Computer Science CSC 574 Computer and Network Security Dr. Peng Ning Computer Science CSC 574 By Dr. Peng Ning 2 About Instructor • Dr. Peng Ning, Associate Professor of Computer Science – http://www.csc.ncsu.edu/faculty/ning – [email protected] – (919) 513-4457 – Office: Room 3258, Engineering Building II, centennial campus – Office hours • Wednesdays 3:45pm – 5:00pm, or • by appointment Computer Science About TA • Attila Yavuz – [email protected] • Office hours – Location • Room 3240, EB II – Time • Wednesdays: 15:30 - 17:30 • Fridays: 11:30 - 13:30 CSC 574 By Dr. Peng Ning 3 Computer Science CSC 574 By Dr. Peng Ning 4 Course Objectives • Understanding of basic issues, concepts, principles, and mechanisms in network security. – Basic security concepts – Cryptography – Authentication – Access control – IPsec and Internet key management – SSL/TLS – Firewall • Be able to determine appropriate mechanisms for protecting networked systems. Computer Science CSC 574 By Dr. Peng Ning 5 Course Outline • Basic Security Concepts – Confidentiality, integrity, availability – Security policies, security mechanisms, assurance • Cryptography – Basic number theory – Secret key cryptosystems – Public key cryptosystems – Hash function – Key management Computer Science CSC 574 By Dr. Peng Ning 6 Course Outline (Cont’d) • Identification and Authentication – Basic concepts of identification and authentication – User authentication – Authentication protocols • Access Control – Basic concepts of access control – Discretionary access control and mandatory access control – Lattice-based Models – Role based Access ControlComputer Science CSC 574 By Dr. Peng Ning 7 Course Outline (Cont’d) • Network and Distributed Systems Security – Public Key Infrastructure (PKI) – Kerberos – IPsec – IPsec key management – SSL/TLS – Firewalls Computer Science Course Outline (Cont’d) • Miscellaneous topics – Evaluation of secure information systems – Database security – Malicious software – Security management CSC 574 By Dr. Peng Ning 8 Computer Science CSC 574 By Dr. Peng Ning 9 Projects • Research projects: – TBD • Lab: Tentative list – TCP/UDP Attacks – DNS Pharming Attacks – Cross-site Scripting Attacks • Mechanism – Virtual Computing Lab (VCL) • You are expected to explore issues beyond what’s included in lectures by yourselves • By taking this course, you agree you will not misuse tools obtained in the labs Computer Science CSC 574 10 What’s Left Out? • Hacking • System configuration, O.S. internals • Political, legal, regulatory • Financial, economics • Social, psychological, human factors • Morals, ethics • Operational, business procedures, logistics By Dr. Peng Ning Computer Science CSC 574 By Dr. Peng Ning 11 Prerequisites • Programming experience in C/C++ or JAVA is required • Knowledge in data communication and networking – CSC 401 – CSC 570 Computer Science CSC 574 By Dr. Peng Ning 12 Textbook • Required textbook – Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd Edition, Prentice Hall, ISBN: 0-13-046019-2.Computer Science CSC 574 By Dr. Peng Ning 13 On-line Resources • WWW page: http://courses.ncsu.edu/csc574/lec/001 – For course materials, e.g., lecture slides, homework files, papers, tools, etc. – Will be updated frequently. So check frequently. • Message board: http://courses.ncsu.edu/csc574 – For discussions, Q&As. Computer Science CSC 574 By Dr. Peng Ning 14 Grading • Assignments 15%; projects and labs: 10%; midterm: 35%; final: 35%; class participation: 5%. • The final grades are computed according to the following rules: – A+: >= 95%; A: >= 90% and < 95%; A-: >= 85% and < 90%; – B+: >= 80% and < 85%; B: >= 75% and < 80%; – B-: >= 70% and < 75%; C+: >= 66% and < 70%; – C: >= 63% and < 66%; C-: >= 60% and < 63%; – D+: >= 56% and < 60%; D: >= 53% and < 56%; – D-: >= 50% and < 53%; – F: < 50%. Computer Science CSC 574 By Dr. Peng Ning 15 Policies on incomplete grades and late assignments • Homework and project deadlines will be hard. • Late homework will be accepted with a 10% reduction in grade for each class period they are late by. • Once a homework assignment is discussed in class, submissions will no longer be accepted. Computer Science CSC 574 By Dr. Peng Ning 16 Policies on Absences and Scheduling Makeup Work • You may be excused from an exam only with a university approved condition, with proof. For example, if you cannot take an exam because of a sickness, we will need a doctor's note. • Events such as going on a business trip or attending a brother's wedding are not an acceptable excuse for not taking an exam at its scheduled time and place. • You will have one chance to take a makeup exam if your absence is excused. There will be no makeup for homework assignments. Computer Science CSC 574 By Dr. Peng Ning 17 Academic Integrity • The university, college, and department policies against academic dishonesty will be strictly enforced. • You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct, or from the following URL. • http://www.ncsu.edu/policies/student_services/student_discipline/POL11.35.1.php. Computer Science CSC 574 By Dr. Peng Ning 18 NC State Policy on Working with Students with Disabilities • Reasonable accommodations will be made for students with verifiable disabilities. – Please schedule an appointment with the instructor. • In order to take advantage of available accommodations, students must register with Disability Service for Students at 1900 Student Health Center, Campus Box 7509, 515-7653. – http://www.ncsu.edu/provost/offices/affirm_action/dss/ • For more information on NC State’s policy on working with students with disabilities, please see – http://www.ncsu.edu/provost/hat/current/appendix/appen_k.html.Computer Science CSC 574 By Dr. Peng Ning 19 Check the website for details!