Principles of Information Security & Privacy Fall 2017

Projects

1. Packet Eavesdropping and Analysis

   The objective of the project was to provide a hands-on experience to have a better understanding of the information transmitted in the Internet. At the same time, we want to show how powerful the packet eavesdropping and analysis tools are. Through the usage of the wiretapping tool such as WireShark, one can learn about the network packets and how information is encapsulated. In real life, many network administrators and security engineers depend on such tools to capture suspicious activities and then analyze them.

   Technology used

   WireShark and PuTTY

2. Password Cracking of Windows XP

   Used Cain & Abel, a password recovery tool for Microsoft Operating systems, to crack and retrieve Windows XP system user passwords from their hashes.

   Technology used

   Windows XP, VMWare, Cain & Abel

3. Web security - SQL Injections Attacks

   The objective of the project was to provide a hands-on experience to have a better understanding of web security and web SQL injection attacks. At the same time, show how such attacks are executed by malicious parties (e.g., hackers).

About the class

Topics include: security concepts and mechanisms; security technologies; authentication mechanisms; mandatory and discretionary controls; basic cryptography and its applications; database security, intrusion detection and prevention; assurance requirement, assurance class, evaluation methods and assurance maintenance; anonymity and privacy issues for information systems.