Network Security Diagram

Course Information

CS 4404: Tools and Techniques - Computer Network Security
Term: D-Term, 2013
Time: 9:00am to 9:50am
Days: Mondays, Tuesdays, Thursdays, and Fridays
Location: Fuller Labs 320

Course Catalog Description

This course introduces students to modern network security concepts, tools, and techniques. The course covers security threats, attacks and mitigations at the operating system and network levels (as opposed to the software level). Topics include: authentication, authorization, confidentiality, integrity, anonymity, privacy, intrusion detection and response, and cryptographic applications. Students will become familiar with modern security protocols and tools. Assignments will involve using security testing software to uncover vulnerabilities, network packet analyzers, and existing security applications to create secure network implementations. The course requires enough programming and systems background to understand attacks and use systems tools, but does not involve significant programming projects. Assignments and projects will use a Linux base for implementation. Students who have credit for CS 558 may not earn subsequent credit for this course. Recommended Background: Knowledge of operating systems (CS3013 or equivalent) and computer networks (CS3516 or equivalent). Familiarity with Linux or Unix is essential.

Teaching Staff

Course Instructor: Craig Shue
Email: cshue at cs.wpi.edu
Office: Fuller Labs 236
Office Hours: Walk-ins welcome. Appointments also available, if desired.

Teaching Assistant: Curtis Taylor
Email: crtaylor at cs.wpi.edu
Office: Fuller Zoo Lab
Office Hours: Mondays: 1pm to 4pm, Wednesdays: 1pm to 4pm

Teaching Assistant: Satya Janga
Email: sjanga at wpi.edu
Office: Fuller Zoo Lab
Office Hours: Mondays: 10am to 12pm, Tuesdays: 12pm to 3pm, Thursdays: 1pm to 2pm

Schedule and Readings

We will plan to cover the following topics in this course:

  • An Overview of Network Security
    • A Definition of Security
    • The notion of "Authorization"
    • The Adversarial Model
    • A list of Goals - the "ity"s
      • Confidentiality
      • Integrity
      • Authenticity
      • Availability
  • Legality and Ethics for Security
     
  • Cryptography Primer
    • Symmetric Key
    • Asymmetric Key
    • Key Agreement
    • Message Authentication Codes
  • Integrity
    • Man-in-the-Middle Attack
    • DNSSec
  • Authentication
    • User Passwords
    • Cached Hashes
    • Session Management (Single Sign-On)
    • IP Address spoofing
    • Public Key Infrastructure
    • Routing (SecureBGP)
  • Authorization/Access Control
    • Firewalls
    • Proxy Servers
    • Detecting Intrusions
    • Capabilities
  • Availability
    • Denial of Service (DoS)
    • Distributed DoS
    • Amplification Attacks
    • Botnets
  • Wireless
    • Crypto.
    • Special considerations
    • Statistical Attacks
  • Isolation for VPNs
    • MPLS
    • IPSec
  • Miscellaneous Topics
    • Anonymity and Privacy
    • Phishing/Social Engineering
    • Forgeries
    • Web Security
    • SSL
    • Redirects
    • Trusted Hardware

Schedule for Readings and Missions

Since this is the first offering of the CS 4404 class, these dates for readings and missions are estimates and are subject to change.

All students are expected to have read the readings prior to arriving for class on the indicated date.

Due Date Topic Area Readings Link
March 11 Security Overview Chapter 1.1 to 1.3: Pfleeger and Pfleeger, "Is there a security problem in computing?", Security in Computing, 4th edition. [PDF]
March 11 MISSION Mission 1 Issued [List]
March 14 Security Overview Chapter 1.4 to 1.5: Pfleeger and Pfleeger, "Is there a security problem in computing?", Security in Computing, 4th edition. [PDF]
March 15 Legality/Ethics David Dittrich, Michael Bailey, Sven Dietrich. "Towards Community Standards for Ethical Behavior in Computer Security Research." Stevens CS Technical Report 2009-1, 20 April 2009. [PDF]
March 18 Legality/Ethics A. Burstein, "Conducting cybersecurity research legally and ethically," in USENIX Workshop on Large- Scale Exploits and Emergent Threats (LEET), 2008. [PDF]
March 18 MISSION Mission 1 Due [List]
March 18 MISSION Mission 2 Issued [List]
March 19 CLASS CANCELED WPI has canceled classes before 10am. Accordingly, we will not meet on Tuesday, March 19.
March 19 Cryptography Chapter 1.1, 1.2, 1.4, 1.5: A. Menezes, P. Van Oorschot, S. Vanstone. "Handbook of Applied Cryptography," CRC Press ISBN: 0-8493-8523-7, October 1996. [PDF]
March 21 Cryptography Chapter 1.6-1.9: A. Menezes, P. Van Oorschot, S. Vanstone. "Handbook of Applied Cryptography," CRC Press ISBN: 0-8493-8523-7, October 1996. [PDF]
March 25 Integrity: Man-in-the-Middle Robert Topolski. "NebuAd and partner ISPs: Wiretapping, forgery and browser hijacking," Washington DC: FreePress, 2008. [PDF]
March 26 Integrity: DNSSEC Giuseppe Ateniese and Stefan Mangard. "A new approach to DNS security (DNSSEC)," ACM Conference on Computer and Communications Security, 2001. [PDF]
March 28 Authenication: Passwords M. Weir, S. Aggarwal, M. Collins, and H. Stern, "Testing metrics for password creation policies by attacking large sets of revealed passwords," in Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010, pp. 162 - 175. [PDF]
March 28 MISSION Mission 2 Due [List]
March 28 MISSION Mission 3 Issued [List]
April 1 Authenication: Single Sign-On J. Steiner, C. Nouman, J. Schiller, "Kerberos: An Authentication Service for Open Network Systems," USENIX conference proceedings, 1988. [PDF]
April 4 Authenication: IP Spoofing C. Shue, M. Gupta, M. Davy, "Packet Forwarding with Source Verification," Computer Networks, vol. 52, issue 8, pages 1567-1582, Jun. 2008. [PDF]
April 8 Authenication: BGP K. Butler, T. Farley, P. McDaniel, J. Rexford. "A Survey of BGP Security Issues and Solutions," Technical Report, AT&T Labs - Research, 2004. [PDF]
April 8 MISSION Mission 3 Due [List]
April 8 MISSION Mission 4 Issued [List]
April 11 Authorization: IDS V. Paxson, "Bro: A system for detecting network intruders in real-time," Computer Networks, vol. 31, no. 23-24, pp. 2435 - 2463, 1999. [PDF]
April 12 Authorization: Capabilities K. Argyraki and D. Cheriton, "Active Internet traffic filtering: Real-time response to denial-of-service attacks," USENIX 2005. [PDF]
April 16 Availability: Botnets S. Staniford, V. Paxson, and N. Weaver, "How to 0wn the Internet in your spare time," in Proceedings of the 11th USENIX Security Symposium, vol. 8, 2002, pp. 149 - 167. [PDF]
April 18 MISSION Mission 4 Due [List]
April 18 MISSION Mission 5 Issued [List]
April 19 VPN: IPSec C. Shue, Y. Shin, M. Gupta, J. Choi, "Analysis of IPSec Overheads for VPN Servers," IEEE International Conference on Network Protocols (ICNP) Network Protocol Security (NPSec) Workshop, Boston, MA, Nov. 2005. [PDF]
April 22 Misc.: Privacy B. Greenstein, R. Gummadi, J. Pang, M. Chen, T. Kohno, S. Seshan, and D. Wetherall, "Can Ferris Bueller still have his day off? Protecting privacy in the wireless era," in Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems. USENIX Association, 2007, p. 10. [PDF]
April 25 Misc.: Phishing C. Herley and D. Florencio, "A profitless endeavor: phishing as tragedy of the commons," in Proceedings of the 2008 ACM Workshop on New Security Paradigms, 2009, pp. 59 - 70. [PDF]
April 29 Misc.: Web Security S. Stamm, Z. Ramzan, M. Jakobsson, "Drive-by Pharming," in Information and Communications Security, 2007. [PDF]
April 29 MISSION Mission 5 Due [List]

Course Policies and Procedures

The following represent the official policies and procedures for the course. Please review this information and, if you have questions, discuss them with the professor as soon as possible.

Ethical Hacking Agreement

In this course, students will learn about security, both from a defender and an attacker's perspective. If these tools or techniques were misued, it could have negative ramifications for the student and university. To avoid any potential misunderstanding, students must submit a signed Ethical Hacking Agreement form in the first week of class.

Students that do not sign an Ethical Hacking Agreement in the first week of class will effectively be dismissed from the class. These students will receive an NR grade for the course and will be unable to participate in the practical activities.

Official Communication

Class discussion, class hand-outs, emails to the student's WPI email account, and the course Web pages are avenues for official course communication. Students are responsible for any information posted through these venues.

Textbooks

We will not be using an assigned textbook in this course. Students will be responsible for obtaining the reading from the links provided by the instructor and, if needed, printing it out for reading.

Class Email

Students must check their email daily. The class email list is automatically created based on official registration information. The teaching staff will use this mailing list to send information to the class.

Questions about the course should be sent to cs4404-staff at cs.wpi.edu. The teaching staff will monitor this list and answer detailed questions, with the instructor handling all policy issues.

InstructAssist

The Blackboard system that powers MyWPI is poorly equipped to support the instruction for this course. Accordingly, we will not be using it. Fortunately, better options are available.

This course will use the InstructAssist system which has been developed for interactive instruction. This system features in-class components, including Quiz Bowls and Activities, as well as out-of-class components, such as assignment submission and grading feedback.

This course will use the ScoreKeeper module in InstructAssist. This module allows automatic evaluation and testing of student work, allowing students to rapidly learn about and address any errors.

You can access the InstructAssist system for this class at https://ia.wpi.edu/classes/2013_d_term_cs4404/. You will be required to log in through WPI's Central Authentication Service with your WPI credentials to access the system.

Assignments

This course will make extensive use of out-of-class assignments called "Missions." Each mission will have a series of objectives that must be met by students in order to earn credit. There will be five or six missions, each with smaller phases. These missions may include a small programming or scripting component, though the focus will be on mastery of tools and techniques.

All missions must be performed independently, unless otherwise indicated. Students may discuss high-level ideas and provide advice to each other to help each other. However, all submitted work must be the result of the student's own efforts and should not include files or systems used by other students. If students have questions about the appropriate about of collaboration, they should contact their instructor.

These missions are designed to allow students to apply the network security concepts learned in class. Many, if not all, of these missions will make use of an isolated computer network to allow students to experiment without introducing risk to the WPI network. Students will be required to use this physically isolated network using a portable computer in which they have administrative access. A virtual machine will be provided to help students with their experiments.

The InstructAssist ScoreKeeper module will be used to test the student assignments and provide immediate feedback on the configuration. This module will also be used for course grading. This system is provided to make the course more productive and beneficial to the students. Any attempts to alter or otherwise falsify test results will be considered "cheating," an instance of academic misconduct, and will be subject to university penalties, including an NR grade in this course.

The ScoreKeeper module may provide feedback in the form of Achievement awards. This feedback will not be included in grading and is merely additional information that students may choose to use or disregard.

Some missions may be completely satisfied by using the ScoreKeeper system, while others may additionally require students to submit documentation, configuration files, or source code. Please check each mission specification to confirm what is required.

Each mission may have a different score weight associated with it. Students should not assume that all missions are of equal weight.

Programming Languages

In this course, the relevant tools students use may impose programming languages constraints. Since this is a 4000-level Computer Science, students are expected to learn a new programming language on-the-fly as needed to complete their tasks. However, students often may select the tool they use, often allowing them to work with tools that use languages the students have mastered.

Since this course is focused on tools and techniques, we recommend students use higher-level languages, such as scripting languages, where possible.

Course Participation and Professionalism

During lectures, students are to be focused on the course. Students should not use materials or electronic devices that would inhibit their attention to the course lecture and discussion. Laptops may only be used for note-taking purposes; transmission capabilities on these devices must be disabled and only appropriate note-taking applications may be used in class.

Students must treat each other and the teaching staff with respect at all times. Disagreement, debates, and criticism of ideas are healthy aspects of academic environments; however, students be careful to avoid demeaning language or comments which can be taken personally. The ability to handle conflict professionally and work with a variety of people is an acquired skill, yet it is increasingly important in technical careers.

Late Submission

No quizzes may be submitted late. No make-up quizzes will be available.

Missions may be submitted late, but with significant penalties. Missions that are late, where t represents the amount of time late, will have the following penalties:

0 minutes < t ≤ 1 day10% deduction from maximum grade before the rest of the grading begins
1 day < t ≤ 3 days30% deduction from maximum grade before the rest of the grading begins
3 days < t ≤ 5 days50% deduction from maximum grade before the rest of the grading begins
5 days < tno credit will be awarded

Missions are due at the exact minute specified, with all times rounded down to the nearest minute. The submission system is synchronized via NTP with the CS department servers. This time will be considered official.

Any missions submitted after 4pm on Tuesday, April 30, 2013 will not be graded.

Course Grading

A total of 80% of the course grade will be determined by grades on the assigned Missions and in-class quizzes. The remaining 20% of the course grade will be attributed to in class participation and professionalism associated with the course. Details on each of these components are as follows:

  • Quizzes (40%): The will be fourteen quizzes, each 10-15 minutes long, at the beginning of selected classes (generally, Tuesdays and Fridays). The two lowest quiz scores will automatically be dropped, allowing for absences, illnesses, or simply "bad days". The quizzes will be short, typically only two questions long. The first question will cover material from reading due before class and will be more factual (and simplistic) in nature. The second question will be more application-oriented, requiring students to apply concepts from prior class discussions to new challenges.
     
  • Missions (40%): There will be multiple missions in the course where students will apply concepts. These missions may have different point values and may have "checkpoint" deliverables in which students must show substantial progress towards completing the project.
     
  • Participation and Professionalism (20%): Students are expected to be engaged in class, answering questions from the instructor and asking questions when needed. Students must regularly attend classes and show up to demonstration times they schedule. Disregard for course policies or unprofessional conduct with students or the teaching staff will be penalized. This grading component is a signed value, allowing students to earn a negative score for abusive behavior. Students that simply attend class each day and participate adequately in Quiz Bowls and Activities should expect to earn around an 85% in participation. Voluntary participation in discussion, via questions or comments, is required to earn full credit in this category.
     

BS/MS Graduate Credit

Students may take this course for graduate credit by students in the BS/MS Computer Science program. Students that are interested in obtaining graduate credit (equivalent to 2 graduate credits) will need to make the appropriate arrangements with the professor at the beginning of the class. Students should expect to make an in-class presentation and paper critique, as well as a minimum final course grade requirement, to obtain such credit.

Student Disabilities

If you need course adaptations or accommodations because of a disability, or if you have medical information to share with me, please make an appointment with me as soon as possible. If you have not already done so, students with disabilities who believe that they may need accommodations in this class are encouraged to contact the Office of Disability Services (ODS) as soon as possible to ensure that such accommodations are implemented in a timely fashion. This office is located in the West St. House (157 West St) and their phone number is 508.831.4908.

Academic Honesty

The WPI Academic Honesty Policy describes types of academic dishonesty and requirements in documentation. In the case of academic dishonesty, I am required to report the incident to the Dean of Student Affairs. Further, my penalty for academic dishonesty is to assign a NR grade for the course.