Network Security Fall 2023
Network Security explores practical elements of securing networked systems and services. The course goals are the following:
- Provide a solid understanding of the design and analysis of network security architectures, protocols, and services
- Provide an in-depth examination of contemporary network security standards and their limitations
- Provide hands-on experience in attacking and defending network services
Topics covered by this course include:
- Security foundations
- Low-level network attacks
- Wireless security
- Naming and routing
- Privacy and anonymity
- Web security
- Cloud applications
- Network service vulnerabilities
- Malicious campaigns and exploitation
- Class is held Tuesdays and Fridays 9:50–11:30 in EXP 204
- Office hours are Tuesdays 15:00–16:00 and Fridays 12:00–13:00 in ISEC 609
- TA hours are Wednesdays 11:50–12:50 in INV 016
Grades will be assigned based on the completion of assignments, labs, and in-class participation. Final grades may be subject to a curve.
Assignments will consist of programming problems. Students will have ~1-2 weeks to complete each assignment. Assignments will be completed in groups of ~4. Late assignments will be accepted, with the caveat that grading will be penalized by a full letter grade for each 24-hour period following the submission deadline that an assignment is late. Re-grades of assignments may be permitted, with an associated penalty. The assignment with the lowest score will be dropped from the final grade calculation.
Labs will be completed in class in the same groups as for assignments. The lab with the lowest score will be dropped from the final grade calculation.
Groups will be rotated periodically, and individual scores will be weighted by peer assessments.
This course requires programming maturity, and a solid background in computer networking. You can expect that the assignments will involve non-trivial programming, in some cases using low-level OS or library APIs. Moreover, you must have passed a networking course covering design concepts and programming APIs for IP, TCP, and UDP, at a minimum. It is very difficult for most students to learn networking concepts on the fly and simultaneously pass this class. If you don’t satisfy this prerequisite, you should only take this class after you have done so.
In addition, practical familiarity with the following or the ability to refer to other references and documentation for the following is also required:
- Container stacks (OCI, Docker)
If you aren’t familiar with these technologies or are uncomfortable referring to available documentation on your own, you will likely have significant difficulty with this course.
As a concrete example for calibration purposes: If asked to write a TCP client that connects to a remote endpoint and engages in a simple binary proof-of-work protocol from a grammar-based specification, this should take on the order of a couple of hours rather than a week.
Cheating. Work submitted for grading must represent your own effort. Group work is not allowed unless specifically stated otherwise. Similarly, use of third-party content (for code, whether as a library, service, or in source form) is only permissible in the context of the allowances explicitly made as part of a problem statement. “Use” in this context refers not only to copying in the cut-and-paste sense, but any content derived from third-party work. A non-exhaustive list of plagiarism examples include:
- Copying third-party code verbatim that was published in an online source code repository, forum, or other reference site such as GitHub, GitLab, Stack Overflow, Wikipedia, or similar
- Adapting an algorithm found in third-party code published online
- Collaborating on code with other students, such as adapting code written by another student or working together on a shared code base at any point
While referring to third-party code can be helpful in devising your own solution, it is also extremely dangerous as it is all too easy to plagiarize without realizing it. (It is for exactly this reason that viewing source code published online that may be relevant to a product is almost always strictly forbidden in corporate settings due to intellectual property concerns.) While discussing course material with other students is encouraged, it is strongly recommended that students refrain from viewing any third-party source code.
Cheating damages the reputation of the university as well as the grades of students who participate in the course in good faith. As such, there will be zero tolerance for cheating in this course. Students that participate in this course must acknowledge that they have read and understood the University Academic Integrity Policy. All cheating cases will be brought to the CCIS Academic Integrity Committee and to OSCCR on the first offense. Finally, all students found to be cheating will receive a failing grade on the first offense.
Reference Material. There is no official textbook for this course. Instead, we will rely on lectures and readings. If you need to brush up on background material on algorithms, architecture, systems, or networks, strongly reconsider whether you satisfy the course prerequisites.
Due to the fast pace of the field, much information is only available online and thus referring to third-party online sources is encouraged. However, keep in mind that referring to third-party source code is permissible only within the constraints of the class and university academic integrity policies.
Online Discussion. Online discussion and questions relevant to the course will be handled through Canvas. For private questions only, feel free to contact me via email. A best effort attempt will be made to respond to messages within 24 hours on weekdays during normal working hours. To ensure a timely response, do not wait to ask questions until the night before a submission deadline.
Ethics. This course covers sensitive material that includes information on how to exploit vulnerable software. Attack-oriented work must be restricted to the computing resources provided. Alternatively, students can perform this work using personal resources so long as other computing resources are not affected.
In particular, attacks performed against University resources or the open Internet are expressly prohibited. Students should also be familiar with the University Appropriate Use policy.
|Fri Sep 08||Introduction||Course Overview and Security Fundamentals|
|Tue Sep 12||Link, Network, and Transport Layers||Link and IP Layer Attacks|
|Fri Sep 15||Link, Network, and Transport Layers||TCP Attacks|
|Tue Sep 19||Link, Network, and Transport Layers||Signature Detection|
|Fri Sep 22||Link, Network, and Transport Layers||Anomaly Detection|
|Tue Sep 26||Authentication||Passwords|
|Fri Sep 29||Authentication||Remote Authentication|
|Tue Oct 03||Core Internet Services||The Domain Name System|
|Fri Oct 06||Core Internet Services||DNSSEC|
|Tue Oct 10||Core Internet Services||Border Gateway Protocol|
|Fri Oct 13||Core Internet Services||BGP Attacks|
|Tue Oct 17||Transport Layer Security||TLS and PKI|
|Fri Oct 20||Transport Layer Security||TLS and PKI|
|Tue Oct 24||Anonymity||Onion Routing|
|Fri Oct 27||Anonymity||Censorship|
|Tue Oct 31||Web Security||The Web Security Model|
|Fri Nov 03||Web Security||XSS, CSRF, SQL Injection|
|Tue Nov 07||Web Security||Revisiting the Same-Origin Policy|
|Fri Nov 10||—||Veterans Day|
|Tue Nov 14||Web Security||Revisiting the Same-Origin Policy|
|Fri Nov 17||Vulnerabilities||Spatial Memory Corruption|
|Tue Nov 21||Vulnerabilities||Temporal Memory Corruption|
|Fri Nov 24||—||Fall Break|
|Tue Nov 28||Vulnerabilities||Fuzz Testing|
|Fri Dec 01||Exploitation||Reconnaissance, Initial Access, Persistence|
|Tue Dec 05||Exploitation||C2, Lateral Movement, Exfiltration|
|Fri Dec 08||Exploitation||Behavioral Sandboxes (Graduate Only)|
|Raw Sockets||Tue Sep 19 13:00 EDT|
|Application Firewall||Tue Sep 26 13:00 EDT|
|Kerberos||Tue Oct 03 12:00 EDT|
|DNS Query Hijacking||Tue Oct 10 12:00 EDT|
|Web Tracking||Fri Nov 17 12:00 EST|
|Traffic Analysis||Tue Nov 21 12:00 EST|