Courses/Computer Science/CPSC 526.F2015/Lecture Notes

< Courses‎ | Computer Science‎ | CPSC 526.F2015
Revision as of 17:54, 15 September 2015 by Locasto (talk | contribs) (September 10: Important Concepts, Basic Threats and Adversaries)
Jump to: navigation, search

September 8: Intro and Overview

  • Course policies, grading, etc. (Course Outline, Description, Syllabus)
  • Concepts / Organization

With some background in security concepts and principles, we set security challenges and problems into a networked environment. Basic crypto primitives become building blocks of systems whose major focus is authentication and protecting the confidentiality and integrity of communications channels. This major topic is complemented with a variety of security mechanisms that attempt to provide C-I-A in other ways (e.g., firewalls, IDS, authentication systems & standards).

  • Topics (i.e., knowledge & skills I want you to know by the end of the semester)
    • common networking tools
    • bit-level agility (packet crafting)
    • working knowledge of common applied crypto
    • authentication and secure protocols (design and major examples)
    • network security application domains: routing security, web security
    • network security mechanisms: firewalls, IDS, etc.
  • Semester Highlights
    • EDURange
    • ScapyHunt
    • PGP key signing party
    • web application hacking (Google Gruyere)
    • build a VPN
    • build a CA
    • network introspection

Right now:

  • Write your "Question of the Day": this is one question about network security that you want answered by the end of the semester
    • include your real name
    • include a psuedonym if you wish

September 10: Important Concepts, Basic Threats and Adversaries

Today, we will briefly discuss some security concepts and then dive into a reminder and refresher of some basic Unix networking tools. Our goal is to get two computers, Alice and Bob, to exchange traffic.

Questions of the Day:

Results of Poll: out of 25 votes as of 10:15am, 19 people have not taken CPSC 418 or are taking it concurrently. We will dedicate the opening weeks of tutorials to providing a high-level overview of basic crypto concepts and terminology as well as an introduction to some crypto libraries.

September 15: Intro to the Deception Surface: Setting up a Network From Scratch

We will start with a QoD that leads us back to a discussion of basic network security threats and concepts. It also leads us toward the topic of the "deception surface": the collection of protocols and network state that networked computers and application rely on to accomplish their communication -- but these protocols are also, by their very nature, open to manipulation.