|
|||
| Date | Topic | Resources / Reading | Notes/Assignments | |
|---|---|---|---|---|
| Week 1 | ||||
| Fri 1/11 |
Welcome and Overview |
Reading Assigned: The internet worm program: an analysis Due 1/18 |
||
| Week 2 | ||||
| Mon 1/14 |
Security Process | |||
| Weds 1/16 |
Front Door vs Back Door Attacks; Netstat; Why Malware is so successful: Homogeneity and Extensibility | |||
| Fri 1/18 |
Discuss Internet Worm Reading | Wikipedia: Robert T. Morris The Cornell Commission: On Morris and the Worm RFC 1135 |
1-2 page reaction to paper | |
| Week 3 | ||||
| Mon 1/21 |
Buffer Overflows bufferOverflow.c |
ASCII table GDB manual Hex Editors |
Bring netstat output plus 3 questions about it to class | |
| Weds 1/23 |
Characterizing Malware: Symmantec Security Response, CERT,
Timeline of Attacks, Current trends
|
Notable Worms and Viruses
Timeline of Notable Computer Viruses and Worms US-CERT's Technical Cyber Security Alerts Symantec Security Response (Business) 10 Ten 2007 Security Trends Malware Naming Conventions Common Malware Enumeration US-CERT Malware Naming Plan Faces Obstacles |
||
| Fri 1/25 |
Denial of Service, Distributed denial of service, Botnets | CERT Coordination Center: Denial of Service Attacks Dave Dittrich's Collection of DDOS links DDoS Mitigation Techniques Dshield.org Inferring Internet Denial-of-Service Activity |
1-2 page reaction to reading characterization of malware links from last time | |
| Week 4 | ||||
| Mon 1/28 |
How Big is the Problem Damage Estimates Average People Scenarios Start on passwords |
Class Input: World-wide Damage Estimates
Attackers' Black Market Dirt e-Deeds Done Dirt Cheap Symantec Security Response Cybercrime Stories Direct costs decline |
||
| Weds 1/30 |
Passwords, Biometrics , Identity |
Security Engineering Ch 3 and 13 | Simple quiz on the last week's material buffer overflows, DoS/DDoS, Botnets, web links (especially 1/23 and 1/28) | |
| Fri 2/1 |
MOVIE: Track-down/Take-down |
Wikipedia: Kevin Mitnick Mitnick Consulting |
Exercise 6.3 due: Blaster worm trace Discussion and investigation questions optional | |
| Week 5 | ||||
| Mon 2/4 |
Finish passwords Discuss Takedown and the Hacker Ethic Discuss Exercise 6.3 Start Access Control |
Start reading Hackers by Steven Levy (Part 1); Next time: 1-2 page reaction to Take Down due | ||
| Weds 2/6 |
Access Control (Limit Access) Encryption (Access without understanding) |
Bishop Ch 2 Security Engineering ch 4 |
||
| Fri 2/8 |
Finish Access Control, Start Security Policies: Bell-LaPadula, Biba | Bishop ch 5-7 Security Engineering ch 7-8 |
||
| Week 6 | ||||
| Mon 2/11 |
FEBRUARY BREAK | Weds 2/13 |
Security Policies: Healthcare data, Privacy of personal data vs Aggregated information | Bishop ch 5-7 Security Engineering ch 7-8 |
| Fri 2/15 |
Discuss Part 1 Levy's Hackers, Next time: Bring 1-2 page reaction to class Portrptr, nmap |
|||
| Week 7 | ||||
| Mon 2/18 |
Detecting and Analyzing Malware; Intro to Virus Definitions, Evolution of Virus Scanners | Wikipedia: Anti-virus Wikipedia: Anti-virus software |
||
| Weds 2/20 |
Rootkits, Intrusion Detection Systems, Zero Day Attacks | Start reading Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm and Backtracing Intrusions | ||
| Fri 2/22 |
Logging
Honeypots, Honeynets |
Class Input:Syslog Class Input: Global Log Aggregation The Ins and Outs of System Logging Using Syslog |
||
| Week 8 | ||||
| Mon 2/25 |
Potemkin |
Quiz on Passwords, Access Control and Security Policies Please bring paper to class Bring 1 page reaction to the paper | Weds 2/27 |
Finish Potemkin, Discuss technical projects | Please bring paper to class |
| Fri 2/29 |
Analysis of a Backdoor program (ps, netstat, telnet, strings) | |||
| Week 9 | ||||
| Mon 3/3 |
Backtracking Intrusions | Please bring paper to class Bring 1 page reaction to the paper | ||
| Weds 3/5 |
Prevention: Close off access - close ports, Firewalls,NATs, DMZ | Quiz on Detection, Potemkin and Backtracking Intrusions | ||
| Fri 3/7 |
Analysis of a Phishing Web Site Kit (Jim Owens) | Wikipedia: Phishing | ||
| Week 10 | ||||
| Mon 3/10 |
Discuss Rest of Hackers | Exercise 6.1 in Internet Protocols In Action due Discussion and Investigation Questions optional |
||
| Weds 3/12 |
NAT | Technical project proposal (hardcopy) | ||
| Fri 3/14 |
MOVIE: Freedom Downtime | Freedom Downtime Easter Eggs | ||
| Week 11 SPRING BREAK | ||||
| Week 12 | ||||
| Mon 3/24 |
Recovery/Response: Forensics, Data and system recovery | Class Input: Computer Forensics Class Input: Sarbanes-Oxley Act |
1-2 page reaction to Freedown Downtime due ( compare to Take Down) | |
| Weds 3/26 |
Assurance, Penetration Testing | Wikipedia: Common Criteria ,
TCSEC OS Common Criteria Evaluations: Solaris , Windows 2000 |
||
| Fri 3/28 |
Digital Rights Management |
USACM's DRM Principles Unintended Consequences of DMCA Ed Felten's Freedom To Tinker Site |
||
| Week 13 | ||||
| Mon 3/31 |
Digital Rights Management continued | |||
| Weds 4/2 |
LAB: Disassembling , crackme1.zip |
Quiz on prevention, NATS, recovery and assurance/testing Exercise 6.2 due | ||
| Fri 4/4 |
Reflections on Trusting Trust | Quine page on Self-Reproducing Code | Read Reflections on Trusting Trust for today | |
| Week 14 | ||||
| Mon 4/7 |
Privacy, Anonymity, Remailers, Proxies/Crowds, Digital Cash | Bishop ch 13 Security Engineering ch 20 TOR Freenet Freenet Philosophy |
||
| Weds 4/9 |
Privacy and Anonymity continued | |||
| Fri 4/11 |
LAB:TCP Session Stealing | |||
| Week 15 | ||||
| Mon 4/14 |
Digital Lifelines Testing No More Privacy: All About You |
|||
| Weds 4/16 |
Rest of No More Privacy: All About You | Quiz on DRM and Privacy | ||
| Fri 4/18 |
Review and The Future? New Internet Protocols? Better Defenses Against Zero-Day Attacks, Better Distribution Systems, Better Recovery Tools | |||
| Week 16 | ||||
| Mon 4/21 |
Technical Presentations | |||
| Weds 4/23 |
Technical Presentations | |||
| Fri 4/25 |
Technical Presentations | |||
| Week 17 Finals | ||||
| Mon 4/28 |
||||
| Weds 4/30 |
3:15-6:15 in the ITL ( not SC 356) 1st half - 4 remaining project presentations 2cd half- Optional Final Bring technical project materials - writeup in hardcopy, all materials ( slides, source code, results, trace, etc.) sent in email |
|
|