Textbook

This page is old and out of date!

Try this one from 2015 instead

CNIT 120: Network Security

Spring 2012 Sam Bowne

Scores

Open Lab Hours for Sci 214

Schedule · Lecture Notes · Projects · Links · Home Page

  


33816 001 Lec  T R  11:00-12:30PM SCIE 37

Catalog Description

Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).

Advisorie: Students should have taken CNIT 106 or 106C or 201E, or equivalent familiarity with the fundamentals of networking.

Upon successful completion of this course, the student will be able to:
  1. Define areas of security concern, discuss network security, and identify network risks.
  2. Distinguish between and define internal and external threats to data and services.
  3. Describe the vulnerabilities of various media (susceptibility to wiretaps or eavesdropping).
  4. Secure access to resources on the network using passwords, permissions, and access control lists (ACLs).
  5. Evaluate various anti-virus software programs, software firewalls, and hardware firewalls.
  6. Define and identify types of firewalls, including Network Address Translation (NAT).
  7. Discuss weaknesses of various operating systems and known and recommended fixes (patches).
  8. Detect unauthorized attempts to access resources by monitoring (auditing).
  9. Install and configure intrusion detection programs; analyze reports and recommend responses.
  10. Provide solutions for known vulnerabilities in communications: email, remote access, file transfer, and electronic commerce.
  11. Provide end-to-end security for the transmission of data between hosts on the network.
  12. Describe vulnerabilities inherent in wireless technologies and present suggested solutions.

Textbooks

"Security+ Guide to Network Security Fundamentals", 4th Edition, by Mark Ciampa ISBN: 1111640122 Buy online

"CNIT 120 Projects" by Sam Bowne (buy from CCSF bookstore)


Schedule (may be revised)

Tue 1-17  Ch 1: Introduction to Security
Thu 1-19  Ch 1: Introduction to Security
Tue 1-24  Ch 2: Malware and Social Engineering Attacks
Thu 1-26  Ch 2: Malware and Social Engineering Attacks
Tue 1-31  Ch 2: Malware and Social Engineering Attacks
Thu 2-2 Ch 3: Application and Network Attacks
Fri 2-3 Last Day to Add
Tue 2-7Proj 1-3 due Ch 3: Application and Network Attacks
Thu 2-9Quiz: Ch 1 & 2 Ch 4: Vulnerability Assessment and Mitigating Attacks
Tue 2-14Proj 4 due Ch 4: Vulnerability Assessment and Mitigating Attacks
Thu 2-16Quiz: Ch 3 Ch 5: Host, Application, and Data Security
Tue 2-21Proj 5 & 6 due Ch 5: Host, Application, and Data Security
Thu 2-23Quiz: Ch 4 Ch 6: Network Security
Tue 2-28 Class Cancelled for B-Sides SF
Thu 3-1Quiz: Ch 5 Ch 6: Network Security
Tue 3-6Proj 7 & 8 due Ch 7: Administering a Secure Network
Thu 3-8Quiz: Ch 6 Ch 7: Administering a Secure Network
Tue 3-13Proj 9 & 10 due Ch 8: Wireless Network Security
Thu 3-15Quiz: Ch 7 Ch 8: Wireless Network Security
Tue 3-20Class Cancelled
Thu 3-22Proj 11 & 12 due
Quiz: Ch 8		 Ch 9: Access Control Fundamentals
Tue 3-27 Spring Recess: No Class
Thu 3-29 Spring Recess: No Class
Tue 4-3 Mid-term grades due
Tue 4-3Proj 13 due Ch 10: Authentication and Account Management
Thu 4-5Quiz: Ch 9 Ch 10: Authentication and Account Management
Tue 4-10Proj 14 & 15 due Ch 11: Basic Cryptography
Thu 4-12Quiz: Ch 10 Ch 11: Basic Cryptography
Tue 4-17 Visiting Speaker: Jeff Carrell on IPv6
Thu 4-19 Ch 12: Advanced Cryptography
Thu 4-19 Last Day to Withdraw
Tue 4-24Proj 16 due Ch 12: Advanced Cryptography
Thu 4-26Quiz: Ch 11 Ch 13: Business Continuity
Tue 5-1Proj 17 & 18 due Ch 13: Business Continuity
Thu 5-3Class Cancelled
Tue 5-8Quiz: Ch 12 Ch 14. Risk Mitigation
Thu 5-10Quiz: Ch 13 To Be Announced
Tue 5-15 To Be Announced
Thu 5-17Quiz: Ch 14
Proj 19 due
All Extra Credit Projects Due		 Last Class: Review
Tue 5-22  Final Exam: 10:30 am




Lecture Notes

Policy
Student Agreement
1. Introduction to Security     Powerpoint
2: Malware and Social Engineering Attacks     Powerpoint
OSI Model Review
TCP/IP Review
3: Application and Network Attacks     Powerpoint
4: Vulnerability Assessment and Mitigating Attacks     Powerpoint
5: Host, Application, and Data Security     Powerpoint
6: Network Security     Powerpoint
7: Administering a Secure Network     Powerpoint
8: Wireless Network Security     Powerpoint
9: Access Control Fundamentals     Powerpoint
10: Authentication and Account Management     Powerpoint
11: Basic Cryptography     Powerpoint
12: Advanced Cryptography     Powerpoint
13: Business Continuity     Powerpoint
14: Risk Mitigation     Powerpoint
The lectures are in Word and PowerPoint formats.
If you do not have Word or PowerPoint you will need to install the
Free Word Viewer 2003 and/or the Free PowerPoint Viewer 2003.


Back to Top

Projects

How to Read Your CCSF Email
How to Get your Windows Activation Codes from MSDNAA
Downloading MSDNAA Software
Virtual Machines at Home
Fixing Problems with Ubuntu on VMware

Project 1: Firefox and NoScript (10 pts.)
Project 2: HijackThis (10 pts.)
Project 3: Sniffing Passwords with Wireshark (10 pts.)
Project 4: Port Scans and Windows Firewall (20 pts.) (rev. 8-12-11)
Project 5: WOT (Web of Trust) (10 pts.) (rev. 8-12-11)
Project 6: Blocking Ads with the Hosts File (15 pts.)
Project 7: Hashes and Digital Signatures (15 pts.) (rev. 2-11-12)
Project 8: TrueCrypt (15 pts.)
Project 9: MD5 Hash Collisions (15 pts.)
Project 10: Preparing a BackTrack Virtual Machine (10 pts.)
Project 11: WebGoat Setup (10 pts.)
Project 12: SQL Injection with WebGoat (15 pts.)
Project 13: Skipfish Vulnerability Scanner (15 pts.) (rev. 9-12-11)
Project 14: Gmail 2-Factor Authentication (10 pts.)
Project 15: Snort (15 pts.)
Project 16: Encipher It (10 pts.)
Project 17: Making a Linux HTTPS Server (20 pts.)
Project 18: Viewing Segments and Clusters with a Hex Editor (20 pts.)
     SPAM.zip      EGGS.zip
Project 19: reCAPTCHA (15 pts.)

Extra Credit Projects

Twitter Project (10 pts.)
Binary Games
Project 2x: XSS with Google Gruyere (15 pts.)
Project 3x: Privilege Escalation with Google Gruyere (10 pts.)
Project 4x: Performing an HTTPS DoS Attack (10 pts.)
Project 5x: Stealing Logon Passwords Remotely (15 pts.)
Project 6x: Bypassing Antivirus (10 pts.)
Project 7x: Bypassing Antivirus Part 2 (10 pts.)

More projects will be posted later

Back to Top

Links

Certification Preparation

Security+ Study Guides, Practice Exams, Training Resources, and Forums
Security+ Exam Changing 12-31-2011

Links for Chapter Lectures

Ch 1a: WSLabi launches auction site for security exploits - TechSpot News
Ch 1b: Hackers Selling Vista Zero-Day Exploit
Ch 1c: Attackers booby-trap searches at top Web sites | News Blog - CNET News
Ch 1d: Updates and Task Manager Disabled by New Windows XP Worm at Source Code
Ch 1e: Study: Weak Passwords Really Do Help Hackers - PC World
Ch 1f: Hi-Tech Heist, How Hi-Tech Thieves Stole Millions Of Customer Financial Records - CBS News
Ch 1g: Researcher: Worm infects 1.1M Windows PCs in 24 hours
Ch 1h: The NSA Hacker
Ch 1i: The San Francisco Hacker Who Took Over the World\'s Market in Stolen Credit Cards
Ch 1j: Map of Internet Root DNS Servers
Ch 1k: Distributed denial of service attacks on root nameservers
Ch 1l: Worm has now infected 8 million PCx

Ch 2a: Sony BMG CD copy prevention scandal
Ch 2b: Real Story of the Rogue SONY Rootkit
Ch 2c: Sony, Rootkits and Digital Rights Management Gone Too Far
Ch 2d: Image Spam: By the Numbers
Ch 2e: Adaware Review
Ch 2f: Student Logs Teachers Keystrokes
Ch 2g: Pecos SWW<>Three Good Reasons for Flashing Your BIOS
Ch 2h: Basic Computer Operation Tutorial--Using the BIOS
Ch 2i: Under Worm Assault, Military Bans Disks, USB Drives
Ch 2j: USB Pocket-Knife Development - Hak5 Forums
Ch 2k: Schneier on Security: Hacking Computers Over USB
Ch 2l: IEEE 1667: One standard worth watching | Security - CNET News
Ch 2m: Chart - Top 5 Network-Attached Storage Devices - PC World
Ch 2n: Technology on a Budget: How to Build a 1.5 Terabyte SAN for Less than $35,000
Ch 2o: Is Your Phone Catching a Virus?
Ch 2p: Customers Success Stories - VMware
Ch 2q: Siberian pipeline sabotage - Wikipedia

Ch 3a: Drive-by download menace spreading fast
Ch 3b: Linux: Fewer Bugs Than Rivals
Ch 3c: A statistical analysis of bugs in Windows Vista - Ars Technica
Ch 3d: How to see Address Space Layout Randomization in Vista
Ch 3e: Vulnerable Message Board (use at your own risk)

Ch 4a: Hackers Attack Via Chinese Web Sites
Ch 4b: 2007 cyberattacks on Estonia - Wikipedia
Ch 4c: Network tap - Wikipedia, the free encyclopedia
Ch 4d: KeePass Password Safe
Ch 4e: Two Arrested in First Bust for ATM Reprogramming Scam
Ch 4f: The Hunt for the Kill Switch - hardware backdoors in chips
Ch 4g: Root exploit for Linux kernel in circulation - News - heise Security UK
Ch 4i: Techwatch weathers DDoS extortion attack
Ch 4j: DEFCON 2007 - Wall of Sheep
Ch 4k: New Sidejacking Tool Automates Webmail Account Hijacks
Ch 4l: DNSSEC - Domain Name System Security Extensions - Wikipedia

Ch 6a: TJX Settles With Feds - Total cost of lawsuits less than $1 per record lost
Ch 6b: Temporal Key Integrity Protocol (TKIP) - Good explanation of MIC

Ch 7a: Jérôme Kerviel - Wikipedia
Ch 7b: Kerviel starts new job at computer consulting firm
Ch 7c: YouTube - Mac Ad: Vista Security
Ch 8d: Mandatory, Discretionary, Role and Rule Based Access Control - Techotopia
Ch 7e: DEFCON 16 lockpicking: Plastic Keys; and JennaLynn Does it Again!
Ch 7f: YouTube - \"Unpickable\" Medeco(r) Biaxial Lock Opened by 12 year old
Ch 7g: Objectif Sécurité--online NTLM hash calculator
Ch 7h: Cracking unix crypt() with a cluster of playstations
Ch 7i: Free Rainbow Tables
Ch 7j: Partial identification of Lorenz system and its application to key space reduction of chaotic cryptosystems

Ch 8a: Brute-force SSH attacks surge
Ch 8b: U.S. Regulators Require Two-Factor Authentication for Banks
Ch 8c: Federal Regulators want Banks to Adopt Two-Factor Authentication for Web Log-ons
Ch 8d: Two-factor banking
Ch 8e: TACACS - Wikipedia, the free encyclopedia
Ch 8f: TACACS and RADIUS Comparison - Cisco Systems
Ch 8g: TechExams.Net - Security TechNote: Authentication
Ch 8h: PEAP and EAP

Ch 9a: OVAL is Compatible with CVE

Ch 10a: 2ND HIPAA Sanction: CVS Must Pay $2.25 Million for Using Unsecured Dumpsters
Ch 10b: DecaffeinatID: A Very Simple IDS / Log Watching App / ARPWatch For Windows

Ch 11a: PIN Crackers Nab Holy Grail of Bank Card Security
Ch 11b: MD2 - Wikipedia
Ch 11c: RSA Laboratories - 3.6.6 What are MD2, MD4, and MD5?
Ch 11d: Web Utils - Online Message Digest Algorithm (MD2, MD4, MD5) Hash Calculator
Ch 11e: NIST hash function competition - Wikipedia
Ch 11e: Pretty Animation of AES Encryption Process
Ch 11f: Pretty animation of AES calculation
Ch 11g: Diffie-Hellman key exchange - Wikipedia
Ch 11h: Transport Layer Security - Wikipedia, the free encyclopedia
Ch 11i: Lest We Remember: Cold Boot Attacks on Encryption Keys

Ch 12a: Types of SSL certificates for sale
Ch 12b: Extended Validation SSL Certificates - SSL Web Server Certificates with EV - thawte
Ch 12c: Certificate Repository - search for COM
Ch 12d: Transport Layer Security - Wikipedia
Ch 12e: Secure Shell - Wikipedia
Ch 12f: Point-to-Point Protocol over Ethernet - Wikipedia
Ch 12g: IPsec - Wikipedia
Ch 12h: S/MIME - Wikipedia

Ch 13a: HVAC - Wikipedia
Ch 13b: Fire Safety and Fire Extinguishers
Ch 13c: Fire Suppression Systems
Ch 13d: How Hackers Can Steal Secrets from Reflections: Scientific American
Ch 13e: Compromising Electromagnetic Emanations of Keyboards - video
Ch 13f: Clustering Servers
Ch 13g: Google's Server Clusters - Wikipedia
Ch 13h: Behold the Google Server, ye nations, and weep
Ch 13i: On the ground with AT&T's Network Disaster Recovery team
Ch 13j: NetEx Inc. Hotsite
Ch 13k: Connected Online Backup for PC Software - Iron Mountain
Ch 13l: File Slack « Data - Where is it?
Ch 13m: RAM Slack

Ch 14a: The Loyalty Oath Controversy, University of California, 1949-1951
Ch 14b: Cal State teacher fired for refusing to sign loyalty oath (May 2, 2008)
Ch 14c: Due diligence - Wikipedia
Ch 14d: Hard Drive Disposal - Protecting Your Identity

Other Links

Proj 6 link: Download details: Microsoft Baseline Security Analyzer 2.1.1 (for IT Professionals)
Metasploit Megaprimer 300 mins of video tute
\"Security Theatre\" video narrated by Bruce Schneier

New Unsorted Links

Ch 9b: SATAN changed its name to SAINT
Ch 12i: Microsoft, VeriSign, and Certificate Revocation
Ch 12j: Microsoft Security Bulletin MS01-017 : Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
Ch 12k: Revocation list - Wikipedia

CCSF Network Traffic (live)

Free Online Computer Security Class from Berkeley & Stanford

Ch 1m: Remove XP Antispyware 2012, XP Internet Security 2012 (Uninstall Guide)

Ch 1n: Viruses stole City College of S.F. data for years

Download Ez7z for Mac - Easy-to-use p7zip archiver. MacUpdate.com

Ch 2r: Revisiting the SpyEyeZeuS Merger

Ch 2s: Black ops: how HBGary wrote backdoors for the government

Ch 2t: UK firm denies supplying spyware to Mubarak's secret police

Ch 2u: Windows 8's locked bootloaders: ARM pads will be locked like iPads

Ch 2v: Kevin Mitnick Social Engineering a Telco Office

Ch 2w: Ghost in the Wires: My Adventures as the World's Most Wanted Hacker

Ch 3f: SQL Injection Attacks by Example

Ch 3g: Directory Traversal Example

Ch 3h: Over a million web sites affected in mass SQL injection attack (Oct. 2011)

Ch 3j: Apache Range Header DoS Attack

Ch 3i: Chrome 'SaveAs' flaw -- buffer overflow

Ch 7k: ICMP Redirect Message - Wikipedia

Ch 7l: An Illustrated Guide to the Kaminsky DNS Vulnerability

Ch 8i: Wi-Fi Security: The Rise and Fall of WPS

Ch 8j: Cracking WPS with Reaver

Ch 9c: Defense Contractor Leaks Obama's Presidential Helicopter Plans to Iran

Ch 9d: Configuring IP Access Lists - Cisco Systems

Ch 10c: Difference between Hashing a Password and Encrypting it

Ch 11j: MD5 Collision Vulnerabilities

Ch 11k: SHA-1 - Wikipedia, the free encyclopedia

Ch 11l: Extracting and Cracking Mac OS X Lion Password Hashes

Ch 11l: Linux Ubuntu's password management with SHA512

Ch 11m: Linux Ubuntu's password management with SHA512

Ch 11n: crypt(3) - Linux manual page -- explains salted hash format

Ch 11o: How I Cracked your Windows Password (Part 1)

Ch 11p: Triple DES - Wikipedia, the free encyclopedia

Ch 11q: IronKey Adds Remote Wipe Feature for USB Drives

Ch 11r: PIN storage on magstripes is explained in the comments

Ch 12l: Fraudulent Microsoft Certificates Issued by VeriSign in 2001

Ch 12m: Nine Fraudulent Microsoft Digital Certificates Issued in March 2011 by Comodo

Ch 12n: 22 Cryptographically Insecure Microsoft Certificates Issued by DigiCert in November, 2011

Ch 12o: Comodo hacker: I hacked DigiNotar too; other CAs breached

Ch 12p: Comodo Hacker's Original Message

Ch 12q: What is a Dual Sided Certificate?

Ch 13n: Summary of the Amazon EC2 and Amazon RDS Service Disruption

Ch 13o: Continuous data protection - Wikipedia

Ch 13p: NHK Van Eck Phreaking demonstration - Spy on Your Neighbor's Computer - YouTube

Ch 13q: Feds charge confessed Anon member after tracking his digital footprints

Ch 13r: Too TRIM? When SSD Data Recovery is Impossible: Introduction

Ch 14e: Google's Privacy Policy

Ch 14f: Gmail man (Office 365 Advertisement) - YouTube

Ch 14g: Document security: Minding your documents

Ch 14h: (ISC)2 Code of Ethics

NIST standard from 2003: AES-128 OK for SECRET; AES-192 OK for TOP SECRET
2015-03-29: Here\'s what happens when a hacker gets mistaken for a spy | The Verge
Ch 9g: Fail-safe locks open when power fails, according to TechExams.net
Ch 9h: Fail-safe doors open when power fails, according to Wikipedia
StudyDroid: FlashCards on the web, and in your hand! -- RECOMMENDED FOR SECURITY PLUS
Ch 10p: Animation of AES (fixed link 11-1715)
Ch 10p: Animation of AES (fixed link 11-1715)

          

Back to Top
Last Updated: 4-26-12 9:19 am<

Note about 2015 page added 1-20-15