EECS 354 Network Security Introduction
Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how to think like an attacker Defense then becomes second-nature Security is an increasingly important field There are many jobs for security specialists Developers are expected to be aware of security concerns
3 Why Internet Security >The past decade has seen an explosion in concern about information security G-20 countries recently urged to treat cyber-attacks as threat to global economy. G20 have lost 2.5 million jobs to counterfeiting and piracy, and lost $125 billion annually to cyber-attacks. > Security specialist markets are expanding! “Salary Premiums for Security Certifications Increasing” (Computerworld 2007) Up to 15% more salary Demand is being driven not only by compliance and government regulation, but also by customers who are "demanding more security" from companies >US Struggles to recruit compute security experts (Washington Post Dec )
Overview Exploit demo Course information VM logistics x86 stack structure What are exploits? Why we use Linux
Course Overview Atypical structure This course is based on group learning and experience Originally developed in 2007 by two undergrad students Have experienced undergrads as co-instructors with oversight by the professor Material tweaked and improved with each iteration Big overhaul by Andrew Kahn in 2014 The class will follow a theory and practice model We will introduce the basic theory for fundamental hacking techniques, then carry out these techniques in controlled environments
Course Objectives No mandatory CTF this year Motivated students are encouraged to field a team in the iCTF Practical knowledge of computer security Theory Attack Defense
Prerequisites and Materials Required EECS 213 or ECE 205 and 231 Networking (EECS 340) Highly Recommended Operating Systems (EECS 343) Familiarity with the UNIX environment Textbooks Network Security - Private Communication in a Public World, by Charlie Kaufman, Radia Perlman and Mike Speciner, 2nd Edition, Prentice Hall, Cryptography and Network Security, by William Stallings, 6th Edition, Prentice Hall, 2013.
Communication Slides will be made online prior to each class Web page: Newsgroup: IRC: #NorthwesternNetsec on irc.ubuntu.com
Grading There will be a short written final for this class at the scheduled exam time. Participation and Labs 25% Homework and projects 40% Final 35%
Overview Exploit demo Course information VM logistics x86 stack structure What are exploits? Why we use Linux
Class Virtual Machines Everyone has an account on hamsa.cs.northwestern.edu For testing buffer overflows, etc, use netsec- playground because it does not have modern stack protections You do not have a login for the other VMs: netsec-projects and netsec-demos
Overview Exploit demo Course information VM logistics x86 stack structure What are exploits? Why we use Linux
Linux Memory Layout Stack Runtime stack Heap Dynamically allocated storage When call malloc, calloc, new DLLs Dynamically Linked Libraries Library routines (e.g., printf, malloc) Linked into object code when first executed Data Statically allocated data E.g., arrays & strings declared in code Text Executable machine instructions Read-only Stack Heap DLLs Heap Data Text FF00
Linux Memory Allocation Stack Data Text Initially Stack DLLs Data Text Linked Stack Heap DLLs Data Text Some Heap Stack Heap DLLs Heap Data Text More Heap
Overview Exploit demo Course information VM logistics x86 stack structure What are exploits? Why we use Linux
Exploits vs. Vulnerabilities Vulnerability: design flaws enable the bad inputs lead the program to a bad state An exploit is any computer input that takes advantage of a vulnerability to cause unintended behavior, usually to gain control of a computer system (Wikipedia) We will craft custom exploits to remotely gain control of computer systems Creators of exploits vs. creators of vulnerabilities # of exploits vs. # of vulnerabilities
Overview Exploit demo Course information VM logistics x86 stack structure What are exploits? Why we use Linux
Linux Learning to hack on MS Windows is like trying to learn how to dance in a body cast anonymous Linux offers low-level access to OS services as well as a powerful command-line By the end of this class everyone will be very comfortable working and hacking in a Linux environment
Linux Must know Basic Linux commands (see Lab 1) Command line text editor(s) Valuable Linux filesystem (/etc, /usr, etc.) Downloading source code, compiling, and installing Come to office hours or ask on IRC for Linux help