CS 465/665 Computer and Network Security

CS 465/665, Fall 2020 - Dr. Lawlor

Course Zoom        https://alaska.zoom.us/j/9074747678  (see Zoom in a Lawlor class)

Announcements

• Final exam and draft overall course grades are on NetRun's grading area.   I'll be turning these in as your official grades this Wednesday morning, so if I missed anything (which is definitely possible!) please let me know today.
• The course final exam will be noon-1pm Tuesday, December 8.  The format will be exactly like the midterm: open book, open notes, a variety of technical and applied problems focusing on network security, but covering everything.

• We'll have a make-up final project presentation time starting at 11:30am.
• I'll release the final exam Google Form here at noon.  You'll have until 1:30pm to finish, but it should only take about an hour.

• Project final writeups are due Tuesday, December 8 on Blackboard (log in first).  For 465 students, I just need the URL of your technical blog post.  For 665 students, I'd like the PDF of your writeup formatted like a scientific paper.

• Please turn in your final slides here as well.
• If you'd like me to host your final project deliverables here, let me know in the writeup!

• Project presentations--sign up for a presentation timeslot here.  These 7-minute presentations should explain what's interesting about your topic, what you wanted to accomplish, what you did, what worked well and what didn't, and what you'd do differently.  

• I put some brief comments and suggestions on your project draft writeups in NetRun's grade area.  There's a lot of work here, nice job!

• Project draft writeups are due anytime Thursday, November 19 on Blackboard (log in first).  This should be very short, a few pages maximum, summarizing what you did, and what you learned.  465 students should format this like a technical blog post.  665 students should begin to format their writeup like a scientific paper.  Technical blog post examples:

• Raymond Chen's "Why do we even need to define a red zone?" describes an arcane aspect of the stack layout used by Windows, using nice pictures and (I think!) clear text.
• My "Rescuing Data from a Banished Daemon" is short and mostly command lines.  It could probably stand to have more explanation, a picture like a memory map, or a video showing and explaining what's happening step by step.

• HW3: virtual machines and networks is due on Blackboard (log in first) by the end of Thursday, November 12.
• Project proof of concept code is due anytime Thursday, October 29 on Blackboard (log in first).  This version needs to run, and have at least some of the features of the final version, but does not need to do everything you wanted, and does not need to be pretty or polished.
• Project background presentations are in class October 20 & 22.  These 7 minute project background presentations should cover the relevant prior work in the field, interesting results so far, and briefly present your plan for the project.  For me, "why am I doing this" is more interesting than "what am I planning on doing".  

• If you haven't talked to me already, sign up for a presentation timeslot here

• Early grade reports are on the NetRun grading area.  There's not much work to base this on (HW0, HW1, project topic, in-class work) so these aren't a very precise estimate yet!
• HW2: hands-on forensic analysis is due on Blackboard (log in first) anytime Tuesday, October 6.
• Project topics are due out loud in class Thursday, October 1.
• HW1: hands-on cryptography using openssl is on NetRun, and due anytime Tuesday, September 15.
• HW0: adversarial programming is on NetRun, and due anytime Tuesday, September 1.
• Use your @alaska.edu email to set up your NetRun account, then log into NetRun here.  If you don't see a CS 465/665 class listed under your saved files on NetRun, email me and I can fix it immediately

Course Notes

• This week is project presentations--sign up for a presentation timeslot here.

• Tuesday's in-class google doc: https://docs.google.com/document/d/1tpWVf41PhimCHHRedzMmL-4ATB1bAPyy6qVhlY5jY9o/edit#

• 11/24: Course summary and perimeter defense

• 11/19: Advanced buffer overflow, and begin ROP
• 11/17: Network attacks via metasploit

• 11/12: Breaking a web-based cryptocurrency: Roradora
• 11/10: Web security, and real web servers via Python Flask

• 11/05: Hands-on Network API design & security implications
• 11/03: Network protocol design & security

• 10/29: Continue Networking: TCP, UDP, and port/IP based firewalls
• 10/27: Hands-on with Networking: packets, DHCP, ARP, and DNS

• 10/20: Project background presentations, and start of Network Security

• 10/15: Midterm exam in class Thursday: this will be a Google Form, a mix of short answer and multiple choice questions.  It will be synchronous (held during the class period) and open notes, open web, and open NetRun.  Please finish up by 1pm!

• 465 exam link
• 665 exam link
• I'll be on Zoom if you have questions during the exam, but no need to call in otherwise

• 10/13: Course review for midterm exam

• 10/08: Hands-on buffer overflow examples (source), run "capture the flag" style on my server (see also: CS 301 memory layout notes)
• 10/06: Buffer overflow intro (slides) and in-memory code execution (DLL injection) for antiforensics

• 10/01: Detecting system changes
• 09/29 In-class exercise doing live penetration testing on a Linux container.  You will need a working "ssh" and network access to follow along; detailed access instructions are on NetRun.

• 09/24 Securing the Command Line and shell scripts
• 09/22 Virtual Machine configuration

• 09/17 Drive encryption as a forensics countermeasure
• 09/15 Computer forensics

• 09/10 In-class exercise on countermeasures and counter-countermeasures for isolation mechanisms
• 09/08 Isolation between processes, containers, VMs, etc

• 09/03 Cryptocurrency as an application of cryptography and computer security
• 09/01 Public key cryptography: HTTPS and update signing

• 08/27 Cryptography intro: hashing and symmetric ciphers
• 08/25 Slides: Definition of "Secure", adversarial basics, Sun Tzu, map of computer security.  Interactive "What's interesting about computer security?" document

• Recorded class sessions are available here with your UA Google account
• The course syllabus has grading info, course topics, my office hours, and other good stuff.

Computer Security Background Reading

Broad Summaries

• OWASP Top 10 web application vulnerabilities
• MITRE ATT&CK Matrix
• CVE: Common Vulnerabilities and Exposures tracking
• The 6 dumbest ideas in computer security
• Overview of common errors in shopping / finance web apps

Security Blogs / News

• Schneier on Security: good summary of security news in a social context from a technical person.  Schneier wrote the 'blowfish' and 'twofish' ciphers, among others.
• Krebs on Security: excellent in-depth reporting on dark markets, carder sites, and ransomware.  He's been going after eastern european organized cybercrime lately.
• Threatpost: short newsy summaries of new security vulnerabilities
• Kaspersky Labs: readable but solid technical analysis from a Moscow company.
• Hacker News: security news summary site from India.