these attackers. Next Page
Properties of Security Confidentiality Information about system or its users cannot be learned by an attacker Integrity The system continues to operate properly, only reaching states that would occur if there were no attacker Availability Actions by an attacker do not prevent users from having access to use of the system Next Page
Click on a topic (above) to view content Major Topics Application and OS Security Web Security Network Security Computer Click on a topic (above) to view content Additional Reading i
Application and OS Security Main Problem OS Attacker Controls malicious files and applications Content Vulnerabilities: control hijacking attacks, fuzzing Prevention: System design, robust coding, isolation Project Buffer overflow project Next Page
Operating system vulnerabilities Next Page
Application and OS Security Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Implications for the IT Professional: Security measures built into applications Sound application security routine Use of hardware or software firewalls Return to Home Additional Reading i
Web Security Main Problem Content Project Web Attacker sets up malicious site visited by victim; no control of network Content Browser policies, session mgmt, user authentication HTTPS and web application security Project Web site attack and defenses project Next Page
Web vs. System vulnerabilities Return to Home Additional Reading i
Web Security Web security is the separation or control of threats from assets within or maintained by web-based services to protect the integrity of the service, the confidentiality of the communication, and the availability of the application. Implications for the IT professional: Security measures built into the applications Sound application security routine Use of hardware or software firewalls Security measures built into the web service
Network Security Main Problem: Content: Project: Network Attacker: Intercepts and controls network communication Content: Protocol designs, vulnerabilities, prevention Malware, botnets, DDoS, network security testing Project: Network traceroute and packet filtering project Next Page
Network Vulnerability Points Return to Home Additional Reading i
Network Security Network security is the protection of a computer network and its services from unauthorized modification, destruction, or disclosure. Implications for IT professionals: Security measures built into the network hardware and design Control the flow to data in a network Sound application security routine Use of hardware or software firewalls Security measures built into the web service
Computer Security Main Idea Content Project Hacker gains controls of a computer, installs malicious files, applications and access computer files. Content Cryptography (user perspective) digital rights management Project Seminar Next Page
Symantec Documented Vulnerability Stats Return to Home Additional Reading i
Computer Security Implications for IT professionals: Computer security is the process of preventing and detecting unauthorized use of your computer. The content of a computer is vulnerable to few risks unless the computer is connected to other computers on a network Implications for IT professionals: Use of applications such as antivirus, and firewalls Security settings on local machines Use of software firewalls Create boot disks and backup data on a regular basis
Visit these websites for more information: How Hackers Look for Bugs… http://crypto.stanford.edu/cs155/syllabus.html Return to Home End Show