| Date | Topic | Resources / Reading | Notes/Assignments |
|---|---|---|---|
| Week 1 | |||
| Fri 1/13 |
Welcome and Overview |
Reading Assigned: The internet worm program: an analysis Due next Friday |
|
| Week 2 | |||
| Mon 1/16 |
Security Process | ||
| Weds 1/18 |
Front Door vs Back Door Attacks; Netstat; Why Malware is so successful: Homogeneity and Extensibility | ||
| Fri 1/20 |
Quiz 1 on reading Discuss Internet Worm Reading |
Wikipedia: Robert T. Morris The Cornell Commission: On Morris and the Worm RFC 1135 |
|
| Week 3 | |||
| Mon 1/23 |
Timeline of Attacks, Current Trends,
How Big is the Problem Damage Estimates Average People Scenarios |
Timeline of Notable Computer Viruses and Worms
CERT Historical Stats Class Input (2006): World-wide Damage Estimates GoCSI.com Attackers' Black Market Direct costs decline Cybercrime Stories Google blog post on 2009 attacks Aftermath of attacks on Google , December 2010 Update |
|
| Weds 1/25 |
Characterizing Malware, Malware Tracking, CERT, US-CERT |
CERT
US-CERT US-CERT's Technical Cyber Security Alerts Common Vulnerabilities and Exposures (CVE) National Vulnerability Database Symantec Security Response (Business) Malware Naming Conventions Common Malware Enumeration US-CERT Malware Naming Plan Faces Obstacles CME failed Symantec Security Response Virus Definitions McAfee Virus Info , Global Virus Map Kaspersky Lab , SecureList Trend Micro |
|
| Fri 1/27 |
A bit more on malware classification and tracking
Denial of Service, Distributed denial of service, Botnets |
Arbor Networks Infrastructure Security Report
CERT Coordination Center: Denial of Service Attacks Dave Dittrich's Collection of DDOS links DDoS Mitigation Techniques Inferring Internet Denial-of-Service Activity |
|
| Week 4 | |||
| Mon 1/30 |
Denial of Service continued, Conficker, Fast Flux |
Conficker Working Group An Analysis of Conficker's Logic and Rendezvous Points Conficker C Analysis |
|
| Weds 2/1 |
Other Malware techniques, Analysis of a Phishing Toolkit Homework, phishing_sanitized.tar |
xkcd SQL Injection cartoon You-tube video of snooping on electronic voting machine |
Malware Tracking and Characterization Homework due |
| Fri 2/3 |
Technique: Buffer Overflow, buffer overflow lab: bufferOverflow_v2.c |
ASCII table GDB manual Hex Editors |
|
| Week 5 | |||
| Mon 2/6 |
Access Matrix, Access Control Lists, Capabilities, Security Policies | ||
| Weds 2/8 |
Discuss book choices and project ideas; Review | Book choices:
Cyber War by Clarke and Knake , Hackers by Steven Levy , Crypto by Steven Levy , The Cuckoo's Egg by Clifford Stoll Fatal System Error by Joseph Menn |
|
| Fri 2/10 |
Test 1: Overview, Security Process, Determine What You are Protecting, Analyzing the Risks Start Access Control and Security Policies |
||
| Week 6 | |||
| Mon 2/13 |
Security Policies: Bell-LaPadula, Biba, Healthcare data, Privacy of personal data vs Aggregated information | Wed 2/15 |
Prevention, Access Control |
| Fri 2/17 |
FEBRUARY BREAK | ||
| Week 7 | |||
| Mon 2/20 |
Authentication, Passwords, Biometrics, Identity | ||
| Weds 2/22 |
Encryption, Access without Understanding | ||
| Fri 2/24 |
Key Management | ||
| Week 8 | |||
| Mon 2/27 |
Network Prevention, SSH, TLS, IPSec, VPN, Encryption Exercise/Homework | Weds 2/29 |
Firewalls, NATs |
| Fri 3/2 |
Prevention Wrap-up, Review for Test, Discussion of Projects, Start Detection, Logging | ||
| Week 9 | |||
| Mon 3/5 |
Test 2: Determine Legitimate Access and Prevention Logging |
Encryption exercise (HW3) due (Questions 1-7 and Discussion and Investigation #1 i and ii) |
|
| Weds 3/7 |
Quick quiz 2 on reading Book discussion |
Track Down after class | |
| Fri 3/9 |
Finish Logging Detection: Intrusion Detection, Signature-Based, Anomaly-Based, HIDS vs NIDS |
emergingthreats.net Guide to rulesets Ruleset categories New user guide |
|
| Week 10 | |||
| Mon 3/12 |
Detection: Honeypots, Analyzing Malware | Scalability, fidelity and containment in the Potemkin Virtual Honeyfarm | |
| Weds 3/14 |
Detection: Intro to Virus Definitions, Evolution of Anti-Virus |
ClamAV
Creating signatures in ClamAV |
Technical project proposal (hardcopy) |
| Fri 3/16 |
Freedom Downtime | ||
| Week 11 SPRING BREAK | |||
| Week 12 | |||
| Mon 3/26 |
Quick Quiz 4 on Freedom Downtime, Take Down Discuss those plus Hackers |
Watch Take Down before today | |
| Weds 3/28 |
Detection Wrap-up Recovery vs Forensics, Preparation and Recovery |
Security conferences: USENIX Security , IEEE Security and Privacy , ACM Computer and Communications Security, LEET ,
Black Hat ,
Defcon ,
Others
Writing Contest |
3 things learned and 3 criticisms/questions from the Potemkin paper
due in harcopy
|
| Fri 3/30 |
Forensics and Response | ||
| Week 13 | |||
| Mon 4/2 |
Wrap up Recovery/Forensics, Review for Test 3, Response | Updated project proposal (more details/specifics) due in hardcopy please | |
| Weds 4/4 |
Test 3: Detection, Recovery, Forensics/Response | ||
| Fri 4/6 |
Response Start Asses/Reassess |
Project Proposal Update/Status | |
| Week 14 | |||
| Mon 4/9 |
Quick Quiz 5 on reading Discussion of Reflections on Trusting Trust |
Quine page on Self-Reproducing Code | Read Reflections on Trusting Trust for today |
| Weds 4/11 |
Penetration Testing, Assurance |
Products Certified Under
Common Criteria Wikipedia: Common Criteria , TCSEC OS Common Criteria Evaluations: Solaris , Windows 2000 |
|
| Fri 4/13 |
Privacy |
Panopticlick Hoofnagle's Big Brother's Little Helpers |
|
| Week 15 | |||
| Mon 4/16 |
Digital Rights Management |
USACM's DRM Principles Unintended Consequences of DMCA Ed Felten's Freedom To Tinker Site CCIA's Fair Use in the US Economy |
Sign up for technical presentation slot next week |
| Weds 4/18 |
Review LAB: Disassembling , crackme1.zip (HW) |
||
| Fri 4/20 |
Test 4: Assess/Reassess and DRM/Privacy Security Process Revisited |
Turn in proposed list of materials you will turn in for your project | |
| Week 16 | |||
| Mon 4/23 |
Technical Presentations | ||
| Weds 4/25 |
Technical Presentations | ||
| Fri 4/27 |
Technical Presentations | ||
| Week 17 FINALS WEEK | |||
| TBA |
Final Exam TBA | TBA |
Technical project materials: writeup in HARDCOPY in Moodle and all other materials ( slides from presentation, source code, results, trace, etc.) in Moodle if small enough (CD or DVD if not) due by 5 PM |