CS581 Computer & Network Security (Winter 2012)

 

Lectures:          Tuesdays 6:10-9:50pm  Engineering, Computer Science, & Technology Bldg. Room  A210 and C245

 

Instructor:        Edmund Gean                           Email:   egean@calstatela.edu

Phone:  (323) 343-4395               Office:  Library North B18

 

Office Hours:    Tuesdays 5:00-6 pm Library North B18

           

Description:     This course exposes students to various techniques related to defending your computers and networks. Topics covered include Denial-Of-Service attacks, packet analyzers, host-based intrusion detection, firewalls, and VPN.  Lab exercises and projects will be included to foster greater understanding in this field.

 

Course Goals: At the end of the course, students will be able to:

 

-perform a security assessment of an organization’s network via  penetration test and identify vulnerabilities

-harden MS Windows and Unix operating systems

-install intrusion detection systems, firewalls, and VPNs

 

Prerequisites:   CS447 (computer networks) or CS470 (computer networking protocols)

                        http://www.calstatela.edu/faculty/egean/cs447/cs447%20syllabus.htm

                        http://www.calstatela.edu/faculty/egean/cs447/lecture-notes-sybex2007/

 

Required textbook:       Counter Hack Reloaded by Ed Skoudis  (lecture notes available online at

                                    http://www.calstatela.edu/faculty/egean/cs581/lecture-notes )

Recommended  textbooks:       Network Security Principles and Practices by Saadat Malik (lecture notes online)

(http://www.calstatela.edu/faculty/egean/cs581/network-security-principles-and-practices.pdf )

                                                Network Security Technologies and Solutions by Yusuf Bhaiji

                                    (http://www.calstatela.edu/faculty/egean/cs581/Network_Security_Technologies_and_Solutions.pdf )

 

References:      Free packet capture and decode software at http://www.wireshark.org/           

                        Free ebooks at http://mimas.calstatela.edu/login?url=http://proquest.safaribooksonline.com/

                        Documentation of Cisco equipment at http://www.cisco.com

 

Topics:

Denial-Of-Service attacks & hacker techniques

            Port scanning, penetration, and vulnerability testing

packet analyzers and sniffers

host and network-based intrusion detection

firewalls, packet filters, and access control lists

securing Unix and Window systems

authentication, authorization, and accounting

data integrity checking & encryption schemes

 

Projects:

            Students will gain practical experience through the following lab projects

-          scan a network to locate machines and open ports

-          find vulnerabilities on machines

-          configure firewall & setup VPN

-          setup network-based detection system

 

Grading policy:  Overall grade will be comprised of the following components

- lab assignments          40%

- final exam                   60%

 

A          90-100

            B          80-89

            C          65-79

            D          50-64

            F          0-49

 

Academic Integrity: Cheating will not be tolerated. Cheating on any assignment or exam will be taken seriously.  All parties involved will receive a grade of F for the course and be reported to the Academic Senate

CS581 Reading and Lab Project Assignments

 

 

Week               Lecture                                               Lab Project

1

Chapters 1,2 (Counter Hack)

Introduction

Network Overview

 

 

2

Chapters 3,4,6 (Counter Hack)

Unix Overview

Windows NT/2000 Overview

Scanning (eg nmap, Nessus)

Port scanning

Install nmap (or nmapfe) (http://nmap.org) port scanner onto your laptop or home computer and perform a TCP port scan and a UDP port scan of another computer.   Submit reports generated by nmap (or Zenmap) containing list of open TCP & UDP ports. Also submit output of “netstatna” command on computer that was scanned. Be sure to temporarily turn off any host-based firewall software if needed so that outputs of nmap and “netstatna  indicate the same number of open ports.

3

Chapter 5,7 (Counter Hack)

Reconnaissance

Gaining Access via application/OS attacks

Penetration and Vulnerability testing

Install a network-based vulnerability scanner Nessus (www.nessus.org)  onto your computer and perform a vulnerability scan of another. Submit vulnerability report of services that pose medium or high security risk.  Be sure to temporarily turn off any host-based firewall software if needed to get meaningful output.

4

Chapters 5-8 (Malik)

Secure Switching

NAT

PIX firewall

Firewall

Place one computer on the outside interface and a server on inside interface of a  Cisco Pix firewall. Configure the firewall to block outside users from initiating any connection to the inside server except through TCP port 22 (ssh). Turn on logging and submit copy of firewall config file and output of “show logging” as evidence that firewall is blocking all conversations initiated from outside except for ssh. You may need to download from the Internet a free ssh server.  http://www.cisco.com/en/US/docs/security/pix/pix63/quick/guide/63_501qk.html

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm

5

Chapter 8,9 (Counter Hack)

Gaining access via network attacks

Denial-of-Service attacks

 

6

Chapters 10, & 13 (Malik)

VPN

IPSEC

IPSec VPN

Setup a site-to-site  IPSec VPN tunnel between your Cisco router and your Cisco PIX firewall.  Submit (i) the configuration files used on the two Cisco devices and (ii) evidence that the IPSec tunnel works via output of debug ipsec, show crypto isakmp sa, and show crypto ipsec sa on both Cisco PIX firewall and on Cisco router

7

Chapters 9, 14, & 15 (Malik)

IOS firewall

Network Intrusion Detection

Network intrusion detection system

Install Snort (http://www.snort.org)  onto your computer.  Simulate two different network attacks against your computer. Turn in a  listing of  two different alerts that the snort IDS detected and submit printout of  the two signature definitions Snort used from its signature definition files to detect the two types of attack.

8

Chapters 16-18 (Malik)

AAA

TACACS+

RADIUS

AAA

Configure your Cisco router to use AAA for user authentication via  a TACACS+ or RADIUS server (such as Clearbox) that you installed on your computer. Submit the configuration files used on the Cisco router.  Submit screenshots of decoded packet capture of TACACS+ or RADIUS packets as evidence  that AAA authentication works whenever you telnet to your router.

9

Chapter 10,11 (Counter Hack)

Maintaining Access

Covering Tracks and Hiding

Exploit code generation

Create an exploit using Metasploit that can be successfully used against a vulnerability (install a vulnerable application if needed) on your computer using tools provided at http://www.metasploit.com/framework/ .  Which vulnerability was exploited? Which server port number was vulnerable?

Provide evidence that this exploit was successful via screenshots, packet captures, and output of “netstat –a”

10

TBD

 

11

Final Exam (March 20, 2012 7:30pm)