Announcements

• Twitter account is http://twitter.com/csc524
• Class cancelled April 23.

Syllabus

• Computer Networks and Internets, Fourth Edition by Douglas E Comer, Ralph E. Droms
• Textbook web site
• Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson. (recommended)
• We all need computer accounts, or personal computers for experiements.
• When working on computer networks, heed the Acceptible Use Policies in effect for the university.
• The course is usually about 3 to 5 projects.
• Hand all work into the grader, which is me!
• Office Hours: TBA
• Final date: TBA.
• See all courses index, previous 524 offerings, for an idea about this course.
• Calendar
• Email all assignments to csc524 _at_ zinc.cs.miami.edu.

Class notes

• Introduction
  • OSI Model
  • Use of the layered model; Internetworks, LAN, WAN
  • Peer to peer communications; up and down the stack
  • Survival kit for TCP/IP, TCP/IP in a nutshell.
  • Sockets (PDF file: Beej's Guide to Network Programming)
• The IP protocol, Part I
  • RFC 791 - INTERNET PROTOCOL
  • Cisco page
  • Wikipedia IPv4
  • Wikipedia IPv6
  • Addresses, networks, and subnets: Classful and CIDR
  • Private/Local addresses, Zeroconf addresses.
  • IPv6 and renumbering
• Datagram service, UDP
  • UDP: User Datagram Protocol, packet communications. (RFC 768)
  • Port numbers
    • Well Known Ports (a.k.a. Reserved),
    • Registered ports
    • Ephemeral ports (a.k.a. dynamic)
  • Examples of UDP
    • DNS RFC 1034 RFC 1035 RFC 2181 RFC 2308
    • DHCP/BOOTP RFC 2131
    • TFTP, see also RFC 1350.
• The IP Protocol, Part II
  • Local delivery: RFC 826 - ARP
  • RFC 2453: RIP2
    • Distance Vector
    • Counting to infinity
    • Split horizon, poison reverse, triggered updates
    • Default routers, subnets, authentication, and RIP2
  • OSPF: Link state protocols
  • Autonomous systems and BGP
  • IP fragmentation
  • ICMP, ping, traceroute, and host routing tables.
• Connection service, TCP protocol
  • TCP: Transmission Control Protocol. (RFC 793)
  • Class notes
    • Segment management and acknowlegements
    • Connection establishment
    • Resend timers, Karn's algorithm
    • Congestion control: Slow start and Multiplicative decrease. (Also, Fast retransmit, and other just-so stories) See RFC 2001
    • Silly window syndrome, Nagel's algorithm
    • Network and port address translation
  • Example session:
    • email: SMTP, 822 headers, and MIME ; POP and IMAP
    • HTTP, HTML, CSS, CGI, SHTML, DHTML, and so on.
    • CGI test
    • Web technologies
    • FTP, passive, interaction of protocols
• Network security, protocols, and cryptography
  • Firewalls, NAT, Proxies and Packet Filters
    • Example security architecture
    • Cisco Router, math-gate. Configuration, demo.
    • Cisco PIX Firewall, cs-gate. Configuration, demo.
  • Authentication
    • Authentication
    • SSO and CAS
    • CAS Tracing
    • BAN Logic
  • SSL and the PKI
    • Godzilla crypto tutorial by Peter Gutmann.
    • SSL notes
    • SSH and SSL
    • Secure Socket Layer
    • PKI and certificates
    • SPKI
  • Attacks
    • Viruses and Cross-site scripting
    • Virus, exploits, and intrusions.
    • Smashing the Stack by Aleph One.
  • Countermeasures
    • Email authentication, Trust in Email begins with Authentication, Messaging Anti-Abuse Working Group, March 2008.
    • CDSA
    • SPF: Sender Policy Framework
    • DKIM
• Link level communcations
  (in semester 092 this section came before the security/crypto section)
  • Crash course in communication theory.
    • Bit rate, bandwidth and Noise: Shannon-Hartley Theorem
    • RC circuits, Nyquist rate
    • Modulation, line codes, symbol rate, error correction and detection
    • R. V. L. Hartley Transmission of information (PDF), Bell System Technical Journal, July 1928.
    • C. E. Shannon A mathematical theory of communication (PDF), The Bell System Technical Journal, Vol 27, pp 379-423, 623-656 July, Ocober 1948.
    • C. E. Shannon Communication in the presence of noise (PDF) Proc. Institute of Radio Engineers vol. 37 (1): 10-21. January 1949. http://www.stanford.edu/class/ee104/shannonpaper.pdf
  • Example of local communication: DTE/DCE, RS-232
  • Ethernet, 802.3 and DIX
    • Overview
    • Cisco Documenation
    • 802.3
    • Layer 2 1/2: DIX, 802.3, 802.2 SNAP
    • CSC-32 error checking for all 802.3
    • Ethernet addressology
    • CSMA-CD, jamming, network size, exponential backoff
  • 10-Base-T, or 2 or 5
    • 10Base-T
    • Manchester encoded
  • 100-Base-TX (faster ether)
    • full-duplex, star topologies, auto-negotiate
    • 100Base-TX, 4B5B and MLT-3, SSD, ESD and idle group
  • Gig-E
    • 4 pairs used, PAM-5 encoded, Trellis code,
    • carrier extension and bursting
  • Wi-Fi
    • Class blog about WiFi.
    • Technical Tutorial by Pablo Brenner from Breezecom.
    • Javvin documentation
    • Cisco documentation
  • Bridges, Switches, Hubs and Repeaters
    • Transparent bridges.
    • Spanning Tree Protocol
    • VLAN's

Reading

Assignments

• Project 1: Talker/listener
• Project 2: TFTP server
  1. Read RFC 1350 and section 4.2.3.1 of RFC 1123 (by Feb 12)
  2. Modify your talker/listener to perform the first step of the TFTP protocol, as server. (by Feb 17)
     • The tftp program, part of the standard linux distribution, can be your client to test your server. It takes in alternative port number to the default of 69.
     • Use getopt (man 2 getopt) to implement a -p <portnumber> option.
     • Receive a RRQ or WRQ packet, and return an ERROR packet.
     • Decode the packet and print it out.
  3. Continue your TFTP server to handle RRQ's. Don't worry about time-outs, or any format other than octet. (by Feb 22).
  4. Complete your TFTP server. Implement writes; implement time-outs. (To do timeouts, you will can use the select system all, you have a watchdog thread that sleeps and resends.)
  5. Complete the TFTP Project by March 5 (friday)
• Project 3-warmup
  1. Use telnet to deliver and pop mail from a test server
  2. See additional notes.
• Project 3: POP client
  1. Write a pop client that automatically downloads all email, concatentenating the mail to an mbox file.
  2. Use TCP sockets as shown in bej's guide.
  3. Deliver your code by checking it into your directory of subversion. (Red book)
  4. Please submit by Friday, April 16.
• Project 4: POPS client
  1. Add certificate logic to the project 3 POP client.
  2. You will need to use the bio abstraction. Here is a simple example.
  3. You must validate the POP server's X.509 certificate.
  4. Create a client certificate and use it against the test POP server.
  5. Due: April 30 (last day of class)

References

• Additional textbooks:
  • Radia Perlman, Interconnects: Bridges, Routers, Switches and Internetworking Protocols.
  • Douglas Comer, Internetworking with TCP/IP, Vol I: Principles, Protocols, and Architecture.
  • William R. Cheswick and Steven M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker.
• General Networking
  • Network Programming course at RPI by Dave Hollinger.
  • Cisco: Internetworking Technology Handbook
• Software engineering for security
  • Demystifing Suid, Wagner et. al, Usenix.
• WEP
  • My RC4 example.
  • CRC-32 failure of WEP.
  • SecurityFocus review
  • Attacks on RC4 and WEP, Fluhrer, Mantin, Shamir, Cryptobytes Vol 5., No. 2, 2002, pp 26-34.
  • KoreK attacks in chopper.
    Korek explains some of them.
  • Weakness in the Key Scheduling Algorithm of RC4 Scott Fluhrer, Itsik Mantin, Adi Shamir.
  • Using the Fluhrer, Mantin, and Shamir Attack to Break WEP Adam Stubblefield, John Ioannidis, Aviel Rubin.
  • AirSnort source code.
• Exploits
  • New LAND attack
  • Teardrop
  • Speed Pass broken, Rubin et. al.
  • Word/Excel Reuse RC4 stream.
  • SANS Tutorial: Why your switched network isn't secure.
  • TCP/IP Weakness, Robert Morris
  • Bellovin, TCP/IP Security Issues
• Virus
  • Virus creation
  • Melissa
  • Virus catelog
  • CIAC Melissa bulletin.
  • MySpace worm
• Open Source Security Response Philosophy
  • Full disclosure prinicpals for mozilla.
  • Mozilla security response document.
  • Full dislosure document.
• Secure Operating Systems
  • grsecurity, a secure linux extension.
  • Secure Linux from the NSA.
  • PaX, page-executable kernel modifications.
• RFC's
  • RFC 768: User Datagram Protocol
  • RFC 791: INTERNET PROTOCOL
  • RFC 793: TRANSMISSION CONTROL PROTOCOL
  • RFC 821: SIMPLE MAIL TRANSFER PROTOCOL
  • RFC 822: STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES
  • RFC 826: ARP
  • RFC 1034: DOMAIN NAMES - CONCEPTS AND FACILITIES
  • RFC 1035: DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
  • RFC 1058: Routing Information Protocol
  • RFC 1350: THE TFTP PROTOCOL (REVISION 2) (obsoletes RFC 783)
  • RFC 1939: Post Office Protocol - Version 3
  • RFC 2001: TCP congestion
  • RFC 2045: MIME
  • RFC 2046: MIME
  • RFC 2131: DHCP/BOOTP
  • RFC 2181: DNS clarifications
  • RFC 2222: Simple Authentication and Security Layer (SASL)
  • RFC 2308: DNS negative caching
  • RFC 2453: RIP2
  • RFC 2692: SPKI Requirements
  • RFC 2693: SPKI Certificate Theory
  • RFC 2821: Simple Mail Transfer Protocol. (obsoletes RFC 821)
  • RFC 2822: Internet Message Format. (obsoletes RFC 822)
  • RFC 2829: Authentication Methods for LDAP
  • RFC 3207: STARTTLS extension for SMTP
  • RFC 3501: Internet Message Access Protocol - Version 4rev1.
  • RFC 3700: Internet Official Protocol Standards
  • RFC 4398: Storing certificates in DNS
  • RFC 4871: DKIM
  • RFC 4987: TCP SYN Flooding Attacks and Common Mitigations
• IPv6
  • ABC of IPv6
  • IPv6 Concepts
  • IPv6 Cheat Sheat
• Port Knocking
• Cookies
  • Wikipedia article
  • Cookiecentral
  • See also relevant RFC's.
• Topics for next term
  • Keychains, methods of key diversity
  • Spam and Phishing counter-measures
  • Amir Herzberg course.
  • Kaminski at HAR2009 (1 of 7)