Introduction to Network Security Course

This network security course by Professor Christo Wilson covers fundamental security principles applicable to all systems, designing secure networked systems, understanding attacker mindsets, and respecting ethical boundaries in security research. The course aims to equip students with the ability to attack and exploit systems, apply hardening techniques to secure applications, and think like attackers to anticipate their strategies. Prerequisites include a strong background in systems and networking, familiarity with various programming languages, and proficiency in Linux command line.

• Network Security
• Cybersecurity
• Ethical Hacking
• System Security
• Online Courses

orom Follow

Uploaded on Sep 11, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. CS 4740/6740 Network Security Lecture 1: Logistics (a.k.a. The boring slides)

2. Hello! Welcome to CS 4740/6740 Are you in the right classroom? Who am I? Professor Christo Wilson cbw@ccs.neu.edu West Village H 248 Office Hours: Tuesdays, 10am-12pm 2

3. Anti-Social Media Don t friend me on Facebook It s nothing personal Twitter: @bowlinearl LinkedIn: if you pass the class, you can add me 3

4. Why Take This Course? Target Puts Data Breach Cost at $148 Million Russian Hackers Amass Over a Billion Internet Passwords Lizard Squad Botnet Hijacks Thousands of Home Routers Cowards Attack Sony PlayStation, Microsoft Xbox Networks Heartbleed, Poodle, Shellshock 4

5. Why Take This Course? The Internet has made the world smaller than ever, and greatly enriched humanity It also enables criminals, pranksters, and military organizations to attack Anyone, anywhere From anywhere At any time In milliseconds. As software developers, you will be in the crosshairs And real people will be depending on you 5

6. Goals Learn fundamental security principals that apply to all systems Be able to design networked systems that are robust, resilient, and secure Understand the mindset of attackers and the techniques they use Identify and respect the ethical boundaries of security research and best practices 6

7. At the end of this course You will be able to: Attack and exploit various types of systems and protocols Apply techniques and best practices to harden applications that you design Think like an attacker and anticipate their strategies

8. Prerequisites Strong systems and networking background Assembly language and memory layouts OS design principals The ISO/OSI network stack, BGP, DNS, and HTTP Fluency in many languages C/C++ HTML and Javascript Python or some other scripting language Linux command line proficiency 8

9. Online Resources http://www.ccs.neu.edu/home/cbw/netsec.html Class forum is on Piazza Sign up today! Install their iPhone/Android app When in doubt, post to Piazza Piazza is preferable to email Use #hashtags (#lecture2, #project3, etc.) 9

10. January 13 Introduction, Security Fundamentals January 20 Link Layer and TCP/IP January 27 Authentication February 3 Naming and Routing February 10 Network and Transport Layer Security February 17 Assembly Review, Memory (Un)safety February 24 Midterm March 3 ASLR, Non-Executable Data, CFI March 10 Spring Break! March 17 Web Platforms, Basic Attacks March 24 HTML5, CSP, CORS, Extensions, Browser Separation March 31 Mobile Platform Security April 7 Anonymity April 14 The Cybercrime Underground April 21 Final Exam 10

11. Teaching Style 3 hour lectures Breaks every hour In class demonstrations (bring your laptops!) I have been working with systems for a long time Things make sense to me may not make sense to you I talk fast if nobody stops me Solution: ask questions! Seriously, ask questions Standing up here in silence is very awkward I will stand here until you answer my questions Please help me learn your names :) 11

12. No Textbook This course does not have a textbook However, I will be providing links to online review materials and academic papers as we go along 12

13. Workload Projects (4) 13% each Quizzes 5% Midterm 15% Final 23% Participation 5% 13

14. Projects This course is project-centric You will be building an operating system Start early! Seriously, start early! 4 projects Due at 11:59:59pm on specified date Use turn-in scripts to submit your code, documentation, etc. Working code is paramount 14

15. Project Groups Projects will be completed in groups of two You may choose your own partners You may switch partners between projects Do not complain to me about your lazy partner Hey, you picked them Can t find a partner? Post a message on Piazza! 15

16. Late Policy for Projects Each student is given 4 slip days May be used to extend project deadlines Example: 1 project extended by 4 days Example: 2 projects each extended by 2 days You don t need to ask me, just turn-in stuff late All group members must have unused slip days i.e. if one member has zero slip days left, the whole group is late Assignments are due at 11:59:59, no exceptions 20% off per day late 1 second late = 1 hour late = 1 day late 16

17. Quizzes 10-15 minute, in-class quizzes Will cover material from the previous weeks lecture We will go over the answers immediately If you miss a quiz, there is no makeup 17

18. Exams Midterm and Final 3 hours each The final will be cumulative All exams are: Closed book, closed notes, leave the laptop at home If I see a smartphone, I will take it and sell it on ebay 18

19. Participation This is high-level course I m not taking attendance I don t care if you skip lecture However, 5% of your grade is participation Be active on Piazza Ask questions in lecture Answer questions that I ask in lecture Ideally, I want to know everyone s name by the end of the semester 19

20. Grade Changes Each student is given 2 challenges to use as they see fit Challenges can be spent asking for regrades If you think there has been a grading error, come to my office hours If the grade is incorrect, you keep your challenge If the grade is correct, you lose your challenge When your challenges are exhausted, you cannot ask for regrades 20

21. Grade Changes (Continued) Challenges may be used for: Projects, quizzes, and tests Challenges may not be used for: Late assignments, use of slip days If you want to challenge a project grade, all group members must have an available challenge Your challenge succeeds or fails as a group 21

22. Cheating Do not do it Seriously, don t make me say it again Cheating is an automatic zero Will be referred to OSCCR for discipline and possible expulsion For projects: code must be original, written by you and your groupmates only Starter code obviously doesn t count StackOverflow/Quora/Github are not your friends If you have questions about an online resource, ask us 22

23. More on Cheating I take cheating very seriously Every semester, I catch at least two people cheating in my class These people end up failing the course Many have to defer graduation or co-op DO NOT CHEAT If you have any questions, at any time, please ask me 23

24. Final Grades At the end of the semester, all of your grades will sum to 100 points Quizzes/Exams Projects Participation 13 + 13 + 13 + 13 + 5 + 15 + 23 + 5 = 100 Final grades are based on a simple scale: A >92, A- 90-92, B+ 87-89, B 83-86, B- 80-82, I don t curve grades All grades are rounded up 24

25. Ethics We will talk much more about ethics and security later For now, follow these simple rules 1. Only develop and launch attacks against systems setup by us or yourself 2. Do not launch attacks against anyone else Attacking computers is a serious crime, punishable by huge fines and/or jail time 25

26. QUESTIONS? 26