CS 596 Network Security Home Page

This class will henceforth be entirely focused on Network Security. Network Management topics will be moved to CS 595.

This page is the home page for the CS 596 "Network Security" class. There are a few details on the class (an overview) on this page, but in general more specific details can be found in the syllabus, which can be found below as a separate link. This page serves to tie together various class facilities including the syllabus, assignments, handouts, and on-line lecture slides. It is intended for the use of students in this class and will have links to documents useful for the class. For quarters when the class is taught, it describes the current class. Otherwise it refers to the last class taught.

Click on the coffee icon below to get to the information associated with the label. If you are wondering a coffee icon was used, you will find out as the class proceeds.


Class Overview

This course is currently focused on network security. In order to understand the network security problem, the security section will begin with a review of various forms of network attacks including scanning, exploits and denial-of-service attacks. We will also review various cryptographic mechanisms like symmetric encryption, message digests, and public key crypto. We then turn to network-side security management including both passive measures like firewall defense schemes including packet filers, and bastion hosts. We also look at viruses and email security, intrusion detection systems such as tripwire, and snort, and other security tools. We will then look at security ins/out and "secure" (cryptographically-based) protocols up the network stack at various layers including Layer 2, where we will take an in-depth look at 802.11, Layer 3 (IPSEC), and Layer 7 protocols including ssl, ssh, and kerberos.


How To Find Me


2010 Syllabus (txt)

The syllabus has basic information about the class, where it meets, outline of topics, books, grading, tests, assignments, lesson plan, etc.


Intro (first day) handouts and assignments (txt)

  • bibliography
  • tiger team assignment and overview.
  • tiger team final report

  • Lectures Notes (pdfs or ASCII)

  • intro to network security "flaws" ...
  • network protocol oriented (short) crypto intro
  • botnets lecture
  • firewall lecture
  • network security tools
  • Intro to Snort IDS system (ASCII)
  • link-layer network security mini-lecture
  • 80211 diatribe, start with theory.txt
  • IPSEC lecture
  • combined ssh/ssl lecture
  • email security
  • kerberos
  • ourmon as an anomaly detection system
  • the web as battleground
  • you are what you emit - tempest radiation

  • Class handouts in ASCII

  • various examples of Router/Host ACLs
  • open ssl benchmark examples
  • FreeBSD manual ESP example (MN)
  • FreeBSD manual ESP example (server)
  • Lessons in ssh key management

  • Supplementary Class Reading

  • Cathedral and Bazaar paper
  • RFC 2401 - IPSEC architecture
  • RFC 2246 - TLS Protocol Version 1.0
  • honeynet/irc bot paper

  • Network Security links of interest

  • article on web site scripting attacks
  • sectools - web scanners
  • CERT
  • Internet Storm Center
  • Dshield
  • Cerias/COAST security hotlist page
  • neohapsis archives/various security lists
  • bugtraq (buried in here)
  • Risks digest
  • openssh org page
  • Java security hotlist
  • Bruce Schneier Counterpage page
  • Ron Rivest Cryptography and Security page
  • firewall FAQ
  • ssl faq
  • honeypots
  • risk of key escrow paper
  • snort page
  • snort signatures
  • wildlist - viruses
  • Trend Micro virus alerts
  • f-secure virus info
  • spyware guide database
  • shadowserver - botnet tracking
  • castlecops
  • PSU Center for Information Assurance

  • Email to Jim Binkley:
    jrb@cs.pdx.edu