TDC 577, Spring  2015                                                                           Network Security II

 

Class :                        W 5:45 – 9:00 p.m.

Instructor :                 Dr. Anthony Chung

Office :                       CST 844

 

Office Hours :            M W 3:30 – 5:00 PM Other times by appointment

Phone :                       (312)-362-8724

Fax   :                         (312)-362-6116

 

Email :                        achung@cdm.depaul.edu

While email is a great means of communication, increasingly we are bombarded with a volume of emails that is getting difficult to manage. Please observe the following email etiquette so that we will be able to better focus our energy on learning and getting the most out of the class. It is also part of being professional. Some recruiters were abhorred at some of the emails received from recent recruits. It is important to form the good habit of writing appropriate emails in a professional setting.

- Under normal situation I will respond within two business days. Therefore work on your assignments early so as to give you ample time to ask questions. If I do not respond within the normal time frame, it's properly because one or more of the following etiquettes is not followed.

- Expect lab assistants to respond only during posted lab hours (included in the lab assignment).

- Before sending questions via email or posting questions on the d2l discussion forum, make sure that your question is not already answered on the course syllabus, the d2l website (announcements, discussion forums, assignment information etc), or in the lecture (view the class recording if you missed a class, or if you are an OL student).

- Questions that are of general interest to the entire class should be posted on the course discussion forum.

- Be specific about the subject of the email in the mail subject heading and use proper spelling, grammar, and punctuation.  Include course number in the subject. Please don't respond to an old email with a different subject when asking a new question.

- Include your full name in the message body.

- While you have my permission to address me as Tony, you should not assume that you can address other professors on a first name basis unless you have their explicit permissions.
 

 

 

Home Page :              https://d2l.depaul.edu  (it will open a week before the first day of the course)

 

 

Prerequisites:            TDC 477

                                    Note: This is a STRONG prerequisite, Students are expected to

have a good knowledge of fundamental network security

concepts, and familiarity with the TCP/IP protocols.

 

Required Texts:         There are no required texts for this course.

 

Optional Texts:    They are listed in the schedule below for each topic. They are all available on DePaul's E-Library.

                              The following three books are referred to the most.

                                   TDC 477 optional text: CCNA Security 640-554 - Official Cert Guide  by Keith Barker and Scott Morris,

                                           Cisco Press, 2012. ISBN: 978-1-58720-446-3 

                                              LAN Switch Security – What Hackers Know About Your Switches by Eric Vyncke and Christopher Paggen

                                   Router Security Strategies: Securing IP Network Traffic Planes by Gregg Schudel and David J. Smith 

 

 

                                   

Course Description and Objective:

This course is an advanced class in network security. Topics include: Network Security Auditing; Intrusion Detection and Prevention Systems; Incident Response; Honeypots; Network Infrastructure and Protocol Security: and Security Information Management.

 

Grading

Homework

20%

Labs

20%

        Lab 1 - Snort (Performed on student's own computer)

10%

 

        Lab 2 - Policy Routing (Performed on DLPods or in Network Security Lab)

  5%

 

        Lab 3 - BGP AS Path Attributes (Performed on DLPods or in Network Security Lab)

  5%

Packet Tracer Activities (Performed using packet tracer)

12%

        PT Activity 1 - Layer 2 Security

  3%

 

        PT Activity 2 - Syslog, NTP, SSH

  3%

 

        PT Activity 3 -AAA

  3%

  
        PT Activity 4 -Comprehensive   3%  

Midterm

15%

Final

15%

Class Participation

18%

 

Note: A student must score 60% or more in EACH exam to pass this course.

The following scale is applied if the above condition is met, otherwise a grade of F will be assigned.

A

90-100%

A-

87-89%

B+

84-86%

B

80-83%

B-

77-79%

C+

74-76%

C

70-73%

C-

67-69%

D+

64-66%

D

60-63%

F

<60%

 

 

Every student at or above the class average (calculated over grades of 60% or higher) will get at least an A-. I will adjust the grading scale if the class average is below 87%        

 

 

 Note:

  • Changes to Syllabus: This syllabus is subject to change as necessary during the quarter.  If a change occurs, it will be thoroughly addressed during class, posted under Announcements in D2L and sent via email.

  •  Late assignments will not be accepted. I am strict about this.  Homework solutions are available right after an assignment is due and I cannot accept any assignments submitted after that. All due dates and time are listed in each assignment's dropbox. Please check the schedule and be sure of the due dates (except for participation assignments which are due one week from each class). You must use the homework submission system (drop box) through d2l. If there are problems with the submission system, you may email me a copy of the assignment BEFORE the due time. 

  •  The exams are closed books and notes. You are allowed to bring a 8"X11" sheet with anything written/typed on one side.

  • Class attendance/ viewing of the online lecture is essential as lectures may cover topics outside the readings.  

    • About class participation:
      • For in class students: Attendance is expected for this class. To earn the full participation point for each class you must be in class for at least 80% of the class time (156 minutes).  Also if there’s a documentable and acceptable reason (such as being sick with a doctor’s slip, or a note from your manager about work responsibility), make up for the participation points can be considered. Also check each week's participation exercises in the drop box list. There will be additional activities (e.g. reading assignment) that is to be completed before the next class, and are counted towards your participation points. 2 points are assigned for each week (excluding the exams) with a maximum of 18 pts total.
      • For Online Learning students: Viewing of the lecture is expected.  Complete each week's participation exercises in the drop box list.  2 points are assigned for each week (excluding the exams) with a maximum of 18 pts total. In class exercises are normally assigned as part of the OL partcipation exercises. OL students should attempt the problems on their own first and then correct the answers if necessary after viewing the solutions presented in the lecture. Since solutions are provided in the lecture, you are expected to provide correct answers.
    •
  • Various in-class exercises will be assigned.
  • Any grading questions must be directed to me within 1 week of the posting of the grade. No grade adjustments will be made more than a week after the grade is posted. You should email me with the following information:
    • The assignment
    • The problem in question
    • Why you think you should get a grade rather than the one given.
  • Wireless Internet Access Policy: Please do not work on your laptops / Internet during class except for course related activities.  If you need to do something un-related to the class, please leave the room and complete what you need to do.
  • Please check DePaul’s academic calendar http://oaa.depaul.edu/what/calendar.jsp  for important dates such as last day to add/drop/withdraw from classes.
  • Please make sure that you read and understand DePaul’s academic integrity policy: http://academicintegrity.depaul.edu/AcademicIntegrityPolicy.pdf  For additional resources concerning academic quality, please check here: http://academicintegrity.depaul.edu/Resources/index.html All assignments are individual assignments. You should not work so close with another student as to produce solutions that are identical or almost identical.
    • Under no circumstances should you copy or use simple paraphasing of someone else's work without giving proper credits and references.
    • Please be aware that any written work submitted in this course may be verified using Turn-It-In technology in order to ensure that the work is the student's own creation and not in violation of the University's Academic Integrity Policy. Submission of work in this course constitutes a pledge that the work is original and consent to have the work submitted to verify that fact. 

  • This course covers a lot of materials, with many assignments and activities.  Please work hard to make the most of the course. By enrolling in this class, you are committed to devote enough time so as to learn the materials covered in this class. You should assess your situation to decide if you can devote sufficient amount of time to this class. A grade is assigned soley based on evaluations of the assignments and an assessment of your understanding of the materials through assignments and exams, and nothing else. Extra credits will not be given. Please give your best effort to every assignment and exam. Contact me when you need help to understand course materials. Talk to me at the first sign of problems so that we can decide the best course of action. Please also make sure you understand the University’s incomplete policy at the end of this syllabus. Note that at the graduate level, all grades of repeated courses are calculated into your GPA. In other words, retaking a course and doing better does not erase the earlier lower grade.

  • Changes to Syllabus: This syllabus is subject to change as necessary during the quarter.  If a change occurs, it will be thoroughly addressed during class, posted under Announcements in D2L and sent via email.

     

 

 

 

 

 

Schedule (Tentative): Additional reading/links may be added through out the quarter .

 

Date

Topic

Reading/Reference

Assignments

4-1

Class overview; Traffic Analysis ; Vulnerability Scan;  Nessus

Nessus Network Auditing, second edition, Renaud Deraison et al, Syngress, ISBN : 1-59749-208-6 (Available on Safari)

 

 

About Network Taps:

    http://en.wikipedia.org/wiki/Network_tap#Companies_making_network_TAPs

    http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html

 

ARP poisoning/spoofing tools:

    http://en.wikipedia.org/wiki/ARP_spoofing

 

National Vulnerability Database:

    http://nvd.nist.gov/

The Art of Port Scanning - http://www.phrack.com/issues.html?issue=51&id=11&mode=txt

 

4-8

IDS/IPS

 

Chapters 15 and 16 in CCNA Security 640-554 - Official Cert Guide  by Keith Barker and Scott Morris, Cisco Press, 2012. ISBN: 978-1-58720-446-3 (Available on Safari)

 

Network Intrusion Detection, 3rd  edition, Northcutt & Novak, Prentice Hall/SAMS – ISBN: 0735712654 (Available on Safari)

 

Snort 2.1 Intrusion Detection, 2nd edition, Jay Beale et al, Syngress, ISBN: 1931836043  (Available on Safari)

 

IPS usage survey:

http://www.networkworld.com/news/2008/092308-ips-survey.html

 

An example IDS load balancer:

http://www.radware.com/Solutions/Enterprise/Security/IDSTrafficManagement.aspx

 

Examples of host-based IDSs

 

Free:

http://www.ossec.net/

Patriot NG:  http://www.security-projects.com/?Patriot_NG

Open Source Tripwire: http://sourceforge.net/projects/tripwire/ (only monitors file changes)

 

Commerical:

http://www.tripwire.com/

http://www.iss.net/

 

 

HW #1 due

 

4-15

IDS/IPS (contd.)

Mixing Wheat with the Chaff: Creating Useful Test Data for IDS Evaluation

    http://www2.computer.org/portal/web/csdl/doi/10.1109/MSP.2007.92

 Severity metric example: http://msisac.cisecurity.org/alert-level/

 

4-22

Incident responses; Honeypots

http://honeynet.org

 

Infoworld Article - "No honeyport? Don't bother calling yourself a security pro" http://www.infoworld.com/d/security/no-honeypot-dont-bother-calling-yourself-security-pro-216038

Honeypot for Windows Roger A. Grimes (Available on books 24X7)

 

Nebula: http://nebula.carnivore.it/ 

    A intrusion signature generator based on information collected from honeypots.

 

Policy based routing

 

Configuring Policy-Based Routing

 

Configuring IP Access Lists

Google Hack Database (GHDB) original site: http://www.hackersforcharity.org/ghdb/?function=summary&cat=19

GHDB current site: http://www.exploit-db.com/google-dorks/

Google Hack Honeypot (GHH): http://ghh.sourceforge.net/userfaq.php

 

 

Lab #1  due

4-29

Securing switches

 

 

Chapters 8 in CCNA Security 640-554 - Official Cert Guide  by Keith Barker and Scott Morris, Cisco Press, 2012. ISBN: 978-1-58720-446-3 (Available on Safari)

 

LAN Switch Security – What Hackers Know About Your Switches by Eric Vyncke and Christopher Paggen (available on Safari)

 http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080094c52.shtml (About VTP. There's a flash animation which is a good introduction to VTP)

 

 About the difference between BPDU Filter and BPDU Guard - http://blog.ipexpert.com/2010/12/06/bpdu-filter-and-bpdu-guard/

 

HW #2 due

 

 5-6

Midterm

 
5-13

 

Security Problems in TCP/IP Protocol Suite

 

 

Securing Routers

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 Security problems in TCP/IP protocol suite  https://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf

 

 

 

 Chapters 4 to 7 in CCNA Security 640-554 - Official Cert Guide  by Keith Barker and Scott Morris, Cisco Press, 2012. ISBN: 978-1-58720-446-3 (Available on Safari)

 

 

Router Security Strategies: Securing IP Network Traffic Planes by Gregg Schudel and David J. Smith (available on Safari)

 

NSA Router Security Configuration Guide and Supplement

http://www.nsa.gov/ia/_files/routers/C4-040R-02.pdf

http://www.nsa.gov/ia/_files/routers/I33-002R-06.pdf

 

 

 

 

Lab #2 due

 

Packet Tracer Activity 1 due

5-20

Securing Routers (contd.)

 

 

BGP

 

 

 

 

 

 

 

 Cisco Security Center: http://tools.cisco.com/security/center/serviceProviders.x?i=76

 

 

Chapters 8 and 9 in CCNP: Building Scalable Cisco Internetworks Study Guide (Exam 642-801) by Carl Timm and Wade Edwards  (available on Books 24X7)

 

Cisco BGP case studies

A survey of BGP Security http://ix.cs.uoregon.edu/~butler/pubs/bgpsurvey.pdf

HW #3 due

 Packet Tracer Activity 2 due

5-27

 BGP (contd.)

 

 Secure DNS

BGP community example and application: http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00801475b2.shtml

 http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-2/bgp_communities.html

 

DNS Cache Poisoning http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html

http://www.dnssec.net/

 

Lab #3 due

Pacekt Tracer Activity 3 due

6-3

Security Information and Event Management (SIEM)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Guest speaker from Halock /other topic

 

 Chapters 20 Inside Network Preimeter Security, 2nd edition, Northcutt,  Zeltser, Winters, Frederick & Ritchey, SAMS/Prentice Hall, 2005. (available on Safari)

 

Security Log Management: Identifying Patterns in the Chaos, by Jacob Babbin et al. Syngress Publishing, 2006. (available on Books 24X7)

 

 

 OSSIM  http://www.alienvault.com/open-threat-exchange/projects#ossim-tab

 

A couple of  NetworkWorld articles on SIEM:

  http://www.networkworld.com/reviews/2008/063008-test-siem.html

  http://www.networkworld.com/news/tech/2009/031909-tech-update.html

http://www.networkworld.com/news/tech/2011/081211-siem.html

 

 HW #4 due

Packet Tracer Activity 4 due

6-10

Final

 

 

 

 

Online Instructor Evaluation

Evaluations are a way for students to provide valuable feedback regarding their instructor and the course. Detailed feedback will enable the instructor to continuously tailor teaching methods and course content to meet the learning goals of the course and the academic needs of the students. They are a requirement of the course and are key to continue to provide you with the highest quality of teaching. The evaluations are anonymous; the instructor and administration do not track who entered what responses. A program is used to check if the student completed the evaluations, but the evaluation is completely separate from the student’s identity. Since 100% participation is our goal, students are sent periodic reminders over two weeks. Students do not receive reminders once they complete the evaluation.

Email

Email is the primary means of communication between faculty and students enrolled in this course outside of class time. Students should be sure their email listed under "demographic information" at http://campusconnect.depaul.edu is correct.

Academic Integrity Policy

Academic Integrity Policy

This course will be subject to the faculty council rules on the Academic Integrity Policy

Plagiarism

Plagiarism

The university and school policy on plagiarism can be summarized as follows: Students in this course, as well as all other courses in which independent research or writing play a vital part in the course requirements, should be aware of the strong sanctions that can be imposed against someone guilty of plagiarism. If proven, a charge of plagiarism could result in an automatic F in the course and possible expulsion. The strongest of sanctions will be imposed on anyone who submits as his/her own work a report, examination paper, computer file, lab report, or other assignment which has been prepared by someone else. If you have any questions or doubts about what plagiarism entails or how to properly acknowledge source materials be sure to consult the instructor.

Incomplete

Incomplete

An incomplete grade is given only for an exceptional reason such as a death in the family, a serious illness, etc. Any such reason must be documented. Any incomplete request must be made at least two weeks before the final, and approved by the Dean of the College of Computing and Digital Media. Any consequences resulting from a poor grade for the course will not be considered as valid reasons for such a request.

Resources for Students with Disabilities

Resources for Students with Disabilities

Students who feel they may need an accommodation based on the impact of a disability should contact the instructor privately to discuss their specific needs. All discussions will remain confidential. To ensure that you receive the most appropriate accommodation based on your needs, contact the instructor as early as possible in the quarter (preferably within the first week of class), and make sure that you have contacted the following office for support and additional services:

Center for Students with Disabilities (CSD)                                                                                                                                                                                                            

Lincoln Park Campus, Student Center #370                              Phone number: (773)325.1677
Loop Campus, Lewis Center #1400                                            Phone number: (312)362.8002
Website: http://www.studentaffairs.depaul.edu/csd                    Email: csd@depaul.edu