Computer and Network Security
CS494/594            Class 1   8/29/06

Topics

• overview
• computers at risk
• risk assessment
• viruses
• lecture slides (pdf)
• assignment 1
• assignment 2

Required reading

• Text: Chapter 1, 18.1
• risk assessment
• Winkler's social engineering
• take the phishing test and visual spoofing
• policy
• CERT incident statistics and security alerts
• hacker news and bugtraq -- check this weekly, or SANS and @RISK newsletter or tippingpoint

Additional reading

• SANS top 20 attack targets
• The Hackers are Coming!
• Top 10 security stories of 2000
• Wired's ('98) Cyberwar
• Yahoo's hacking info
• NIAC vulnerability disclosure framework
• Threat Assessment of Malicious Code and Human Threats
• NIST's risk management guide 800-30
• books by Spafford and Pfleeger have info on risk assessment, see resources
• Some hacker resources alt.2600 and Yahoo's hacking page and antionline
• CNN's hacker stories and a timeline
• alt-2600 faq hacking tips
• social engineering anatomy of a 419 scam
• metasploit and a paper

  virus info

• CIAC's virus database and hoaxes, also urban legends or here or here
• see latest virus info at McAfee or Symantec and vbsim virus simulator
• a typical polymorphic virus
• worms and such
• TrendMicro's antivirus.com email scanner
• IBM's FairUCE verify email sender ID (spam) or sender policy framework
• Microsoft security bulletins
• IBM research papers on computer viruses
• anatomy of blaster worm
• Microsoft's MSRT Malicious Software Removal Tool
• as always, cruise the security page
• Books: Takedown, Cuckoo's Egg
• Videos: the Net, sneakers, war games