Computer Science 524 Home Page

CSC524-F: Networks and Security

Prof. B. Rosenberg
Spring Semester, 2005 (052)
MWF 1:25-2:15
Memorial Building, Room 300

Announcements

See Spring 2003 for an idea about this course.
I am on a conference Mon, Feb 28, and the first week of May.
Midterm, Monday, Feb 28.
Read Part I of Security Engineering.

Final Exam

The Takehome Exam (10 pages, PDF)
Out: Wed May 4 00:57:30 EDT 2005
Due: Thu May 12, Midnight. No lateness, please!

Textbooks

Computer Security: Art and Science by Matt Bishop
Security Engineering: A Guide to Building Dependable Distributed Systems by Ross J. Anderson,

Suggested reading

Radia Perlman, Interconnects: Bridges, Routers, Switches and Internetworking Protocols.
Douglas Comer, Internetworking with TCP/IP, Vol I: Principles, Protocols, and Architecture.
William R. Cheswick and Steven M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker.

Class notes

Networking Concepts:
- ISO OSI Model: Physical, Link, Network and Transport Layers
- LAN's v. WAN's
- Packet v. Connection
- ISO OSI Model: Session, Presentation and Application Layers
- SDU's and PDU's, Peer-to-peer protocols
- Design criteria for networks
- Reliable communication using positive acknowledgement
L2: Datalink layer
- Characteristics of a LAN
- Token ring and CSMA/CD technology
- Addresses
- Ethernet; DIX, 802.3, 802.2 SNAP
- Bridges: learning bridges, discussion of problems
- STP, the Spanning Tree Protocol
- Special note on securit issues: CAM table overruns.
WiFi: special topic in security
- WiFi (my notes)
- My RC4 example.
- CRC-32 failure of WEP.
- SecurityFocus review of WEP tools.
L3: Network layer
- L3 issues,
- Connection oriented: X.25
- Connectionless: IP
- L2/L3 glue: ARP
- RFC 826: ARP.
- RFC 791: IP.
- L3 Routing protocols
- Distance Vector: RIP
- Link State: OSPF
L4: Transport layer
- packet tranport level: UDP
- stream tranport level: TCP (notes) See RFC 1122.
Essential Network Services
- DNS
- BOOTP and DHCP
  - RFC 2131
  - DHCP trace
- FTP, TFTP
Accessing Network Resources
- Sockets
  - Beej's Guide to Network Programming
- RPC
- SMB (see RPC section of CSC 524 031 Homepage)
Network Security
- Firewalls, Proxies and Packet Filters
  - Example security architecture
  - Cisco Router, math-gate. Configuration, demo.
  - Cisco PIX Firewall, cs-gate. Configuration, demo.
- Protocols and Cryptography
  - Authentication.
  - BAN Logic
  - SSL
  - SSH
- Virus, exploits, and intrusions.
- Smashing the Stack by Aleph One.
Real world experience
- Raman worm.
- CGI attack, analysis and recovery. April 2, 2005, wombat.

Assignments

References

General Networking
- Cisco: Internetworking Technology Handbook
- WiFi Introduction from a commercial vendor.
- Wifi Introduction free chapters in a book from Cisco.
Software engineering for security
- Demystifing Suid, Wagner et. al, Usenix.
WEP
- My RC4 example.
- CRC-32 failure of WEP.
- Attacks on RC4 and WEP, Fluhrer, Mantin, Shamir, Cryptobytes Vol 5., No. 2, 2002, pp 26-34.
- KoreK attacks in chopper.
  Korek explains some of them.
- Weakness in the Key Scheduling Algorithm of RC4 Scott Fluhrer, Itsik Mantin, Adi Shamir.
- Using the Fluhrer, Mantin, and Shamir Attack to Break WEP Adam Stubblefield, John Ioannidis, Aviel Rubin.
- AirSnort source code.
Exploits
- New LAND attack
- Speed Pass broken, Rubin et. al.
- Word/Excel Reuse RC4 stream.
- SANS Tutorial: Why your switched network isn't secure.
- TCP/IP Weakness, Robert Morris
- Bellovin, TCP/IP Security Issues
Virus
- Virus creation
- Melissa
- Virus catelog
- CIAC Melissa bulletin.
Open Source Security Response Philosophy
- Full disclosure prinicpals for mozilla.
- Mozilla security response document.
- Full dislosure document.
Secure Operating Systems
- Secure Linux from the NSA.
- PaX, page-executable kernel modifications.
RFC's
- RFC 826: ARP.
- RFC 791: IP.
- RFC 3700: Internet Official Protocol Standards.
IPv6
Port Knocking