TCOM 562 – Network Security Fundamentals

Fall 04

Jerry Martin

gmartin@gmu.edu

General Information• Text book – Hackproofing Your Network• Course is overview• Lectures – attendance is important because I don’t

believe in reading slides, slide bullets are talking points E-mail is preferred method of communication and is mandatory method for homework submission

• Assignments• Case Studies (3)

• Due approximately once a month (9/20, 10/12, 11/8)

• Limited to 1 page, single spaced, if over 1½ pages, lose 1 point

General Information• Topics for each assignment are a specific best

commercial practice

• Format – 1st paragraph – describe best practice

2nd paragraph – discuss benefits

3rd paragraph – discuss disadvantages

4th paragraph – discuss ease of implementation, likelihood of acceptance

• Must be own words, no right or wrong answers

• Late submissions get no points

• All submissions are by e-mail

General Information

• Research Paper• 7 – 10 pages, double spaced

• Select a topic from one of the weeks and submit for approval NLT 11 Oct

• Due 6 Dec, submit via e-mail

• Ensure sources are properly cited (e.g. Turabian), no more than 40% can be verbatim text

• Don’t just describe topic, use analytical thinking

• Late submissions get no points

General Information• Tests

• Midterm – 25 Oct, Final – 20 Dec• Format

• 40 multiple choice, T/F; 4 short answer questions• Exam is 2 hours, NO lecture after test

• Grading• Case studies (15%) – 5 points each• Paper (15%) – 30 points• Midterm (35%) – 100 points • Comprehensive Final (35%) – 100 points

General Information

• Flow for course• Common taxonomy, definition of terms• National policy and concerns• Threats• Defensive tools and measures• Continuity of operations/attack recovery• Legal and privacy issues and challenges

THE WAY IT WAS THENTHE WAY IT WAS THEN

AND SO IT GROWSAND SO IT GROWS

                                                                                            

           NOW? COLOR THE WORLD BLUENOW? COLOR THE WORLD BLUE

INTERNET…..INFORMATION SUPER HIGHWAY

*A NETWORK OF NETWORKS

*ONE OF THE MOST VALUABLE RESOURCES OF THEINFORMATION AGE

*PROVIDES ACCESS TO USER NETWORKS*RUNS WITHOUT SINGLE ENTITY IN CHARGE

TODAY’S NETWORK ENVIRONMENTTODAY’S NETWORK ENVIRONMENT”Interconnectivity””Interconnectivity”

LANs

File Server

Other Networks

Gateway

Router

Bridge

InternetHosts

Packet Switch

A Common Language

• Terms key to entire course, use them extensively• For orderly examination, divided into four general

categories• E – environment

• G – government

• U – underground

• M – miscellaneous

• Then look at Sandia Lab’s incident processing flow

A Common Language

• Environment • /8 /16 /24 /32

• Root

• *ix

• Internet v4

• Internet v6

• Dark fiber

• GSRs

• ISPs/Tier 1s

A Common Language• Government

• *PCIPB • OCS • *DHS (www.dhs.gov)• IAIP• NCSD • NIPC • FedCIRC• NCS• *DoJ/CCIPS (www.doj.gov/ccips)• ECTF

A Common Language

• More government• CERT-CC (www.cert.org)

• CIP

• HSC

• *PDD 63/HSPD-7

• CWIN

• JTF-GNO

News StoriesDefacement MirrorsHacker Magazines (phrack, 2600)Hacker-oriented Internet SitesInternet Relay ChatNon-Profit and Commercial

Computer “Security” CompaniesHacking Conferences (“Cons”)

Understanding the CultureUnderstanding the Culture

“The internet is our playground, it’s our side of the tracks. When you step into it, claim your own corner of cyberspace, and put up your house... Don’t expect not to arouse our curiosity.”

- United Loan Gunmen

A Common Language

• Underground• Hacker

• Cracker

• Blackhat

• Miscreant

• Script kiddie

• Click kiddie

• Nicks

• Idents

A Common Language• Underground continued….

• Eblish

• L33t

• Hax0r

• Pax0r

• 0day

• 0wned

• Malware

• Pop a box

• Phish

HPVACHPVACInformation Assurance is a continuous

process. As the threat evolves, so must our Counter Measures

“ It’s Cyber Guerilla Warfare”

HHACKINGACKINGPPHREAKINGHREAKING

VVIRIIRIAANARCHYNARCHY

CCARDING/CELLULARARDING/CELLULAR

A Common Language• Still more underground mayhem

• *DDoS

• *Sploits

• *Vulns

• *Bot/botnet/botherd

• Bounce

• Proxy

• Post docs

• *Zombie/soldier

A Common Language• And now the rest…

• White hat• Gray hat• *Paypal• “Cuckoo’s Egg”• Listserves• ISACs• *CCV• PGP• Fingerprint• Net flows

A Common Language

• More miscellaneous• ARIN• RIPE• APNIC• ICANN• IANA• FIRST• NANOG• Bugtraq• RFCs • Out of band