Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Computer Security II

Published byFelicity Hill Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to Computer Security II"— Presentation transcript:

1 Introduction to Computer Security II
January 2019 Introduction to Computer Security II COMP0055 Emiliano De Cristofaro

2 Welcome Format Assessment Office Hours
10x2h lectures per week (Thursday 10-noon, Roberts G08) Week 1-5, 7-11 (week 6 is “reading week”) 10x2h lab sessions (Wednesdays 15-17, MPEB 1.21) with TAs (Srdjan & David) Useful to both learn new skills and work on the coursework Two shifts, every other week, A-L / M-Z Assessment 70% closed-book exam (2.5 hours) 30% coursework, 3 practical assignments: Network security (8 points), Web security (10 points), Software security (12 points) Office Hours Thursdays , MPEB 6.04 Moodle enrolment key: imahacker!

3 Course Aim From syllabus: In other words:
“Providing an advanced understanding of network and computer security vulnerabilities and countermeasures in real-world systems.” In other words: Gain a deep understanding of protocol/software vulnerabilities, and learn how to exploit/fix them Only by “getting your hands dirty” you can become a security expert

4 Think as an attacker One can't secure a system without being aware of ways to break it... “You can’t make something secure if you don’t know how to break it.” (Marc Weber Tobias) Schneier’s “Law”: “Any person can invent a security system so clever that he or she can't imagine a way of breaking it.” Caveat emptor! The only reason we will be learning about attack techniques is to build better defenses That is, don’t use this knowledge to perform attacks!!!

5 The importance of exploiting vulnerabilities
In class, we can only teach you how vulnerabilities work in theory Only by exploiting vulnerabilities in practice you will really understand them and learn how to prevent them For each coursework assignment, we will indicate the questions that you need to answer correctly to pass the coursework, but to become a complete security expert you should spend considerable time completing even the most difficult exercises – you will have 2-4 weeks to complete the assignments - Start early!

6 Ethics & Law Malicious hacking/cracking is illegal
Discussing vulnerabilities/how they are exploited is useful E.g., for education, awareness, … Full disclosure policy The information about vulnerability has been already distributed to parties that may provide a solution to the problem (e.g., vendors) See: Responsible vulnerability disclosure process (IETF Internet Draft) Preventing similar mistakes from being repeated

7 Academic Conduct High standard expected in academic conduct:
Regulations on how to avoid plagiarism Reference and credit sources appropriately High standard expected in professional conduct: Computer Misuse and Data Protection Procedures for research with human subjects Responsible research and disclosure procedures Compliance and risk based assessments

8 Tentative List of Topics
Denial of service MiTM/Spoofing Network Security Wireless Security SQL, CSRF, XSS, Clickjacking Android security Windows security Race Conditions Malware Memory corruption Buffer overflows Intrusion/Anomaly Detection Firewalls

9 Textbooks Pfleeger and Pfleeger. “Analyzing Computer Security: A Threat/Vulnerability/Countermeasure Approach” Dieter Gollmann. “Computer Security” Ross Anderson. “Security Engineering” Kaufman, Perlman, Speciner. “Network Security” Koziol, et al. “The Shellcoder’s Handbook” Mitnick. “The Art of Intrusion” Stallings. “Cryptography and Network Security”

Download ppt "Introduction to Computer Security II"

Similar presentations

Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
1 Computer Engineering Department Islamic University of Gaza ECOM 5347 Network Security Undergraduate Course Fall 2014-2015 Prof. Mohammad A. Mikki Room.

1 Computer Engineering Department Islamic University of Gaza ECOM 5347 Network Security Undergraduate Course Fall Prof. Mohammad A. Mikki Room.
Security Systems Theory UG2 Module Introduction Themes 1. Top down design of security systems – security technologies as 'black boxes'. 2. Internal design.

Security Systems Theory UG2 Module Introduction Themes 1. Top down design of security systems – security technologies as 'black boxes'. 2. Internal design.
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010.

CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010.
Welcome to EECS 354 Network Penetration and Security.

Welcome to EECS 354 Network Penetration and Security.
MIS 4600 Ethical Hacking & Network Defense January 12, 2010 Abdou Illia, Ph.D

MIS 4600 Ethical Hacking & Network Defense January 12, 2010 Abdou Illia, Ph.D
CIS700: Hardware Support for Security Professor Milo Martin

CIS700: Hardware Support for Security Professor Milo Martin
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
ECS15: Introduction to Computers Fall 2013 Patrice Koehl

ECS15: Introduction to Computers Fall 2013 Patrice Koehl
EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.

EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.
G53SEC Computer Security Introduction to G53SEC 1.

G53SEC Computer Security Introduction to G53SEC 1.
1 CDA6938 Special Topic: Research in Computer and Network Security (spring’07) Class Overview.

1 CDA6938 Special Topic: Research in Computer and Network Security (spring’07) Class Overview.
Introduction to Network Security J. H. Wang Feb. 24, 2011.

Introduction to Network Security J. H. Wang Feb. 24, 2011.
Computer & Network Security

Computer & Network Security
CSCE 727 Information Warfare

CSCE 727 Information Warfare
Network Security CS 495 2 nd Term 2008-2009 Course Syllabus Cairo University Faculty of Computers and Information.

Network Security CS nd Term Course Syllabus Cairo University Faculty of Computers and Information.
CSCD 434 Network Security Spring 2014 Lecture 1 Course Overview.

CSCD 434 Network Security Spring 2014 Lecture 1 Course Overview.
Introduction University of Sunderland CIT304 Harry R Erwin, PhD.

Introduction University of Sunderland CIT304 Harry R Erwin, PhD.
Introduction University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD.

Introduction University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD.

Similar presentations

Ads by Google