Learning Objectives
This course provides an in-depth study of various network attacks
techniques and methods to defend against them. A number of threats
and vulnerabilities of the Internet will be covered, including
various vulnerabilities of TCP/IP protocols, denial of service (DOS),
attacks on routing, attacks on DNS servers,
TCP session hijacking, and so on. This course will also cover defending
mechanisms, including intrusion detection, firewalls, tracing the
source of attacks, anonymous communication,
IPsec, virtual private network, and PKI. To make it easy for students
to understand these attacks, basics of the TCP/IP protocols will
also be covered in the course.
The course adopts the "learning by doing" principle. Students
are supposed to learn the attacks by performing them in a restricted
environment or a simulated environment. They will also play with a
number of security tools to understand how
they work and what security guarantee they provide. The experiments
will be
conducted in the virtual machine environments and/or in minix
environments. Students are expected to have a solid foundation
in C and Unix programming.
Instructor
Professor: Wenliang (Kevin) Du
Office: SciTech Building, Room 4-285
Phone: 443-9180
Email address: wedu@syr.edu
Texts
Required:
Computer & Internet Security: A Hands-on Approach, 2nd Edition, by Wenliang Du.
Grading (subject to change)
- Late Homework Policy: 10% penality per business day.
- Weights on Final Exam, Labs and Final Project:
The labs and project are supposed to help students enhance
and supplement their learnings with hands-on experiences. While many students do benefit
from that, for some students, these exercises do not seem to work. They get very good
scores in labs and project, but score very low in the final exam. Given that the final
exam is the utimate test to measure how much a students has learned,
for students doing poorly on the exam, the hands-on exercises do not seem to serve
their intended goal, so their weight needs to be reduced. Here is the fomula
to calculate the weight on the labs and final project:
- Final exam score ≥ 60: weight on labs/project = 50%.
- Final exam score < 60: weight on labs/project = (final_exam_score - 10)/100.
- Final exam score < 10: weight on labs/project = 0%.
| Examples |
Weight on Final Exam |
Weight on Labs/Project |
| Final exam score is above 60 |
50% |
50% |
| Final exam score is 40 |
70% |
30% |
| Final exam score is 20 |
90% |
10% |
| Final exam is below 10 |
100% |
0% |
- Quizzes: we may do some quizzes. Depending on the number of
quizzes, we will adjust the weight on the final exam accordingly. Undergraduate students will
have more quizzes than graduate students (some of the quizzes will be held during the
lab session).
- Introduction and Overview
- Internet Architecture
- How the Internet works (high-level overview)
- IP Address
- TCP/IP Protocols, Vulnerabilities, Attacks, and Countermeasures
- Physical Layer: jamming attacks
- Data Link Layer: ARP protocol and ARP cache poisoning
- Network Layer: IP protocols, packet sniffering, IP Spoofing, IP
fragmentation attacks
- Network Layer: ICMP protocol and ICMP misbehaviors
- Network Layer: IP Routing protocols and Attacks
- Transport Layer: TCP protocol, TCP session hijacking, reset and SYN flooding attacks
- DoS and DDoS attacks
- DNS protocol, attacks, and DNSSEC
- BGP protocol and Attacks
- Cryptography Basics and Applications
- Secret-Key Encryption, DES, AES
- One-way Hash Functions, MD5, SHA-1, and SHA-2
- Length extension attacks, Collision attacks
- Diffie-Hellman Key Exchange
- Public-Key Encryption, RSA
- Digital Signatures
- Public-Key Infrastructure (PKI)
- Blockchains and Bitcoins
- Case Studies: common mistakes
- Network Security Mechanisms
- IP Tunneling and SSH Tunneling
- Virtual Private Networks
- Firewalls
- Bypassing firewalls
- Transport Layer Security (TLS/SSL)
- TLS Programming