CNIT 140: IT Security PracticesFall 2017 - Sam BowneScoresSchedule · Reference Materials · Projects · Links · Home Page
|
Purpose of ClassTraining students for cybersecurity competitions, including CTF events and the Collegiate Cyberdefense Competition (CCDC). This training will prepare students for employment as security professionals, and if our team does well in the competitions, the competitors will gain recognition and respect which should lead to more and better job offers. Live StreamingYou can attend class remotely using Zoom. TextbookThere will be no textbook. We will use online tutorials and presentations instead. Catalog DescriptionThis course explores techniques used by hackers to access protected data. Students will learn about cybercrime laws, penalties and organizations defending civil liberties of citizens. Students will learn about the various methodologies hackers use to gain access to confidential data such stealthy network recon, passive traffic identification, etc. CSU |
Schedule (may be revised) | ||||
---|---|---|---|---|
Date | Report | Topic | ||
Sat 8-19 | Introduction to Cybercompetitions and the CCDC Class Structure and Grading | |||
Sound starts at 2 minutes in, video is pretty poor
| ||||
Sat 8-26 | Class meets: groups working on projects | |||
Sat 9-2 | Holiday: No Class | |||
Fri 9-8 | Last day to add | |||
Sat 9-9 | Progress Plan Due | Class meets: groups working on projects | ||
Sat 9-10 | REGISTER FOR WRCCDC Class meets: groups working on projects | |||
Sat 9-16 | Class meets: groups working on projects | |||
Sat 9-23 | WRCCDC Sign-Up | |||
Fri 9-29 | WRCCDC Competitors Call 2-3 PM | |||
Sat 9-30 |
Class cancelled for CactusCon | |||
Sat, Oct 7 - Sun, Oct 8 |
CPTC Regional: Uber, 555 Market St., SF Sat, 7 am - 7 pm; Sun 7 am - 1 pm CCSF Won 2nd Place--We're Going to the Nationals!
#1 was Stanford
|
|||
Fri 10-13 | WRCCDC Competitors Call 2-3 PM | |||
Sat 10-14 | WRCCDC Invitational | |||
Sat 10-21 | Report 1 Due | Report 1 Due | ||
Fri 10-27 | WRCCDC Competitors Call 2-3 PM | |||
Sat 10-28 | Class meets: groups working on projects | |||
Fri, Nov 3, 2017 Sun, Nov 5, 2017 |
CNIT 140 class cancelled Sat., Nov. 4
CPTC Finals |
|||
Fri 11-10 | WRCCDC Competitors Call 2-3 PM | |||
Sat 11-11 | WRCCDC Invitational | |||
Sat 11-18 | Report 2 Due | Class meets: groups working on projects | ||
Sat 11-25 | Holiday: No Class | |||
Fri 12-1 | WRCCDC Competitors Call 2-3 PM | |||
Sat 12-2 | WRCCDC Invitational | |||
Sat 12-9 | Report 3 Due | Class meets: groups working on projects | ||
Fri 12-15 | WRCCDC Competitors Call 2-3 PM | |||
Sat 12-16 | Final Exam Day: Make-Up & Extra Credit |
Reference Materials | ||
---|---|---|
Grading Policy ·
Schedule
Tim Krugh's Slides (ODP) · Tim Krugh's Lecture (YouTube) Codepath Cybersecurity University 1. Networking -- Traffic flow, switching, and routing. · KEY · PDF 2. Perimeter Security -- Network and Host based firewalls, how they work and how to configure them, as well as Intrusion Detection Systems, Virtual Private Networks, and DMZs.· KEY · PDF Write-Up for "Judgement", from Tokyo Westerns / MMA CTF 2nd 2016
3. Flashing/Patching -- Both Hardware and Software Flashing/Patching NECCDC Materials & Rekall KEY · PDF 4. UNIX -- Multiple flavors of UNIX such as Fedora Core, Solaris, Gentoo, BSD, Ubuntu, etc. 5. Windows Workstations and Servers -- NT, 2000, 2008, 2012, XP, 7, 8, 10 6. User Management -- Adding and deleting users on multiple Operating Systems and managing those user accounts 7. Services and Applications -- Email, DNS, HTTP, HTTPS, SQL, Web applications 8. Tools - Port Scanners, Vulnerability Scanners, MD5, and Software based firewalls and IDSs. 9. Authentication -- Beyond just knowing how to change passwords in multiple environments, also understanding other forms of authentication such as multi-factor, biometrics, and tokens 10. General - Performing admin duties such as installing, securing, updating, troubleshooting, and maintaining the functionality of computer systems on a network.
Click a lecture name to see it on SlideShare. If you want to use other formats, you may find this useful: Cloud Convert. |
Projects (under development) | |
---|---|
Palo Alto Virtual Firewall
Downloading the Virtual Machines
Suggested Project Topics
Networking EquipmentConfiguring routers and switches; using Packet TracerConfiguring firewalls Windows ServersCommon Services: IIS, SQL Server, Exchange, and Domain ControllersFinding and Patching Vulnerabilities: MBSA Linux ServersEssential Versions: Ubuntu, Fedora, FreeBSD, and SolarisServices: Apache, Bind, and Sendmail ProtocolsHTTP, HTTPS, DNS, SMTP, POP3, SSH, FTP, SQLIntrusion DetectionSnort, Splunk, Configuring Logging, Network MonitoringInjectsMigrate a Website from IIS to Apache | |
Tools (may be revised)Assessment Tools:Kali, Codescout, Metasploit Framework, Microsoft Baseline Security Analyzer, Nessus, Netcat, Nikto, Nmap, Paros Proxy, Superscan Forensics Utilities: Coroners Toolkit DNS Utilities: Dig, Nslookup, Whois Packet Analysis: Ettercap, TCPDUMP, Wireshark Compression Utilities: Gzip, 7-Zip, Tar, Zip Perimeter Security: Iptables/TCP Wrappers, Snort Password Auditing: John the Ripper, L0pht Crack, Cain and Abel Miscellaneous Tools: GCC, Make, MD5, Microsoft Update, Nagios, PGP, PHPMyAdmin Ping, Sysinternals, Traceroute, Tripwire Training: Hackme Bank, Books, Casino, Shipping, or Travel, WebGoat, WebMaven |