CNIT 120: Network SecuritySummer 2018 Sam BowneSlides · Projects · Links · Home PageNew ScoresArchived Scores from WCIL May, 2018 |
Catalog DescriptionKnowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).Advisories: Students should have taken CNIT 106 or 106C or 201E, or equivalent familiarity with the fundamentals of networking. Upon successful completion of this course, the student will be able to:
Student Learning Outcomes (measured to guide course improvements)1. Define areas of security concern, discuss network security, and identify security risks2. Evaluate various anti-virus software programs, and compare to software and hardware firewalls 3. Discuss weaknesses of various operating systems and known and recommended fixes (patches) |
Lectures | |
---|---|
|
Projects | |
---|---|
|
Other Slides | |
---|---|
3. Understanding Basic Network Security 4. Securing Your Network 5. Securing Hosts and Data 6. Understanding Malware and Social Engineering 7. Identifying Advanced Attacks 8. Managing Risk 9. Preparing for Business Continuity 10. Understanding Cryptography 11. Exploring Operational Security | |
The lectures linked above are in PowerPoint format. If you do not have PowerPoint you can use Open Office, or get them in HTML form from Github (ty sonokamome). |
Other Projects | |
---|---|
Project 5: Mapping an Application with Burp (15 pts.) Project 6: Making a Linux Virtual Machine (15 pts.) (rev. 2-14-18) Project 7: Using Tripwire for Intrusion Detection (15 pts.) Project 10: Exploiting ECB-Encrypted Tokens with Burp (15 pts.) Project 11: SQL Injection 2 (10 pts.) Project 12: PHP Insecurities (10 pts.) Project 13: Automating Web Requests with Python (15 pts. + 30 Extra Credit) Project 14: Logic Flaws (15 pts. + 20 pts. Extra Credit) Project 15: XSS (15 pts.) Project 16: SAML (15 pts.) Project 3x: DNSCrypt on Windows (15 pts.) Project 4x: Encrypting Text in ECB and CBC Modes (15 pts.) Project 5x: Exploiting ECB Encryption (35 pts.) Project 6x: Protecting SSH with Fail2Ban (15 pts.) Project 7x: Protecting a Server with iptables and iptstate (10 pts.) (Updated 11-8-16) Project 8x: Exploit Hackazon (20 pts.) Project 9x: XSS Extra Credit (25 pts.) (Rev. 4-2-18) Proj 11x: Stealing Cookies with XSS (10 pts.) (New 4-23-18) Project 1: Firefox and NoScript (10 pts.) (rev. 9-11-14) Project 2: HijackThis (10 pts.) (rev. 1-28-16) Project 3: Sniffing Passwords with Wireshark (10 pts.) (rev. 1-30-14) Project 4: Port Scans and Windows Firewall (20 pts.) (rev. 8-21-12) DOC Project 5: WOT (Web of Trust) (10 pts.) (rev. 2-17-16) Project 6: Blocking Ads with the Hosts File (15 pts.) (rev. 1-26-15) Project 7: Hashes and Digital Signatures (15 pts.) (rev. 3-4-14) Project 12: Nessus (15 pts.) Project 13: Intro to Docker (15 pts.) Project 14: Gmail 2-Factor Authentication (10 pts.) Project 15: Snort (15 pts.) (Updated 10-1-15) Project 16: Encipher It (10 pts.) Project 17: Making a Linux HTTPS Server (10 pts.) (rev. 9-22-15) Project 18: Encrypting an Image in ECB and CBC Modes (15 pts.) (new 11-12-15) Project 2x: XSS with Google Gruyere (15 pts.) Project 3x: Privilege Escalation with Google Gruyere (10 pts.) Project 4x: Performing an HTTPS DoS Attack (10 pts.) Project 5x: CodeCademy Command Line Course (15 pts.) Project 6x: Bandit Wargame (up to 27 pts.)
Project 11x: SQL Injection Challenges (Up to 30 pts.) |
Links |
---|
Certification PreparationSecurity+ Study Guides, Practice Exams, Training Resources, and ForumsSecurity+ Exam Changing 12-31-2011 to SY0-301 CompTIA Security SY0-301 Authorized Exam Cram (3rd Edition) ($16) CompTIA Security+ Certification: JK0-018 is the same as SY0-301 CompTIA CEUs (Continuing Education Requiements) Security Plus WAP Simulation Links for Chapter Lectures
Ch 1a: Palin's Email Account Hacked
Ch 2a: Defense Contractor Leaks Obama's Presidential Helicopter Plans to Iran
Ch 3a: An Illustrated Guide to the Kaminsky DNS Vulnerability
Ch 4a: Using Nepenthes Honeypots to Detect Common Malware
Ch 5a: Restricted Groups: Security Configuration Editor
Ch 6a: Microsoft disables AutoRun on Windows XPVista to prevent malware infections
Ch 7a: Kerberos prevents MITM
Ch 8a: IP Address Locator - Enter an IP address to find its location
Ch 9a: HBGary Federal's Aaron Barr Resigns After Anonymous Hack Scandal
Ch 10a: Understanding sha-1 collision weakness
Ch 11a: PSExec Pass The Hash - Metasploit Unleashed Other LinksProj 6 link: Download details: Microsoft Baseline Security Analyzer 2.1.1 (for IT Professionals)Metasploit Megaprimer 300 mins of video tute Different Types of Hashes and Salts Security Theater video with Bruce Schneier National Cyber League Fall Pilot Registration The National Cyber League (NCL): Where Cyber Security is a Passion The First Few Milliseconds of an HTTPS Connection -- EXCELLENT WALKTHROUGH Security Plus Performance Based Questions The Case of the Missing Digital Signatures Tab Didier Stevens 2013-12-08: Statement from French Government regarding the MitM certificates by their intermediate 2013-12-08: Google Explaining the French MITM Attack 2013-12-11: Safely and efficiently imaging a MacBook Air 2013-12-17: Hacker Ag3nt47 Hits Harvard, Stanford, MIT (from May) Free Mini Course - CompTIA Security Performance Based Exam Questions - InfoSec Institute 2014-01-04: Prison Locker Ransomware, an upcoming malware threat in 2014 Ch 6n: Trusted Platform Module contains an RSA key HacKid 1: Hacker Tells Story of Melbourne University Hack HacKid 2: How the feds took down the Dread Pirate Roberts Ars Technica Codebashing SQLi Tutorial DNSSEC Demo: Online Dig of IETF.ORG Updated CompTIA Security Exam--SY-301 expires Dec 31, 2014 Steganography Demo -- USEFUL FOR PROJECT New Unsorted LinksCh 10p: Animation of AES (fixed link 11-17-15)How Yahoo was forced to give data secretly to the NSA Prism project (from 2014) -- IMPORTANT PRECEDENT The Tricky Encryption That Could Stump Quantum Computers (from Sept., 2015) CNSA Suite and Quantum Computing FAQ (Jan. 2016) Old Links from Previous Textbook |