Outline for CMPSCI 460 at UMass
Outline for CMPSCI 460 at UMass
Popular in Course
Popular in Department
This 5 page Class Notes was uploaded by an elite notetaker on Friday February 6, 2015. The Class Notes belongs to a course at University of Massachusetts taught by a professor in Fall. Since its upload, it has received 35 views.
Reviews for Outline for CMPSCI 460 at UMass
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 02/06/15
8 FORM B UNIVERSITY OF MASSACHUSETTS AMHERST OFFICE OF THE SECRETARY THE FACULTY SENATE UNDERGRADUATE COURSE APPROVAL FORM Courses Numbered 001599 15 Copies Required for Courses Numbered 001499 20 Copies Required for Courses Numbered 500599 DEPARTMENT COURSE NUMBER AND TITLE CMPSCI 460 Introduction to Computer and Network Security SCHOOL OR COLLEGE Natural Sciences and Mathematics Proposer s Name Telephone and Email Brian Levine 4135770238 briancsumassedu Proposed Instructor Brian Levine Course Credits 3 CMPSCI 377 Are there Prerequisites Yes If yes please specify What is the intended clientele Lower Division Upper Division X Department maiors only Departmentalrelated maiors X NonMaiors If course is intended for maiors what role will it play in the curriculum Required Elective X Complete Course Catalog Description 30 Words This course provides an introduction to the principles and practice of system and network security A focus on both fundamentals and practical information will be stressed The three key topics of this course are cryptography system security and network security Subtopics include ciphers hashes key exchange security services integrity availability confidentiality etc security attacks vulnerabilities exploits countermeasures 9 Please attach the following materials Weekbyweek outline of topics covered in course or syllabus List of Required readings Description of required assignments papers exams proiects reports presentations etc Summary of course grade criteria Selected bibliography of works used by instructor in developing course especially recent works as appropriate gtltgtltgtltgtltgtlt Upon approval of the course by the department head one copy of this form shall be sent from the departmental office to the Faculty Senate Office to allow for the course to be published on the University s Web Site for comment For courses numbered 500599 the Guidelines for Course Approval Form from the Graduate Council must accompanv the new course proposalquot CMPSCI 460 1 Introduction to Computer and Network Security Course Grade Criteria 0 lab and homework assignments 30 4 5 major assignments see attached example 0 quizzes 30 Typically one quiz every 2 3 weeks 0 exams 30 two exams 0 presentationparticipation 10 Each student presents one 5 minute lecture about current security news during the semester Evolution The course has been offered experimentally more than several times and has converged on a set of core topics While always making room for the latest advances in such topics as Wireless networking law malware etc We estimate the enrollment for this course Will be between 15 and 30 Selection of Bibliography of materials used to develop the course 0 Matt Bishop Introduction to Computer Security Addison Wesley 2004 0 William Stallings Cryptography and Network Security Prentice Hall 2005 0 Bruce Schneier Applied Cryptography John Wiley amp Sons 1996 Topic List and Reading Chapters refer to Bishop text above Date Topic iTitle Reading iTue Sep 4 llntroduction lEthics Overview Expectations Ch 1 iThu Sep 6 l EDefinition Security Primitives Ch 23 iTue Sep 11 ECryptography lOvervieW Histog Ch 8 iThu Sep 13 is etric As etric Ch 11 iTue Sep 18 lProtocols Ch 9 rm Sep 20 1 Protocols cont39d Ch 10 iTue Sep 25 EPOlicy Ch 4 5 UMass Computing Policies Thu Sep 27 ipohcy Assurance Ch 6 73 75 lTnc Oct 2 Risk Ch 17 39 iThn Oct 4 ilnformation Securim Law Ch 18 Thu Oct 11 Protection Buffer Over ow Ch 24 25 iTnc Oct 16 gSecure coding Ch 12 26 iThn Oct 18 1 Exam lTnc Oct 23 sxstctns Hardening Ch 19 SThn Oct 25 lMore Hardening ETnc Octso l lTCPIP Weaknesses quotCh 23 V CMPSC1460 2 IThu NOV 1 IFirewalls Ch 22 ITue NOV 6 I IMalware ITracking bOLnets IThu NOV 8 I IMalware I ITue NOV 13 I IMonitoring DS SIIOI I IPtacek and Newsham IThu NOV 15 SSLPKIVPN ICh 13 ITue NOV 20 ISSLPKIVPN ITue NOV 27 IKerberos IKerberos in 4 scenes IThu NOV 29 IReaction IIncident Response ITue Dec 4 I IExam IThu Dec 6 I IRisk Assessment ICh 21 ITue Dec 11 I IWireless Security IThu Dec 13 I ISecurity Architecture I CMPSCI 460 CMPSCI 491S Computer and Network Security Fall 2007 Assignment 3 Incident Handling Abstract This lab is intended to give you experience with real world incident analysis remediation and counter measures The lab builds on many of the topics covered in class so far The lab is oriented towards research and analysis of recent incidents and calls for a reasonable degree of extending what you learned in class Part I Sasser worm Please complete the following exercises As always you must hand in a lab write up containing answers to questions asked for each task The sasser worm was discovered on 30 April 2004 The University s network security tools detected the first sasser infection at 1030 on 3 May 2004 Within 1 hour we reached 95 saturation of vulnerable hosts The intent of this lab is to understand the process of security You will research the worm suggest theoretical counter measures for prevention and detection and determine an appropriate incident handling process for a theoretical organization Required Reading 0 LURHQ Sasser Analysis httpwwwlurhqcomsasserhtml 0 Microsoft Sasser Information httpwwwmicrosoftcomtechnetsecurityalertssassermspx Note You may have to do some additional reading beyond the above on your own in order to complete the lab Question 1 After doing the above reading what steps could the organization have implemented before the worm hit Describe three explicit steps that the organization could have taken between 13 April when the patches were released and 30 April when the worm was released Question 2 Sasser took advantage of the LSASS vulnerability patched by Microsoft s MSO4011 update Why was the spread of Sasser so much greater than the spread of bagel or netsky Specifically speak to the vectors each exploit uses and the mechanism necessary for propagation of the malware Question 3 Why does SasserD open an ftp server on 5554tcp What are the advantages from the perspective of the malware author Question 4 SasserD also scans 100008 and 19216800 16 looking for vulnerable hosts to infect Why would the malware author want to scan these ranges Question 5 What perimeter defenses would an organization use to prevent the spread of Sasser across their network border Don t simply state They would use a firewall but instead explain how they would configure a perimeter security you choose Describe three separate or additive counter measures Question 6 Suppose a new variant of Sasser is released tomorrow It varies from previous variants in that it randomly modifies one byte of data on the hard drive every second What effect would this have on the propagation of this new variant Question 7 Evaluate the snort signatures at the link below Comment on the effectiveness of these signatures alert tcp HOME7NET any gt any 9996 msg Sasser ftp script to transfer upexe content 5F75702E657865 depth2250 flagsA classtype miscactivity sid1000000 rev3 alert tcp any any gt HOME7NET 5554 msg Sasser binary transfer get upexe content I5F75702E657865I depth2250 flagsA classtype miscactivity sid 1000001 rev1 Part II Analysis exercise WebAttacker toolkit CMPSCI 460 4 Please complete the following exercises As always you must hand in a lab write up containing answers to questions asked for each task Required reading 0 WebAttacker description and background httpwwwiwebsenseicomsecuritylabsalertsalertiphp7AlertlD472 0 WebAttacker source code analysis httpwwwiwebsenseicomsecuritylabsblogblogipthBlong94 0 S39kiddies get into spyware for just 15 httpwwwitheregistericoiuk20060327spywareidiy Question 9 The assigned readings describe the background and source code of the WebAttacker toolkiti The toolkit permits attackers to use a compromised web server to spread malicious software easily and for little costi Analyze the description of the ie0609icgi script Describe why the attacker would want to use a database to store the UserlD and related data Also explain the advantage to the attacker of being able to view the statistics generated by the toolkit Question 10 Toolkits such as WebAttacker provide a platform for attackers that are not technically sophisticated These attackers can cause substantial harm to a large number of unsuspecting users with relatively limited effort As such these toolkits can pose substantial challenges for inteniet hosting companies that serve a large number of websites where they do not control the content of each site Suppose you are brought in as a consultant to recommend steps an inteniet hosting company could take to prevent the use of toolkits like WebAttackeri What defenses both tools and processes would you suggest to prevent the use of toolkits like Web Attacker There are two scenarios for the use of WebAttacker attackers who compromise a hosted site and attackers who are legitimate customers of the hosting company but using it for nefarious purposes Describe how you would defend against each of these cases Write up a 12 page set of recommendations Part III StormWorm Please complete the following exercises As always you must hand in a lab write up containing answers to questions asked for each task Required reading StormWorm is a still active piece of malware that has been causing problems not only for users but also targeting well known anti spam and antimalware sites 0 httpwwwisecureworksicomresearchthreatsstormworm 0 httpwwwiinfoworldicomarticleO70223O9OPsecadviseilihtml Question 12 Why would the creator of StormWorm decide to use DNS instead of HTTP as the messaging mechanism for dDoS targets Defend your answer Question 13 Why does StormWorm use p2p protocols for distribution of multistage executables What properties do p2p networks have that would make this more desirable than a single source for the malware CMPSCI 460 5
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'