CS454 Computer & Network Security

 

Time:              T/Th 6:10-7:50pm

Location:            Engineering, Computer Science, and Technology Bldg. Room 257

Instructor:            Edmund Gean           

Office Phone:            (323) 343-4395

Office Hours:            T / Th  5:30-6 pm King Hall D140

Email:            egean@calstatela.edu

Web site: http://www.calstatela.edu/faculty/egean/cs454

 

Prerequisites:           CS447

Required textbook:             Counter Hack by Ed Skoudis                      

           

Description:

This course exposes students to various topics related to computer and network security.  Lab exercises and projects will be included to foster greater understanding in this field. The following is an outline of various areas that will be addressed.

 

Denial-Of-Service attacks

Hacker techniques

            Portscanning

            Exploits

            rootkits

Penetration and vulnerability testing

Packet analyzers

Host-based intrusion detection

Network Intrusion Detection

Firewalls

Router Packet filters and Access Control Lists

Bandwidth managers

Honeypots

Securing Unix and Window systems

Authentication and authorization schemes

Data integrity checking

Auditing and Logging

Encryption

Wireless Security

Incident Response

 

Projects:

            Students will gain practical experience through the following lab projects

-          scan a network to locate machines and open ports

-          find vulnerabilities on machines

-          exploit system vulnerabilities

-          detect compromised machines

-          secure machines through patches and lockdown of open ports

-          detect network intrusion attempts

-          special project

 

Grading policy:

- lab assignments             50%

- special project            10%

- final exam               40%

 

CS 454                                    Reading and Lab Project Assignments

 

Week              Lecture                                              Lab Project

1

 

Chapters 1-4

Introduction

Network Overview

Unix Overview

Windows NT/2000 Overview

 

2

Chapters 5

Reconnaissance

 

 

Portscanning

Install and run nmap (or nmapfe) (www.insecure.org/nmap) port scanner against  machines in lab.   Submit reports generated by nmap (or nmapfe).

3

Chapter 6

 

Scanning (eg nmap, Nessus)

 

 

Penetration and Vulnerability testing

Install and run network-based vulnerability scanner Nessus (www.nessus.org)  against your Linux workstation, Win2000 server, Win2000 client, and Solaris machines. Submit vulnerability reports

4

Chapter 7

Gaining Access via Application/OS attacks

 

Network and Host-based IDS

Install run host-based IDS tripwire (http://www.tripwire.org) on one of your machines. Make a small change to any critical system file and submit report generated by tripwire.

5

Chapter 8

Gaining access via network attacks

 

 

 

Network, Application, & OS Attacks

Locate sites which contain exploits against Windows and Unix systems.

Find a successful exploit against each type of lab computer. Submit a copy of the source code of the exploits and describe how the exploits were used and the results of exploits.

6

Chapter 9

Denial-of-Service attacks

Network intrusion detection system

Install  a copy of  snort (http://www.snort.org)  onto your computer.  Simulate network attacks against your computer (eg. http://www.packetstorm.securify.com/DOS) Turn a  listing of  alerts that the snort IDS detected and the signatures used to detect such attacks.

7

Chapter 10

Maintaining Access

 

Trojan horse backdoors

Install a rootkit or a Trojan horse backdoor (eg. BO2K) onto a machine that is running tripwire. Submit description of how you can maintain access to the machine via backdoor and submit report of tripwire detailing which system files had been modified by rootkit.  Install Network Associates Antivirus.  Will it detect and remove the backdoor program?

 

 

 

8

Chapter 11

Covering Tracks and Hiding

 

Hardening OS

Install and run security benchmarks (http://www.cisecurity.com)  against your Windows, Linux, and Solaris machines. Then harden your machines by tuning operating system configuration settings and applying operating system service patches. Run security benchmarks again. Submit security benchmark reports that were ran before and after the machine were hardened. Describe what changes were made to the operating system.

 

9

Chapters 12-13

Anatomy of an Attack

Future, Resources, Conclusion

 

 

 set up Multi Router Traffic Grapher (MRTG) program (http://www.mrtg.org); monitor any router interface; make graphical reports available to any web browser

 

10

Special Project demo

 

 

Special Project demo

11

Finals (March 18, 2003 7:30pm)