Welcome to EECS 354Network Penetration and

Security

Why Computer Security• The past decade has seen an explosion in the

concern for the security of information

– Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003, and will grow to over $75 billion by 2007

• Jobs and salaries for technology professionals have lessened in recent years. BUT …

• Security specialists markets are expanding !

– “ Full-time information security professionals will rise almost 14% per year around the world, going past 2.1 million in 2008” (IDC report)

Why Computer Security (cont’d)

• Internet attacks are increasing in frequency, severity and sophistication

• Denial of service (DoS) attacks

– Cost $1.2 billion in 2000

– 1999 CSI/FBI survey 32% of respondents detected DoS attacks directed to their systems

– Thousands of attacks per week in 2001

– Yahoo, Amazon, eBay, Microsoft, White House, etc., attacked

Why Computer Security (cont’d)• Virus and worms faster and powerful

– Melissa, Nimda, Code Red, Code Red II, Slammer …

– Cause over $28 billion in economic losses in 2003, growing to over $75 billion in economic losses by 2007.

– Code Red (2001): 13 hours infected >360K machines - $2.4 billion loss

– Slammer (2003): 10 minutes infected > 75K machines - $1 billion loss

• Spams, phishing …

• New Internet security landscape emerging: BOTNETS !

The Spread of Sapphire/Slammer Worms

Logistics• Instructors

Sam Mc

Yan Chen (ychen@cs.northwestern.edu),

• TA

TBD

Why Learn to Hack• If you can break into computer systems,

then you can defend computer systems.

– The fundamental idea is to learn how to think as an attacker.

– Defense then becomes second-nature.

• “The devil is in the details.”

– Only by understanding low-level details of vulnerabilities and attacks is it possible to avoid the introduction of similar flaws and to design effective protection mechanisms.

Logistics• Instructors

Sam McIngvale (CS alumni)

Jim Spadaro (undergrad)

Whitney Young (to be CS alumni)

Yan Chen

• TA

TBD

• This course will emphasize the practical security techniques rather than the theory

– Complementary to EECS 350 “Intro to Computer Security” and EECS 450 “Internet Security” research course

• Satisfy the project course requirement for undergrads

• Security has become one of the depth areas for CS major requirements

• Satisfy the breadth requirement for system Ph.D. students

Course Overview

Course Objective• Be able to identify basic vulnerabilities in

software systems and design corresponding protection mechanisms

• Be able to use some important and popular security tools for network/system vulnerability discovery and risk assessment

• Be able to use configure a computer/network with current security software, e.g., firewalls, intrusion detection systems (IDS)

• Compete in the international Capture the Flag competition

• Shellcode

• Buffer Overflows, Heap Overflows

• Format Strings

• Web Attacks

– SQL injection and Shell attacks

– Cross Site Scripting (XXS)

• Using Metasploit for Penetration

• Firewalls and IDSs

• Wireshark and Finding Illegal Users

– Looking at tcpdump data with Wireshark

Course Contents

Course Contents (cont’d)• Reverse Engineering

– Reverse engineering compiled code

– Reverse engineering byetcode

• Windows Hacking

– Differences between Windows and Linux

– Example Windows vulnerabilities

Prerequisites and Course Materials

• Required: EECS 213 or (ECE 205 and 231) or any equivalent operating systems introductory courses

• Highly Recommended: networking (EECS 340) and OS (EECS 343) or having some familiarity with Unix systems programming

• No textbooks – all readings will come from handouts

Grading• No exams for this class.

• Participation in CTF and Practice Competitions is mandatory

– Date: December

• Participation 25%

– RTFM classes are very interactive. Students should come to class prepared and ready to participate.

• Homework 30%

– Students will be expected to complete weekly hacking assignments.

• Competition 20%

• Group Project 25%

Communication

• Slides will be made online prior to each class

• Web page:

http://cal.cs.northwestern.edu/nuctf

• Newsgroup on Google Groups: Network Penetration and Security