Announcements
Syllabus
- Computer
Networks and Internets, Fourth Edition
by Douglas E Comer, Ralph E. Droms
- Textbook web site
- Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson. (recommended)
- We all need computer accounts, or personal computers for experiements.
- When working on computer networks, heed the
Acceptible Use Policies
in effect for the university.
- The course is usually about 3 to 5 projects.
- Hand all work into the grader, TBA
- Office Hours: TBA
- Final date: Monday, May 11, 11-1:30.
- See all courses index, previous 524
offerings, for an idea about this course.
- Calendar
- Joe Clarke of Cisco to speak, Friday February 20.
Class notes
- Introduction
- The IP protocol, Part I
- Datagram service, UDP
- UDP:
User Datagram Protocol, packet communications.
(RFC 768)
- Port numbers
- Examples of UDP
- The IP Protocol, Part II
- Local delivery: RFC 826 - ARP
- RFC 2453: RIP2
- Distance Vector
- Counting to infinity
- Split horizon, poison reverse, triggered updates
- Default routers, subnets, authentication, and RIP2
- OSPF: Link state protocols
- Autonomous systems and BGP
- IP fragmentation
- ICMP, ping, traceroute, and host routing tables.
- Session serivce
- TCP: Transmission Control Protocol.
(RFC 793)
- Class notes
- Segment management and acknowlegements
- Connection establishment
- Resend timers, Karn's algorithm
- Congestion control: Slow start and Multiplicative decrease.
See RFC 2001
- Silly window syndrome, Nagel's algorithm
- Network and port address translation
- Example TCP protocols:
- email: SMTP, 822 headers, and MIME
; POP and IMAP
- HTTP, HTML, CSS, CGI, SHTML, DHTML, and so on.
- CGI test
- Web technologies
- FTP, passive, interaction of protocols
- Network security, protocols, and cryptography
- Link level communcations (in semester 092 this section came
before the security/crypto section)
- Crash course in communication theory.
- Bit rate, bandwidth and Noise:
Shannon-Hartley
Theorem
- RC circuits,
Nyquist rate
- Modulation,
line codes,
symbol rate,
error correction and detection
- R. V. L. Hartley
Transmission of information (PDF),
Bell System Technical Journal, July 1928.
- C. E. Shannon A mathematical theory of communication (PDF),
The Bell System Technical Journal, Vol 27, pp 379-423, 623-656 July, Ocober 1948.
- C. E. Shannon Communication in the presence of noise
(PDF)
Proc. Institute of Radio Engineers vol. 37 (1):
10-21. January 1949.
http://www.stanford.edu/class/ee104/shannonpaper.pdf
- Example of local communication: DTE/DCE,
RS-232
- Ethernet, 802.3 and DIX
- 10-Base-T, or 2 or 5
- 100-Base-TX (faster ether)
- full-duplex, star topologies, auto-negotiate
- 100Base-TX,
4B5B and
MLT-3, SSD, ESD and idle group
- Gig-E
- Wi-Fi
- Bridges, Switches, Hubs and Repeaters
- Network programming, distributed services, and the cloud
Reading
- Chapters 1-3; chapters 16-18; chapters 24 and 25.
Posted: 9 Feb 2009.
- Chapters 19-23; 27-31.
Posted: 8 March 2009.
- Chapters 4-12.
Posted: 8 March 2009.
- Chapters 41, 26, 32, 34, 35, 38, 40.
Posted: 26 March 2009.
Assignments
- Read and parse example IP packet
Due: Feb 6, 2009.
- From Beej's Guide, make a modified talker/listener using UDP.
Starting from code in guide, add that the message sent is returned (echoed) back to sender,
at the dyanmically chosen port of sender.
Due: Feb 16, 2009.
- Make a TFTP client/server pair.
Due: March 2, 2009.
- Make a POP client.
Due: March 23.
- Write Golaih, an SSL POP client which downloads email,
appending onto an mbox formatted file.
See IBM
SSL documentation
See Darkspell's tutorial
for OpenSSL.
Due: May 1.
References
- Additional textbooks:
- Radia Perlman, Interconnects: Bridges, Routers, Switches and Internetworking Protocols.
- Douglas Comer, Internetworking with TCP/IP, Vol I: Principles, Protocols, and Architecture.
- William R. Cheswick and Steven M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker.
-
General Networking
- Software engineering for security
- WEP
- My RC4 example.
- CRC-32 failure of WEP.
- SecurityFocus review
- Attacks
on RC4 and WEP, Fluhrer, Mantin, Shamir, Cryptobytes Vol 5., No. 2, 2002,
pp 26-34.
-
KoreK attacks in chopper.
Korek
explains some of them.
-
Weakness in the Key Scheduling
Algorithm of RC4 Scott Fluhrer, Itsik Mantin, Adi Shamir.
-
Using the Fluhrer, Mantin, and
Shamir Attack to Break WEP Adam Stubblefield, John
Ioannidis, Aviel Rubin.
-
AirSnort source code.
- Exploits
- Virus
-
Open Source Security Response Philosophy
-
Secure Operating Systems
- RFC's
- IPv6
- Port Knocking
- Cookies
- Topics for next term
- CAS, Yale CAS, UM CAS, and single signon
- Keychains, methods of key diversity
- Spam and Phishing counter-measures
- CDSA
- PKI and certificates
- SPF: Sender Policy Framework
- DKIM
- Amir Herzberg course.
- Kaminski at HAR2009 (1 of 7)