Differences between revisions 9 and 78 (spanning 69 versions)

CPTR 427 Network Security

Contents

CPTR 427 Network Security
1. Course Description
2. Purpose, Goals & Objectives
Resources

Course Description

This course provides an overview to key issues and solutions for network security and privacy issues. It provides an introduction to cryptography and its application to network and operating systems security; security threats; applications of cryptography; secret key and public key cryptographic algorithms; hash functions; authentication; security for electronic mail; intrusion detection; malicious software and firewalls. This course provides the necessary information to prepare for the CompTIA Security+™ exam SY0-501.

Purpose, Goals & Objectives

The purpose of this course is to introduce students to the real world of network security. Because this is an important, fast growing and changing field, the course goal covers training students to research security related information and implement the solutions found to protect vital assets. To accomplish these goals the student will research a chosen area and setup or write the necessary software on his/her own system. They will then prepare a lecture on the value, implementation and effectiveness of the chosen topic. Lecture topics may include:

What is Security?
Cryptography
Symmetric and asymmetric key cryptography
Hashes & Message Digests
Public Key Algorithms & Infrastructure
Number Theory Authentication
IPSec
SSH/SSL
Mail/GNU Privacy Guard
Hardening Issues
Windows
Firewalls
Web Issues
Intrusion Detection and Prevention
Wireless
Security Tools

Upon successful completion of this course, students will be able to:

Understand the basic security concepts applicable to system administration
Develop skill to be able to find useful security information
Develop skill to be able to understand the legal and ethical responsibilities as a network security administrator
Present anoral lecture and poster presentation on their own project.
Develop skill to be able to evaluate the effectiveness of security information
Develop skill to be able to understand the basics of security research

Resources

This page contains resources for Network Security CPTR 427. For assignments etc. see the Eclass website. For information on what you should already know, take a look at NetworkSecurity/Prerequisites.

Topics, Resources and Ideas for the future

Schedule
/Lab
- Nebuala, a nice beginner hacking tutorial
- Metasploit course - free
/Tools
CompTIA Academic Marketplace
/Programs
/Spam
/FireWall
/Topics
/SageIdeas
Cryptotools from AMS/MAA conference 2011 by Dr. Don Spickler.
Backtrack Penetration Testing
Two proxy tools that allow editing and observing http(s) are Web scarab and Paros Proxy - there is also some nice proxies specifically for firefox.
A nice dashboard
Open Source Vulnerability Database
National Vulnerability Database
http://exploit-db.com/ Once upon a time there was a site called Milw0rm.com and it was great! But the maintainer passed away and eventually it was taken over by http://exploit-db.com/.
Back in the stone age (relatively speaking of course) Dr. A took a course called Csce877.

Materials Used in this Class

Recommended AdditionalReading

DES Hints

http://www.cs.bham.ac.uk/research/projects/lemsys/DES/DESPage.jsp

Past Year Class Pages

/Cptr427Winter2010

-  ⇤ ← Revision 9 as of 2009-04-08 16:07:42 → 
  Size: 1925
  Editor: Anderson-Camtasia
  Comment:
+   ← Revision 78 as of 2024-01-07 18:12:17 → ⇥
  Size: 4496
  Editor: scot
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 4:
-== CPTR 427 Network Security Class ==
+= CPTR 427 Network Security =
 Line 6:
-== Labs ==
+|| <<TableOfContents>> || {{http://imgs.xkcd.com/comics/cryptography.png||width=300}} ||
 Line 8:
-'''SSL and code signing lab''':
+== Course Description ==
 Line 10:
-Hints: To get a code signing template to show up on the web page, you need to add it to the templates. Just go into the CA and right click templates and select new.... DO NOT ADD your site to the trusted sites list in windows. This will cause you problems. If at first you don't succeed, close it all and restart IE.
+This course provides an overview to key issues and solutions for network security and privacy issues. It provides an introduction to cryptography and its application to network and operating systems security; security threats; applications of cryptography; secret key and public key cryptographic algorithms; hash functions; authentication; security for electronic mail; intrusion detection; malicious software  and firewalls. This course provides the necessary information to prepare for the CompTIA Security+™ exam SY0-501.
 Line 12:
+== Purpose, Goals & Objectives ==
-Line 13:
+Line 14:
-'''Windows NTFS/Share Permissions Lab'''
+The purpose of this course is to introduce students to the real world of network security. Because this is an important, fast growing and changing field, the course goal covers training students to research security related information and implement the solutions found to protect vital assets. To accomplish these goals the student will research a chosen area and setup or write the necessary software on his/her own system. They will then prepare a lecture on the value, implementation and effectiveness of the chosen topic.
Lecture topics may include:
-Line 15:
+Line 17:
-''RSAT'' (Remote Server Administration Tools) has replaced (somewhat) the Support Tools. At any rate you can get them here: 
   * [[http://www.microsoft.com/downloads/details.aspx?FamilyId=9FF6E897-23CE-4A36-B7FC-D52065DE9960&displaylang=en]] 
   * [[attachment:Scriptomatic2.exe]]
   * [[attachment:Windows6.0-KB941314-x86_en-US.msu]]
   * [[attachment:rktools.exe]]
+ * What is Security?
 * Cryptography
 * Symmetric and asymmetric key cryptography
 * Hashes & Message Digests
 * Public Key Algorithms & Infrastructure
 * Number Theory Authentication
 * IPSec
 * SSH/SSL
 * Mail/GNU Privacy Guard
 * Hardening Issues
 * Windows
 * Firewalls
 * Web Issues
 * Intrusion Detection and Prevention
 * Wireless
 * Security Tools
-Line 21:
+Line 34:
-''xcacls'' has been replaced by ''Icacls'' in Vista and Windows 2008.
+Upon successful completion of this course, students will be able to:
-Line 23:
+Line 36:
-== Using WebScarab with WebGoat ==
+ * Understand the basic security concepts applicable to system administration
 * Develop skill to be able to find useful security information
 * Develop skill to be able to understand the legal and ethical responsibilities as a network security administrator
 * Present anoral lecture and poster presentation on their own project.
 * Develop skill to be able to evaluate the effectiveness of security information
 * Develop skill to be able to understand the basics of security research
-Line 25:
+Line 43:
-. Start up WebScarab.  It may be in basic mode.  
     a. If it is, Go to Tools->Use Full Interface.  
     a. Restart WebScarab.  
  1. Fire up IE and go to Tools->Internet Options->Connections->LAN settings.  
  1. Check Use proxy server and set address to localhost port 8008.  
  1. Click OK and OK.  
  1. On WebScarab go to Proxy->Manual Edit.  Check Intercept Requests.  Select GET and POST (using the CTRL key to select both).  
  1. In IE go to http://localhost./WebGoat/attack. (notice the dot after localhost, it is required to apply proxy settings on localhost.)  WebScarab should already start intercepting.  The lessons should work after that.  I was able to do a command injection following the steps in the solution.  I have now put the proxy settings back to the way they were and shut down WebGoat (for security reasons, not sure if that was necessary but I did it.)
+= Resources =
-Line 34:
+Line 45:
-----
CategoryHomepage
+This page contains resources for Network Security CPTR 427. For assignments etc. see the [[https://eclass.e.southern.edu|Eclass website]].  For information on '''what you should already know''', take a look at [[NetworkSecurity/Prerequisites]].

== Topics, Resources and Ideas for the future ==
/* * /NetworkSecurityEssentials4 notes from the book used in 2013. */
 * [[/Schedule|Schedule]]
 * [[/Lab]]
   * [[/Nebula|Nebuala, a nice beginner hacking tutorial]]
   * [[https://www.offensive-security.com/metasploit-unleashed/|Metasploit course - free]]
 * [[/Tools]]
 * [[http://academic.comptiastore.com/|CompTIA Academic Marketplace]]
 * [[/Programs]]
 * [[/Spam]]
 * /FireWall
 * [[/Topics]]
 * /SageIdeas
 * [[http://facultyfp.salisbury.edu/despickler/personal/CryptTools.asp|Cryptotools]] from AMS/MAA conference 2011 by Dr. Don Spickler.
 * [[http://www.backtrack-linux.org/|Backtrack Penetration Testing]]
 * Two proxy tools that allow editing and observing http(s) are [[NetworkSecurity/WebScarab|Web scarab]] and [[http://www.parosproxy.org/|Paros Proxy]] - there is also some nice proxies specifically for firefox.
 * [[http://www.securitywizardry.com/radar.htm|A nice dashboard]]
 * [[http://osvdb.org/|Open Source Vulnerability Database]]
 * [[http://web.nvd.nist.gov/view/vuln/search?execution=e2s1|National Vulnerability Database]]
 * [[http://exploit-db.com/]] Once upon a time there was a site called Milw0rm.com and it was great! But the maintainer passed away and eventually it was taken over by http://exploit-db.com/.
 * Back in the stone age (relatively speaking of course) Dr. A took a course called [[Csce877]].

== Materials Used in this Class ==
'''Recommended AdditionalReading'''

 * [[http://www.snort.org/assets/125/snort_manual-2_8_5_1.pdf|Snort Manual]] (Free)
 * [[http://ofps.oreilly.com/titles/9781449320317/ch_Security.html|MVC 4 Security, Authentication and Authorization]]
 * [[http://www.tomsitpro.com/articles/information-security-certifications,2-205.html|Security Certifications]]

== DES Hints ==

 * http://www.cs.bham.ac.uk/research/projects/lemsys/DES/DESPage.jsp

== Past Year Class Pages ==
 * /Cptr427Winter2010

Diff for "NetworkSecurity"