The
primary objectives of this course are:
· to provide students with a foundation in computer security concepts, terminology and seminal research;
· to provide students with an introduction to operating system and network administration issues related to computer security; and
·
to develop the
student’s understanding of and abilities in operating system and network attack
and intrusion techniques.
EE579 Course Outline
Suggestions for Term Paper Topics
Mondays:
1300 - 1600 hrs in SB4112
Fridays: 1000 - 1200 hrs in SB4112
(Laboratory period is soft and you are not required to attend)
Date
|
Subject
|
Topics
|
Readings and Reference
Notes
|
In-Class Exercises
|
Assignments
|
Week
1 |
Networking & |
·
Introduction to Networks ·
Link Layer Protocols |
Assignment
1 |
||
Week
2 |
·
Network Layer Protocols ·
Transport Layer ·
Protocols VLANs |
|
|||
Week
3 |
·
Introduction to Traffic Analysis ·
Man-in-the-Middle attacks |
||||
Week
4 |
Network Defence (no class week of 14 Oct
due to Thanksgiving) |
·
Intrusion
Detection Systems ·
Application
Layer Protocols |
Supplimental Exercise - Netcat Penetrating
a Firewall |
||
Week
5 |
·
Reconnaissance
Scanning ·
Vulnerability
Assessment ·
Survey
of Attack Techniques |
||||
Week
6 |
·
Zone
Security (ITSG-32) ·
Firewalls |
|
11.
Packet
Crafting |
||
Week
7 |
Host / Server Defence (no class week of 4 Nov due
to SCINS Course) |
·
Symmetric
and Asymmetric Cryptography ·
Passwords
& Access Control ·
Operating
System Security |
SCINS
SA2 |
Assignment
3 |
|
Week
8 |
· Common Network Services (DNS, Web, Mail, AD, ...) ·
Server Hardening |
|
|||
|
Christmas/New Year Break |
|
|
||
Week
9 |
CyberX
Preparation Presentations |
||||
Week
10 |
CyberX
Preparations |
||||
Week
11 |
CyberX
Preparations |
||||
Week
12 |
Cyber Defence
Exercise (CyberX) 2020 |
||||
|
|
|
|
Weekly Reading List (Readings
for weeks 1 and 2 are from Ref 1 unless stated otherwise)
o
Networking Fundamentals
§
Fundamental
Network Characteristics
§
Backgrounder:
Data Representation and the Mathematics of Computing
o
The Open System Interconnection (OSI) Reference
Model
§
History
of the OSI Reference Model
§
General
Reference Model Issues (optional)
§
Understanding
The OSI Reference Model: An Analogy
§
OSI
Reference Model Layer Summary
o
TCP/IP Lower-Layer (Interface, Internet and
Transport) Protocols (OSI Layers 2, 3 and 4)
§
TCP/IP Network Interface / Internet "Layer
Connection" Protocols
§
Address
Resolution and the TCP/IP Address Resolution Protocol (ARP)
§
TCP/IP Internet Layer (OSI Network Layer)
Protocols
§
Internet Protocol (IP/IPv4, IPng/IPv6)
and IP-Related Protocols (IP NAT, IPSec, Mobile IP)
§
Internet Protocol Version 4 (IP, IPv4)
§
IP Addressing (entire
subsection)
o
TCP/IP Lower-Layer (Interface, Internet and
Transport) Protocols (OSI Layers 2, 3 and 4)
§
TCP/IP Internet Layer (OSI Network Layer)
Protocols
§
Internet Protocol (IP/IPv4, IPng/IPv6)
and IP-Related Protocols (IP NAT, IPSec, Mobile IP)
§
Internet Protocol Version 4 (IP, IPv4)
§
IP
Datagram Encapsulation and Formatting
§
IP Datagram Size, Maximum Transmission Unit (MTU), Fragmentation
and Reassembly
§
IP
Datagram Delivery and Routing
§
Internet Control Message Protocol (ICMP/ICMPv4
and ICMPv6)
§
ICMP
Concepts and General Operation
§
ICMP Message Types and Formats
§
ICMP
Version 4 (ICMPv4) Error Message Types and Formats
§
ICMP
Version 4 (ICMPv4) Informational Message Types and Formats
§
TCP/IP Transport Layer Protocols
§
Transmission Control Protocol (TCP) and User
Datagram Protocol (UDP)
§
TCP
and UDP Overview and Role In TCP/IP (Parts: 1 2 3 )
§
TCP/IP
Transport Layer Protocol (TCP and UDP) Addressing: Ports and Sockets
§
TCP/IP
User Datagram Protocol (UDP)
§
TCP/IP
Transmission Control Protocol (TCP)
§
Summary
Comparison of TCP/IP Transport Layer Protocols (UDP and TCP)
o
Virtual Local Area Networks [2]
§
Virtual
Local Area Network (VLAN) Basics
§
"How
Virtual Local Area Networks (VLANs) Work"
o
"Dissecting
RSA’s “Watering Hole” Traffic Snippet" [3]
o
"What is a
Man-in-the-Middle Attack" [4]
o
Guide to Intrusion Detection and Prevention
Systems [12]
§
Chapters 1, 2 and 4: http://csrc.nist.gov/publications/drafts/800-94-rev1/draft_sp800-94-rev1.pdf
o
Name
Systems and TCP/IP Name Registration and Name Resolution
§
TCP/IP
Name Systems: Host Tables and Domain Name System (DNS)
o
TCP/IP Key Applications and Application
Protocols
§
TCP/IP
General File Transfer Protocols (FTP and TFTP)
§
TCP/IP
World Wide Web (WWW, "The Web") and the Hypertext Transfer Protocol
(HTTP)
o
Firewall
Tunneling with HTTP Tunnel [13]
o
optinal
reading: netcat - TCP/IP swiss army knife
o Supplemental reading: - "Suricata
o
Common
Attack Pattern Enumeration and Classification [5]
§ Scanning for Vulnerable Software
§ Fingerprinting Remote Operating Systems
o
Common
Vulnerabilities and Exposures [6]
§ CVE Search on the National Vulnerability Database
§ How
many adobe Flash vulnerabilities have been filed in the NVD in the last 3
months?
o
"The 5 Cyber attacks you're most likely to face" [7]
o
"Smashing the Stack for Fun and Profit" [8]
§ {Sections
as required to understand the EEE330-CND14 lecture above}
§ {Sections
as required to understand the EEE330-CND14 lecture above}
o
Firewalling
with OpenBSD's PF packet filter [11]
Simplest possible setup (OpenBSD)
First rule set - single machine
A simple gateway, NAT if you need it
Gateways and the pitfalls of in, out and on
What is your local network, anyway?
Making your network troubleshooting friendly
Then, do we let it all through?
The easy way out: The buck stops here
A web server and a mail server on the inside
Taking care of your own - the inside
Other log tools you may want to look into
But there are limits (an anecdote)
Keeping an eye on things with systat
Keeping an eye on things with pftop
o
Review
the lecture notes listed in the Week 7 schedule above.
o
"CDX 2014 Web Sever - Vulnerability Assessment and
Countermeasures" [15].
o
"W3af
walkthrough and tutorial" [16].
o
"HTTP/HTTPS Monitoring Employed During CDX 2015"
[17].
2.
Edward
Tetz, "Cisco Networking All-in-One For Dummies", on-line excerpts on
VLAN, August 2011.
3.
Sherri
Davidoff, "Dissecting RSA’s “Watering Hole” Traffic Snippet", LMG
Security, May 6,2013.
4.
Dennis
Fisher, "What is a Man-in-the-Middle Attack", Kaspersky Lab Daily,
April 10, 2013.
5.
Mitre,
Common Attack Pattern Enumeration and Classification, http://capec.mitre.org/
8.
Aleph
One, "Smashing the Stack for Fun and Profit", Phrack Magazine 49(14),
November 1996.
13.Article
found at https://www.csparks.com/FirewallTunneling/index.html
10 September 2017.
14.Suricata-vs-snort,
aldeid, http://www.aldeid.com/wiki/Suricata-vs-snort