________________________________________________________________________  
Home  |  Organization  |  Curricula  |  Students  |  Activities  |  Workshops  
    Home  |  Struttura  |  Curricula  |  Allievi  |  Formazione  |  Workshop  |  Documenti  |  Link  
 

FORMAZIONE
ACTIVITIES

Anno/Year 2013

Anno/Year 2012

Anno/Year 2011

Anno/Year 2010

Anno/Year 2009

Anno/Year 2008

Anno/Year 2007

Anno/Year 2006

Anno/Year 2005

Anno 2004

Anno 2003

Anno 2002

ISCRIZIONE
REGISTRATION

Effettua un'iscrizione
Register

Revoca un'iscrizione
Unregister

   Solo testo/Text only

Network attacks and network intrusion detection systems

Prof. Evgeny Abramov
IT-Security Department, Taganrog Institute of Technology, Southern Federal University, Taganrog, Russia

22 hours, 5 credits

June 6 - June 10, 2011

Dipartimento di Ingegneria dell'Informazione: Elettronica, Informatica, Telecomunicazioni, via Caruso, meeting room, ground floor

Contacts: Prof. Michele Pagano

   

Summary

This series of lessons examines some of the most dangerous types of network attacks (buffer overflow, format string vulnerabilities, SQL-injection, XSS), methods for their detection and countermeasures. A classification of vulnerabilities based on CVE, CWE is presented. The most popular DDoS attacks and protection technologies are discussed, and some types of attacks that exploit buffer overflows and are part of many types of malicious scripts are considered.

Methods for detection and reaction are analyzed with reference to the use of personal firewalls and the Snort network intrusion detection systems (NIDS). We shall examine countermeasures to personal firewall bypass attempts, as are used by hackers to capture host control and install covert channels. An approach to develop effective Snort rules is illustrated, and a generalized method of testing NIDS effectiveness is presented.

Contents

  • Introduction
  • Terminology
  • Network attacks ontology
  • Practical classification
  • Signatures and anomalies
  • DoS, DDoS attacks
  • The use of design errors for DoS
  • Goals and scenarios for DDoS (bot-nets, etc)
  • Protection against DDoS
  • Remote access attacks
  • Buffer overflow
  • Format string vulnerabilities
  • SQL injection
  • XSS
  • Protection and detection
  • Personal security in the network
  • Personal firewalls
  • Anti-rootkit
  • Covert channels and their detection
  • Leak-tests of personal firewalls
  • Network intrusion detection systems (NIDS)
  • Analysis of NIDS approaches, their classification and vulnerabilities
  • Using Snort
  • Signature analysis of network attacks, development of effective rules for Snort
  • Testing NIDS effectiveness