CS 410/596 Net Sec (4/3 credits) Jim Binkley Spring 2004 Course Title: Network Security Syllabus -------- Class time: Tu/Thu, 4:00-5:50 Classroom: OCATE, see sign outside OCATE office door and in Urban 204 at PSU (televised) Office hours: m/w, 8:00-9:00 at PSU office in FAB or by appointment OR send email. PSU Office: FAB 120-14 Email: jrb@cs.pdx.edu Class Page: http://www.cs.pdx.edu/~jrb/netsec.html Mailing list: (do not join until after quarter starts) Send message: netsec@cs.pdx.edu Join: majordomo@cs.pdx.edu Required Texts(2): 1. Network Security, Private Communication in a Public World. Second Edition. Kaufman, Perlman, Speciner. Prentice-Hall. 2002 ISBN 0-13-046019-2. 2. Hacking Exposed, McClure, Scambray, Kurtz. McGraw-Hill. Osborne. Fourth Edition. 2003. ISBN 0072227427. Home page: Note that various class-related documents will be available from the class home page. Students should make themselves familiar with it. Students should also join the class mailing list. Please feel free to participate in class-related discussion on that mailing list. Prerequisites ------------- Students must... CS 594 and C programming skills on UNIX. In general, this class assumes that a student ROUGHLY has some networking background equivalent to what is taught in the CS 594 TCP/IP course or any graduate "intro to networking/communications" course. Students will need to understand how TCP and UDP ports work with client/server setups for common applications like telnet, ftp, etc. They will need to understand how IP packets are routed, how IP addressing works, and how ping and traceroute work. They will need to understand the differences between TCP and UDP. A student lacking this background MAY succeed, but you are encouraged to do background reading in a TCP/IP text. See http://www.cs.pdx.edu/~jrb/tcpip.html for an introductory TCP/IP class including text. Goals ----- This course is currently focused on network security. In order to understand the network security problem, the security section will begin with a review of various forms of network attacks including scanning, exploits and denial-of-service attacks. We will also review various cryptographic mechanisms like symmetric encryption, message digests, and public key crypto. We then turn to network-side security management including both passive measures like firewall defense schemes including packet filers, and bastion hosts. We also look at viruses and email security, intrusion detection systems such as tripwire, and snort, and other security tools. We will then look at security ins/out and "secure" (cryptographically-based) protocols up the network stack at various layers including Layer 2, where we will take an in-depth look at 802.11, Layer 3 (IPSEC), and Layer 7 protocols including ssl, ssh, and kerberos. Class Design ------------ The class is lecture-oriented. The instructor will give a number of lectures on network security topics. We may have a guest lecturer (TBD). There will be four grading events for students, including a midterm, final, a programming project, and a team-oriented tiger attack/defense exercise in the Linux Lab. More details on the "grading events" are provided below. Calendar (this is a rough draft) -------------------------------- Note this is a very informal estimate as to how things may proceed. The instructor may vary the order/sequence/material as we go along. When What Assignments ---- ---- ----------- week of: (note class starts March 29) March 30 attacks programming assignment April 6 crypto review April 13 firewalls, etc. start tiger-team exercise April 20 security tools April 27 snort/ourmon May 4 midterm programming assignment due The midterm will be given at PSU. May 6 L2/wireless 802.11 May 11 L3/IPSEC May 18 ssh/ssl May 25 email security June 1 slippage/kerberos tiger team reports due/tiger team exercise concluded June 8 final week, final most likely given at PSU acc. to PSU final schedule Test time, Tuesday, 3:30-5:20 Network Security book. read relevant chapters, in particular firewalls(23)/ipsec(17/18)/ssl(19)/pki(15) and kerberos chapters. Interested students may read crypto chapters for deep background. Note that Chapter 2 is a good introduction to cryptography. Chapter 9 as an intro to authentication may also be useful. Programming Assignment ---------------------- Using a UNIX system, C code, and the socket mechanism for TCP sockets, students will be expected to design a symmetric-key based session key protocol. The goal of the protocol will be 1. given distributed secret keys, 2. design a protocol that provides at least authentication and confidentiality. Students will be expected to use at least MD5 as a MAC mechanism, and DES as an encryption protocol. The protocol should be client-server based. It should NOT use openssl. Of course you may take md5 and des functions from the openssl library. The final product should consist of at least: 1. a Makefile 2. a protocol description document that precisely explains your protocol with attention to key management issues. Explain the format of the packets on the wire, any crypto-handshake, and how keys are stored for the use of the client/server protocol. 3. C code. 4. some script-based output that proves that your code works. The code should be demonstratable on either a Linux, or solaris system. Tiger-team attack/defense ------------------------ Before we begin, each participant must sign an instructor supplied waver that states that you will not use these boxes to perform non-approved activities outside the subnet that the host is placed on. In the third work of the course, concluding at the beginning of the last week of the course, students will conduct a tiger-team based attack/defense exercise in the Linux lab. Each team will be assigned one Linux box. You will be expected to secure that box, track what the others are doing from the vantage of that box, and given occasional hints by the instructor about what to do to make life interesting for the other teams. IMPORTANT: do you not use any passwords on this box that you use anywhere else on the Internet. At the conclusion of this exercise, each team must write up a 5 page summary report, that discusses: 1. what you did to make your box less insecure., 2. what you did to look for holes in the other systems., and 3. any insecurities found in the other systems, and how they were possibly exploited by you. In addition, each individual team member will write up a short report that explains what he/she did during this project, and what you think the other members of your team did to contribute to your group effort. This individual report will be emailed to the instructor. Grading ------- Midterm: 100 points Final: 100 points Programming assignment: 100 points Tiger-team work: 100 points there may be extra homework 10 points per homework ---- Total: 410 points Your final grade for the course is determined by determining the percentage of the points you earn with respect to the total possible. Each letter grade occupies roughly a 10 point spread (A: 90%-100%, B: 80%-90%etc). Minus and plus grades will be awarded too; e.g., A- will be 90-92. B+ will be 88-89.