CS 465/665 Computer and Network Security
CS 465/665, Fall 2020 - Dr. Lawlor
Course Zoom https://alaska.zoom.us/j/9074747678 (see Zoom in a Lawlor class)
Announcements
- Final exam and draft overall course grades are on NetRun's grading area. I'll be turning these in as your official grades this Wednesday morning, so if I missed anything (which is definitely possible!) please let me know today.
- The course final exam will be noon-1pm Tuesday, December 8. The format will be exactly like the midterm: open book, open notes, a variety of technical and applied problems focusing on network security, but covering everything.
- We'll have a make-up final project presentation time starting at 11:30am.
- I'll release the final exam Google Form here at noon. You'll have until 1:30pm to finish, but it should only take about an hour.
- Project final writeups are due Tuesday, December 8 on Blackboard (log in first). For 465 students, I just need the URL of your technical blog post. For 665 students, I'd like the PDF of your writeup formatted like a scientific paper.
- Please turn in your final slides here as well.
- If you'd like me to host your final project deliverables here, let me know in the writeup!
- Project presentations--sign up for a presentation timeslot here. These 7-minute presentations should explain what's interesting about your topic, what you wanted to accomplish, what you did, what worked well and what didn't, and what you'd do differently.
- Project draft writeups are due anytime Thursday, November 19 on Blackboard (log in first). This should be very short, a few pages maximum, summarizing what you did, and what you learned. 465 students should format this like a technical blog post. 665 students should begin to format their writeup like a scientific paper. Technical blog post examples:
- Raymond Chen's "Why do we even need to define a red zone?" describes an arcane aspect of the stack layout used by Windows, using nice pictures and (I think!) clear text.
- My "Rescuing Data from a Banished Daemon" is short and mostly command lines. It could probably stand to have more explanation, a picture like a memory map, or a video showing and explaining what's happening step by step.
- HW3: virtual machines and networks is due on Blackboard (log in first) by the end of Thursday, November 12.
- Project proof of concept code is due anytime Thursday, October 29 on Blackboard (log in first). This version needs to run, and have at least some of the features of the final version, but does not need to do everything you wanted, and does not need to be pretty or polished.
- Project background presentations are in class October 20 & 22. These 7 minute project background presentations should cover the relevant prior work in the field, interesting results so far, and briefly present your plan for the project. For me, "why am I doing this" is more interesting than "what am I planning on doing".
- Early grade reports are on the NetRun grading area. There's not much work to base this on (HW0, HW1, project topic, in-class work) so these aren't a very precise estimate yet!
- HW2: hands-on forensic analysis is due on Blackboard (log in first) anytime Tuesday, October 6.
- Project topics are due out loud in class Thursday, October 1.
- HW1: hands-on cryptography using openssl is on NetRun, and due anytime Tuesday, September 15.
- HW0: adversarial programming is on NetRun, and due anytime Tuesday, September 1.
- Use your @alaska.edu email to set up your NetRun account, then log into NetRun here. If you don't see a CS 465/665 class listed under your saved files on NetRun, email me and I can fix it immediately
Course Notes
- 10/15: Midterm exam in class Thursday: this will be a Google Form, a mix of short answer and multiple choice questions. It will be synchronous (held during the class period) and open notes, open web, and open NetRun. Please finish up by 1pm!
Computer Security Background Reading
Broad Summaries
Security Blogs / News
- Schneier on Security: good summary of security news in a social context from a technical person. Schneier wrote the 'blowfish' and 'twofish' ciphers, among others.
- Krebs on Security: excellent in-depth reporting on dark markets, carder sites, and ransomware. He's been going after eastern european organized cybercrime lately.
- Threatpost: short newsy summaries of new security vulnerabilities
- Kaspersky Labs: readable but solid technical analysis from a Moscow company.
- Hacker News: security news summary site from India.