A series of Computer Security Seminar
Title: Internet Security
Date: 21st September 2000
Time: 14:00 - 16:00
Venue: Seminar Room 833, HSH Engineering Building
Title: Network Monitoring/Debugging and Intrusion Detection
Date: 28th September 2000
Time: 14:00 - 16:00
Venue: Seminar Room 833, HSH Engineering Building
Title: Computer Forensics Analysis
Date: 5th October 2000
Time: 14:00 - 16:00
Venue: Seminar Room 833, HSH Engineering Building
Seminar Abstract and Outline
============================
Title: Internet Security
Date: 21st September 2000
Time: 14:00 - 16:00
Venue: Seminar Room 833, HSH Engineering Building
Abstract:
This seminar discusses the threats of hackers from
the aspects of hacking technology, trend of hacking
and their impacts on the Internet community. It points
out some common methods and tools that hackers used to
break into a system. Two real case studies of hacking will
be discussed with live demonstration. It shows you how they
break into a system by the technique of "Internet daemon buffer
overflow". These case studies also reveal the behaviors and
hacking patterns of some hackers. Finally, this seminar will
present some general strategies and counter measures to protect
your network against hacker attack.
Seminar Outline
Part I Aware of the Risks
The threats
Part II How they hack in
Two real case studies with live demo
- amd and named
Another buffer overflow demo
- ftpd
Part III Fighting back
Counter measures and strategies
- Security profile
- Security Policy
- Firewall Architecture
Part IV Q&A and discussion
-----------------------------------------------------------
Title: Network Monitoring/Debugging and Intrusion Detection
Date: 28th September 2000
Time: 14:00 - 16:00
Venue: Seminar Room 833, HSH Engineering Building
Abstract:
This seminar shows you some common tools and methods to monitor and
degbug your network equipment, says finding the host which crashes your
host IP, plotting your host network traffic, finding a network path
throughput. Some Network Intrusion Detection System (NIDS) will be
discussed too.
Seminar Outline
Part I Network Monitoring/Debugging
- Tools to monitor and trouble shoot your network Segment
netstat, ifconfig and /proc/net/dev
ttcp and ftp
ping,arp,traceroute
tcpdump
NOCOL (Network Operations Center On-Line)
SNMP (Simple Network Management Protocol)
- Rlab Networking Monitor Web Page
- Firewall Stress Test Result
Part II Intrusion Detection
- Build your own Network Intrusion Detection System (NIDS) by tcpdump
- iplog (TCP/IP traffic logger) and snort (The Lightweight Network Intrusion Detection System)
Part III Q&A, Discussion and Suggestion
---------------------------------------------------
Title: Computer Forensics Analysis
Date: 5th October 2000
Time: 14:00 - 16:00
Venue: Seminar Room 833, HSH Engineering Building
Abstract:
This seminar introduces some basic techniques in
Computer Forensics. It shows you how to collect
evidence without interfering the activities of
the inspected system. It also discusses how hackers
hide their traces when breaking into a system and
the methods to work against it.
Seminar Outline
Part I On-line inspection
- clone the disk
- memory dump
- process investigation
- gathering network information
Part II Off-line inspection
- find the modify time, access time and status updated time
- reverse engineering of suspicious program
Part III Recovery of removed files (not from back up tape)
- dump the directory image (view the removed file name)
- identify the inode
- retrieve the removed file by icat
Part IV Q&A and discussion