Introduction to Computer Security, Spring 2014

Course Objectives:

Ever since the first worm, Morris Worm, released through the Internet in 1988, the attack-defense game between hackers and administrators never ends. To better protect our ICT (Information and Communications Technology) systems, we need to understand first what hacking techniques have been developed over the years and then see their countermeasures. This course starts from a lecture that motivates the students how our ICT systems could be wiretapped, as one of the hacking techniques, and the evolution of all kinds of network security techniques. The second lecture prepares students with background on data security (with cryptography), access security, and system security.

After that, a practical textbook is used to illustrate how hackers attack the systems, which falls in the scope of system security. We begin from how hackers understand the target systems with scanning and enumeration, but left with their footprints. Then we see how hackers penetrate clients and servers running Windows and UNIX. The most recent hacking technique with malware inside exchanged documents, Advanced Persistent Threat (APT), is covered herein. Next we see how hackers hijack a system from outside, through the network traffic or external interfaces. The targets include wireline and wireless infrastructure, VoIP systems, and handheld devices. At the end, we see how hackers attack applications and their databases behind, with techniques like buffer overflow and SQL injection. How Android and iOS applications become victims or vehicles are also covered. Countermeasures are interleaved with hacking techniques and summarized at the end.

Permanent link to this article: