TDC 577, Spring 2015 Network Security II
Class :
W 5:45 – 9:00 p.m.
Instructor : Dr.
Anthony Chung
Office : CST
844
Office Hours : M W 3:30 – 5:00 PM Other times
by appointment
Phone : (312)-362-8724
Fax : (312)-362-6116
Email : achung@cdm.depaul.edu
Home Page : https://d2l.depaul.edu
Prerequisites: TDC 477
Note: This is a STRONG prerequisite, Students are expected to
have a good knowledge of fundamental network security
concepts, and familiarity with the TCP/IP protocols.
Required Texts: There
are no required texts for this course.
Optional Texts: They are listed in the schedule below for each topic. They are all available on DePaul's E-Library.
The following three books are referred to the most.
TDC 477 optional text: CCNA Security 640-554 - Official Cert Guide by Keith Barker and Scott Morris,
Cisco Press, 2012. ISBN: 978-1-58720-446-3
LAN Switch Security – What Hackers Know About Your Switches by Eric Vyncke and Christopher Paggen
Router Security Strategies: Securing IP Network Traffic Planes by Gregg Schudel and David J. Smith
Course Description and
Objective:
This
course is an advanced class in network security. Topics include: Network
Security Auditing; Intrusion Detection and Prevention Systems; Incident
Response; Honeypots; Network Infrastructure and
Protocol Security:
and Security Information Management.
Grading
Homework |
20% |
|
Labs |
20% |
|
Lab 1 - Snort (Performed on student's own computer) |
10% |
|
Lab 2 - Policy Routing (Performed on DLPods or in Network Security Lab) |
5% |
|
Lab 3 - BGP |
5% |
|
Packet Tracer
Activities (Performed using
packet tracer) |
12% |
|
PT Activity 1 - Layer 2 Security |
3% |
|
PT Activity 2 - Syslog, NTP, SSH |
3% |
|
PT Activity 3 -AAA |
3% |
|
PT Activity 4 -Comprehensive |
3% |
|
Midterm |
15% |
|
Final |
15% |
|
Class Participation |
18% |
|
|
||
Note: A student must score 60% or more in EACH exam to pass this course. The following scale is applied if the above condition is met, otherwise a grade of F will be assigned. |
A |
90-100% |
A- |
87-89% |
B+ |
84-86% |
B |
80-83% |
B- |
77-79% |
C+ |
74-76% |
C |
70-73% |
C- |
67-69% |
D+ |
64-66% |
D |
60-63% |
F |
<60% |
Every student at or above
the class average (calculated over grades of 60% or higher) will get at least an A-. I will adjust the grading scale if
the class average is below 87%
Changes to Syllabus: This syllabus is subject to change as necessary during the quarter. If a change occurs, it will be thoroughly addressed during class, posted under Announcements in D2L and sent via email.
Late
assignments will not be accepted. I
am strict about this. Homework solutions are available right after an
assignment is due and I cannot accept any assignments submitted after
that.
All due dates and time are listed in each assignment's dropbox. Please
check the schedule and be sure of the due dates (except for
participation assignments which are due one week from each class). You
must use the homework submission system (drop box) through d2l.
The exams are closed books and notes. You are allowed to bring a 8"X11" sheet with anything written/typed on one side.
This course covers a lot of materials, with many assignments and activities. Please work hard to make the most of the course. By enrolling in this class, you are committed to devote enough time so as to learn the materials covered in this class. You should assess your situation to decide if you can devote sufficient amount of time to this class. A grade is assigned soley based on evaluations of the assignments and an assessment of your understanding of the materials through assignments and exams, and nothing else. Extra credits will not be given. Please give your best effort to every assignment and exam. Contact me when you need help to understand course materials. Talk to me at the first sign of problems so that we can decide the best course of action. Please also make sure you understand the University’s incomplete policy at the end of this syllabus. Note that at the graduate level, all grades of repeated courses are calculated into your GPA. In other words, retaking a course and doing better does not erase the earlier lower grade.
Changes to Syllabus:
This syllabus is subject to change as necessary during the quarter.
If a change occurs, it will be thoroughly addressed during class, posted
under Announcements in D2L and sent via email.
Schedule
(Tentative): Additional reading/links may be added through out the quarter .
Date |
Topic |
Reading/Reference |
Assignments |
4-1 |
Class overview; Traffic
Analysis ; Vulnerability Scan; Nessus |
Nessus Network Auditing, second edition, Renaud Deraison
et al, Syngress, ISBN : 1-59749-208-6
(Available on Safari) About Network Taps: http://en.wikipedia.org/wiki/Network_tap#Companies_making_network_TAPs
http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html
ARP poisoning/spoofing
tools: http://en.wikipedia.org/wiki/ARP_spoofing
National Vulnerability
Database:
|
|
4-8 |
IDS/IPS |
Chapters 15 and 16 in CCNA Security 640-554 - Official Cert Guide by Keith Barker and Scott Morris, Cisco Press, 2012. ISBN: 978-1-58720-446-3 (Available on Safari)
Network Intrusion Detection, 3rd
edition, Northcutt & Novak, Prentice Hall/SAMS – ISBN: 0735712654
(Available on Safari) Snort 2.1 Intrusion Detection, 2nd edition, Jay Beale et al, Syngress, ISBN: 1931836043 (Available on Safari) IPS usage survey: http://www.networkworld.com/news/2008/092308-ips-survey.html
An example IDS load
balancer: http://www.radware.com/Solutions/Enterprise/Security/IDSTrafficManagement.aspx
Examples of host-based IDSs
Free: Patriot NG: http://www.security-projects.com/?Patriot_NG Open Source Tripwire: http://sourceforge.net/projects/tripwire/ (only monitors file changes)
Commerical: |
HW #1 due |
4-15 |
IDS/IPS (contd.) |
Mixing
Wheat with the Chaff: Creating Useful Test Data for IDS Evaluation http://www2.computer.org/portal/web/csdl/doi/10.1109/MSP.2007.92
|
|
4-22 |
Incident responses; Honeypots |
Honeypot for Windows Roger A. Grimes (Available on books 24X7) Nebula: http://nebula.carnivore.it/ A intrusion signature
generator based on information collected from honeypots. Configuring
Policy-Based Routing
|
|
4-29 |
Securing
switches |
Chapters 8 in CCNA Security 640-554 - Official Cert Guide by Keith Barker and Scott Morris, Cisco Press, 2012. ISBN: 978-1-58720-446-3 (Available on Safari)
LAN Switch Security – What Hackers Know About Your
Switches by Eric Vyncke and Christopher Paggen
(available on Safari) |
HW #2 due |
5-6 |
Midterm |
|
|
5-13 |
Security Problems in TCP/IP Protocol Suite
Securing Routers
|
Security problems in TCP/IP protocol suite https://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf
Chapters 4 to 7 in CCNA Security 640-554 - Official Cert Guide by Keith Barker and Scott Morris, Cisco Press, 2012. ISBN: 978-1-58720-446-3 (Available on Safari)
Router Security Strategies: Securing IP Network
Traffic Planes by Gregg Schudel and David J. Smith (available on Safari) NSA Router Security
Configuration Guide and Supplement http://www.nsa.gov/ia/_files/routers/C4-040R-02.pdf http://www.nsa.gov/ia/_files/routers/I33-002R-06.pdf
|
|
5-20 |
Securing
Routers (contd.)
BGP
|
Chapters 8 and 9 in CCNP: Building Scalable Cisco
Internetworks Study Guide (Exam 642-801) by Carl Timm and Wade
Edwards (available on Books
24X7)
|
HW #3 due
|
5-27 |
BGP (contd.)
Secure DNS |
BGP community example and application: http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00801475b2.shtml
|
Lab #3 due
|
6-3 |
Security Information and Event Management (SIEM)
Guest speaker from Halock /other topic |
Security Log Management:
Identifying Patterns in the Chaos, by Jacob Babbin et al.
Syngress Publishing, 2006. (available on Books
24X7)
OSSIM http://www.alienvault.com/open-threat-exchange/projects#ossim-tab A
couple of NetworkWorld
articles on SIEM: http://www.networkworld.com/reviews/2008/063008-test-siem.html
http://www.networkworld.com/news/tech/2009/031909-tech-update.html
http://www.networkworld.com/news/tech/2011/081211-siem.html |
Packet Tracer Activity 4 due |
6-10 |
Final |
|
Online Instructor Evaluation
Resources for Students with Disabilities
Students who feel they may need an accommodation based on the impact of a disability should contact the instructor privately to discuss their specific needs. All discussions will remain confidential. To ensure that you receive the most appropriate accommodation based on your needs, contact the instructor as early as possible in the quarter (preferably within the first week of class), and make sure that you have contacted the following office for support and additional services:
Center for Students with Disabilities (CSD)
Lincoln Park Campus, Student Center #370 Phone number: (773)325.1677
Loop Campus, Lewis Center #1400
Phone number: (312)362.8002
Website:
http://www.studentaffairs.depaul.edu/csd
Email: csd@depaul.edu