Download presentation
Presentation is loading. Please wait.
1
Foundations of Network and Computer Security J J ohn Black CSCI 6268/TLEN 5831, Fall 2004
2
Introduction UC Davis –PhD in 2000 –Cryptography –Interested in broader security as well UNR two years CU Boulder two years Computer and Communications Security Center My teaching style and personality
3
This Class http://www.cs.colorado.edu/~jrblack/class/csci6268/f04/ Use above for all materials –Available from my home page –Available from WebCT as well This is a CAETE course –About 4 distance-learning students Any live students today? –Lectures from WebCT, I think –Lectures on VHS in library in Math bldg
4
Logistics TR, ECCS 1B12, 9:30am – 10:45am Final, Monday Dec. 13 th, 10:30am – 1pm Office Hours –ECOT 627, W 4-4:50pm; R 9:00-10:00am –More as needed –jrblack@cs.colorado.edu (better than dropping by without an appt)
5
Grading See course info sheet –Let’s go over it nowit Course Topics –Why no book? –Cryptography and Network Security Quite a blend of math, hacking, and thinking
6
Topics Policy, Law, History –Today Cryptography (can’t help it) –Not how to make it, but how to use it Hacking –Buffer overruns, WEP attack, TCP session hijacking, DDoS, prevention –Some hands-on, but depends on distance students
7
Class Format Informal –Small class –Ask questions –Class participation counts for 5% of grade –(Not sure what to do with distance folks for this yet.)
8
History Early days of Cryptography Lucifer and DES Export restrictions –40 bit keys! Public Key Cryptography –MI6 had it first?! Differential cryptanalysis –NSA knew first
9
Who is the NSA? National Security Agency –Huge –Fort Meade, MD –More mathematicians than anywhere –Classified budget
10
Laws DMCA –Felten RIAA/SDMI case most famous 2001 SDMI challenge –Many believe it’s the right idea, but a bad law –All reverse-engineering is sketchy CALEA (1994) –Communications Assistance for Law Enforcement Act –Recently ruling says VoIP must provide compliance Still in the courts Patriot Act
11
Case Study Accountant for crime ring –Used PGP Pretty Good Privacy Phil Zimmerman –Feds seized computer Couldn’t read files! –Subpoena for keylogger –Worked like a charm!
12
Policy Government has attempted to control encryption before –Skipjack –Key Escrow –Clipper Chip Ultimately failed due to massive protest from “privacy advocates” –Electronic Frontier Foundation (John Gilmore)
13
Economist Survey Please read it Main points –Security is a MUCH broader topic than just SSL and viruses –Firewalls don’t always work –Economics are a factor –And more...
14
What IS Computer Security? Cryptography –Mostly based in mathematics Network Services –Offense: Overflows, SQL injection, format strings, etc –Defense: Firewalls, IDSes, Sandboxing, Honeypots Software Engineering –You have to find all flaws, they only have to find one Soft Science –Trust Models (Bell-LaPadula, Insider Threat, etc) –Economics, Game Theory –Social Engineering
15
What IS Computer Security? Education –Students become our programmers Insufficient training in security issues Various –Credit Card Scanners Should you trust your CC# on the Internet? –ATM story
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.