Date | Topic | Resources / Reading | Notes/Assignments |
---|---|---|---|
Week 1 | |||
Mon 8/30 |
Welcome and Syllabus, Security vs Computer Security, Security in the News, Quick look at Security Lifecycle, DEFCON show and tell | ||
Wed 9/1 |
Crime vs Computer Crime, Can you Make Something Completely Secure?, Security Lifecyle | Assign the Internet Worm paper, Assign Threat modeling questions | |
Fri 9/3 |
Discuss Threat Modeling Answers, Security is a Tax, Wild West Bank | ||
Week 2 | |||
Mon 9/6 |
Wild West Bank continued, Front door vs Back door, Common Sense Pass around Security Lifecyle | ||
Wed 9/8 |
netstat lab elaboration | ||
Fri 9/10 |
Discuss the Internet Worm paper | ||
Week 3 | |||
Mon 9/13 |
Characterizing Malware, Malware Naming, Vulnerabilities vs Exploits (Which one harder to trace?), Who Traces and Why | ||
Weds 9/15 |
Trends in Malware, History to Present | ||
Fri 9/17 |
Denial of Service | ||
Week 4 | |||
Mon 9/20 |
Buffer Overflow Background | ||
Weds 9/22 |
Buffer Overflow Lab | ||
Weds 9/22 |
Optional: Reverse Engineering/Ghirda talk (8 pm in Zoom) | ||
Fri 9/24 |
Some other attack types: SQL Injection, Cross-site scripting (XSS) | ||
Week 5 | |||
Mon 9/27 |
Access Matrix, Access Control Lists, Capabilities, Security Policies: Bell-LaPadula, Biba
|
||
Weds 9/29 |
Authentication, Passwords, Biometrics, Identity | ||
Fri 10/1 |
nmap lab | ||
Week 6 | |||
Mon 10/4 |
First Perlroth Book Presentation/Discussion (prolog - chapter 2)
Review, Assign Multiple Choice |
||
Wed 10/6 |
Wireshark lab | ||
Fri 10/8 |
Perlroth Book Chapters 3-5 DDOS/NTP Trace Analysis |
||
Week 7 | |||
Mon 10/11 |
FALL BREAK | ||
Wed 10/13 |
Prevention Overview, Network Access Control, Types of Firewalls | ||
Fri 10/15 |
Stateful/Stateless Packet Inspection,
Firewall rules,
Encryption Basics
|
||
Week 8 | |||
Mon 10/18 |
ECB vs Cipher Block chaining, Man in the Middle, Digital Signatures | ||
Wed 10/20 |
Frequency Analysis/Encyrption/Decryption Lab | ||
Fri 10/22 |
Perlroth Book Chapters 6-8 Perlroth Book Chapters 9-10 Moxie Marlinspike - SSL And The Future Of Authenticity (From 4:53 - 26:02) |
||
Week 9 | |||
Mon 10/25 |
Finish Prevention; Survey
Start Detection and Logging |
||
Wed 10/27 |
Detection and Logging
Taste of TryHackMe |
||
Fri 10/29 |
Perlroth 11-13 Begin Intrusion Detection Systems Signature-Based vs Anomaly-Based | ||
Week 10 | |||
Mon 11/1 |
|||
Wed 11/3 |
Questions/Feedback on TryHackMe Assignment; Other Project ideas
Honeypots, Scalability/Fidelity/Containment |
||
Fri 11/5 |
Perlroth 14-16 Look ahead to Anti-Virus; More on Projects |
||
Week 11 | |||
Mon 11/8 |
LAB: Phishing Toolkit,Phishtank, Alternate DNS | ||
Wed 11/10 |
Detection: Malware Signatures, Static vs Dynamic | ||
Fri 11/12 |
Perlroth 17-19
Evolution of Anti-Virus |
||
Week 12 | |||
Mon 11/15 |
AV Signatures: Clam AV Recovery vs Forensics, Preparation and Recovery |
||
Wed 11/17 |
Recovery vs Forensics, Backups and recovery, Backtracking Intrusions Trailers of Takedown/trackdown Part 1 of Freedom Downtime |
||
Fri 11/19 |
Perlroth 20-22 Start Takedown/Trackdown |
||
Week 13 | |||
Mon 11/22 |
Taste of Takedown/Trackdown ( YouTube )and Freedom Downtime ( YouTube ) | ||
Wed 11/24 |
THANKSGIVING | ||
Fri 11/26 |
THANKSGIVING | ||
Week 14 | |||
Mon 11/29 |
Talk a bit about Freedom Downtime vs Takedown/Trackdown Response |
||
Wed 12/1 |
Assess/Reassess; Assurance/Certification
|
||
Fri 12/3 |
Penetration Testing, Assurance
Grad student paper presentations |
||
Week 15 | |||
Mon 12/6 |
Turing Award lecture (1984): Reflections on Trusting Trust | ||
Wed 12/8 |
Discuss Hackers Chapter 2 | ||
Fri 12/10 |
Review | ||
FINALS | |||
Tues 12/14 |
11:45-2:45 B10L Snell Hall |