|
Size: 1109
Comment:
|
Size: 2189
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 4: | Line 4: |
| == CPTR 427 Network Security Class == | = CPTR 427 Network Security Class Wiki = This page contains general information about security. For your specific class check the list below: * Cptr427Winter2010 Before you get too involved with looking at what we plan to do this semester, you need to look at '''what you should already know'''. Take a look at [[NetworkSecurity/Prerequisites]]. |
| Line 8: | Line 15: |
| == Using WebScarab with WebGoat == | Below is a list of areas and resources we will look at in NetworkSecurity |
| Line 10: | Line 17: |
| 1. Start up WebScarab. It may be in basic mode. a. If it is, Go to Tools->Use Full Interface. a. Restart WebScarab. 1. Fire up IE and go to Tools->Internet Options->Connections->LAN settings. 1. Check Use proxy server and set address to localhost port 8008. 1. Click OK and OK. 1. On WebScarab go to Proxy->Manual Edit. Check Intercept Requests. Select GET and POST (using the CTRL key to select both). 1. In IE go to http://localhost./WebGoat/attack. (notice the dot after localhost, it is required to apply proxy settings on localhost.) WebScarab should already start intercepting. The lessons should work after that. I was able to do a command injection following the steps in the solution. I have now put the proxy settings back to the way they were and shut down WebGoat (for security reasons, not sure if that was necessary but I did it.) |
* [[NetworkSecurity/Lab]] * [[NetworkSecurity/Tools]] * [[NetworkSecurity/Hacking]] * [[NetworkSecurity/Encryption]] * [[NetworkSecurity/FireWall]] * [[http://www.backtrack-linux.org/|Backtrack Penetration Testing]] * In the past we have used [[NetworkSecurity/WebScarab|Web scarab]] * [[http://www.securitywizardry.com/radar.htm|A nice dashboard]] * [[http://osvdb.org/|Open Source Vulnerability Database]] |
| Line 20: | Line 28: |
| = Often Discussed Topics = | == Books Used in this Class == |
| Line 22: | Line 30: |
| * IpSec | '''Required Books''' * [[http://www.snort.org/assets/125/snort_manual-2_8_5_1.pdf | Snort Manual]] (Free) * Hacking Exposed 6th Ed. ISBN: 978-0-07-161374-3 * Each student will be responsible for presenting a chapter from this book. * Each student will be responsible for demonstrating an attack related to the chapter they present. * The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography ISBN: 0385495323 * Each student must read this New York Times Best Seller. * Cryptography will be studied in conjunction with the assigned chapters. * Cryptography and Network Security 4th Ed. ISBN: 0-13-187316-4 * The theory of cryptography (Symmetric, Public-key, Key-management, Hash and MAC) are covered from this book * Applications of theory are partially covered from this book (Kerberos, X.509, IPSec) * Dr. A will do all the lecturing on these topics. * Labs will be given from handouts and rely on internet and suggested resources. Topics will be take from [[NetworkSecurity/Lab]] '''Recommended Book(s)''' * Snort IDS and IPS Toolkit ISBN-10: 1-59749-099-7 |
CPTR 427 Network Security Class Wiki
This page contains general information about security. For your specific class check the list below:
Before you get too involved with looking at what we plan to do this semester, you need to look at what you should already know. Take a look at NetworkSecurity/Prerequisites.
Below is a list of areas and resources we will look at in NetworkSecurity
In the past we have used Web scarab
Books Used in this Class
Required Books
Snort Manual (Free)
- Hacking Exposed 6th Ed. ISBN: 978-0-07-161374-3
- Each student will be responsible for presenting a chapter from this book.
- Each student will be responsible for demonstrating an attack related to the chapter they present.
- The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography ISBN: 0385495323
- Each student must read this New York Times Best Seller.
- Cryptography will be studied in conjunction with the assigned chapters.
- Cryptography and Network Security 4th Ed. ISBN: 0-13-187316-4
- The theory of cryptography (Symmetric, Public-key, Key-management, Hash and MAC) are covered from this book
- Applications of theory are partially covered from this book (Kerberos, X.509, IPSec)
- Dr. A will do all the lecturing on these topics.
Labs will be given from handouts and rely on internet and suggested resources. Topics will be take from NetworkSecurity/Lab
Recommended Book(s)
- Snort IDS and IPS Toolkit ISBN-10: 1-59749-099-7