Computer Science 491S

Recall from the Policy lecture that we  referenced a number of laws, but didn’t investigate.

http://www.massachusetts.edu/SecurityAwareness/datasecuritylaws.html

A good resource for computer policy and law for Universities is ICPL Recommended Links.

For federal law, the Department of Justice maintains a good reference at: http://www.cybercrime.gov/cclaws.html

However, more interesting is material aimed at prosecutors working in the field. We will review this in class:

http://www.cybercrime.gov/ccmanual/index.html

For a reasonable summary on Information Security law, it is worth looking at the security focus four part series:

Part 1, Part 2, Part 3, Part 4.

To find the actual text of US Federal Law, a helpful resource is THOMAS.

Note that all the above references federal law. There is also an extensive body of state law concerning information security. A good reference on state law for Massachusetts is available from http://www.lawlib.state.ma.us/ . We will review a small amount of the state material, but the focus will be on federal law. Recall that the protections afforded under state law vary greatly.

As these will be covered on tomorrow’s quiz, they are being posted here.

415-lec9-unix.pdf

Lab 3 is due at the beginning of class on Thursday 11 December.

415-lab3-f08-incident.pdf

Exam 2 will be given in class on Thursday 4 December. This exam will cover material since the last exam. Note, that since much of the material in the second half of class depends on a thorough understanding of the introductory material, you should ensure that you are comfortable in your understanding of the breadth of the course materials. This exam will not explicitly cover topics such as AES and RSA, but will cover topics such as SSL/TLS. Understanding AES and RSA is fundamental to understanding how SSL/TLS work. As such, this is not a comprehensive course exam, but the second exam for the semester.

These are the slides we started to cover in class today. This covers how we align the various tools we have talked abotu to effectively mitigate the risk to networks and systems.

491s-lec11-architecture.pdf

As discussed in class the past few classes, below are the slides from the IDS lecture, that have already been covered, as well as the SSL and VPN slides that will be covered on Thursday.

491s-lec9-ids.pdf

491s-lec10-ssl.pdf

Lab 2 is due at the beginning of class on Thursday 13 November.

491s-lab2-packet-analysis.pdf

Below are the TCP/IP and firewall slides.

The first four of the firewall slides were covered in class and will be covered on the exam.

491s-lec7-tcp.pdf

491s-lec8-firewalls.pdf

Having covered many of the basic TCP/IP based attacks, we need to cover defenses against these. The principle tool for network based prevention is the firewall. A firewall is a function that can be performed in hardware or software, at the host or as part of a network, and is often bundled as part of a ‘network security appliance’. We will focus first on the function, and then on the devices.

If you need background on how firewalls operate, take a look at:

http://www.more.net/technical/netserv/tcpip/firewalls/

It is worth noting that most of these are not new problems. In fact take a look at this paper from 15 years ago, reprinted with comments from the author, Steve Bellovin, in 2004.http://www.cs.columbia.edu/~smb/papers/ipext.pdf

We will go over the 2004 conclusions from the paper in class.

A good example of a TCP hijacking is shown at:

http://staff.washington.edu/dittrich/talks/agora/script.html

The original paper on TCP hijacking is available here:

http://www.usenix.org/publications/library/proceedings/security95/full_papers/joncheray.txt

Some supplemental material to help cover what we go over in class on Thursday.

http://www.linuxsecurity.com/resource_files/documentation/tcpip-security.html

The slides covered in class are here: 491s-lec7-tcp.pdf