EECS 4482, Winter 2019

EECS 4482, Fall 2018

Network Security

     Lecture Schedule:   M, 16:00 - 17:30, BRG 313
                                           W,   16:00 - 17:30, HNE 033
     Instructor:                Natalija Vlajic
     E-mail:                          vlajic @ cse.yorku.ca
     Office Hours:             R, 12:00 - 14:00, LAS 2047
     TAs:                              Shadi Sadeghpour

Apr 18: Final Exam, Assignment 3, as well as Final Course grades are now available through ePost. Final Exam solutions can be found here, and Assignment 3 solutions here.
Apr 09: Assignment 2 grades are now available through ePost.
Apr 03: Assignment 2 solutions can be found here.
Apr 02: Final Exam will be held on Friday, April 5, 9:00, ACE 007. The exam is closed book and closed notes. 40% of questions will be related to the material covered before, and 60% to the material covered after the Midterm Exam.
Apr 02: Lab 3 grades are now available through ePost.
Apr 01: Assignment 3 is available! Due date: April 11, noon! Your assignment solutions are to be dropped off in the EECS 4482 drop-off box located in the Lassonde lobby.
Mar 25: REMINDER! Lab 3 will take place March 27!
Mar 25: Course/teaching evaluation will take place on Monday, April 1. Please bring in your devices!
Mar 25: Lab 2 grades are now available through ePost.
Mar 20: Assignment 2 is available! Due date: March 29, noon! Your assignment solutions are to be dropped off in the EECS 4482 drop-off box located in the Lassonde lobby.
Mar 14: 17 students did manage to complete Lab 2 on March 13. For the others students, a 'make-up' of Lab 2 will be held on Wednesday, March 20, 18:00 - 20:00, LAS 1002.
Feb 27: IMPORTANT! The 2nd and 3rd lab will take place on March 13 and March 27, after the lecture 18:00 - 20:00 (LAS 1002)!
Feb 27: Midterm and Lab 1 grades are now available through ePost. Midterm solutions can be found here.
Feb 23: Be reminded that Midterm Exam will be held on Monday, Feb 25, in class. The exam is closed book and closed notes.
Feb 11: Assignment 1 is available! Due date: Feb 25, in class! Your assignment solutions are to be dropped off in the EECS 4482 drop-off box located in the Lassonde lobby. Include with the handed-in materials a print-out of your code for Q2. The soft-copy of your Q2 code should (also) be submitted via CSE@York's submit utility (as indicated in the assignment).
Feb 06: University Operations have been suspended. As a result, both tonight's class and Lab 1 are cancelled. Lab 1 will now take place next Wednesday, Feb 13, 18:00 - 20:00 (LAS 1002). The student presentations are also moved forward for one full week.
Jan 30: IMPORTANT! The 1st lab will take place on Wednesday, February 6, after the lecture 18:00 - 20:00 (LAS 1002). If you cannot make this slot, contact the instructor asap.
Jan 10: Labs are now officially scheduled for Wednesdays, after the lecture, 18:00 - 20:00 (LAS 1002). Note, however, there will be only 4 labs in total. The actual date of the 1st lab will be announced shortly.
Jan 10: Recommended additional reading to accompany the lecture entitled 'Networking Primer': Chapter 1 of "Computer Networking: A Top-Down Approach" by R. Kurose. The book is available in the Steacie Library, but can also be found online.
Jan 07: Classes start.

Course Information:
Textbook and Recommended Reading Material
Prerequisite
Course Description
Grading Scheme
Course Schedule

Course Policies:
Late Assignments and Missed Midterm
Academic Honesty

Course Schedule (Topics, Notes, Required Reading, Assignments)

Week	Date	Topic / Notes	Required Reading	Assignments / Important Dates	Student Presentations Dates
1	M, Jan 7	Introduction
	W, Jan 9	Importance of Computer/Network Security Networking Primer (part 1)
2	M, Jan 14	Networking Primer (part 2)
	W, Jan 16	Networking Primer - exercises Security Assessment of IPv4 (part 1)
3	M, Jan 21	Security Assessment of IPv4 (part 2)	Intro to Wireshark: From University of Georgia From UofCalgary
	W, Jan 23	Security Assessment of IPv4 (part 3)
4	M, Jan 28	Security Assessment of IPv6
	W, Jan 30	Python Intro (part 1)			Team 1 Botnet Communications and Protocols V. Martintsov, A. Winkler, M. Chowdhury
5	M, Feb 4	Python Intro (part 2) Scapy (part 1)	Scapy Documentation: Release 2.4.0-dev
	W, Feb 6	Weather Emergency - class cancelled
6	M, Feb 11	Security Assessment of ARP Protocol		Assignment 1
	W, Feb 13	Security Assessment of ICMP Protocol Scapy (part 2)		Lab-test 1	Team 2 IPv6 Security/Attacks H. Sharma, S. Saad, S. Ahmed
Reading Week (Feb 16 - Feb 22)
7	M, Feb 25	Midterm Exam
	W, Feb 27	VPNs (part 1)			Team 3 DNS Security A. Klif, N. Ahmad, A. Al-Gailani
8	M, Mar 4	VPNs (part 2) Cryptography Review IPsec (part 1)	Stallings textbook, Chapter 9
	W, Mar 6	IPsec (part 2)	Stallings textbook, Chapter 9	Mar 8 - last date to drop course	Team 4 Anonymous Networks A. Wakif, B. Booth, E. Dao
9	M, Mar 11	IPsec (part 3)	Stallings textbook, Chapter 9
	W, Mar 13	IPsec (part 4)	Stallings textbook, Chapter 9	Lab-test 2	Team 5 Latest Trends in DDoS Attacks P. Bhardway, T. Gumbs, S. Wirk
10	M, Mar 18	IPsec (part 5)	Stallings textbook, Chapter 9
	W, Mar 20	Security Assessment of TCP (part 1)	Stallings textbook, Chapter 6	Assignment 2	Team 6 VoIP Security/Attacks E. R. Aguero
11	M, Mar 25	Security Assessment of TCP (part 2) TLS (part 1)	Stallings textbook, Chapter 6
	W, Mar 27	Digital Certificates TLS (part 2)	Stallings textbook, Chapter 6	Lab-test 3	Team 7 DHCP Security/Attacks D. Geller, M. Arndt, K. Sarbinowski
12	M, Apr 1	TLS (part 2) continued ...		Assignment 3
	W, Apr 3				Team 8 Bluetooth Security/Attacks A. D'Errico, M. Jafareih, A. Halawani ------------------------------------------------------------- Team 9 6LoWPAN Security/Attacks D. Li, D. Torres Fleites ------------------------------------------------------------- Team 10 BGP Security/Attacks A. Solovey, Y. Bai, H. Ahmad, T. Mahmood ------------------------------------------------------------- Team 11 SNMP Security H. Keflu, A. Xu, N. Panjawani
Friday, April 5, 9:00 am - location: ACE 007

Textbook
    "Network Security Essentials: Applications and Standards", William Stallings, Pearson, 2017, 6th Edition.

Recommended Reading Material
    "Cryptography and Network Security: Principles and Practice", W. Stallings, Pearson, 2017, 7th Edition.
    "Computer Security: A Hands-on Approach", W. Du, CreateSpace, 2017.
    "Security+ Guide to Network Security Fundamentals", M. Ciampa, Cengage Learning, 2017, 6th Edition.
    "Fundamentals of Information Systems Security", D. Kim, M. G. Solomon, Jones & Bartlett Learning, 2018, 3rd Edition.
    "Principles of Information Security", M. E. Whitman, H. J. Mattord, Cengage Learning, 2018, 6th Edition.
    "Network Security, Firewalls, and VPNs", J. M. Stewart, Jones & Bartlett Learning, 2014, 2nd Edition.
    "Guide to Firewalls and VPNs", M. E. Whitman, H. J. Mattord, A. Green, Cengage Learning, 2012, 3rd Edition.
    "Cryptography and Network Security", B. Forouzan, McGraw-Hill, 2007.
    "The Network Security Test Lab: A Step-by-Step Guide", M. Gregg, Wiley, 2015.
    "Applied Network Security", A. Salmon, W. Levesque, M. McLafferty, Packt>, 2017.
    "Applied Information Security: A Hands-On Guide to Information Security Software", R. Boyle, J. G. Proudfoot, Pearson, 2014, 2nd Edition.
    "Hacker Techniques, Tools, and Incident Handling", S. P. Oriyano, M. G. Solomon, Jones & Bartlett Learning, 2020, 3rd Edition.
"Python Penetration Testing Cookbook", R. Rehim, Packt>, 2017.
    "Violent Python: A Cookbook for Hackers, Forensics Analysts, Penetration Testers, and Security Engineers", T. J. O'Connor, Elsevier, 2013.
    "Foundations of Python Network Programming", B. Rhodes, J. Goerzen, Apress, 2010, 2nd Edition.
    "Wireless Network Security: A Beginner's Guide", T. Wrightson, McGraww-Hill, 2012.

Other Resources
    "Scapy Documentation: Release 2.4.0-dev", P. Biondi and the Scapy Community, 2018.
"The Very Unofficial Dummies Guide to Scapy", A. Maxwell.

Prerequisite

Prerequisites: Any 12 credits at the 3000-level (ideally EECS 3213 and/or EECS 3214)

Course Description

The purpose of this course is to provide a survey of weaknesses and vulnerabilities that have plagued network systems (the Internet) for years, and then continue with a comprehensive study of network security defences and countermeasures that are most widely deployed on the Internet today, including network security protocols, standards and technologies. Specific topic include: Virtual Private Networks (VPNs), IPSec, Secure Socket Layer (SSL) / Transport Layer Security (TLS), HTTPS / Digital Certificates, WiFi security, Firewalls, Intrusion Detection Systems (IDSs), Cloud Security, Internet Packet Crafting, Network Scanning & Analysis Tools.

Grading Scheme

12%   Lab-Tests (4 Lab-Tests - 3% each)
9%   Assignments (3 Assignments - 3% each)
5%   Mini Research Project
34%   Midterm Exam
40%   Final Exam

Late Assignments and Missed Midterm

Late assignments will not be accepted, unless a prior arrangement is made with the instructor.
Makeups of missed midterm exams are only possible in extremely exceptional situations (such as verifiable medical emergencies) or by arrangement well prior to the exam, provided there is an extremely compelling reason.

Academic Honesty

"The Department takes the matter of academic honesty very seriously. Academic honesty is essentially giving credit where credit is due. And not misrepresenting what you have done and what work you have produced. When a piece of work is submitted by a student it is expected that all unquoted and uncited ideas and text are original to the student. Uncited and unquoted text, diagrams, etc., which are not original to the student, and which the student presents as their own work is considered academically dishonest."
For more see: Department of Computer Science Academic Honesty Guidelines

Mini Research Project

The goal of Mini Research Project is to provide students with an opportunity to conduct independent research on one of the fundamental and current topics in network security, as well as to practice their team-work and presentation skills.
Further details concerning the project's scope, timeline, as well as the final presentation tips and requirements are provided in the following document: Mini Research Project - Tips, Requirements and Timeline.

Mini Research Project: Important dates
- by Friday, January 18: Teams of 3 students formed. Presentation topic selected. Presentation dates determined.
- a week before Team X presentation: Team X emails a preliminary copy of their presentation to the instructor.