Tutorial Proposal

Information Security: From Theory to Practice

Fadi A. Aloul
Department of Computer Engineering
American University in Sharjah, U.A.E.
faloul@aus.edu
http://www.aloul.net

Abstract
Today's enterprises are increasingly experiencing vigorous attacks from internal and external sources. The
tutorial will tackle the important issue of securing one's information assets. It will cover the concepts that
help enterprises today secure their infrastructure around the world. These concepts will be mapped to real
world applications and techniques that are being used by security consultants day in day out. Thus, giving a
mix of theory and practice of the cutting edge technologies and standards of information security.

Expected Background of Participants

Students (undergraduate and graduate), researchers, and faculty in Computer Science and Engineering.
IT Professionals, network and security engineers.

Tentative Outline of the Tutorial

1. Gaining insights on hacking methodology
• Importance of information security
• Knowing the attacks, attackers, and victims
• Recognize hackers and understand their reasons for hacking

2. Tackling identity access management issues

• Information security: confidentiality, integrity, and availability
• Operational model of computer security: protection = prevention, detection, and response
• Authentication methods
• Limitation of user ID's and passwords
• Overview of biometrics technology
• The importance of physical security
• Learn how social engineering can be used as a means to gain access to computers and networks.
• Phishing and the threat to online applications

3. Identifying best uses of cryptography

• Basic cryptography methods
• Hashing
• Single key encryption
• Public key encryption
• MD5 file integrity
• Data protection using full disk encryption
• Public key infrastructure (PKI)
2

4. Building a secure communication network

• Layered protection using demilitarized zones (DMZ)
• Malicious software: Viruses, Worms, Trojan Horse, Logic Bombs, Spyware, etc.
• Denial of service (DOS) attacks
• Securing the network using intrusion detection systems (IDS) and firewalls
• Honeypots

5. Securing your wireless network

• Wireless architecture, design, and standards
• Detecting wireless networks (Antennas, wireless cards, war driving)
• Attacking wireless networks (Tools, WEP encryption, DOS, sniffing, spoofing, rogue access points)
• Securing wireless networks (access point configuration, client filtering, WPA encryption, VPN)
• Discuss the AUS wireless security awareness study done in UAE in 2007 and 2008. (Show how to
implement it in other countries.)

* The tutorial will include real life demos.

* The tutorial can be modified to target a specific area instead of being general, based on the
interests of the audience.

Instructor Qualifications
Fadi Aloul is an Assistant Professor of Computer Engineering at the American University of Sharjah, UAE.
He holds an MS and PhD in Computer Science and Engineering from the University of Michigan, Ann
Arbor, USA. His areas of expertise include optimization, design automation, and IT & Network security. He
is one of the leading researchers in surveying security awareness in UAE. He launched the first UAE War
Drive project in 2006.
Dr. Aloul is a recipient of a number of international prestigious fellowships and awards including the Agere/
SRC research fellowship and GANN fellowship. He serves on the technical program committees of several
international conferences and workshops. He has 60+ publications in international journals, conferences,
and workshops. He presented several invited talks and tutorials at various Universities and companies such
as Intel and Microsoft Research. He was also a speaker at many security conferences such as PAKCON,
Middle-East IT Security Conference (MEITSEC), Hackerhalted, ICT Security Summit, E-Commerce Mid-
dle East Summit, and the National Security Summit. He developed several tools that are currently used by
several Fortune 500 companies. He is a senior member of the Institute of Electrical and Electronics Engi-
neers (IEEE), Associate of Computing Machinery (ACM), and Tau Beta Pi. He is currently serving as the
IEEE GOLD Chair of the UAE Section. His work can be found at http://www.aloul.net.