CS 410/596 Network Security (4/3 credits) Jim Binkley Spring 2010 Syllabus -------- Class time: T/Th, 4:40-6:30 Classroom: DLC 204 Office hours: T, 2-3:30 pm. Go to netlab FAB 86-04 or by appointment OR send email. PSU Office: FAB 120-14 netlab: FAB 86-04 Email: jrb@cs.pdx.edu Class Page: http://www.cs.pdx.edu/~jrb/netsec.html Mailing list: mailman list: Please join. https://mailhost.cecs.pdx.edu/mailman/listinfo/cs596 Please note that the mailing list is archived on the web. Don't ask a question until you look there first. Note: the mailing list is ready as of 3/23/2010. Required Texts(2): 1. Network Security, Private Communication in a Public World. Second Edition. Kaufman, Perlman, Speciner. Prentice-Hall. 2002 ISBN 0-13-046019-2. 2. Botnets Jim Binkley, Craig Schiller, etc. Syngress Publishing. 2007. ISBN 1597491357 Home page: Note that various class-related documents will be available from the class home page. Students should make themselves familiar with it. Students should also join the class mailing list. Please feel free to participate in class-related discussion on that mailing list. IMPORTANT: In order to get into the netlab, you must have a PSU BADGE ID. Be sure and get one, (Neuberger hall), and then make sure you know and communicate your BADGE ID# to the instructor. A badge id is a card key with a picture of you on the front. Your badge number appears somewhere on the badge id. The badge is issued by PSU, not some bank. The badge id is used to enter the netlab via a card reader. BRING BADGE ID TO FIRST CLASS. Prerequisites ------------- Students must... have taken the equivalent to CS594, or some intro to networking class In general, this class assumes that a student has some networking background equivalent to what is taught in the CS 494/594 TCP/IP course or any "intro to networking/communications" course. Students will need to understand how TCP and UDP ports work with client/server setups for common applications like telnet, ftp, etc. They will need to understand how IP packets are routed, ow IP addressing works, and how ping and traceroute work. They should understand how Ethernet works at Layer 2 including the concepts of broadcast domain and MAC addresses. They will need to understand the differences between TCP and UDP. A student lacking this background MAY succeed, but you are encouraged to do background reading in a TCP/IP text. See http://www.cs.pdx.edu/~jrb/tcpip.html for an introductory TCP/IP class including text. Goals ----- This course is currently focused on network security. In order to understand the network security problem, the security section will begin with a review of various forms of network attacks including scanning, exploits and denial-of-service attacks. We will also review various cryptographic mechanisms like symmetric encryption, message digests, and public key crypto. We then turn to network-side security management including both passive measures like firewall defense schemes including packet filers, and bastion hosts. We also look at viruses and email security, intrusion detection systems such as tripwire, and snort, and other security tools. We will then look at security ins/out and "secure" (cryptographically-based) protocols up the network stack at various layers including Layer 2, where we will take an in-depth look at 802.11, Layer 3 (IPSEC), and Layer 7 protocols including ssl, ssh, and kerberos. Class Design ------------ The class is lecture-oriented. The instructor will give a number of lectures on network security topics. We may have a guest lecturer (TBD). There will be three grading events for students, including a midterm, final and a team-oriented tiger attack/defense exercise in a lab at PSU. More details on the "grading events" are provided below. Calendar (this is a rough draft) -------------------------------- Note this is a very informal estimate as to how things may proceed. The instructor may vary the order/sequence/material as we go along. When What Assignments ---- ---- ----------- note: first class, is Tuesday, March 30 week of: March 30 crypto review first, attacks April 5 attacks, IRC and botnets April 12 firewalls, etc. start tiger-team exercise April 19 network security tools April 26 IDS tools: snort/ourmon May 4, 6 catchup, midterm midterm on the 6th, May 10 L2/wireless 802.11 May 17 L3/IPSEC May 24 ssh/ssl tiger team reports due at class Thurs, exercise concludes Thurs nite at midnight. note: Monday May 31 is a holiday May 31 email/kerberos June 7 final week, final at PSU Test time, June 8, Tuesday: 5:30-7:20 See: http://www.pdx.edu/registration/final-exams-schedule Network Security book. read relevant chapters, in particular firewalls(23)/ipsec(17/18)/ssl(19)/pki(15) and kerberos chapters. Interested students may read crypto chapters for deep background. Note that Chapter 2 is a good introduction to cryptography. Chapter 9 as an intro to authentication may also be useful. The botnets book has some useful material on both attack prevention, and ourmon. Chapters 3, 5, 6-9, and 10 as well as the last chapter are recommended. 2010 January February March S M Tu W Th F S S M Tu W Th F S S M Tu W Th F S 1 2 1 2 3 4 5 6 1 2 3 4 5 6 3 4 5 6 7 8 9 7 8 9 10 11 12 13 7 8 9 10 11 12 13 10 11 12 13 14 15 16 14 15 16 17 18 19 20 14 15 16 17 18 19 20 17 18 19 20 21 22 23 21 22 23 24 25 26 27 21 22 23 24 25 26 27 24 25 26 27 28 29 30 28 28 29 30 31 31 April May June S M Tu W Th F S S M Tu W Th F S S M Tu W Th F S 1 2 3 1 1 2 3 4 5 4 5 6 7 8 9 10 2 3 4 5 6 7 8 6 7 8 9 10 11 12 11 12 13 14 15 16 17 9 10 11 12 13 14 15 13 14 15 16 17 18 19 18 19 20 21 22 23 24 16 17 18 19 20 21 22 20 21 22 23 24 25 26 25 26 27 28 29 30 23 24 25 26 27 28 29 27 28 29 30 30 31 Tiger-team attack/defense ------------------------ Before we begin, each participant must agree that you will not use these boxes to perform non-approved activities outside the subnet that the host is placed on. In the third work of the course, concluding near the end of the course, students will conduct a tiger-team based attack/defense exercise in the network lab. Each team will be assigned one host computer. You will be expected to secure that box, track what the others are doing from the vantage of that box, and given occasional hints by the instructor about what to do to make life interesting for the other teams. IMPORTANT: do you not use any passwords on this box that you use anywhere else on the Internet. At the conclusion of this exercise, each team must write up a 5 page summary report, that discusses: 1. what you did to make your box more secure., 2. what you did to look for holes in the other systems., 3. attacks you detected made by others on your box, and 4. any insecurities found in the other systems, and how they were possibly exploited by you. In addition, each individual team member will write up a short report that explains what he/she did during this project, and what you think the other members of your team did to contribute to your group effort. This individual report will be emailed to the instructor by thursday of the final week of class. Grading ------- Midterm: 100 points Final: 100 points Tiger-team work: 100 points ---- Total: 300 points There may be an occasional homework assignment. Your final grade for the course is determined by the percentage of the points you earn with respect to the total possible. Each letter grade occupies roughly a 10 point spread (A: 90%-100%, B: 80%-90%etc). Minus and plus grades will be awarded too; e.g., A- will be 90-92. B+ will be 88-89.