Network Security - CUNY

Network Security Course #: Spring 2010 CIS 252: Network Security Course Hours: MW 6 - 7:40 pm Course URL: http://comet.lehman.cuny.edu/cantor/spring10/cis252/ Instructor: Yuri Cantor Office Hours: By appointment Email: [email protected] Prerequisites: (recommended: networking, some programming, and unix scripting) Course Description: The course will introduce the topic of network security through an analysis of attack and defense techniques. The course will provide students with an understanding of how to identify and exploit network vulnerabilities and the principles behind securing networks and identifying attacks. Students will also develop a familiarity with various network penetration testing tools and create a portfolio of labs demonstrating their proficiency both defending and penetrating networks. Topics will include scanning, firewalls, intrusion detection, engineering principles, trust, cryptography, and network protocols. Academic Dishonesty: Please see Lehman/CUNY Policy on academic integrity: Policy. And if you aren't sure what constitutes academic dishonesty, please come and see me. Required Text: “Hacking Exposed Network Security Secrets & Solutions Fifth Edition”, Stuart McClure, Joel Scambray, George Kurtz ISBN 0-07-226081-5 Grading: Class participation: 5% Quizes: 20% Lab Assignments: 50% Final: 25% Course Workload: Note: failure to complete any of the work will result in an INC or an F. There will be approximately 5 homeworks. Students will have between 1 and 2 weeks to complete each assignment. Assignments must be submitted by email to [email protected] and are due before the class starts. Late assignments will receive no credit. Students must complete their own assignments and must indicate if they received help or worked with another person on the assignment and who they worked with.

Student Responsibilities: Attendance, Daily reading, Lab assignments, Presentations, Class participation, Class entry/exit slips Students will be expected to come to class having read the assigned reading (articles and textbook). Each class students will be expected to participate in discussions which may involve all or some of the following: answering questions about the reading, presenting a problem from the reading, asking questions about the reading, and presenting or answering questions about the Labs that have been assigned. Each class will either begin with students writing and submitting an entry slip or end with students writing and submitting an exit slip. Tentative Schedule (subject to change): Note: Reading is due before each class, Labs (except for lab 0 which is due the following class) are due before the start of the class two weeks from the day they are assigned. Week 1,2 Reading: (pg 5-40) (pg 41-76) (pg 77-133) (pg 525,526) Intro lecture, networking basics Methodology for attacking, threat models, points of vulnerability Tools for attacking Homework/Lab 0: Test software, submit email of successful testing of softaware Homework/Lab 1: scanning/enumeration and sniffing Week 3,4 Reading: (pg 463-484) Methodology of defending Firewalls Points of protection Tools for defending Homework/Lab 2: configure firewall block all unused ports from scan week 5,6 Reading: Trust How do you break through the configured defenses How do you know your defenses work Testing (software/hardware) Homework/Lab 3: netcat traffic through firewall Week 7,8 Reading: Engineering challenges Engineering principles Follow up on the concept of trust Connecting trust to protcol development/software development Secure services/apps/os/protocols/networks Homework/Lab 4: ARP Spoof, DHCP rogue server man in the middle attack Week 9,10 Reading: (pg 211-235) (pg 487-507) Cryptography Privacy

Integrity Confidentiality Cryptographic vulnerabilities Homework/Lab 5: DOS attack Week 11,12 Reading: Circular problems / assumptions Homework/Lab 6: Use Host based IDS to detect attacks from previous labs Week 13,14 Reading: (pg 348-405) (pg 407-460) Wireless vs wired Protocol analysis Homework/Lab 7: RIP/BGP attack update packet generation