Security Tutorial 09
-
Upload
tambaki-edmond -
Category
Documents
-
view
215 -
download
0
Transcript of Security Tutorial 09
-
8/14/2019 Security Tutorial 09
1/2
Tutorial Proposal
Information Security: From Theory to Practice
Fadi A. Aloul
Department of Computer Engineering
American University in Sharjah, U.A.E.
http://www.aloul.net
Abstract
Today's enterprises are increasingly experiencing vigorous attacks from internal and external sources. The
tutorial will tackle the important issue of securing one's information assets. It will cover the concepts that
help enterprises today secure their infrastructure around the world. These concepts will be mapped to real
world applications and techniques that are being used by security consultants day in day out. Thus, giving amix of theory and practice of the cutting edge technologies and standards of information security.
Expected Background of Participants
Students (undergraduate and graduate), researchers, and faculty in Computer Science and Engineering.
IT Professionals, network and security engineers.
Tentative Outline of the Tutorial
1. Gaining insights on hacking methodology
Importance of information security
Knowing the attacks, attackers, and victims Recognize hackers and understand their reasons for hacking
2. Tackling identity accessmanagement issues
Information security: confidentiality, integrity, and availability
Operational model of computer security: protection = prevention, detection, and response
Authentication methods
Limitation of user ID's and passwords
Overview of biometrics technology
The importance of physical security
Learn how social engineering can be used as a means to gain access to computers and networks.
Phishing and the threat to online applications
3. Identifying best uses ofcryptography Basic cryptography methods
Hashing
Single key encryption
Public key encryption
MD5 file integrity
Data protection using full disk encryption
Public key infrastructure (PKI)
-
8/14/2019 Security Tutorial 09
2/2
2
4. Building a secure communication network
Layered protection using demilitarized zones (DMZ)
Malicious software: Viruses, Worms, Trojan Horse, Logic Bombs, Spyware, etc.
Denial of service (DOS) attacks
Securing the network using intrusion detection systems (IDS) and firewalls
Honeypots
5. Securing your wireless network
Wireless architecture, design, and standards
Detecting wireless networks (Antennas, wireless cards, war driving)
Attacking wireless networks (Tools, WEP encryption, DOS, sniffing, spoofing, rogue access points)
Securing wireless networks (access point configuration, client filtering, WPA encryption, VPN)
Discuss the AUS wireless security awareness study done in UAE in 2007 and 2008. (Show how to
implement it in other countries.)
* The tutorial will include real life demos.
* The tutorial can be modified to target a specific area instead of being general, based on the
interests of the audience.
Instructor Qualifications
Fadi Aloul is an Assistant Professor of Computer Engineering at the American University of Sharjah, UAE.
He holds an MS and PhD in Computer Science and Engineering from the University of Michigan, Ann
Arbor, USA. His areas of expertise include optimization, design automation, and IT & Network security. He
is one of the leading researchers in surveying security awareness in UAE. He launched the first UAE War
Drive project in 2006.
Dr. Aloul is a recipient of a number of international prestigious fellowships and awards including the Agere/
SRC research fellowship and GANN fellowship. He serves on the technical program committees of several
international conferences and workshops. He has 60+ publications in international journals, conferences,
and workshops. He presented several invited talks and tutorials at various Universities and companies suchas Intel and Microsoft Research. He was also a speaker at many security conferences such as PAKCON,
Middle-East IT Security Conference (MEITSEC), Hackerhalted, ICT Security Summit, E-Commerce Mid-
dle East Summit, and the National Security Summit. He developed several tools that are currently used by
several Fortune 500 companies. He is a seniormember of the Institute of Electrical and Electronics Engi-
neers (IEEE), Associate of Computing Machinery (ACM), and Tau Beta Pi. He is currently serving as the
IEEE GOLD Chair of the UAE Section. His work can be found at http://www.aloul.net.