Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome to EECS 354 Network Penetration and Security.

Similar presentations


Presentation on theme: "Welcome to EECS 354 Network Penetration and Security."— Presentation transcript:

1 Welcome to EECS 354 Network Penetration and Security

2 Why Computer Security The past decade has seen an explosion in the concern for the security of information –Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003, and will grow to over $75 billion by 2007 Jobs and salaries for technology professionals have lessened in recent years. BUT … Security specialists markets are expanding ! –“ Full-time information security professionals will rise almost 14% per year around the world, going past 2.1 million in 2008” (IDC report)

3 Why Computer Security (cont’d) Internet attacks are increasing in frequency, severity and sophistication Denial of service (DoS) attacks –Cost $1.2 billion in 2000 –1999 CSI/FBI survey 32% of respondents detected DoS attacks directed to their systems –Thousands of attacks per week in 2001 –Yahoo, Amazon, eBay, Microsoft, White House, etc., attacked

4 Why Computer Security (cont’d) Virus and worms faster and powerful –Melissa, Nimda, Code Red, Code Red II, Slammer … –Cause over $28 billion in economic losses in 2003, growing to over $75 billion in economic losses by 2007. –Code Red (2001): 13 hours infected >360K machines - $2.4 billion loss –Slammer (2003): 10 minutes infected > 75K machines - $1 billion loss Spams, phishing … New Internet security landscape emerging: BOTNETS !

5 The Spread of Sapphire/Slammer Worms

6 Logistics Instructors Sam Mc Yan Chen (ychen@cs.northwestern.edu),ychen@cs.northwestern.edu TA TBD

7 Why Learn to Hack If you can break into computer systems, then you can defend computer systems. –The fundamental idea is to learn how to think as an attacker. –Defense then becomes second-nature. “The devil is in the details.” –Only by understanding low-level details of vulnerabilities and attacks is it possible to avoid the introduction of similar flaws and to design effective protection mechanisms.

8 Logistics Instructors Sam McIngvale (CS alumni) Jim Spadaro (undergrad) Whitney Young (to be CS alumni) Yan Chen TA TBD

9 This course will emphasize the practical security techniques rather than the theory –Complementary to EECS 350 “Intro to Computer Security” and EECS 450 “Internet Security” research course Satisfy the project course requirement for undergrads Security has become one of the depth areas for CS major requirements Satisfy the breadth requirement for system Ph.D. students Course Overview

10 Course Objective Be able to identify basic vulnerabilities in software systems and design corresponding protection mechanisms Be able to use some important and popular security tools for network/system vulnerability discovery and risk assessment Be able to use configure a computer/network with current security software, e.g., firewalls, intrusion detection systems (IDS) Compete in the international Capture the Flag competition

11 Shellcode Buffer Overflows, Heap Overflows Format Strings Web Attacks –SQL injection and Shell attacks –Cross Site Scripting (XXS) Using Metasploit for Penetration Firewalls and IDSs Wireshark and Finding Illegal Users –Looking at tcpdump data with Wireshark Course Contents

12 Course Contents (cont’d) Reverse Engineering –Reverse engineering compiled code –Reverse engineering byetcode Windows Hacking –Differences between Windows and Linux –Example Windows vulnerabilities

13 Prerequisites and Course Materials Required: EECS 213 or (ECE 205 and 231) or any equivalent operating systems introductory courses Highly Recommended: networking (EECS 340) and OS (EECS 343) or having some familiarity with Unix systems programming No textbooks – all readings will come from handouts

14 Grading No exams for this class. Participation in CTF and Practice Competitions is mandatory –Date: December Participation 25% –RTFM classes are very interactive. Students should come to class prepared and ready to participate. Homework 30% –Students will be expected to complete weekly hacking assignments. Competition 20% Group Project 25%

15 Communication Slides will be made online prior to each class Web page: http://cal.cs.northwestern.edu/nuctf Newsgroup on Google Groups: Network Penetration and Security


Download ppt "Welcome to EECS 354 Network Penetration and Security."

Similar presentations


Ads by Google