from Hacker News

Computer and Network Security

by gws on 2/1/24, 9:37 AM with 16 comments

  • by waihtis on 2/3/24, 6:20 AM

    Nice and hands on but feels very early 2000's. Nothing about cloud, AD, limited discourse about vulnerabilities which dominate (at least) the enterprise security space. Given how frequently the cybersecurity shortage is talked about one would think some higher education facilities would adopt a more modern position.

  • by bitwize on 2/3/24, 2:52 PM

    I saw "security" and "Purdue" and thought it was gonna be Spaf, but no. Apparently Purdue has at least two excellent professors in the field.

  • by matternous on 2/4/24, 4:16 PM

    Prof. Kak was my advisor during grad school. His notes are very valuable, he also has some great ones on deep learning.

  • by zero-sharp on 2/3/24, 2:02 PM

    This is great. I wonder if anyone has compiled the educational material posted on HN?

  • by nonrandomstring on 2/3/24, 11:47 AM

    These are wonderful notes and prof. Avi Kak deserves many thanks for sharing them. I'm adding them to my huge and ever growing collection of comp.sec, sec.eng and crypto notes for comparison and examples.

    Notably they go back to 2006 and have been lovingly updated. That tends to yield notes that are carefully checked and refined through countless lectures and practical sessions.

    They integrate well into my own because I also get students doing exercises with simple Python and Perl (great to see it still being a workhorse for this sort of thing), along with copious command line examples, always hexdumping and diffing things to to check results etc. So I like his (her?) style.

    In response to sibling comments.

    @sunhester

    > In my experience "higher education facilities" are a nightmare of social extremes that inhibit the growth of "cyber security". But I'm usually wrong.

    You are not wrong. Absolutely YES. That's why I got out of university teaching and moved into private work. Maybe some forceful and well connected people can still teach at places like Purdue, Stanford, MIT, but generally, and especially in the UK, universities have become a suffocating bureaucratic hellhole in which teaching, learning and research is no longer possible. They bring in completely inappropriate corporate CISO's who do not understand the tradeoffs and culture of the academy. They do not listen and they do not care so long as everyone uses the lowest common denominator of feculent Microsoft insecure rubbish. I eventually grew tired of spending all my energy fighting people whose job is to labour against my principles, sabotage all my efforts [0], undermine my students [1], and ask me to teach some people that frankly just felt morally wrong and a threat to national security [2].

    @waihtis

    > Nothing about cloud, AD, limited discourse about vulnerabilities which dominate (at least) the enterprise security space.

    This is really a separate layer that falls more under "security management", "operational security" and "security systems engineering" and so on. We normally do this after the foundation. The thing with "enterprise" level is that it's a quite fluid set of practices, regulations, compliance docs and products that come in and out of fashion.

    Anyway, as for maintaining quality, theoretical depth, and hands-on practice I am pleased to see a few profs are still "getting away with it".

    [0] https://techwrongs.org/o/2021/11/29/teaching-cybersecurity/

    [1] https://www.timeshighereducation.com/features/we-cant-teach-...

    [2] https://www.timeshighereducation.com/opinion/should-i-be-wor...

  • by say_it_as_it_is on 2/3/24, 10:28 AM

    Is this just lecture notes, homework questions, and no lecture videos?