CNIT 120: Network Security

Spring 2009 Sam Bowne

Scores posted 5-16-09 After Final Exam

Open Lab Hours for Sci 214

Schedule · Lecture Notes · Projects · Links · Home Page


CRN 39084  Sat 9 am - 12 pm  Science 200 Not SCI 133--Room Changed

Catalog Description

Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).

Advisorie: Students should have taken CNIT 106 or 106C or 201E, or equivalent familiarity with the fundamentals of networking.

Upon successful completion of this course, the student will be able to:

Define areas of security concern, discuss network security, and identify network risks.
Distinguish between and define internal and external threats to data and services.
Describe the vulnerabilities of various media (susceptibility to wiretaps or eavesdropping).
Secure access to resources on the network using passwords, permissions, and access control lists (ACLs).
Evaluate various anti-virus software programs, software firewalls, and hardware firewalls.
Define and identify types of firewalls, including Network Address Translation (NAT).
Discuss weaknesses of various operating systems and known and recommended fixes (patches).
Detect unauthorized attempts to access resources by monitoring (auditing).
Install and configure intrusion detection programs; analyze reports and recommend responses.
Provide solutions for known vulnerabilities in communications: email, remote access, file transfer, and electronic commerce.
Provide end-to-end security for the transmission of data between hosts on the network.
Describe vulnerabilities inherent in wireless technologies and present suggested solutions.

Textbook

Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa ISBN-10: 1-4283-4066-1 Buy from iChapters

Schedule
Date	Quiz	Topic
Sat 1-17		Ch 1: Introduction to Security
Sat 1-24		Ch 2: System Threats and Risks
*Fri 1-30*	*Last Day to Add Classes*
Sat 1-31	Quiz on Ch 1 & 2 Proj 1-2 due	Ch 3: Protecting Systems
*Fri 2-6*	*Last Day to Drop Classes*
Sat 2-7	Quiz on Ch 3 Proj 3-4 due	Ch 4: Network Vulnerabilities and Attacks
*Sat 2-14*	*Holiday - No Class*
*Tue 2-17*	*Last Day to Request pass/no pass Grading*
Sat 2-21	Quiz on Ch 4 Proj 5-6 due	Ch 5: Network Defenses
Sat 2-28	Quiz on Ch 5 Proj 7-8 due	Ch 6: Wireless Network Security
Sat 3-7	Quiz on Ch 6 Proj 9 due	Ch 7. Access Control Fundamentals
Sat 3-14	Quiz on Ch 7 Proj 10 due	Ch 8: Authentication
Sat 3-21	Quiz on Ch 8 Proj 11 due	Ch 9: Performing Vulnerability Assessments
Sat 3-28	Quiz on Ch 9 Proj 12 due	Ch 10: Conducting Audits
*Sat 4-4*	*Holiday - No Class*
*Sat 4-11*	*Holiday - No Class*
*Fri 4-17*	*Last Day to Withdraw*
Sat 4-18	Quiz on Ch 10 Proj 13 due	Ch 11: Basic Cryptography
Sat 4-25	Quiz on Ch 11 Proj 14 due	Ch 12: Cryptographic Protocols and Public Key Infrastructure
Sat 5-2	Quiz on Ch 12 Proj 15 due	Ch 13: Business Continuity Planning and Procedures
Sat 5-9	Quiz on Ch 13 Last Class Proj 16 due	Ch 14: Policies and Legislation
Sat 5-16		*Final Exam: 9 am Room 215*

Lecture Notes
Policy
1. Introduction to Security PowerPoint
2. System Threats and Risks PowerPoint
3. Protecting Systems PowerPoint
4. Network Vulnerabilities and Attacks PowerPoint
5. Network Defenses PowerPoint
6. Wireless Network Security PowerPoint
7. Access Control Fundamentals PowerPoint
8. Authentication PowerPoint
9. Performing Vulnerability Assessments PowerPoint
10. Conducting Audits PowerPoint
11. Basic Cryptography PowerPoint
12. Cryptographic Protocols and Public Key Infrastructure PowerPoint
13. Business Continuity Planning and Procedures PowerPoint
14. Policies and Legislation PowerPoint
The lectures are in Word and PowerPoint formats. If you do not have Word or PowerPoint you will need to install the Free Word Viewer 2003 and/or the Free PowerPoint Viewer 2003.

Back to Top

Projects
How to Read Your CCSF Email How to Get your Windows Activation Codes from MSDNAA Downloading MSDNAA Software Virtual Machines at Home Fixing Problems with Ubuntu on VMware Project 1: Firefox and NoScript (10 pts.) Project 2: HijackThis (10 pts.) Project 3: VMware (10 pts.) Project 4: Ubuntu Linux (10 pts.) Project 5: Security Templates (10 pts.) Project 6: MBSA (10 pts.) Project 7: KeePass Password Manager (10 pts.) Project 8: Sniffing Passwords with Wireshark (10 pts.) Project 9: Port Scans and Windows Firewall (20 pts.) Project 10: Making a Secure Wireless Network (20 pts.) Project 11: Cracking Password Hashes with Rainbow Tables (15 pts.) Project 12: Nessus Vulnerability Scanner (15 pts.) Project 13: DecaffienatID Log Scanner (10 pts.) Project 14: Hashes and Digital Signatures (15 pts.) Project 15: Digital Certificate (15 pts.) Project 16: Directory Snoop (15 pts.) Project 1x: Installing Windows 7 Beta (10 pts.) Virtual Floppy with VMware NIC Drivers Project 2x: Tour of Windows 7 Beta (10 pts.) Project 3x: iptables (10 pts.) Project 4x: Getting into Ubuntu Linux Without a Password (15 pts.) Project 5x: Creating an Alert from an Event (15 pts.)

Projects

Back to Top

Links
Ch 1a: WSLabi launches auction site for security exploits - TechSpot News Ch 1b: Hackers Selling Vista Zero-Day Exploit Ch 1c: Attackers booby-trap searches at top Web sites \| News Blog - CNET News Ch 1d: Updates and Task Manager Disabled by New Windows XP Worm at Source Code \| Free Indo Source Code ~ Technology & Programming Ch 1e: Study: Weak Passwords Really Do Help Hackers - PC World Ch 1f: Hi-Tech Heist, How Hi-Tech Thieves Stole Millions Of Customer Financial Records - CBS News Ch 1g: Researcher: Worm infects 1.1M Windows PCs in 24 hours Ch 1h: The NSA Hacker Ch 1i: The San Francisco Hacker Who Took Over the World\'s Market in Stolen Credit Cards Ch 1j: Map of Internet Root DNS Servers Ch 1k: Distributed denial of service attacks on root nameservers Ch 1l: Worm has now infected 8 million PCx Ch 2a: Sony BMG CD copy prevention scandal Ch 2b: Real Story of the Rogue SONY Rootkit Ch 2c: Sony, Rootkits and Digital Rights Management Gone Too Far Ch 2d: Image Spam: By the Numbers Ch 2e: Adaware Review Ch 2f: Student Logs Teachers Keystrokes Ch 2g: Pecos SWW<>Three Good Reasons for Flashing Your BIOS Ch 2h: Basic Computer Operation Tutorial--Using the BIOS Ch 2i: Under Worm Assault, Military Bans Disks, USB Drives Ch 2j: USB Pocket-Knife Development - Hak5 Forums Ch 2k: Schneier on Security: Hacking Computers Over USB Ch 2l: IEEE 1667: One standard worth watching \| Security - CNET News Ch 2m: Chart - Top 5 Network-Attached Storage Devices - PC World Ch 2n: Technology on a Budget: How to Build a 1.5 Terabyte SAN for Less than $35,000 Ch 2o: Is Your Phone Catching a Virus? Ch 2p: Customers Success Stories - VMware Ch 3a: Drive-by download menace spreading fast Ch 3b: Linux: Fewer Bugs Than Rivals Ch 3c: A statistical analysis of bugs in Windows Vista - Ars Technica Ch 3d: How to see Address Space Layout Randomization in Vista Ch 3e: Vulnerable Message Board (use at your own risk) Ch 4a: Hackers Attack Via Chinese Web Sites Ch 4b: 2007 cyberattacks on Estonia - Wikipedia Ch 4c: Network tap - Wikipedia, the free encyclopedia Ch 4d: KeePass Password Safe Ch 4e: Two Arrested in First Bust for ATM Reprogramming Scam \| Threat Level from Wired.com Ch 4f: The Hunt for the Kill Switch - hardware backdoors in chips Ch 4g: Root exploit for Linux kernel in circulation - News - heise Security UK Ch 4i: Techwatch weathers DDoS extortion attack Ch 4j: DEFCON 2007 - Wall of Sheep Ch 4k: New Sidejacking Tool Automates Webmail Account Hijacks Ch 4l: DNSSEC - Domain Name System Security Extensions - Wikipedia Ch 6a: TJX Settles With Feds - Total cost of lawsuits less than $1 per record lost Ch 6b: Temporal Key Integrity Protocol (TKIP) - Good explanation of MIC Ch 7a: Jérôme Kerviel - Wikipedia Ch 7b: Kerviel starts new job at computer consulting firm Ch 7c: YouTube - Mac Ad: Vista Security Ch 8d: Mandatory, Discretionary, Role and Rule Based Access Control - Techotopia Ch 7e: DEFCON 16 lockpicking: Plastic Keys; and JennaLynn Does it Again! Ch 9f: YouTube - \"Unpickable\" Medeco(r) Biaxial Lock Opened by 12 year old Ch 7g: Objectif Sécurité--online NTLM hash calculator Ch 7i: Free Rainbow Tables » Distributed Rainbow Cracking » LM, NTLM, MD5, SHA1, HALFLMCHALL, MSCACHE Ch 7h: Cracking unix crypt() with a cluster of playstations Ch 7j: Partial identification of Lorenz system and its application to key space reduction of chaotic cryptosystems Ch 8a: Brute-force SSH attacks surge Ch 8b: U.S. Regulators Require Two-Factor Authentication for Banks Ch 8b: U.S. Regulators Require Two-Factor Authentication for Banks Ch 8c: Federal Regulators want Banks to Adopt Two-Factor Authentication for Web Log-ons Ch 8d: Two-factor banking Security+ Study Guides, Practice Exams, Training Resources, and Forums Ch 8e: TACACS - Wikipedia, the free encyclopedia Ch 8f: TACACS and RADIUS Comparison - Cisco Systems Ch 8g: TechExams.Net - Security TechNote: Authentication Ch 8h: PEAP and EAP Ch 10a: 2ND HIPAA Sanction: CVS Must Pay $2.25 Million for Using Unsecured Dumpsters Ch 10b: DecaffeinatID: A Very Simple IDS / Log Watching App / ARPWatch For Windows Ch 11a: PIN Crackers Nab Holy Grail of Bank Card Security Ch 11b: MD2 - Wikipedia Ch 11c: RSA Laboratories - 3.6.6 What are MD2, MD4, and MD5? Ch 11d: Web Utils - Online Message Digest Algorithm (MD2, MD4, MD5) Hash Calculator Ch 11e: NIST hash function competition - Wikipedia Ch 11e: Pretty Animation of AES Encryption Process Ch 11f: Pretty animation of AES calculation Ch 11g: Diffie-Hellman key exchange - Wikipedia Ch 11h: Transport Layer Security - Wikipedia, the free encyclopedia Ch 11i: Lest We Remember: Cold Boot Attacks on Encryption Keys Ch 12a: Types of SSL certificates for sale Ch 12b: Extended Validation SSL Certificates - SSL Web Server Certificates with EV - thawte Ch 12c: Certificate Repository - search for COM Ch 12d: Transport Layer Security - Wikipedia Ch 12e: Secure Shell - Wikipedia CH 12f: Point-to-Point Protocol over Ethernet - Wikipedia Ch 12g: IPsec - Wikipedia Ch 12h: S/MIME - Wikipedia Ch 13a: HVAC - Wikipedia Ch 13b: Fire Safety and Fire Extinguishers Ch 13c: Fire Suppression Systems Ch 13d: How Hackers Can Steal Secrets from Reflections: Scientific American Ch 13e: Compromising Electromagnetic Emanations of Keyboards - video Ch 13f: Clustering Servers Ch 13g: Google\'s Server Clusters - Wikipedia Ch 13h: Behold the Google Server, ye nations, and weep Ch 13i: On the ground with AT&T\\\'s Network Disaster Recovery team Ch 13j: NetEx Inc. Hotsite Ch 13k: Connected Online Backup for PC Software - Iron Mountain Ch 13l: File Slack « Data - Where is it? Ch 13m: RAM Slack Certification: Security+ Study Guides, Practice Exams, Training Resources, and Forums Ch 14a: The Loyalty Oath Controversy, University of California, 1949-1951 Ch 14b: Cal State teacher fired for refusing to sign loyalty oath (May 2, 2008) Ch 14c: Due diligence - Wikipedia Ch 14d: Hard Drive Disposal - Protecting Your Identity

Links

Ch 1a: WSLabi launches auction site for security exploits - TechSpot News
Ch 1b: Hackers Selling Vista Zero-Day Exploit
Ch 1c: Attackers booby-trap searches at top Web sites | News Blog - CNET News
Ch 1d: Updates and Task Manager Disabled by New Windows XP Worm at Source Code | Free Indo Source Code ~ Technology & Programming
Ch 1e: Study: Weak Passwords Really Do Help Hackers - PC World
Ch 1f: Hi-Tech Heist, How Hi-Tech Thieves Stole Millions Of Customer Financial Records - CBS News
Ch 1g: Researcher: Worm infects 1.1M Windows PCs in 24 hours
Ch 1h: The NSA Hacker
Ch 1i: The San Francisco Hacker Who Took Over the World\'s Market in Stolen Credit Cards
Ch 1j: Map of Internet Root DNS Servers
Ch 1k: Distributed denial of service attacks on root nameservers
Ch 1l: Worm has now infected 8 million PCx
Ch 2a: Sony BMG CD copy prevention scandal
Ch 2b: Real Story of the Rogue SONY Rootkit
Ch 2c: Sony, Rootkits and Digital Rights Management Gone Too Far
Ch 2d: Image Spam: By the Numbers
Ch 2e: Adaware Review
Ch 2f: Student Logs Teachers Keystrokes
Ch 2g: Pecos SWW<>Three Good Reasons for Flashing Your BIOS
Ch 2h: Basic Computer Operation Tutorial--Using the BIOS
Ch 2i: Under Worm Assault, Military Bans Disks, USB Drives
Ch 2j: USB Pocket-Knife Development - Hak5 Forums
Ch 2k: Schneier on Security: Hacking Computers Over USB
Ch 2l: IEEE 1667: One standard worth watching | Security - CNET News
Ch 2m: Chart - Top 5 Network-Attached Storage Devices - PC World
Ch 2n: Technology on a Budget: How to Build a 1.5 Terabyte SAN for Less than $35,000
Ch 2o: Is Your Phone Catching a Virus?
Ch 2p: Customers Success Stories - VMware
Ch 3a: Drive-by download menace spreading fast
Ch 3b: Linux: Fewer Bugs Than Rivals
Ch 3c: A statistical analysis of bugs in Windows Vista - Ars Technica
Ch 3d: How to see Address Space Layout Randomization in Vista
Ch 3e: Vulnerable Message Board (use at your own risk)
Ch 4a: Hackers Attack Via Chinese Web Sites
Ch 4b: 2007 cyberattacks on Estonia - Wikipedia
Ch 4c: Network tap - Wikipedia, the free encyclopedia
Ch 4d: KeePass Password Safe
Ch 4e: Two Arrested in First Bust for ATM Reprogramming Scam | Threat Level from Wired.com
Ch 4f: The Hunt for the Kill Switch - hardware backdoors in chips
Ch 4g: Root exploit for Linux kernel in circulation - News - heise Security UK
Ch 4i: Techwatch weathers DDoS extortion attack
Ch 4j: DEFCON 2007 - Wall of Sheep
Ch 4k: New Sidejacking Tool Automates Webmail Account Hijacks
Ch 4l: DNSSEC - Domain Name System Security Extensions - Wikipedia
Ch 6a: TJX Settles With Feds - Total cost of lawsuits less than $1 per record lost
Ch 6b: Temporal Key Integrity Protocol (TKIP) - Good explanation of MIC
Ch 7a: Jérôme Kerviel - Wikipedia
Ch 7b: Kerviel starts new job at computer consulting firm
Ch 7c: YouTube - Mac Ad: Vista Security
Ch 8d: Mandatory, Discretionary, Role and Rule Based Access Control - Techotopia
Ch 7e: DEFCON 16 lockpicking: Plastic Keys; and JennaLynn Does it Again!
Ch 9f: YouTube - \"Unpickable\" Medeco(r) Biaxial Lock Opened by 12 year old
Ch 7g: Objectif Sécurité--online NTLM hash calculator
Ch 7i: Free Rainbow Tables » Distributed Rainbow Cracking » LM, NTLM, MD5, SHA1, HALFLMCHALL, MSCACHE
Ch 7h: Cracking unix crypt() with a cluster of playstations
Ch 7j: Partial identification of Lorenz system and its application to key space reduction of chaotic cryptosystems
Ch 8a: Brute-force SSH attacks surge
Ch 8b: U.S. Regulators Require Two-Factor Authentication for Banks
Ch 8b: U.S. Regulators Require Two-Factor Authentication for Banks
Ch 8c: Federal Regulators want Banks to Adopt Two-Factor Authentication for Web Log-ons
Ch 8d: Two-factor banking
Security+ Study Guides, Practice Exams, Training Resources, and Forums
Ch 8e: TACACS - Wikipedia, the free encyclopedia
Ch 8f: TACACS and RADIUS Comparison - Cisco Systems
Ch 8g: TechExams.Net - Security TechNote: Authentication
Ch 8h: PEAP and EAP
Ch 10a: 2ND HIPAA Sanction: CVS Must Pay $2.25 Million for Using Unsecured Dumpsters
Ch 10b: DecaffeinatID: A Very Simple IDS / Log Watching App / ARPWatch For Windows
Ch 11a: PIN Crackers Nab Holy Grail of Bank Card Security
Ch 11b: MD2 - Wikipedia
Ch 11c: RSA Laboratories - 3.6.6 What are MD2, MD4, and MD5?
Ch 11d: Web Utils - Online Message Digest Algorithm (MD2, MD4, MD5) Hash Calculator
Ch 11e: NIST hash function competition - Wikipedia
Ch 11e: Pretty Animation of AES Encryption Process
Ch 11f: Pretty animation of AES calculation
Ch 11g: Diffie-Hellman key exchange - Wikipedia
Ch 11h: Transport Layer Security - Wikipedia, the free encyclopedia
Ch 11i: Lest We Remember: Cold Boot Attacks on Encryption Keys
Ch 12a: Types of SSL certificates for sale
Ch 12b: Extended Validation SSL Certificates - SSL Web Server Certificates with EV - thawte
Ch 12c: Certificate Repository - search for COM
Ch 12d: Transport Layer Security - Wikipedia
Ch 12e: Secure Shell - Wikipedia
CH 12f: Point-to-Point Protocol over Ethernet - Wikipedia
Ch 12g: IPsec - Wikipedia
Ch 12h: S/MIME - Wikipedia
Ch 13a: HVAC - Wikipedia
Ch 13b: Fire Safety and Fire Extinguishers
Ch 13c: Fire Suppression Systems
Ch 13d: How Hackers Can Steal Secrets from Reflections: Scientific American
Ch 13e: Compromising Electromagnetic Emanations of Keyboards - video
Ch 13f: Clustering Servers
Ch 13g: Google\'s Server Clusters - Wikipedia
Ch 13h: Behold the Google Server, ye nations, and weep
Ch 13i: On the ground with AT&T\\\'s Network Disaster Recovery team
Ch 13j: NetEx Inc. Hotsite
Ch 13k: Connected Online Backup for PC Software - Iron Mountain
Ch 13l: File Slack « Data - Where is it?
Ch 13m: RAM Slack
Certification: Security+ Study Guides, Practice Exams, Training Resources, and Forums
Ch 14a: The Loyalty Oath Controversy, University of California, 1949-1951
Ch 14b: Cal State teacher fired for refusing to sign loyalty oath (May 2, 2008)
Ch 14c: Due diligence - Wikipedia
Ch 14d: Hard Drive Disposal - Protecting Your Identity

Back to Top

Last Updated: 5-16-09 3 pm