CS  410/596 Network Security     	(4/3 credits)		Jim Binkley
Spring 2008 

                                Syllabus
                                --------

Class time:      M/W, 4:40-6:30
Classroom:       DLC/Urban Center 204 at PSU 
Office hours:    M/W, 3:00-4:00 at PSU office in FAB 
                 or by appointment OR send email.
PSU Office:      FAB 120-14
netlab:          FAB 86-04 
Email:           jrb@cs.pdx.edu
Class Page:	 http://www.cs.pdx.edu/~jrb/netsec.html
Mailing list:    mailman list:
		Please join.
		https://mailhost.cecs.pdx.edu/mailman/listinfo/cs596
		Please note that the mailing list is archived on the web.
		Don't ask a question until you look there first.

Required Texts(2):

	1. Network Security, Private Communication in a Public World.
	Second Edition. Kaufman, Perlman, Speciner. Prentice-Hall. 2002 
	ISBN 0-13-046019-2.

	2. Botnets  Jim Binkley, Craig Schiller, etc.  Syngress Publishing.
	2007.   ISBN 1597491357 

Home page:
	Note that various class-related documents will be available
	from the class home page.  Students should make themselves 
	familiar with it.  Students should also join the class mailing 
	list.  Please feel free to participate in class-related
	discussion on that mailing list.

IMPORTANT:
	In order to get into the netlab, you must have a PSU BADGE ID.  
	Be sure and get one, (Neuberger hall), and then make sure you 
	know and communicate your BADGE ID# to the instructor.  A badge
	id is a card key with a picture of you on the front.  Your badge
	number appears somewhere on the badge id.  The badge is issued
	by PSU, not some bank.  The badge id is used to enter the netlab
	via a card reader.

                              Prerequisites
                              -------------
Students must... have taken or have
	CS 594 and C programming skills on UNIX.

In general, this class assumes that a student has some networking
background equivalent to what is taught in the CS 494/594 TCP/IP course
or any graduate "intro to networking/communications" course.  Students
will need to understand how TCP and UDP ports work with client/server
setups for common applications like telnet, ftp, etc.  They will need
to understand how IP packets are routed, ow IP addressing works, and
how ping and traceroute work.  They should understand how Ethernet
works at Layer 2 including the concepts of broadcast domain and MAC
addresses.  They will need to understand the differences between TCP
and UDP.  A student lacking this background MAY succeed, but you are
encouraged to do background reading in a TCP/IP text.

See http://www.cs.pdx.edu/~jrb/tcpip.html for an introductory TCP/IP class including text.

                                Goals
                                -----

This course is currently focused on network security.  In order to
understand the network security problem, the security section will
begin with a review of various forms of network attacks including
scanning, exploits and denial-of-service attacks. We will also review
various cryptographic mechanisms like symmetric encryption, message
digests, and public key crypto.  We then turn to network-side security
management including both passive measures like firewall defense
schemes including packet filers, and bastion hosts.  We also look at
viruses and email security, intrusion detection systems such as
tripwire, and snort, and other security tools.  We will then look at
security ins/out and "secure" (cryptographically-based) protocols up
the network stack at various layers including Layer 2, where we will
take an in-depth look at 802.11, Layer 3 (IPSEC), and Layer 7 protocols
including ssl, ssh, and kerberos.

			     Class Design
			     ------------

The class is lecture-oriented.  The instructor will give a number
of lectures on network security topics.  We may have a guest lecturer (TBD).
There will be four grading events for students, including a midterm, final, a 
programming project, and a team-oriented tiger attack/defense exercise in a lab at PSU.
More details on the "grading events" are provided below.

                    Calendar (this is a rough draft)
                    --------------------------------

Note this is a very informal estimate as to how things may proceed.
The instructor may vary the order/sequence/material as we go along.

When                        What                            Assignments
----                        ----                            -----------

week of:
March 31     		crypto review first, attacks     programming assignment                                                          out on wed

April 7        		attacks, IRC and botnets
								
April 14       		firewalls, etc.			start tiger-team exercise
							    
April 21      		network security tools

April 28       		IDS tools: snort/ourmon
					
May   5, 7     		catchup, midterm		
			midterm on the 7th,             prog. assignment due
							on the 7th
							
May   12   		L2/wireless 802.11
May   19       	        L3/IPSEC
			
May   26        	ssh/ssl				tiger team reports due
							at class Wed, 
							exercise concludes 
							Wed nite at midnight.
note: Monday May 26 is a holiday, so only class is Wed.

June  2        		email/kerberos 

June  9       		final week, final at PSU
			Test time, June 9, Monday, 5:30, 7:20
			See:
			http://www.pdx.edu/registration/final_exam_sched.html

				2008
March 31 is Monday

	 Apr			May		       Jun
 S  M Tu  W Th  F  S    S  M Tu  W Th  F  S    S  M Tu  W Th  F  S
       1  2  3  4  5                1  2  3    1  2  3  4  5  6  7
 6  7  8  9 10 11 12    4  5  6  7  8  9 10    8  9 10 11 12 13 14
13 14 15 16 17 18 19   11 12 13 14 15 16 17   15 16 17 18 19 20 21
20 21 22 23 24 25 26   18 19 20 21 22 23 24   22 23 24 25 26 27 28
27 28 29 30            25 26 27 28 29 30 31   29 30

Network Security book.  read relevant chapters, in particular
firewalls(23)/ipsec(17/18)/ssl(19)/pki(15) and kerberos chapters.  
Interested students may read crypto chapters for deep background.  
Note that Chapter 2 is a good introduction to cryptography.  
Chapter 9 as an intro to authentication may also be useful. 
The botnets book has some useful material on both attack prevention,
and ourmon.  Chapters 3, 5, 6-9, and 10 as well as the last
chapter are recommended.

		        Programming Assignment
                        ----------------------

Using a UNIX system, C code, and the socket mechanism for TCP sockets,
students will be expected to design a symmetric-key based session key protocol.
The goal of the protocol will be 1. given distributed secret keys, 2. design
a protocol that provides authentication and confidentiality and can be upgraded
from one set of crypto functions to another.  Students will be expected to use 
at least MD5 as a MAC mechanism, and DES as an encryption protocol.  
The protocol should be client-server based.  It should NOT use openssl.  
It should have some form of session-key mechanism.  Our goal here is not to 
understand public key crypto but to understand issues of key management within 
protocol design as well as the general nature of a cryptographic protocol.  
Of course you may take MD5 and DES functions from the openssl library.  

The final product should consist of at least:

	1. a Makefile
	2. a protocol description document that precisely explains
	your protocol with attention to key management issues.  Explain
	the format of the packets on the wire, any crypto-handshake, and
	how keys are stored for the use of the client/server protocol.
	3. C code.
	4. some script-based output that proves that your code works.

The code should be demonstratable on either a Linux, or solaris system.

			Tiger-team attack/defense
			------------------------

Before we begin, each participant must agree that you will not use these boxes 
to perform non-approved activities outside the subnet that the host is placed on.

In the third work of the course, concluding near the end of the course, 
students will conduct a tiger-team based attack/defense
exercise in a lab to be determined.  Each team will be assigned one Linux box.
You will be expected to secure that box, track what the others are doing
from the vantage of that box, and given occasional hints by the instructor
about what to do to make life interesting for the other teams.  

IMPORTANT: do you not use any passwords on this box that you use anywhere
else on the Internet.

At the conclusion of this exercise, each team must write up a 5 page summary
report, that discusses: 
	1. what you did to make your box more secure., 
	2. what you did to look for holes in the other systems., 
	3. attacks you detected made by others on your box, and 
	4. any insecurities found in the other systems, and how they were 
	possibly exploited by you.  

In addition, each individual team member will write up a short report that explains
what he/she did during this project, and what you think the other members of your
team did to contribute to your group effort.  This individual report will be
emailed to the instructor by thursday of the final week of class.


                             Grading
                             -------
Midterm:                        100 points
Final:	                        100 points
Programming assignment:		100 points
Tiger-team work:		100 points
                                ----
Total:                          400 points

There may be an occasional homework assignment.

Your final grade for the course is determined by the
percentage of the points you earn with respect to the total possible.
Each letter grade occupies roughly a 10 point spread (A: 90%-100%, B:
80%-90%etc).  Minus and plus grades will be awarded too; e.g., A- will
be 90-92.  B+ will be 88-89.