EE579 - Computer System and Network Security

Description:

The primary objectives of this course are:

·        to provide students with a foundation in computer security concepts, terminology and seminal research;

·        to provide students with an introduction to operating system and network administration issues related to computer security; and

·        to develop the student’s understanding of and abilities in operating system and network attack and intrusion techniques.

EE579 Course Outline
Suggestions for Term Paper Topics

Lectures:

Mondays: 1300 - 1600 hrs in SB4112
Fridays: 1000 - 1200  hrs in SB4112  (Laboratory period is soft and you are not required to attend)

Schedule:

Date

Subject

Topics

Readings and Reference Notes

In-Class Exercises

Assignments

Week 1
9 Sep 19

Networking &
Packet Analysis

·       Introduction to Networks

·       Link Layer Protocols

Week 1 Reading

SCINS IP1
SCINS CN1

0.     Course Introduction

1.     Lab familiarization

2.     Introduction to Network Configuration and Packet Capture

Assignment 1
Analysing a Man-in-the-Middle Attack
(due 09:00 on
7 October 2019)

Week 2
16 Sep 19

·       Network Layer Protocols

·       Transport Layer

·       Protocols VLANs

Week 2 Reading

SCINS CN2

SCINS IP2

 

3.     Sub-networking design

4.     Internetwork Routing and ARP

Week 3
 23 Sep 19

·       Introduction to Traffic Analysis

·       Man-in-the-Middle attacks

Week 3 Reading

Transport Protocols

SCINS IP3
SCINS SF3
SCINS SF4

5.     Packet Decomposition

6.     Packet Filtering

Week 4
 30 Sep 19

Network Defence

 

(no class week of 14 Oct due to Thanksgiving)

·       Intrusion Detection Systems

·        Application Layer Protocols

Week 4 Reading

SCINS SA4
SCINS IP4
SCINS IP5
  1. Suricata Primer
  2. Network Intrusion Detection with Suricata 

Supplimental Exercise - Netcat

 

Assignment 2

Penetrating a Firewall
(due 09:00 on 4 November 2019)

 

 

Week 5
7 Oct 19

·       Reconnaissance Scanning

·       Vulnerability Assessment

·       Survey of Attack Techniques

Week 5 Reading

SCINS SM3
SCINS SM2
  1. Port Scanning
  2. Vulnerability Scanning 

Week 6
21 Oct 19

·       Zone Security (ITSG-32)

·       Firewalls

Week 6 Reading

SCINS CN4

SCINS CN5
EEE330 - CND14

SCINS SA3

 

11.  Packet Crafting

12.  Building a packet filtering Firewall

Week 7
28 Oct 19

Host / Server Defence

 

(no class week of 4 Nov due to SCINS Course)

·       Symmetric and Asymmetric Cryptography

·       Passwords & Access Control

·       Operating System Security

Week 7 Reading

SCINS SA1

SCINS SA2
SCINS OS2
SCINS OS3
SCINS OS4

 
  1. Password Cracking
  2. Windows Hardening

Assignment 3
Preparing for CyberX
(Presentation due 07:00 on 06 Mar 2020)

Week 8
11 Nov 19

·       Common Network Services (DNS, Web, Mail, AD, ...)

·       Server Hardening

 

 

Christmas/New Year Break

 

 

Week 9
02 Mar 20

CyberX Preparation Presentations
  TBD Mar 2020

Week 10

CyberX Preparations

Week 11

CyberX Preparations

Week 12

Cyber Defence Exercise (CyberX) 2020
Monday 6 April to Thursday 9 April 2020
(07:30 - 22:30 daily)

 

 

 

 

 

 Links:

Weekly Reading List (Readings for weeks 1 and 2 are from Ref 1 unless stated otherwise)

·        Week 1

o   Networking Fundamentals

§  Introduction to Networking

§  Fundamental Network Characteristics

§  Types and Sizes of Networks

§  Backgrounder: Data Representation and the Mathematics of Computing

o   The Open System Interconnection (OSI) Reference Model

§  History of the OSI Reference Model

§  General Reference Model Issues (optional)

§  Understanding The OSI Reference Model: An Analogy

§  OSI Reference Model Layers

§  OSI Reference Model Layer Summary

o   TCP/IP Lower-Layer (Interface, Internet and Transport) Protocols (OSI Layers 2, 3 and 4)

§  TCP/IP Network Interface / Internet "Layer Connection" Protocols

§  Address Resolution and the TCP/IP Address Resolution Protocol (ARP)

§  TCP/IP Internet Layer (OSI Network Layer) Protocols

§  Internet Protocol (IP/IPv4, IPng/IPv6) and IP-Related Protocols (IP NAT, IPSec, Mobile IP)

§  Internet Protocol Version 4 (IP, IPv4)

§  IP Addressing (entire subsection)

·        Week 2

o   TCP/IP Lower-Layer (Interface, Internet and Transport) Protocols (OSI Layers 2, 3 and 4)

§  TCP/IP Internet Layer (OSI Network Layer) Protocols

§  Internet Protocol (IP/IPv4, IPng/IPv6) and IP-Related Protocols (IP NAT, IPSec, Mobile IP)

§  Internet Protocol Version 4 (IP, IPv4)

§  IP Datagram Encapsulation and Formatting 

§  IP Datagram Size, Maximum Transmission Unit (MTU), Fragmentation and Reassembly

§  IP Datagram Delivery and Routing

§  Internet Control Message Protocol (ICMP/ICMPv4 and ICMPv6)

§  ICMP Concepts and General Operation

§  ICMP Message Types and Formats

§  ICMP Version 4 (ICMPv4) Error Message Types and Formats

§  ICMP Version 4 (ICMPv4) Informational Message Types and Formats

§  TCP/IP Transport Layer Protocols

§  Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

§  TCP and UDP Overview and Role In TCP/IP (Parts: 1 2 3 )

§  TCP/IP Transport Layer Protocol (TCP and UDP) Addressing: Ports and Sockets

§  TCP/IP User Datagram Protocol (UDP)

§  TCP/IP Transmission Control Protocol (TCP)

§  Summary Comparison of TCP/IP Transport Layer Protocols (UDP and TCP)

o   Virtual Local Area Networks [2]

§  Virtual Local Area Network (VLAN) Basics

§  "How Virtual Local Area Networks (VLANs) Work"

·        Week 3

o   "Dissecting RSA’s “Watering Hole” Traffic Snippet" [3]

o   "What is a Man-in-the-Middle Attack" [4]

o   Ettercap README.html

·        Week 4

o   Guide to Intrusion Detection and Prevention Systems [12]

§  Chapters 1, 2 and 4: http://csrc.nist.gov/publications/drafts/800-94-rev1/draft_sp800-94-rev1.pdf

o   Name Systems and TCP/IP Name Registration and Name Resolution

§  TCP/IP Name Systems: Host Tables and Domain Name System (DNS)

o   TCP/IP Key Applications and Application Protocols

§  TCP/IP General File Transfer Protocols (FTP and TFTP)

§  TCP/IP World Wide Web (WWW, "The Web") and the Hypertext Transfer Protocol (HTTP)

o   Firewall Tunneling with HTTP Tunnel [13]

o   optinal reading: netcat - TCP/IP swiss army knife

o   Supplemental reading: - "Suricata

-vs-snort

" [14]

·        Week 5

o   Common Attack Pattern Enumeration and Classification [5]

§  About CAPEC

§  Scanning for Vulnerable Software

§  Port Scanning

§  Fingerprinting Remote Operating Systems

o   Common Vulnerabilities and Exposures [6]

§  About CVE

§  CVE Search on the National Vulnerability Database

§  How many adobe Flash vulnerabilities have been filed in the NVD in the last 3 months?

o   "The 5 Cyber attacks you're most likely to face" [7]

o   "Smashing the Stack for Fun and Profit" [8]

o   Wikipedia: Buffer overflow

·        Week 6

o   ITSG-22 [9]

§  {Sections as required to understand the EEE330-CND14 lecture above}

o   ITSG-38 [10]

§  {Sections as required to understand the EEE330-CND14 lecture above}

o   Firewalling with OpenBSD's PF packet filter [11]

Before we start

PF?

Packet filter? Firewall?

NAT?

PF today

BSD vs Linux - Configuration

Simplest possible setup (OpenBSD)

First rule set - single machine

Slightly stricter

Statistics from pfctl

A simple gateway, NAT if you need it

Gateways and the pitfalls of in, out and on

What is your local network, anyway?

Setting up

Making your network troubleshooting friendly

Then, do we let it all through?

The easy way out: The buck stops here

Letting ping through

Helping traceroute

Path MTU discovery

A web server and a mail server on the inside

Taking care of your own - the inside

Logging

Taking a peek with tcpdump

Other log tools you may want to look into

But there are limits (an anecdote)

Keeping an eye on things with systat

Keeping an eye on things with pftop

·        Week 7

o   Review the lecture notes listed in the Week 7 schedule above. 

·        Week 8

o   "CDX 2014 Web Sever - Vulnerability Assessment and Countermeasures" [15].

o   "W3af walkthrough and tutorial" [16].

o   "HTTP/HTTPS Monitoring Employed During CDX 2015" [17].

References

1.    Charles M. Kozierok, "The TCP/IP Guide"2003-2012. Access the free guide at: http://www.tcpipguide.com/free/index.htm

2.    Edward Tetz, "Cisco Networking All-in-One For Dummies", on-line excerpts on VLAN, August 2011.

3.    Sherri Davidoff, "Dissecting RSA’s “Watering Hole” Traffic Snippet", LMG Security, May 6,2013.

4.    Dennis Fisher, "What is a Man-in-the-Middle Attack", Kaspersky Lab Daily, April 10, 2013.

5.    Mitre, Common Attack Pattern Enumeration and Classification, http://capec.mitre.org/

6.    Mitre, Common Vulnerabilities and Exposures, The Standard for Infomation Security Vulnerability Names, http://cve.mitre.org/

7.    Roger A Grimes, "The 5 cyber attacks you're most likely to face", InfoWorld Security Central, December 4, 2012.

8.    Aleph One, "Smashing the Stack for Fun and Profit", Phrack Magazine 49(14), November 1996.

9.    ITSG-22

10.ITSG-38

11.Peter N. M. Hansteen, Firewalling with OpenBSD's PF packet filter, http://home.nuug.no/~peter/pf/en/

12.Karen Scafone, and Peter Mell, "Guide to Intrusion Detection and Prevention Systems", NIST Special Publication 800-94, Revision 1, July 2012. http://csrc.nist.gov/publications/drafts/800-94-rev1/draft_sp800-94-rev1.pdf

13.Article found at https://www.csparks.com/FirewallTunneling/index.html 10 September 2017.

14.Suricata-vs-snort, aldeid, http://www.aldeid.com/wiki/Suricata-vs-snort

15.David Hung, "CDX 2014 Web Sever - Vulnerability Assessment and Countermeasures", EE579 term paper, May 2014.

16.Prateek Gianchandani, "W3af walkthrough and tutorial - Part 1", Infosec Institute, 1 March 2012. http://resources.infosecinstitute.com/

17.Mattew W. Bowman David Hung, "HTTP/HTTPS Monitoring Employed During CDX 2015", EE579 term paper, May 2015.

Recommended Text