Today, I taught that lecture on security for the Computer Infrastructures class (including demos of ARP Poisoning, Man-In-The-Middle Attacks, Network Sniffing, etc) and the handouts are available.

The outline of the lecture is

  1. Overview

  2. Network-level security: topology, VLAN, firewall, VPN, IDS, honeypots

  3. System-level security: OS Patching (MS-Blaster)

  4. Application-level security: buffer overflows and dumb coding (directory traversal vulnerability

  5. Message-level security: Network sniffing

  6. Physical security

  7. Incident response

It is amusing to see how easy it is to every time capture passwords of students, while they know that I am trying to do that.