8/14/2019 Security Tutorial 09

1/2

Tutorial Proposal

Information Security: From Theory to Practice

Fadi A. Aloul

Department of Computer Engineering

American University in Sharjah, U.A.E.

faloul@aus.edu

http://www.aloul.net

Abstract

Today's enterprises are increasingly experiencing vigorous attacks from internal and external sources. The

tutorial will tackle the important issue of securing one's information assets. It will cover the concepts that

help enterprises today secure their infrastructure around the world. These concepts will be mapped to real

world applications and techniques that are being used by security consultants day in day out. Thus, giving amix of theory and practice of the cutting edge technologies and standards of information security.

Expected Background of Participants

Students (undergraduate and graduate), researchers, and faculty in Computer Science and Engineering.

IT Professionals, network and security engineers.

Tentative Outline of the Tutorial

1. Gaining insights on hacking methodology

Importance of information security

Knowing the attacks, attackers, and victims Recognize hackers and understand their reasons for hacking

2. Tackling identity accessmanagement issues

Information security: confidentiality, integrity, and availability

Operational model of computer security: protection = prevention, detection, and response

Authentication methods

Limitation of user ID's and passwords

Overview of biometrics technology

The importance of physical security

Learn how social engineering can be used as a means to gain access to computers and networks.

Phishing and the threat to online applications

3. Identifying best uses ofcryptography Basic cryptography methods

Hashing

Single key encryption

Public key encryption

MD5 file integrity

Data protection using full disk encryption

Public key infrastructure (PKI)

8/14/2019 Security Tutorial 09

2/2

2

4. Building a secure communication network

Layered protection using demilitarized zones (DMZ)

Malicious software: Viruses, Worms, Trojan Horse, Logic Bombs, Spyware, etc.

Denial of service (DOS) attacks

Securing the network using intrusion detection systems (IDS) and firewalls

Honeypots

5. Securing your wireless network

Wireless architecture, design, and standards

Detecting wireless networks (Antennas, wireless cards, war driving)

Attacking wireless networks (Tools, WEP encryption, DOS, sniffing, spoofing, rogue access points)

Securing wireless networks (access point configuration, client filtering, WPA encryption, VPN)

Discuss the AUS wireless security awareness study done in UAE in 2007 and 2008. (Show how to

implement it in other countries.)

* The tutorial will include real life demos.

* The tutorial can be modified to target a specific area instead of being general, based on the

interests of the audience.

Instructor Qualifications

Fadi Aloul is an Assistant Professor of Computer Engineering at the American University of Sharjah, UAE.

He holds an MS and PhD in Computer Science and Engineering from the University of Michigan, Ann

Arbor, USA. His areas of expertise include optimization, design automation, and IT & Network security. He

is one of the leading researchers in surveying security awareness in UAE. He launched the first UAE War

Drive project in 2006.

Dr. Aloul is a recipient of a number of international prestigious fellowships and awards including the Agere/

SRC research fellowship and GANN fellowship. He serves on the technical program committees of several

international conferences and workshops. He has 60+ publications in international journals, conferences,

and workshops. He presented several invited talks and tutorials at various Universities and companies suchas Intel and Microsoft Research. He was also a speaker at many security conferences such as PAKCON,

Middle-East IT Security Conference (MEITSEC), Hackerhalted, ICT Security Summit, E-Commerce Mid-

dle East Summit, and the National Security Summit. He developed several tools that are currently used by

several Fortune 500 companies. He is a seniormember of the Institute of Electrical and Electronics Engi-

neers (IEEE), Associate of Computing Machinery (ACM), and Tau Beta Pi. He is currently serving as the

IEEE GOLD Chair of the UAE Section. His work can be found at http://www.aloul.net.