Learning Objectives

This course provides an in-depth study of various network attacks techniques and methods to defend against them. A number of threats and vulnerabilities of the Internet will be covered, including various vulnerabilities of TCP/IP protocols, denial of service (DOS), attacks on routing, attacks on DNS servers, TCP session hijacking, and so on. This course will also cover defending mechanisms, including intrusion detection, firewalls, tracing the source of attacks, anonymous communication, IPsec, virtual private network, and PKI. To make it easy for students to understand these attacks, basics of the TCP/IP protocols will also be covered in the course.

The course adopts the "learning by doing" principle. Students are supposed to learn the attacks by performing them in a restricted environment or a simulated environment. They will also play with a number of security tools to understand how they work and what security guarantee they provide. The experiments will be conducted in the virtual machine environments and/or in minix environments. Students are expected to have a solid foundation in C and Unix programming.

Instructor

Professor: Wenliang (Kevin) Du
Office: SciTech Building, Room 4-285
Phone: 443-9180
Email address: wedu@syr.edu

Texts

Required: Computer Security: A Hands-on Approach, by Wenliang Du.

Grading (subject to change)

  • Late Homework Policy: 10% penality per business day.
  • Weights: The labs and project are supposed to help students enhance and supplement their learnings with hands-on experiences. While many students do benefit from that, for some students, these exercises do not seem to work. They get very good scores in labs and project, but score very low in the final exam. Given that the final exam is the utimate test to measure how much a students has learned, for students doing poorly on the exam, the hands-on exercises do not seem to serve their intended goal, so their weight needs to be reduced. The differential weight scheme is described in the following table:
    Condition Final Exam Labs and Final Project
    Final exam above 60 50% 50%
    Final exam between 30 and 60 75% 25%
    Final exam below 30 100% 0%

Contents

  • Introduction and Overview
    • Internet Architecture
    • How the Internet works (high-level overview)
    • IP Address
  • TCP/IP Protocols, Vulnerabilities, Attacks, and Countermeasures
    • Physical Layer: jamming attacks
    • Data Link Layer: ARP protocol and ARP cache poisoning
    • Network Layer: IP protocols, packet sniffering, IP Spoofing, IP fragmentation attacks
    • Network Layer: ICMP protocol and ICMP misbehaviors
    • Network Layer: IP Routing protocols and Attacks
    • Transport Layer: TCP protocol, TCP session hijacking, reset and SYN flooding attacks
    • DoS and DDoS attacks
    • DNS protocol and attacks
    • BGP protocol and Attacks

  • Cryptography Basics and Applications
    • Secret-Key Encryption, DES, AES
    • One-way Hash Functions, MD5, SHA-1, and SHA-2
    • Collision attacks
    • Blockchains and Bitcoins
    • Diffie-Hellman Key Exchange
    • Public-Key Encryption, RSA
    • Digital Signatures
    • Public-Key Infrastructure (PKI)
    • Case Studies: common mistakes

  • Network Security Mechanisms
    • IP Tunneling and SSH Tunneling
    • Virtual Private Networks
    • Firewalls
    • Bypassing firewalls
    • Transport Layer Security (TLS/SSL)
    • TLS Programming