1 / 28

CS492: Cybersecurity

CS492: Cybersecurity. Time: 3:00 - 4:15pm Location: E T 146 Fall 2019. Who are we. Instructor Tu N. Nguyen, Ph.D. Assistant Professor Department of Computer Science Purdue University, Fort Wayne Office: ETCS 215N Phone: ( 260) 481-6343 Email: nguyent@pfw.edu

poper
Download Presentation

CS492: Cybersecurity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS492: Cybersecurity Time: 3:00 - 4:15pm Location: ET 146 Fall 2019

  2. Who are we Instructor Tu N. Nguyen, Ph.D. Assistant Professor Department of Computer Science Purdue University, Fort Wayne Office: ETCS 215N Phone: (260) 481-6343 Email: nguyent@pfw.edu URL: https://users.pfw.edu/nguyent/

  3. Who are we Teaching assistant Still looking for?

  4. What we are doing here?

  5. Is it safe to click on a link from e.g., an email or Instant Messenger, even you know (and trust) the domain? http://cs.pfw.edu.purdue.edu.ipfw.google.cse.nguyen.com/492

  6. Scenario: free mobile apps Get your favorite mobile apps for free, be shown annoying ads in return Mobile apps collect a massive amount of personal data — your location, your online history, your contacts, your schedule, your identity and more. And all that data is instantly shared with mobile advertising networks Source: https://techcrunch.com/2017/02/11/attack-of-the-apps/

  7. Example: Privacy on the Web Privacy Leakage Searched flights to Chicago Next day Trackers Mobile Code (Third-party JavaScript)

  8. An Attack Example on reuters.com • When the users click on the link for the news 8

  9. An Attack on reuters.com • It redirects the site to the attacker’s site The Reuters server was not compromised but attacks happened by code injection via a compromised third-party ad network. 9

  10. Software Security versus Network (Cyber) Security • Program • Process Data(Structured Program Internals) • Input • Output • Network Security • Network Security • Software Security • Call-out to • other programs • (also consider • input & output issues)

  11. Common Software Vulnerabilities

  12. Forrester:The State Of Application Security, 2018

  13. What is CS492 about? • Network security • DNS security • Packet Analysis • Wireshark • Database security • SQL Injection Attack • SQL Injection Defense • System security • Linux configuration • Linux firewall • Web application security • Web Technology Architecture • Review: OWASP Top Ten • Broken Authentication and Session Management • Cross-site Scripting (XSS) attack • Session Hijacking • CSRF attack • Software security • Race Condition • Java security, Stack inspection & access control • JavaScript Security • Shellcode

  14. Prerequisites • CS364 (Intro. to Database Sys.) & CS274(Data comm.) • Advance programming skills • It is recommended that students have previously studied a course in • Programming languages • Database Systems • Networking • Talk to me if you concern about these

  15. Course material • No required textbook for this course • Reading lists for next class will be posted after each lecture • Lecture notes recommended

  16. Lecture note • Lecture notes will be posted on the class website • Lecture notes provide you an “outline” of the key concepts and materials we will cover in lectures • will be posted before class, so please read them before the class if possible! • If you want hardcopy, you must print your own. This includes class notes and assignment specifications. • may be updated slightly after lectures

  17. Class information • Class website: https://users.pfw.edu/nguyent/teaching/fall19/cs492/ • Class Blackboard (for submission, etc) • Announcement Page • Check the web page periodically • Tentative schedule (the schedule is subject to change 24 hours in advance with an announcement). • Will be updated via website: https://users.pfw.edu/nguyent/teaching/fall19/cs492/ • Help Hot Line: nguyent@pfw.edu

  18. Course Requirements • Do assigned readings • Be prepared, read textbook/lecture notes before class • Attend and participate in class activities • Please ask and answer questions in (and out of) class! • Let’s try to make the class interactive and fun! • Workload • 6 labs • 3 exams • Grade not based on curve: • Everybody can get a A if you work for it!

  19. Labs • In class, individual • Prepare as homework before the labs • Bring your laptop to the lab sessions to get help and to demo • Should be completed within lab sessions. You need to capture the screenshots for the report during the lab • Write lab report (with screenshots from your experiments) and submit to Blackboard by the deadline

  20. Labs • Lab 1: Wireshark • Lab 2: Data races • Lab 3: AspectJ Programming and Java Reserve Engineering • Lab 4: Web Application Programming with PHP and mySQL • Lab 5: Broken Authentication and Session Management • Lab 6: From XSS to CSRF Attack

  21. Assesements • 10% of participation • 30% of lab assignments • 40% of midterm exam • 20% of final exam • NOTE: in order to pass the course, you must: • Submit at least three homework assignments receiving a D or better • Complete all three examinations

  22. (Reference) Final Letter Grade Criteria • [90 - 100] A • [75 - 89.9) B • [65% - 74.9) C • [55 – 64.9) D • [0 – 54.9) F Everyone can get A If you work on it! Grades are to help you check how much you have learned, where your weaknesses lie. No competition among members of the class! Everybody have a chance to get A if you work for it Depends on the situations/progress, extra credit would be available

  23. Policies and Guidelines • Penalty on late homework/projects: • Please start working on your hw & programming assignments early and hand them in on time! • Penalty: one day late 10% deduction. No credit if more than three-days late unless prior arrangements are made. • Incomplete: not granted, unless • proof of emergency, “agreement for incomplete” form

  24. Important Dates (Tentative)

  25. Homework due by next class - Virtual Machine Setup You need to set up a virtual machine on your laptop to perform labs/assignments. Follow the below steps to prepare the VM: 1. Download and install VirtualBox (5.2 is the current version) on your laptop from https://www.virtualbox.org/ (if you have not installed before). 2. Download a virtual machine Ubuntu 16.04 image, file SEEDUbuntu16.04.zip from this website: http://www.cis.syr.edu/~wedu/seed/lab_env.html . Direct link to download the file: http://bit.ly/SEEDUbuntu (You need to download this new version even you have version 12.04 installed)

  26. Homework due by next class - Virtual Machine Setup 3. Unzip the zip file, and load to VirtualBox. Follow the instructions here: http://www.cis.syr.edu/~wedu/seed/Labs_16.04/Documents/SEEDVM_VirtualBoxManual.pdf 4. After step 3, you are ready to run the virtual machine, see the instruction here for login information: http://www.cis.syr.edu/~wedu/seed/Documentation/Ubuntu16_04_VM/Ubuntu16_04_VM_Manual.pdf

  27. Next class • Review • Computer Security • Network Programming • Tutorial for Virtual Machine Setup

  28. Labs and Assignments Preparation • Install the VirtualBox software to your computer (https://www.virtualbox.org/wiki/Downloads ) • Create a virtual machine (VM) for Linux • Setup an Ubuntu virtual machine • Detailed tutorial will be posted

More Related