NSRC - Computer and Network Security Tutorial

We are pleased to announce the availability of a 1 1/2 day short course on computer and network security to be taught on May 14-15, 2007. Detailed below, this course will cover a broad range of topics aimed to introducing the concepts and techniques of information security as practiced in industry, and to highlight the opportunities and challenges for innovation in security.

Overview

Information security has become an essential dimension of any organizational IT strategy. Sadly, however, the vast amount of amount of misinformation, poorly designed systems, and increasingly hostile online world leaves many organizations critically vulnerable. History shows that most companies must suffer huge economic and public relations disasters before properly assessing and their risk exposure in the online world.Within such dire state also lies opportunity; there are many opportunities for technical enterprises to provide the services and technologies to make organizations secure.

The purpose of this tutorial is to provide an introduction to the concepts, language, and problems in information security. We explore the types of security being used to support applications and services in the enterprise with a focus on practical issues occurring in business settings. Case studies taken from the instructor's MBA courses at the Stern School of Business at NYU will be given. Further terminology and use of contemporary security is described, and best practices explained. The course will introduce concepts, among many others, in basic cryptography, Internet security, VPNs, intrusion detection, web systems, biometrics, risk assessment, and corporate security strategy planning.

Audience

The target audience for this tutorial is technical and non-technical industry personnel. The course assumes no prior knowledge in security and a limited functional knowledge of computing. Typical attendees will be engineers, developers, managers, and investors in information systems. Attendees completing this tutorial will obtain a working knowledge of security technology and understand the uses, pitfalls, and open problems in protecting information systems.

Tutorial Information

Dates	Monday May 14th, 9am-5pm
	Tuesday May 15th, 9am-12pm
Instructor	Prof. Patrick McDaniel (mcdaniel@cse.psu.edu)
Location	Nitanny Lion Inn, State College, PA
Registration Fee	Registration fee -- The registration fee for the tutorial is $400. This fee includes all course handouts, refreshment breaks, and lunch on Monday and Tuesday.
Registration	Registration is now open. Please register by May 1. Space is limited, so we can only accept the first 50 registrations. Please click here for a registration form.
Hotel Information	Room Reservations - A block of rooms has been set aside at the Nittany Lion Inn (on the Penn State University Park Campus in State College, PA), until April 14, for tutorial participants. If you wish to reserve a room, please contact the Inn directly (via link or phone 1 (800) 233-7505 here) and reference room block COM0513.
Contact	For questions regarding the NSRC Short Course Series please contact Tom La Porta. For questions reguarding the tutorial and its content, please contact Patrick McDaniel.

Tutorial Schedule

The turorial will proceed according to the following schedule.

Introduction to security (Monday 9:00am-10:30am)
1. What is security?
2. General terminology
3. How security impacts the average user
4. Attacks, threats, and trust
Cryptography basics (Monday 11:00am-12:30pm)
1. Encryption, decryption
2. Keys, lengths, and harness
3. Asymmetric key cryptography
4. Hash functions
5. Authentication
6. PKI and key management
Web/Internet security (Monday 1:30pm-3:00pm)
1. Authentication
2. What is web security?
3. SSL
4. Spyware, drive-by downloads
5. Web code: Cookies, Java, Javascript, and Active-X
Network security (Monday 3:30-5pm)
1. Networking basics: IP, routing, and network management
2. Network vulnerabilities
3. Worms
4. Firewalls
Security tools (Tuesday 9:00am-10:30am)
1. Intrusion Detection
2. DDOS counter-measures
3. IPsec/VPNS
Emerging Issues and Conclusions (Tuesday 11:00am-12:30pm)
1. Assurance
2. SPAM
3. Conclusions

Instructor

Patrick McDaniel is the Hartz Family Career Development Assistant Professor in the Computer Science and Engineering Department at the Pennsylvania State University, and co-director of the Systems and Internet Infrastructure Security Laboratory. He received his Ph.D. from the University of Michigan in 2001 where he studied the form, algorithmic limits, and enforcement of security policy. Prior to joining Penn State, Patrick was a senior technical staff Member of the Secure Systems Group at AT&T Labs-Research and Adjunct Professor of the Stern School of Business at New York University.

Patrick's recent research efforts have focused on telecommunications security, distributed systems security, network security, language-based security, and public policy and technical issues in digital media. Patrick is a past recipient of the NASA Kennedy Space Center fellowship, a frequent contributor to the IETF security standards, and has authored many papers and book chapters in various areas of systems security. He is the co-chair of the 2007 and 2008 IEEE Symposium on Security and Privacy, and served as the Program Chair of the 2005 USENIX Security Symposium, the Vice Chair for Security and Privacy for WWW 2005, and is the Chair of the Industry and Government Track at the 2005 and 2007 ACM Computer and Communications Security conference. Patrick is also an associate editor of the journals IEEE Transactions on Software Engineering and ACM Transactions on Internet Technologies. Prior to pursuing his Ph.D. in 1996, Patrick was a software architect and program manager in the telecommunications industry.

Tutorial offered in cooperation with:

Networking and Securiy Research Center

Systems and Internet Infrastructure Security Laboratory

NSRC is a Ben Franklin Center of Excellence

Ben Franklin Technology Partners

Computer and Network Security