CNIT 120: Network Security

Fall 2010 Sam Bowne

Final Grades posted 12-19

Schedule · Lecture Notes · Projects · Links · Home Page


79265 G01  W 3:00-6:00PM  CLOU 218

Catalog Description

Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).

Advisorie: Students should have taken CNIT 106 or 106C or 201E, or equivalent familiarity with the fundamentals of networking.

Upon successful completion of this course, the student will be able to:
  1. Define areas of security concern, discuss network security, and identify network risks.
  2. Distinguish between and define internal and external threats to data and services.
  3. Describe the vulnerabilities of various media (susceptibility to wiretaps or eavesdropping).
  4. Secure access to resources on the network using passwords, permissions, and access control lists (ACLs).
  5. Evaluate various anti-virus software programs, software firewalls, and hardware firewalls.
  6. Define and identify types of firewalls, including Network Address Translation (NAT).
  7. Discuss weaknesses of various operating systems and known and recommended fixes (patches).
  8. Detect unauthorized attempts to access resources by monitoring (auditing).
  9. Install and configure intrusion detection programs; analyze reports and recommend responses.
  10. Provide solutions for known vulnerabilities in communications: email, remote access, file transfer, and electronic commerce.
  11. Provide end-to-end security for the transmission of data between hosts on the network.
  12. Describe vulnerabilities inherent in wireless technologies and present suggested solutions.


Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa ISBN-10: 1-4283-4066-1 Buy from iChapters

Schedule (may be revised)

Wed 8-18  Ch 1: Introduction to Security
Wed 8-25  Ch 2: System Threats and Risks
Wed 9-1 Ch 3: Protecting Systems
Fri 9-3 Last Day to Add Classes
Wed 9-8No Quiz Ch 4: Network Vulnerabilities and Attacks
Wed 9-15No Quiz
Ch 5: Network Defenses
Thu 9-16 Last Day to Request pass/no pass Grading
Wed 9-22No Quiz Ch 6: Wireless Network Security
Wed 9-29Quiz on Ch 1-2 Ch 7: Access Control Fundamentals
Wed 10-6Quiz on Ch 3-4 
Proj 1-4 due
Ch 8: Authentication
Tue 10-20 Mid-Term Grades Due
Wed 10-13Quiz on Ch 5-6
Proj 6-9 due
Ch 9: Performing Vulnerability Assessments
Wed 10-20Quiz on Ch 7-8
Proj 10, 11, & 13 due
10: Conducting Audits
Wed 10-27Quiz on Ch 9-10
Proj 14 due
Ch 11: Basic Cryptography
Wed 11-3 Class Cancelled -- IPv6 Conference in San Jose
Wed 11-10Quiz on Ch 11 
Proj 17 due
Ch 12: Cryptographic Protocols and Public Key Infrastructure
Wed 11-17Quiz on Ch 12 
Proj 18 due
Ch 13: Business Continuity Planning and Procedures
Thu 11-18 Last Day to Withdraw
Wed 11-24 Holiday - No Class
Wed 12-1Quiz on Ch 13
Proj 19 due
Ch 14: Policies and Legislation
Wed 12-8No Quiz - Last Class
All Extra Credit Projects Due
Review for Final
Wed 12-15  Final Exam: 3 pm

Lecture Notes

1. Introduction to Security     PowerPoint
2. System Threats and Risks     PowerPoint
3. Protecting Systems     PowerPoint
4. Network Vulnerabilities and Attacks     PowerPoint
5. Network Defenses     PowerPoint
6. Wireless Network Security     PowerPoint
7. Access Control Fundamentals     PowerPoint
8. Authentication     PowerPoint
9. Performing Vulnerability Assessments     PowerPoint
10. Conducting Audits     PowerPoint
11. Basic Cryptography     PowerPoint
12. Cryptographic Protocols and Public Key Infrastructure     PowerPoint
13. Business Continuity Planning and Procedures     PowerPoint
14. Policies and Legislation     PowerPoint
The lectures are in Word and PowerPoint formats.
If you do not have Word or PowerPoint you will need to install the
Free Word Viewer 2003 and/or the Free PowerPoint Viewer 2003.

Back to Top


How to Read Your CCSF Email
How to Get your Windows Activation Codes from MSDNAA
Downloading MSDNAA Software
Virtual Machines at Home
Fixing Problems with Ubuntu on VMware

Corrections for Projects

Project 1: Firefox and NoScript (10 pts.)
Project 2: HijackThis (10 pts.)
Project 3: VMware (10 pts.)
Project 4: Ubuntu Linux (10 pts.)
Project 5: Security Templates (10 pts.)--Project cancelled
Project 6: MBSA (10 pts.)
Project 7: KeePass Password Manager (10 pts.)
Project 8: Sniffing Passwords with Wireshark (10 pts.)
Project 9: Port Scans and Windows Firewall (20 pts.)
Project 10: Making a Secure Wireless Network (20 pts.)
Project 11: Cracking Password Hashes with Rainbow Tables (15 pts.)
Project 12: Nessus Vulnerability Scanner (15 pts.)
Project 13: DecaffienatID Log Scanner (10 pts.)
Project 14: Hashes and Digital Signatures (15 pts.)
Project 15: Digital Certificate (15 pts.)--Project cancelled
Project 16: Directory Snoop (15 pts.)--Project cancelled
Project 17: TrueCrypt (15 pts.)
Project 18: MD5 Hash Collisions (15 pts.)
Project 19: Viewing Segments and Clusters with a Hex Editor (25 pts.)
     SPAM.zip      EGGS.zip

Project 1x: iptables (10 pts.)
Project 2x: Getting into Ubuntu Linux Without a Password (15 pts.)
Project 3x: Encrypted Email (15 pts.)

IPv6 Certification Project 1 (25 pts. extra credit)
IPv6 Certification Project 2 (Up to 75 pts. extra credit)

Back to Top


Certification Preparation

Security+ Study Guides, Practice Exams, Training Resources, and Forums
Security+ Exam Changing 12-31-2011

Links for Chapter Lectures

Ch 1a: WSLabi launches auction site for security exploits - TechSpot News
Ch 1b: Hackers Selling Vista Zero-Day Exploit
Ch 1c: Attackers booby-trap searches at top Web sites | News Blog - CNET News
Ch 1d: Updates and Task Manager Disabled by New Windows XP Worm at Source Code
Ch 1e: Study: Weak Passwords Really Do Help Hackers - PC World
Ch 1f: Hi-Tech Heist, How Hi-Tech Thieves Stole Millions Of Customer Financial Records - CBS News
Ch 1g: Researcher: Worm infects 1.1M Windows PCs in 24 hours
Ch 1h: The NSA Hacker
Ch 1i: The San Francisco Hacker Who Took Over the World\'s Market in Stolen Credit Cards
Ch 1j: Map of Internet Root DNS Servers
Ch 1k: Distributed denial of service attacks on root nameservers
Ch 1l: Worm has now infected 8 million PCx

Ch 2a: Sony BMG CD copy prevention scandal
Ch 2b: Real Story of the Rogue SONY Rootkit
Ch 2c: Sony, Rootkits and Digital Rights Management Gone Too Far
Ch 2d: Image Spam: By the Numbers
Ch 2e: Adaware Review
Ch 2f: Student Logs Teachers Keystrokes
Ch 2g: Pecos SWW<>Three Good Reasons for Flashing Your BIOS
Ch 2h: Basic Computer Operation Tutorial--Using the BIOS
Ch 2i: Under Worm Assault, Military Bans Disks, USB Drives
Ch 2j: USB Pocket-Knife Development - Hak5 Forums
Ch 2k: Schneier on Security: Hacking Computers Over USB
Ch 2l: IEEE 1667: One standard worth watching | Security - CNET News
Ch 2m: Chart - Top 5 Network-Attached Storage Devices - PC World
Ch 2n: Technology on a Budget: How to Build a 1.5 Terabyte SAN for Less than $35,000
Ch 2o: Is Your Phone Catching a Virus?
Ch 2p: Customers Success Stories - VMware
Ch 2q: Siberian pipeline sabotage - Wikipedia

Ch 3a: Drive-by download menace spreading fast
Ch 3b: Linux: Fewer Bugs Than Rivals
Ch 3c: A statistical analysis of bugs in Windows Vista - Ars Technica
Ch 3d: How to see Address Space Layout Randomization in Vista
Ch 3e: Vulnerable Message Board (use at your own risk)

Ch 4a: Hackers Attack Via Chinese Web Sites
Ch 4b: 2007 cyberattacks on Estonia - Wikipedia
Ch 4c: Network tap - Wikipedia, the free encyclopedia
Ch 4d: KeePass Password Safe
Ch 4e: Two Arrested in First Bust for ATM Reprogramming Scam
Ch 4f: The Hunt for the Kill Switch - hardware backdoors in chips
Ch 4g: Root exploit for Linux kernel in circulation - News - heise Security UK
Ch 4i: Techwatch weathers DDoS extortion attack
Ch 4j: DEFCON 2007 - Wall of Sheep
Ch 4k: New Sidejacking Tool Automates Webmail Account Hijacks
Ch 4l: DNSSEC - Domain Name System Security Extensions - Wikipedia

Ch 6a: TJX Settles With Feds - Total cost of lawsuits less than $1 per record lost
Ch 6b: Temporal Key Integrity Protocol (TKIP) - Good explanation of MIC

Ch 7a: Jérôme Kerviel - Wikipedia
Ch 7b: Kerviel starts new job at computer consulting firm
Ch 7c: YouTube - Mac Ad: Vista Security
Ch 8d: Mandatory, Discretionary, Role and Rule Based Access Control - Techotopia
Ch 7e: DEFCON 16 lockpicking: Plastic Keys; and JennaLynn Does it Again!
Ch 7f: YouTube - \"Unpickable\" Medeco(r) Biaxial Lock Opened by 12 year old
Ch 7g: Objectif Sécurité--online NTLM hash calculator
Ch 7h: Cracking unix crypt() with a cluster of playstations
Ch 7i: Free Rainbow Tables
Ch 7j: Partial identification of Lorenz system and its application to key space reduction of chaotic cryptosystems

Ch 8a: Brute-force SSH attacks surge
Ch 8b: U.S. Regulators Require Two-Factor Authentication for Banks
Ch 8c: Federal Regulators want Banks to Adopt Two-Factor Authentication for Web Log-ons
Ch 8d: Two-factor banking
Ch 8e: TACACS - Wikipedia, the free encyclopedia
Ch 8f: TACACS and RADIUS Comparison - Cisco Systems
Ch 8g: TechExams.Net - Security TechNote: Authentication
Ch 8h: PEAP and EAP

Ch 9a: OVAL is Compatible with CVE

Ch 10a: 2ND HIPAA Sanction: CVS Must Pay $2.25 Million for Using Unsecured Dumpsters
Ch 10b: DecaffeinatID: A Very Simple IDS / Log Watching App / ARPWatch For Windows

Ch 11a: PIN Crackers Nab Holy Grail of Bank Card Security
Ch 11b: MD2 - Wikipedia
Ch 11c: RSA Laboratories - 3.6.6 What are MD2, MD4, and MD5?
Ch 11d: Web Utils - Online Message Digest Algorithm (MD2, MD4, MD5) Hash Calculator
Ch 11e: NIST hash function competition - Wikipedia
Ch 11e: Pretty Animation of AES Encryption Process
Ch 11f: Pretty animation of AES calculation
Ch 11g: Diffie-Hellman key exchange - Wikipedia
Ch 11h: Transport Layer Security - Wikipedia, the free encyclopedia
Ch 11i: Lest We Remember: Cold Boot Attacks on Encryption Keys

Ch 12a: Types of SSL certificates for sale
Ch 12b: Extended Validation SSL Certificates - SSL Web Server Certificates with EV - thawte
Ch 12c: Certificate Repository - search for COM
Ch 12d: Transport Layer Security - Wikipedia
Ch 12e: Secure Shell - Wikipedia
Ch 12f: Point-to-Point Protocol over Ethernet - Wikipedia
Ch 12g: IPsec - Wikipedia
Ch 12h: S/MIME - Wikipedia

Ch 13a: HVAC - Wikipedia
Ch 13b: Fire Safety and Fire Extinguishers
Ch 13c: Fire Suppression Systems
Ch 13d: How Hackers Can Steal Secrets from Reflections: Scientific American
Ch 13e: Compromising Electromagnetic Emanations of Keyboards - video
Ch 13f: Clustering Servers
Ch 13g: Google's Server Clusters - Wikipedia
Ch 13h: Behold the Google Server, ye nations, and weep
Ch 13i: On the ground with AT&T's Network Disaster Recovery team
Ch 13j: NetEx Inc. Hotsite
Ch 13k: Connected Online Backup for PC Software - Iron Mountain
Ch 13l: File Slack « Data - Where is it?
Ch 13m: RAM Slack

Ch 14a: The Loyalty Oath Controversy, University of California, 1949-1951
Ch 14b: Cal State teacher fired for refusing to sign loyalty oath (May 2, 2008)
Ch 14c: Due diligence - Wikipedia
Ch 14d: Hard Drive Disposal - Protecting Your Identity

Other Links

Proj 6 link: Download details: Microsoft Baseline Security Analyzer 2.1.1 (for IT Professionals)
Metasploit Megaprimer 300 mins of video tute
\"Security Theatre\" video narrated by Bruce Schneier

New Unsorted Links

Ch 9b: SATAN changed its name to SAINT
Ch 12i: Microsoft, VeriSign, and Certificate Revocation
Ch 12j: Microsoft Security Bulletin MS01-017 : Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
Ch 12k: Revocation list - Wikipedia

CCSF Network Traffic (live)

Free Online Computer Security Class from Berkeley & Stanford

Ch 1m: Remove XP Antispyware 2012, XP Internet Security 2012 (Uninstall Guide)

Ch 1n: Viruses stole City College of S.F. data for years

Download Ez7z for Mac - Easy-to-use p7zip archiver. MacUpdate.com

Ch 2r: Revisiting the SpyEyeZeuS Merger

Ch 2s: Black ops: how HBGary wrote backdoors for the government

Ch 2t: UK firm denies supplying spyware to Mubarak's secret police

Ch 2u: Windows 8's locked bootloaders: ARM pads will be locked like iPads

Ch 2v: Kevin Mitnick Social Engineering a Telco Office

Ch 2w: Ghost in the Wires: My Adventures as the World's Most Wanted Hacker

Ch 3f: SQL Injection Attacks by Example

Ch 3g: Directory Traversal Example

Ch 3h: Over a million web sites affected in mass SQL injection attack (Oct. 2011)

Ch 3j: Apache Range Header DoS Attack

Ch 3i: Chrome 'SaveAs' flaw -- buffer overflow

Ch 7k: ICMP Redirect Message - Wikipedia

Ch 7l: An Illustrated Guide to the Kaminsky DNS Vulnerability

Ch 8i: Wi-Fi Security: The Rise and Fall of WPS

Ch 8j: Cracking WPS with Reaver

Ch 9c: Defense Contractor Leaks Obama's Presidential Helicopter Plans to Iran

Ch 9d: Configuring IP Access Lists - Cisco Systems

Ch 10c: Difference between Hashing a Password and Encrypting it

Ch 11j: MD5 Collision Vulnerabilities

Ch 11k: SHA-1 - Wikipedia, the free encyclopedia

Ch 11l: Extracting and Cracking Mac OS X Lion Password Hashes

Ch 11l: Linux Ubuntu's password management with SHA512

Ch 11m: Linux Ubuntu's password management with SHA512

Ch 11n: crypt(3) - Linux manual page -- explains salted hash format

Ch 11o: How I Cracked your Windows Password (Part 1)

Ch 11p: Triple DES - Wikipedia, the free encyclopedia

Ch 11q: IronKey Adds Remote Wipe Feature for USB Drives

Ch 11r: PIN storage on magstripes is explained in the comments

Ch 12l: Fraudulent Microsoft Certificates Issued by VeriSign in 2001

Ch 12m: Nine Fraudulent Microsoft Digital Certificates Issued in March 2011 by Comodo

Ch 12n: 22 Cryptographically Insecure Microsoft Certificates Issued by DigiCert in November, 2011

Ch 12o: Comodo hacker: I hacked DigiNotar too; other CAs breached

Ch 12p: Comodo Hacker's Original Message

Ch 12q: What is a Dual Sided Certificate?

Ch 13n: Summary of the Amazon EC2 and Amazon RDS Service Disruption

Ch 13o: Continuous data protection - Wikipedia

Ch 13p: NHK Van Eck Phreaking demonstration - Spy on Your Neighbor's Computer - YouTube

Ch 13q: Feds charge confessed Anon member after tracking his digital footprints

Ch 13r: Too TRIM? When SSD Data Recovery is Impossible: Introduction

Ch 14e: Google's Privacy Policy

Ch 14f: Gmail man (Office 365 Advertisement) - YouTube

Ch 14g: Document security: Minding your documents

Ch 14h: (ISC)2 Code of Ethics

NIST standard from 2003: AES-128 OK for SECRET; AES-192 OK for TOP SECRET
2015-03-29: Here\'s what happens when a hacker gets mistaken for a spy | The Verge
Ch 9g: Fail-safe locks open when power fails, according to TechExams.net
Ch 9h: Fail-safe doors open when power fails, according to Wikipedia
StudyDroid: FlashCards on the web, and in your hand! -- RECOMMENDED FOR SECURITY PLUS
Ch 10p: Animation of AES (fixed link 11-1715)
Ch 10p: Animation of AES (fixed link 11-1715)


Back to Top
Last Updated: 12-19-10 7 am