CS 448/648 Computer Security

Course Syllabus

Fall, 2023

10:00- 11:15 M,W; TBE B-178

Prof. Hal Berghel; office: TBE B-378A; phone: 702-895-2441;

pick one: {hal.berghel \\unlvdomain, hlb \ \acm/ /org, hlb \ \computer/ /org }

office hours: M-F 8:30-9:50 and by appointment

Teaching Assistants: Kelvin Do (dok7@unlv.nevada.edu), Hasan Arikan (arikan@unlv.nevada.edu)

General notes:

  1. the Syllabus for this course will be maintained on the instructor's website at www.berghel.net.
  2. the assigned readings will come from online resources.  URLs for the readings will be listed in the syllabus under "reading assignments." Note that reading assignments are for the current syllabus entry (i.e., read the assignment for the next class ahead of class). Exam questions regarding the assigned readings will be taken from the course Study Guide.
  3. Tests and presentations will be posted on this online syllabus at least 10 days before the date. Homework may be periodically assigned, the value of which will be clearly indicated on the assignment.
  4. Attendance will be taken. Students with at most 1 documented unexcused absence (e.g., due to health problems, official UNLV activities) as recorded by the classroom attendance sheet, will receive a bonus of 5% on their final grade.

    1. The current UNLV policies that govern instruction are posted on the website of the The Office of the Executive Vice President and Provost at https://www.unlv.edu/policies/students.
    2. In addition, these resources may be of interest::
      1. Writing Center Statement
      2. Tutoring Availability
      3. UNLV Annual Security Report
      4. UNLV campus police crime log
      5. UNLV Institutional Metrics
    3. Additional University Policies: https://www.unlv.edu/policies/additional

    Course Description:

    Overview Of Computer Security, Threats, Vulnerabilities And Controls. Security Auditiung, Physical Security, Computer Security Policies And Implementation Plans, And Computer Forensics Including Penetration Testing And Investigation. Management Issues. Legal, Privacy And Ethical Issues. Prerequisites: CS 370. 3 Credits.

    Course Materials:

    Most reading assignments will either relate directly to the course notes/slides provided on this syllabus, or will be public domain material linked to this syllabus. In addition, you may find the following resources of value.
    1. SANS Resources
      1. SANS IPv4 TCP/IP and tcpdump Pocket Reference Guide (The version that will be attached to relevant exams)
      2. Lenny Zeltser's Reverse Engineering Malware FAQs
    2. Instructor's Notes
      1. Instructor's notes on Positional Number Systems and Boolean Algegra
      2. Instructor's notes on TCPdump commands and filters
      3. Instructor's study guide to selected reading assignments
    3. Instructor's Online Resources
      1. Better Than Nothing Security Practices
      2. The Packet Pal Primer (an Internet Protocol Resource)
      3. The CGI-Bin Bin (a guide to CGI programming circa 1996
      4. The World Wide Web Test Pattern (find out what the 1990's browser wars were about interactively)
    4. Instructor's TCP/IP Lecture Slides (CS448/648 & CS449/649)
      1. IPv4
      2. TCP/UDP
      3. ICMP
      4. DNS-ARP
      5. HTTP
      6. BGP
      7. IPsec
      8. Instructor's Online Packet Guide: Packet Pal Primer
    5. Useful Online References:
      1. Wireshark References
        1. Wireshark Capture Filter Expressions: http://wiki.wireshark.org/CaptureFilters
        2. Wireshark Sample Captures: http://wiki.wireshark.org/SampleCaptures#ARP.2FRARP
      2. Forensics Papers
        1. Carrier, Brian and Eugene Spafford, "An Event-Based Digital Forensic Investigation Framework"
        2. Carrier, Brian: "Degining Digital Forensic Examination and Analysis Tools"
        3. Carrier, Brian: "Performing an Autopsy Examination on FFS and EXT2FS Partition Images"
      3. Manuals and Reference Materials
        1. WinDump Manual
        2. Notes on TCPdump and Windump
        3. Snort Commands
        4. ASCII Table
        5. Packet Pal Primer
        6. Berghel/Hoelzer: Pernicious Ports , CACM, December, 2005
        7. Wireshark Display Filters
      4. Trusted-Source Network in Digital Security
        1. Schneier on Security - the most accurate security blog on the internet
        2. Krebs on Security - the best general-purpose security blog on the internet
      5. Watchlist of Future Threat Vectors
        1. Election Fraud and Digital Ballot Boxes:
          1. The Verified Voting Foundation
          2. The VVF's Principles for New Voting Systems
        2. The NSA ANT Catalog
        3. The DIY Ransomware software ad from the Isle of Man March 2, 2017
        4. CIA Tradecraft DOs and DONT's for Malware Development (text; src: Wikileaks; cf. esp. "(U) Networking" ). See also Helpful(?) coding tips from the CIA's school of hacks , Ars Technica, March 8, 2017
        5. The NSA's Media Engagement (aka: Deception) Plan
        6. Micah Lee, It's Impossible to Prove your Laptop hasn't been Hacked..... ", The Interecept, April 28, 2018.
        7. Micah Lee, Edward Snowden's New App uses your smartphone to physically guard your laptop , The Intercept, December 27, 2017.
      6. Interesting Digital Archives
        1. IEEE Computer Society's Computing Conversations by Chuck Severance
        2. AT&Ts Tech Channel
        3. The IEEE Computer Society 2022 Report (predictions)
      7. Dan Kaminsky's Black Ops Series
        1. Dan Kaminsky: Black Ops of TCP IP 2008 (Defcon 16, 2008)
        2. Dan Kaminsky: Black Ops of TCP IP 2011 (Defcon 19, 2011)
        3. Dan Kaminsky: Black Ops of TCP IP 2013 (Defcon 20, 2012)
      8. Relevant Videos
        1. Whitfield Diffie: Information Security - Before and After Public-Key Cryptography; Computer Museum
        2. Vint Cerf on the History of Packets(video)
        3. The Cloud Conspiracy 2008-2014 by Calpar Bowden[31c3, Dec. 2014]
        4. NSA: Tell No One by James Bamford [31c3, Dec. 2014]
      9. Innervation
        1. Dr. Chuck's iPad Steering Wheel Mount
        2. the ill-fated Clipper Chip
      10. Miscellaneous
        1. PRPL's: Security Guidance for Critical Areas of Computing , January, 2016
        2. Dylan Curran, Are you ready? Here is all the data Facebook and Google have on you , The Guardian, March 30, 2018
        3. Bruce Schneier: The Security Mirage (Online TED presentation)

    Course Outcomes:


    note: The UNLV IEEE Xplore digital library and ACM digital library institional licenses allow open access to UNLV students from any UNLV IP address). If a syllabus link to an assigned reading is fractured, use the title as a search term on the relevant portal. Whenever possible, I will provide alternative convenient links consistent with copyright laws, but I cannot guarantee the persistence of the links.

    Week of August 28 - Internet Realities

    Week of September 4 & 11-- Phishing and Trolling

    Week of September 11 through September 25 - The Hacking Landscape

    Week of September 27 through October 9 - Stuxnet, Zero Days, and Air Gaps

    Week of October 11 through October 16 - Digital Crime

    October 18: EXAM I - Note: All exams are closed book, closed notes, all electronic devices turned off. Failure to observe may result in a course grade of F.). The current version of the course Study Guide for this exam is rev: 090523.. Remember to refresh your browser cache in preparation for the exam.

    FINAL EXAM - t.b.d. - check MYUNLV for details

    (final exam is cumulative and covers all assigned material and assignments. All exams are closed book, closed notes, all electronic devices turned off. Failure to observe may result in a course grade of F.) The current version of the course Study Guide for this exam is rev: ______.. Remember to refresh your browser cache in preparation for the exam..