CSC524-F: Networks and Security
Prof. B. Rosenberg
Spring Semester, 2008 (082)
MWF 1:25-2:15
Memorial Building, Room 300
Announcements
- We all need computer accounts, or personal computers for
experiements.
- When working on computer networks, heed the Acceptible Use Policies
in effect for the university.
- Hand all work into the grader, Aravind, aravindprakash
at mail dot cs dot miami dot edu
- Final date: Thursday, May 1, 11-1:30 (take home project)
Syllabus
Textbooks
Class notes
- OSI Model
- Sockets (PDF file: Beej's Guide to Network Programming)
- Example of local communication: RS-232
- Bit rate, bandwidth and Noise: Shannon-Hartley Theorem
- Signal modulation, channel multiplexing, CRC.
- Ethernet
- Wi-Fi
- Bridges, Switches, Hubs and Repeaters
- The IP protocol
- Routing and routing protocols:
- Datagram service, UDP
- UDP:
User Datagram Protocol, packet communications.
- Port numbers
- Examples of UDP
- Session serivce
- TCP: Transmission Control Protocol.
(RFC 793)
- Class notes
- Segment management and acknowlegements
- Connection establishment
- Resend timers, Karn's algorithm
- Congestion control: Slow start and Multiplicative decrease
- Silly window syndrome, Nagel's algorithm
- Network and port address translation
- Example TCP protocols:
- SMTP, 822 headers, and MIME
- HTTP, HTML, CSS, CGI, SHTML, DHTML, and so on.
- CGI test
- Web technologies
- FTP, passive, interaction of protocols and NAT
- Network programming
- Network security
Assignment
- One
- Read Beej's guide to network programming.
- Write an echo server using the socket API described in Beej's guide.
- Above due Monday, Feb 4.
- Two
- Read chapters 1 through 8 of the textbook.
- Exercises 5.1, 5.2, 5.3, and 5.4. 6.1, 6.2, 6.5, 6.6.
- Due Monday 11 February.
- Three
- Read chapters 9 through 11 of the textbook.
- Read chapters 16 through 24 in the textbook.
- Write a TFTP server. Due after spring break
- Four
- Final
- XSS project:
- Create a sort of message board, visitors book using HTTP and cookies
and demonstrate a XSS scripting attack across it.
- The project should use cookies and the javascript embedded in a comment
or visitor book entry should extract and make use of the cookie.
- The intent is that you use your owrn HTTP server, see project 4, but it
is not necessary.
References
- Additional textbooks:
- Radia Perlman, Interconnects: Bridges, Routers, Switches and Internetworking Protocols.
- Douglas Comer, Internetworking with TCP/IP, Vol I: Principles, Protocols, and Architecture.
- William R. Cheswick and Steven M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker.
-
General Networking
- Software engineering for security
- WEP
- My RC4 example.
- CRC-32 failure of WEP.
- SecurityFocus review
- Attacks
on RC4 and WEP, Fluhrer, Mantin, Shamir, Cryptobytes Vol 5., No. 2, 2002,
pp 26-34.
-
KoreK attacks in chopper.
Korek
explains some of them.
-
Weakness in the Key Scheduling
Algorithm of RC4 Scott Fluhrer, Itsik Mantin, Adi Shamir.
-
Using the Fluhrer, Mantin, and
Shamir Attack to Break WEP Adam Stubblefield, John
Ioannidis, Aviel Rubin.
-
AirSnort source code.
- Exploits
- Virus
-
Open Source Security Response Philosophy
-
Secure Operating Systems
- RFC's
- IPv6
- Port Knocking
- Cookies
- Topics for next term
- CAS, Yale CAS, UM CAS, and single signon
- Keychains, methods of key diversity
- Spam and Phishing counter-measures
- CDSA
- PKI and certificates