CS 448/648 Computer Security
Section 1001: 10-11:15 MW; SEB 1242 effective Aug 29, 2018
Prof. Hal Berghel; office: TBE B-378A; phone: 702-895-3681;
hlb \ \acm/ /org
office hours: M-F 8:30-10:00 and by appointment
Graduate Assistant: Piyush Puranik
ofc hrs: by appointment
- the Syllabus for this course will be maintained on the instructor's website at www.berghel.net .
- the assigned readings will come from online resources. URLs for the readings will be listed in the syllabus under "reading assignments." Note that reading assignments are for the current syllabus entry (i.e., read the assignment for the next class ahead of class)
- Tests and presentations will be posted on this online syllabus at least 10 days before the date. Homework may be periodically assigned, the value of which will be clearly indicated on the assignment.
- The current UNLV policies that govern instruction are posted on the website of the The Office of the Executive Vice President and Provost at http://provost.unlv.edu/policies.html . Pay special attention to the semester memo under "S".
- In addition, please familiarize yourself with the following:
- Writing Center Statement
- Tutoring Availability
- UNLV Rebel email account (note: UNLV recommends that you use this in all UNLV email communication!)
- Most recent UNLV campus police report
- So that I may communicate efficiently with you by email, please send an email to me on or before noon, Friday, of the first week of class. Include the following information in this order:
LAST NAME, FIRST NAME, PREFERRED EMAIL ADDRESS
Place <CS 449- section 1001 > in the subject line of all future email correspondence so that your message won't get buried amidst the pot pourrie of daily spam that comes my way.
- For homework purposes, relevant published online or offline resources are acceptable references. Quotation according to the principles of "fair use" under the U.S. Copyright laws apply. i.e., quoting and identifying a source is acceptable, plagiarizing a source is not. Any student found to have plagiarized will receive an "F" for the assignment in the first occurrence, and will receive an "F" in the course on the second occurrence. If you have any questions about this policy, consult with the instructor.
- I change the syllabus frequently (sometimes daily) based on the feedback on, and pace of, the lectures. As a result, the syllabus will typically lead the lectures by at most 2-3 class periods. An exception to this will be the three class periods prior to an exam. In this case, the class content will be frozen well in advance so that you know what material will be covered on the test.
- Grading will be on a standard "university scale," i.e., 90-100=A; 80-89=B; etc. I curve the exams so that the mean is always at least 75%. The contribution of exams, homework, projects, etc. will vary but will be explained in the syllabus at the time of assignment.
- There will most likely be two in class exams and a final exam. Your grade will be based on these exams with the caveat in note 11., below.
- All Exams will be "closed everything": e.g., "closed book," "closed notes," PDAs and computers turned off, cell phones off, etc.
- Attendance may be taken. More than three unexcused absences will result in a 5% penalty on your final grade)
- In addition to any exams, homework, and quizzes that may be assigned, students registering for CS648 will be required to complete a semester project the details of which must be agreed upon no later than class time, Monday, on the 4th week of term. You may submit a proposal via email or meet in person to discuss, as you choose.
(As a general goal, assume 3,500 word report with complete references in whatever standard format you choose Chicago, APA, MLA, etc. This report is due at the start of the final exam period.)
ACM Code of ethics:
Students must also agree to abide by the Association for Computing Machinery's “Code of Ethics and Professional Conduct” for computing professionals ( http://www.acm.org/about/code-of-ethics ).
Overview Of Computer Security, Threats, Vulnerabilities And Controls. Security Auditiung, Physical Security, Computer Security Policies And Implementation Plans, And Computer Forensics Including Penetration Testing And Investigation. Management Issues. Legal, Privacy And Ethical Issues. Prerequisites: CS 370. 3 Credits.
Course Materials :
Required readings consist of two different types.
The reading assignment for each class period will be clearly marked in this syllabus. The class lecture notes will cover the instructors perspectives and experience in security, while the textbook will provide a more general and complete perspective. Your exams will cover both sources. n.b., progress through the text will be non-linear.
- All assigned readings and videos will be online resources.
- Class lecture notes will be linked to this syllabus.
- Most reading assignments will either relate directly to the course notes/slides provided on this syllabus, or will be public domain material linked to this syllabus. In addition, you may find the following resources of value.
- SANS Resources
- SANS IPv4 TCP/IP and tcpdump Pocket Reference Guide
- SANS IPv6 TCP/IP and tcpdump Pocket Reference Guide
- SANS Netcat Cheat Sheet
- INterfacing with Law Enforcement
- SANS IT Code of Ethics
- SANS Malware FAQs
- Lenny Zeltser's Reverse Engineering Malware FAQs
- SANS 2008 Salary & Certification Survey
- Instructor's Notes
- Instructor's notes on Positional Number Systems and Boolean Algegra
- Instructor's notes on TCPdump commands and filters
- Instructor's study guide to selected reading assignments
- Instructor's Online Resources
- Better Than Nothing Security Practices
- The Packet Pal Primer (an Internet Protocol Resource)
- The CGI-Bin Bin (a guide to CGI programming circa 1996
- The World Wide Web Test Pattern (find out what the 1990's browser wars were about interactively)
- Instructor's TCP/IP Lecture Slides (CS448/648 & CS449/649)
- DNS-ARP ip
- Useful Online References:
- Wireshark References
- Wireshark Capture Filter Expressions: http://wiki.wireshark.org/CaptureFilters
- Wireshark Sample Captures: http://wiki.wireshark.org/SampleCaptures#ARP.2FRARP
- Forensics Papers
- Carrier, Brian and Eugene Spafford, "An Event-Based Digital Forensic Investigation Framework"
- Carrier, Brian: "Degining Digital Forensic Examination and Analysis Tools"
- Carrier, Brian: "Performing an Autopsy Examination on FFS and EXT2FS Partition Images"
- WinDump Manual
- Notes on TCPdump and Windump
- Snort Commands
- ASCII Table
- Packet Pal Primer
- Berghel/Hoelzer: Pernicious Ports , CACM, December, 2005
- SANS TCP/IP Guide (will be attached to relevant exams)
- Wireshark Display Filters
- Trusted-Source Network in Digital Security
- Schneier on Security - the most accurate security blog on the internet
- Krebs on Security - the best general-purpose security blog on the internet
- Watchlist of Future Threat Vectors
- Election Fraud and Digital Ballot Boxes:
- The Verified Voting Foundation
- The VVF's Principles for New Voting Systems
- The NSA ANT Catalog
- The DIY Ransomware software ad from the Isle of Man March 2, 2017
- CIA Tradecraft DOs and DONT's for Malware Development (text; src: Wikileaks; cf. esp. "(U) Networking" ). See also Helpful(?) coding tips from the CIA's school of hacks , Ars Technica, March 8, 2017
- The NSA's Media Engagement (aka: Deception) Plan
- Micah Lee, It's Impossible to Prove your Laptop hasn't been Hacked..... ", The Interecept, April 28, 2018.
- Micah Lee, Edward Snowden's New App uses your smartphone to physically guard your laptop , The Intercept, December 27, 2017.
- Interesting Digital Archives
- IEEE Computer Society's Computing Conversations by Chuck Severance
- AT&Ts Tech Channel
- The IEEE Computer Society 2022 Report (predictions)
- Dan Kaminsky's Black Ops Series
- Dan Kaminsky: Black Ops of TCP IP 2008 (Defcon 16, 2008)
- Dan Kaminsky: Black Ops of TCP IP 2011 (Defcon 19, 2011)
- Dan Kaminsky: Black Ops of TCP IP 2013 (Defcon 20, 2012)
- Dan Kaminsky: Black Ops of PKI 2013 (26C3 January 3, 2012)
- Relevant Videos
- Whitfield Diffie: Information Security - Before and After Public-Key Cryptography; Computer Museum
- Warriors of the Net (video)
- Vint Cerf on the History of Packets(video)
- Vint Cerf on TCP/IP Evolution(video) - # 11
- The Cloud Conspiracy 2008-2014 by Calpar Bowden[31c3, Dec. 2014]
- NSA: Tell No One by James Bamford [31c3, Dec. 2014]
- Dr. Chuck's iPad Steering Wheel Mount
- the ill-fated Clipper Chip
- PRPL's: Security Guidance for Critical Areas of Computing , January, 2016
- Dylan Curran, Are you ready? Here is all the data Facebook and Google have on you , The Guardian, March 30, 2018
- Bruce Schneier: The Security Mirage (Online TED presentation)
- Recommended References: (although not required, these are standard references for computer and internet security).
- Brian Carrier, File System Forensic Analysis, Addison-Wesley, Reading
- Charles Kozierok, TCP/IP Guide, NoStarch Press, San Francisco (2014)
- Sherri Davidoff and Jonathan Ham, Network Forensics: Tracking Hackers through Cyberspace, Prentice-Hall (2012)
- Laura Chappell, Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide, Laura Chappell University (2010)
- Laura Chappell, Wireshark Network Analysis, 2nd ed., Chappell University (2012) [she has several good books on Wireshark, but this is the best IMHO]
- Charles and Shari Pfleeger, Security in Computing, Prentice Hall (2007)
- Gordon Fyodor Lyon, NMAP Network Scanning, Nmap Project (2009) (partially online @ nmap.org)
- John Vacca (ed.): Computer and Information Secutiy Handbook, Elsevier (2013) [a useful, encyclopedic approach]
- Dave Roberts, Internet Protocols Handbook, Coriolis Group (1996) [an oldie and a goodie - still a useful introduction to TCP/IP. If you can find
- You will know where to look for industry best practices in computer and network security
- You will know where to look for legal advice in computer and network security
- You will be familiar with the main categories of malware and how they're deployed
- You will understand the basic approaches to hardening computers and networks
- You will understand the characteristics of a secure network topology
- You will understand the characteristics of standard encryption systems and their suitability for specific computing environments
- You will understand the role of standards and certifications in computing security
- You will understand the vulnerabilities of common desktop operating systems
- You will understand the core issues involved in administering security
- You will understand the legal, privacy and ethical issues in computing security
Attendance may be taken. More than three unexcused absences may result in a 5% penalty on your final grade)
August 27 - Topic: Internet Realities
- General Introduction to Course.
- Reading Assignments
Study Guide to Assigned Readings - continuously updated throughtout the term
- Net Neutrality vs. Net Neutering IEEE Computer, March, 2016; and
- Net Neutrality Reloaded IEEE Computer, October, 2017
- Equifax and the Latest Round of Identity Theft Roulette, IEEE Computer, December, 2017
August 29 - September 5 -- Topic: When Modern Information Technology Clashes with Democracy
- Weaponizing Twitter Litter: Abuse Forming Networks and Social Media" Era IEEE Computer, April, 2018
- Malice Domestic: The Cambridge Analytica Dystopia IEEE Computer, May, 2018
- Coda in the Key of F2654hD4 , IEEE Computer, September, 2016
- Oh, What a Tangled Web: Russian Hacking, Fake News, and the 2016 US Presidential Election , IEEE Computer, September, 2017
September 10 & 12-- Topic: The Internet and the First Amendment I
- <ALT>-Facts/Fake News
- Online Trolling
- The Online Trolling Ecosystem IEEE Computer, August, 2018
- Lies, Damn Lies, and Fake News IEEE Computer, February, 2017
- Alt-News and Post-Truths in the "Fake News" Era IEEE Computer, April, 2017
September 17 & 19
- Lecture: Introduction to Cyber Warfare
- Lecture Notes
- Reading Assignments
- The SCDOR Hack: Great Security Theater in Five Stages , IEEE Computer, March, 2013
- Cyber Chutzpah: The Sony Hack and the Celebration of Hyperbole , IEEE Computer, February, 2013
September 24, 26 & Oct 1
- Lecture: Hardcore Cyberwarfare: Stuxnet
- Lecture Notes
- Reading Assignments
- A Farewell to Air Gaps, Part I , IEEE Computer, June, 2015, and
- A Farewell to Air Gaps, Part II , IEEE Computer, July, 2015
- On the Problem of (Cyber) Attribution, IEEE Computer, March, 2017
October 3 - 9
October 10 - 17
October 22 - EXAM I
Exam 1 will cover all assigned material to this point. Note: exams are closed book; closed notes.
October November 12 - Veteran's Day recess - no class
October November 5, 7 &14
November 19 - EXAM II
Exam II will cover all assigned material since exam I. Note: exams are closed book; closed notes.
October November 21
October November 26 & 28
October December 3 & 5
FINAL EXAM - check MyUNLV for details
(final exam is cumulative and covers all assigned material and assignments. All exams are closed book, closed notes, all electronic devices turned off.)