CSC524-F: Networks and Security
Prof. B. Rosenberg
Spring Semester, 2005 (052)
MWF 1:25-2:15
Memorial Building, Room 300
Announcements
- See Spring
2003 for an idea about this course.
- I am on a conference Mon, Feb 28, and the first week of May.
- Midterm, Monday, Feb 28.
- Read Part I of Security Engineering.
Final Exam
- The Takehome Exam (10 pages, PDF)
Out: Wed May 4 00:57:30 EDT 2005
Due: Thu May 12, Midnight. No lateness, please!
Textbooks
Suggested reading
- Radia Perlman, Interconnects: Bridges, Routers, Switches and
Internetworking Protocols.
- Douglas Comer, Internetworking with TCP/IP, Vol I: Principles, Protocols,
and Architecture.
- William R. Cheswick and Steven M. Bellovin, Firewalls and Internet
Security: Repelling the Wily Hacker.
Class notes
- Networking Concepts:
- ISO OSI Model: Physical, Link, Network and Transport Layers
- LAN's v. WAN's
- Packet v. Connection
- ISO OSI Model: Session, Presentation and Application Layers
- SDU's and PDU's, Peer-to-peer protocols
- Design criteria for networks
- Reliable communication using positive acknowledgement
- L2: Datalink layer
- WiFi: special topic in security
- L3: Network layer
- L3 issues,
- Connection oriented: X.25
- Connectionless: IP
- L2/L3 glue: ARP
- RFC 826: ARP.
- RFC 791: IP.
- L3 Routing protocols
- Distance Vector: RIP
- Link State: OSPF
- L4: Transport layer
- packet tranport level: UDP
- stream tranport level: TCP (notes)
See RFC 1122.
- Essential Network Services
- DNS
- BOOTP and DHCP
- FTP, TFTP
- Accessing Network Resources
- Network Security
- Firewalls, Proxies and Packet Filters
- Protocols and Cryptography
- Virus,
exploits, and intrusions.
- Smashing
the Stack by Aleph One.
- Real world experience
- Raman worm.
- CGI attack, analysis and recovery. April 2, 2005, wombat.
Assignments
References
-
General Networking
-
Software engineering for security
-
WEP
- My RC4 example.
- CRC-32 failure of WEP.
- Attacks
on RC4 and WEP, Fluhrer, Mantin, Shamir, Cryptobytes Vol 5., No. 2, 2002,
pp 26-34.
-
KoreK attacks in chopper.
Korek
explains some of them.
-
Weakness in the Key Scheduling
Algorithm of RC4 Scott Fluhrer, Itsik Mantin, Adi Shamir.
-
Using the Fluhrer, Mantin, and
Shamir Attack to Break WEP Adam Stubblefield, John
Ioannidis, Aviel Rubin.
-
AirSnort source code.
Exploits
- Virus
-
Open Source Security Response Philosophy
-
Secure Operating Systems
- RFC's
- IPv6
- Port Knocking