Difference between revisions of "Courses/Computer Science/CPSC 526.W2015"

From wiki.ucalgary.ca
Jump to: navigation, search
m (Misc Links and Security "In the News")
 
(23 intermediate revisions by the same user not shown)
Line 26: Line 26:
 
* HW1 - 250 points
 
* HW1 - 250 points
 
* HW2 - 250 points
 
* HW2 - 250 points
* Roving Assignment - 100 points
+
* [http://pages.cpsc.ucalgary.ca/~locasto/teaching/2015/CPSC526/Winter/labs/ Roving Assignment] - 100 points
 
* Midterm Exam - 100 points (March 9th)
 
* Midterm Exam - 100 points (March 9th)
 
* Final Exam - 300 points
 
* Final Exam - 300 points
 +
 +
'''CPSC 626'''
 +
* http://pages.cpsc.ucalgary.ca/~locasto/teaching/2015/CPSC526/Winter/626/grad-project.txt
  
 
== Communication ==
 
== Communication ==
Line 40: Line 43:
 
== Lecture Schedule ==
 
== Lecture Schedule ==
  
=== January 12: Intro and Overview ===
+
Please see the [http://www.ucalgary.ca/pubs/calendar/current/academic-schedule.html University Academic Calendar] for important add/drop dates, holidays, etc.
  
* Course policies, grading, etc.
+
[[Courses/Computer_Science/CPSC_526.W2015/Lecture Notes]]
* Concepts / Organization
 
  
With some background in security concepts and principles, we set security challenges and problems into a networked environment. Basic crypto primitives become building blocks of systems whose major focus is ''authentication'' and protecting the confidentiality and integrity of communications channels. This major topic is complemented with a variety of security mechanisms that attempt to provide C-I-A in other ways (e.g., firewalls, IDS, authentication systems & standards).
+
This section contains the class session notes.
  
* Topics (i.e., knowledge & skills I want you to know by the end of the semester)
+
== Tutorial Schedule ==
** common networking tools
 
** bit-level agility (packet crafting)
 
** working knowledge of common applied crypto
 
** authentication and secure protocols (design and major examples)
 
** network security application domains: routing security, web security
 
** network security mechanisms: firewalls, IDS, etc.
 
  
* Semester Highlights
+
Here is the (tentative) schedule of tutorial topics.
** EDURange
 
** ScapyHunt
 
** PGP key signing party
 
** web application hacking (Google Gruyere)
 
** build a VPN
 
** build a CA
 
** network introspection
 
  
 +
[[Courses/Computer Science/CPSC 526.W2015/Tutorial_Schedule]]
  
* Telephone
+
== Misc Links and Security "In the News" ==
* Burning Question
 
** Name / Psuedonym
 
** One question you want answered by the end of the semester
 
  
=== Jan 14: Important Concepts ===
+
* http://www.getcybersafe.gc.ca/index-eng.aspx
 +
* http://www.wired.com/2015/03/clintons-email-server-vulnerable/
 +
* http://www.foxnews.com/tech/2014/11/07/business-payroll-systems-increasingly-vulnerable-to-hackers/?intcmp=ob_homepage_tech&intcmp=obnetwork
 +
* http://arstechnica.com/security/2015/03/google-warns-of-unauthorized-tls-certificates-trusted-by-almost-all-oses/
 +
* re: "Threat Intelligence" http://www.fierceitsecurity.com/story/threat-intelligence-problem/2014-10-13
 +
* http://www.zdnet.com/article/facebook-offering-up-to-300k-in-awards-for-internet-defense-contest/
 +
* http://www.wired.com/2014/11/michael-daniel-no-zero-day-stockpile/
 +
* https://www.linkedin.com/pulse/security-researchers-anatomy-ryan-smith
 +
* http://www.macdevcenter.com/pub/a/mac/2005/03/15/firewall.html
 +
* http://www.ibiblio.org/macsupport/ipfw/
 +
* http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html
 +
* network telescope: http://www.caida.org/projects/network_telescope/
 +
* https://github.com/silviocesare/Fuzzer
  
* Slides: http://pages.cpsc.ucalgary.ca/~locasto/teaching/2015/CPSC526/Winter/talks/intro-concepts.pdf
+
* http://www.foxnews.com/politics/2015/04/07/report-russia-behind-2014-cyber-hack-on-executive-office-computer-system-got/
 +
* http://www.foxbusiness.com/technology/2014/11/24/as-computer-hackers-show-cars-can-be-commandeered-feds-and-automakers-aim-to/
 +
* http://arstechnica.com/information-technology/2015/03/atts-plan-to-watch-your-web-browsing-and-what-you-can-do-about-it/
 +
* http://www.cbc.ca/news/multimedia/from-hacking-to-attacking-a-look-at-canada-s-cyberwarfare-tools-1.3003447
 +
* http://www.foxnews.com/tech/2014/12/30/steam-chat-spreading-dangerous-malware/?intcmp=ob_article_footer_text&intcmp=obinsite
 +
* www.foxbusiness.com/industries/2014/12/18/digital-currencies-fueling-crime-on-dark-side-internet/
 +
* www.foxnews.com/tech/2014/12/11/ford-ditches-microsoft-for-its-in-car-software/?intcmp=ob_article_footer_text&intcmp=obnetwork
 +
* http://www.foxbusiness.com/technology/2014/11/20/rights-groups-release-tool-that-checks-computers-for-government-spy-software/?intcmp=ob_article_footer_text&intcmp=obinsite
 +
* www.foxnews.com/entertainment/2014/12/15/sony-warns-some-media-outlets-to-stop-reporting-on-hacked-information/
 +
* http://www.foxnews.com/leisure/2014/12/11/coffee-loving-hackers-decode-keurigs-secure-new-machines/?intcmp=ob_article_footer_text&intcmp=obnetwork
 +
* www.foxbusiness.com/technology/2014/12/03/hackers-using-fake-order-confirmation-emails-to-hijack-computers/?intcmp=ob_article_footer_text&intcmp=obinsite
 +
* www.foxbusiness.com/technology/2014/12/03/amid-debate-cyber-experts-cite-similarities-between-sony-attack-and-2013-hacks/?intcmp=ob_article_footer_text&intcmp=obinsite
 +
* http://www.foxnews.com/politics/2014/11/25/amid-hacking-attack-state-department-info-security-still-in-shambles/?intcmp=latestnews
 +
* www.foxnews.com/politics/2014/11/20/nsa-director-china-can-damage-us-power-grid/
 +
* www.foxnews.com/tech/2014/10/28/samsung-knox-for-android-unsafe-to-use-researcher-says/
 +
* http://www.foxnews.com/world/2015/03/17/south-korea-points-finger-at-north-korea-in-nuclear-operator-cyberattack/?intcmp=latestnews
 +
* https://www.apple.com/support/security/pgp/
 +
* http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#traditional
 +
* http://magazine.redhat.com/2007/08/21/a-step-by-step-guide-to-building-a-new-selinux-policy-module/
 +
* https://wiki.debian.org/SELinux/Setup
 +
* http://arstechnica.com/security/2011/03/how-the-comodo-certificate-fraud-calls-ca-trust-into-question/
 +
* http://www.foxnews.com/tech/2015/04/15/gao-reports-warns-hackers-could-bring-down-plane-using-passenger-wi-fi/
  
== Tutorial Schedule ==
+
* openvpn:
 +
** http://openvpn.net/index.php/open-source/documentation/howto.html#pki
 +
** http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html
 +
** https://github.com/OpenVPN/easy-rsa/blob/master/doc/EasyRSA-Readme.md
 +
* Java crypto
 +
** http://www.webapper.com/blog/index.php/2007/02/09/troubleshooting-javaxnetsslsslhandshakeexception/
 +
** http://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#Cipher
  
Here is the (tentative) schedule of tutorial topics.  
+
* Fedora various
 +
** http://docs.fedoraproject.org/en-US/Fedora/21/html/Installation_Guide/sect-preparing-boot-media.html
 +
** signing keys: https://getfedora.org/en/keys/
 +
** defensive coding: https://docs.fedoraproject.org/en-US/Fedora_Security_Team/1/html/Defensive_Coding/index.html
 +
** https://getfedora.org/verify
  
[[Courses/Computer Science/CPSC 526.W2015/Tutorial_Schedule]]
+
* Kerberos
 +
** http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx
 +
** https://technet.microsoft.com/en-us/library/security/ms14-068.aspx
 +
** https://community.rapid7.com/community/metasploit/blog/2014/12/25/12-days-of-haxmas-ms14-068-now-in-metasploit
  
== Question of the Day (BQoD) ==
+
== Question of the Day (QoD) ==
  
 
* Jan 14: CryptoPro asks "What is the most practical way to protect a network?"
 
* Jan 14: CryptoPro asks "What is the most practical way to protect a network?"
 +
** see notes in lecture
 +
* Jan 16: Beenz asks: "Networks are distributed. Then how do organizations such as NSA or China's censorship agency monitor these distributed networks in a centralized fashion?
 +
** http://www.fcc.gov/encyclopedia/communications-assistance-law-enforcement-act
 +
** EFF-related material on the Golden Shield: https://www.eff.org/deeplinks/2011/08/cisco-and-abuses-human-rights-china-part-1
 +
** http://www.wired.com/2013/06/nsa-whistleblower-klein/
 +
** http://www.submarinecablemap.com/
 +
** EFF's pages on "Surveillance Self-Defense" https://ssd.eff.org/
 +
 +
[michael@gondolin QoDs]$ traceroute www.iust.ac.ir
 +
traceroute to www.iust.ac.ir (194.225.230.88), 64 hops max, 52 byte packets
 +
  1  192.168.20.1 (192.168.20.1)  0.515 ms  0.227 ms  0.235 ms
 +
  2  sevengate.cs.ucalgary.ca (136.159.7.1)  0.655 ms  0.555 ms  0.479 ms
 +
  3  * * *
 +
  4  * * *
 +
  5  pc187.hidden.ucalgary.ca (136.159.253.187)  354.563 ms *  2.910 ms
 +
  6  10.0.10.2 (10.0.10.2)  2.110 ms  1.681 ms  2.262 ms
 +
  7  10.16.242.4 (10.16.242.4)  6.467 ms  1.889 ms  2.117 ms
 +
  8  h66-244-233-17.bigpipeinc.com (66.244.233.17)  2.424 ms  2.510 ms  2.025 ms
 +
  9  ra2so-ge3-1-71.cg.bigpipeinc.com (206.174.203.105)  7.114 ms  2.953 ms  2.214 ms
 +
10  66.163.71.101 (66.163.71.101)  3.157 ms  3.439 ms  6.755 ms
 +
11  rd1so-ge15-0-0.cg.shawcable.net (66.163.71.89)  3.685 ms
 +
    rc2so-tge0-4-0-9.cg.shawcable.net (66.163.71.117)  2.870 ms  2.659 ms
 +
12  66.163.72.86 (66.163.72.86)  14.863 ms
 +
    66.163.72.94 (66.163.72.94)  14.591 ms
 +
    66.163.73.78 (66.163.73.78)  14.416 ms
 +
13  xcr1.pal.cw.net (198.32.176.120)  47.410 ms  49.702 ms  51.127 ms
 +
14  xe-8-0-0-xcr1.nyk.cw.net (195.2.28.17)  196.748 ms
 +
    195.2.30.249 (195.2.30.249)  266.636 ms
 +
    xe-2-0-0-xcr2.ash.cw.net (195.2.28.5)  178.191 ms
 +
15  ae9-xcr1.bkl.cw.net (195.2.25.21)  178.232 ms
 +
    xe-2-0-0-xcr2.ash.cw.net (195.2.28.41)  170.280 ms
 +
    ae9-xcr1.bkl.cw.net (195.2.25.21)  175.312 ms
 +
16  ae0-xcr1.ash.cw.net (195.2.30.45)  169.770 ms
 +
    ae2-xcr2.lnd.cw.net (195.2.21.217)  271.515 ms
 +
    ae0-xcr1.ash.cw.net (195.2.30.45)  170.159 ms
 +
17  ae3-xcr2.lsw.cw.net (195.2.28.182)  274.236 ms
 +
    ae10-xcr1.prp.cw.net (195.2.25.210)  182.074 ms
 +
    ae3-xcr2.lsw.cw.net (195.2.28.182)  267.040 ms
 +
18  ae5-xcr1.fri.cw.net (195.2.21.114)  171.566 ms  187.276 ms  175.481 ms
 +
19  ae5-xcr1.fri.cw.net (195.2.21.114)  174.616 ms  163.267 ms
 +
    ae7-xcr1.fra.cw.net (195.2.25.174)  272.651 ms
 +
20  * ae5-xcr1.fri.cw.net (195.2.21.114)  269.485 ms
 +
    delta-gw2.fri.cw.net (208.175.236.78)  232.989 ms
 +
21  * delta-gw2.fri.cw.net (208.175.236.78)  340.994 ms *
 +
22  * 194.225.151.6 (194.225.151.6)  274.979 ms  271.348 ms
 +
23  po-1.nia-sw-150-10.ipm.core-1.iranet.ir (194.225.150.10)  278.148 ms
 +
    194.225.151.6 (194.225.151.6)  262.069 ms
 +
    85.132.60.74 (85.132.60.74)  344.910 ms
 +
24  194.225.151.6 (194.225.151.6)  354.951 ms
 +
    po-1.nia-sw-150-10.ipm.core-1.iranet.ir (194.225.150.10)  248.568 ms
 +
    194.225.225.254 (194.225.225.254)  271.829 ms
 +
25  194.225.225.254 (194.225.225.254)  265.357 ms  253.429 ms
 +
    po-1.nia-sw-150-10.ipm.core-1.iranet.ir (194.225.150.10)  320.344 ms
 +
26  * * *
 +
27  * 194.225.228.77 (194.225.228.77)  271.827 ms  260.227 ms
 +
28  * * *
 +
29  * * *
 +
* Jan 19: Cosmonaut asks: "What is NAT? What do the different types mean?"
 +
** Network Address Translation. Bridged/none, source NAT (many hosts share one IP address), destination NAT (e.g., port forwarding)
 +
** http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-2.html#ss2.1
 +
** for the curious: "A Technique for Counting NATed Hosts" https://www.cs.columbia.edu/~smb/papers/fnat.pdf
 +
 +
* Feb 13: Salamander asks: "How useful is the so-called "Christmas Tree" scan?"
 +
** [http://thepacketgeek.com/wp-content/uploads/2013/10/08-xmas-tree-packets.png packet capture picture]
 +
** On the subject of weird packets, we have previously discussed the "Ping-of-death"
 +
*** https://web.archive.org/web/19981206105844/http://www.sophist.demon.co.uk/ping/
 +
*** http://insecure.org/sploits/ping-o-death.html
 +
From the nmap man page:
 +
 +
          These three scan types [NULL, Fin, Xmas] are exactly the same in behavior except for
 +
          the TCP flags set in probe packets. If a RST packet is received,
 +
          the port is considered closed, while no response means it is
 +
          open|filtered. The port is marked filtered if an ICMP unreachable
 +
          error (type 3, code 1, 2, 3, 9, 10, or 13) is received.
 +
 +
          The key advantage to these scan types is that they can sneak
 +
          through certain non-stateful firewalls and packet filtering
 +
          routers. Another advantage is that these scan types are a little
 +
          more stealthy than even a SYN scan. Don´t count on this though—most
 +
          modern IDS products can be configured to detect them. The big
 +
          downside is that not all systems follow RFC 793 to the letter.
 +
 +
* March 18:
 +
** Q1
 +
** Q2
 +
** Q3
 +
** Q4

Latest revision as of 17:39, 15 April 2015

Network Systems Security

CPSC 526 - Network Systems Security

Attacks on networked systems, tools and techniques for detection and protection against attacks including firewalls and intrusion detection and protection systems, authentication and identification in distributed systems, cryptographic protocols for IP networks, security protocols for emerging networks and technologies, privacy enhancing communication. Legal and ethical issues will be introduced.

The lectures for this course run concurrently with CPSC626.

Course Policies

For the complete list of course policies, grading scheme, and tentative list of topics, please refer to the official course outline: http://www.cpsc.ucalgary.ca/custom/undergrad/outlines2015/w15/cpsc526and626_winter2015.pdf

Textbook

Network Security: Private Communication in a Public World, 2nd Edition by Charlie Kaufman, Radia Perlman, and Mike Speciner

A few supplemental textbooks (not required at all, just further reading or background for those interested)

Grades

  • HW1 - 250 points
  • HW2 - 250 points
  • Roving Assignment - 100 points
  • Midterm Exam - 100 points (March 9th)
  • Final Exam - 300 points

CPSC 626

Communication

We will not use D2L. Instead, we will use Piazza for class communication.

This term we will be using Piazza for class discussion. The system is highly catered to getting you help fast and efficiently from classmates, the TA, and myself. Rather than emailing questions to the teaching staff, I encourage you to post your questions on Piazza. If you have any problems or feedback for the developers, email team@piazza.com.

Find our class page at: https://piazza.com/ucalgary.ca/winter2015/cpsc526/home

Lecture Schedule

Please see the University Academic Calendar for important add/drop dates, holidays, etc.

Courses/Computer_Science/CPSC_526.W2015/Lecture Notes

This section contains the class session notes.

Tutorial Schedule

Here is the (tentative) schedule of tutorial topics.

Courses/Computer Science/CPSC 526.W2015/Tutorial_Schedule

Misc Links and Security "In the News"

Question of the Day (QoD)

[michael@gondolin QoDs]$ traceroute www.iust.ac.ir
traceroute to www.iust.ac.ir (194.225.230.88), 64 hops max, 52 byte packets
 1  192.168.20.1 (192.168.20.1)  0.515 ms  0.227 ms  0.235 ms
 2  sevengate.cs.ucalgary.ca (136.159.7.1)  0.655 ms  0.555 ms  0.479 ms
 3  * * *
 4  * * *
 5  pc187.hidden.ucalgary.ca (136.159.253.187)  354.563 ms *  2.910 ms
 6  10.0.10.2 (10.0.10.2)  2.110 ms  1.681 ms  2.262 ms
 7  10.16.242.4 (10.16.242.4)  6.467 ms  1.889 ms  2.117 ms
 8  h66-244-233-17.bigpipeinc.com (66.244.233.17)  2.424 ms  2.510 ms  2.025 ms
 9  ra2so-ge3-1-71.cg.bigpipeinc.com (206.174.203.105)  7.114 ms  2.953 ms  2.214 ms
10  66.163.71.101 (66.163.71.101)  3.157 ms  3.439 ms  6.755 ms
11  rd1so-ge15-0-0.cg.shawcable.net (66.163.71.89)  3.685 ms
    rc2so-tge0-4-0-9.cg.shawcable.net (66.163.71.117)  2.870 ms  2.659 ms
12  66.163.72.86 (66.163.72.86)  14.863 ms
    66.163.72.94 (66.163.72.94)  14.591 ms
    66.163.73.78 (66.163.73.78)  14.416 ms
13  xcr1.pal.cw.net (198.32.176.120)  47.410 ms  49.702 ms  51.127 ms
14  xe-8-0-0-xcr1.nyk.cw.net (195.2.28.17)  196.748 ms
    195.2.30.249 (195.2.30.249)  266.636 ms
    xe-2-0-0-xcr2.ash.cw.net (195.2.28.5)  178.191 ms
15  ae9-xcr1.bkl.cw.net (195.2.25.21)  178.232 ms
    xe-2-0-0-xcr2.ash.cw.net (195.2.28.41)  170.280 ms
    ae9-xcr1.bkl.cw.net (195.2.25.21)  175.312 ms
16  ae0-xcr1.ash.cw.net (195.2.30.45)  169.770 ms
    ae2-xcr2.lnd.cw.net (195.2.21.217)  271.515 ms
    ae0-xcr1.ash.cw.net (195.2.30.45)  170.159 ms
17  ae3-xcr2.lsw.cw.net (195.2.28.182)  274.236 ms
    ae10-xcr1.prp.cw.net (195.2.25.210)  182.074 ms
    ae3-xcr2.lsw.cw.net (195.2.28.182)  267.040 ms
18  ae5-xcr1.fri.cw.net (195.2.21.114)  171.566 ms  187.276 ms  175.481 ms
19  ae5-xcr1.fri.cw.net (195.2.21.114)  174.616 ms  163.267 ms
    ae7-xcr1.fra.cw.net (195.2.25.174)  272.651 ms
20  * ae5-xcr1.fri.cw.net (195.2.21.114)  269.485 ms
    delta-gw2.fri.cw.net (208.175.236.78)  232.989 ms
21  * delta-gw2.fri.cw.net (208.175.236.78)  340.994 ms *
22  * 194.225.151.6 (194.225.151.6)  274.979 ms  271.348 ms
23  po-1.nia-sw-150-10.ipm.core-1.iranet.ir (194.225.150.10)  278.148 ms
    194.225.151.6 (194.225.151.6)  262.069 ms
    85.132.60.74 (85.132.60.74)  344.910 ms
24  194.225.151.6 (194.225.151.6)  354.951 ms
    po-1.nia-sw-150-10.ipm.core-1.iranet.ir (194.225.150.10)  248.568 ms
    194.225.225.254 (194.225.225.254)  271.829 ms
25  194.225.225.254 (194.225.225.254)  265.357 ms  253.429 ms
    po-1.nia-sw-150-10.ipm.core-1.iranet.ir (194.225.150.10)  320.344 ms
26  * * *
27  * 194.225.228.77 (194.225.228.77)  271.827 ms  260.227 ms
28  * * *
29  * * *

From the nmap man page:

          These three scan types [NULL, Fin, Xmas] are exactly the same in behavior except for
          the TCP flags set in probe packets. If a RST packet is received,
          the port is considered closed, while no response means it is
          open|filtered. The port is marked filtered if an ICMP unreachable
          error (type 3, code 1, 2, 3, 9, 10, or 13) is received.
          The key advantage to these scan types is that they can sneak
          through certain non-stateful firewalls and packet filtering
          routers. Another advantage is that these scan types are a little
          more stealthy than even a SYN scan. Don´t count on this though—most
          modern IDS products can be configured to detect them. The big
          downside is that not all systems follow RFC 793 to the letter.
  • March 18:
    • Q1
    • Q2
    • Q3
    • Q4