Abstract:

The fast growing use of computers by individuals and organizations has resulted in the dramatic growth of subversive activities; there is an increasing need for governments, organizations, educational institutions and individuals to employ enhanced security measures and security devices to protect their computer systems and information assets.

Many network security teams are still focused on building walls, but the hordes are at the gate and such defenses are doomed to fail because the perimeter has expanded. The network is not confined to the building that houses your network or computers. Remote dial-in users, VPN users, wireless LANs with rogue access points and service providers all extend the virtual perimeter of your network.

Security, therefore, must extend to all your network's assets. Comprehensive network security requires layers of protective hardware and software. A desktop firewall won't protect you from malware. A firewall can't replace the functionality of a virus scanner, and an antivirus program doesn't negate the need for firewalls. Ultimately, you need desktop firewalls, antivirus software, host intrusion detection and VPN tools as part of your arsenal. Network protection requires the right tools. For example, according to leading firewall experts, over 50% of the installed firewalls are implemented incorrectly due to lack of expertise, the subtleties of the configuration, and the vulnerabilities in the underlying operating system.

This tutorial begins with an introduction to the basic concepts and issues of information assurance. An assortment of important current topics will be discussed; including vulnerability analysis, computer attacks, firewalls, vulnerability scanners, intrusion detection systems, risk analysis, data protection mechanisms, and challenges in information assurance and security. A brief outline of the topics follows:

• Introduction to Information Assurance

• Basic Concepts

• Security Policy

• IA Technology

• Vulnerability Analysis

• System and Protocol Vulnerabilities

• Vulnerability Assessment

• Overview of Vulnerability Scanners

• Risk Assessment

• Attack Analysis

• Attack Types

• Malicious Logic

• Software Attacks

• Introduction to Mobile and Wireless Attacks

• Security Protection Mechanisms

• Firewalls

• Intrusion Detection and Prevention Systems

• Vulnerability Scanners

• Relevant Security Technologies

• Infosec Challenges

• Stealth Attacks

• Software Security

• Polymorphic and Metamorphic Malware

• Fourth Generation Attacks