Schedule
Jan 22: Introduction
Agenda:
Why should we care about network security?
Common misconceptions of network security
Examples of computer security issues and solutions
Overall structure of the course
Overview of labs and projects
Readings:
Google’s Networking Class on Coursera. You can audit the class for free.
Watch all videos under “Week 1”, “Week 2”, “Week 3”, and “Week 4.
Optionally, watch all videos under “Week 5” and “Week 6”.
https://www.theverge.com/2016/3/7/11173010/verizon-supercookie-fine-1-3-million-fcc
https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/
https://www.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax/index.html
Agenda:
Guest lecture by Vijay Prakash
CIA triad
Historical cryptography & Kerckhoffs's principle of cryptography
Cryptographic setting
Modern cryptographic algorithms
Block cipher & Stream cipher
Symmetric and Asymmetric algorithms
DES
Diffie-Hellman
RSA
Digital signature
Hashes
Birthday paradox
MAC
Readings:
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
Fun comic: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
The Code Book, by Simon Singh
Feb 5: How does the Internet work
Agenda:
What happens when I visit "Google.com"?
How to capture and analyze packets with Wireshark and Pandas
Overview of protocols: IP, DHCP, ARP, DNS, TCP/UDP, HTTP, TLS
Readings:
Google’s Networking Class on Coursera. You can audit the class for free.
Watch all videos under “Week 1”, “Week 2”, “Week 3”, and “Week 4.
Optionally, watch all videos under “Week 5” and “Week 6”.
Read the following chapters of the Computer Networks Textbook (5th Edition) by Larry Peterson et al.
Chapter 2.6 - Ethernet
Chapter 3 - Inter-networking
Chapter 4 - Internet routing
Chapter 5.1 and 5.2 - UDP and TCP
Chapter 9.1.2 - HTTP
Chapter 9.3.1 - DNS
Optionally, check out the following YouTube videos from Princeton’s Networking Class
Videos 26-32: IP
Videos 33-34: Routing, autonomous systems
Videos 85-89: DNS
Videos 146-151: HTTP
Videos 154-159: CDNs
Feb 12: Local network security issues
Agenda:
In-class quiz: Networking Basics (6:15 - 6:45 pm)
Scanning with nmap
ARP spoofing
DHCP starvation
Readings:
Feb 19: Access to the local network
Agenda:
Lab 1 announced; see this google doc.
ARP spoofing
Why does Bob flip back to the correct ARP table?
Does Bob know Alice is doing ARP spoofing?
Can Bob protect himself? DoH? VPN?
DHCP starvation
NAT
Readings:
[Zoom recording (NYU only)]
Feb 26: Beyond the local network
Agenda:
DHCP Starvation vs ARP spoofing
How VPN works. TailScale.
Internet-exposed? NAT?
Scanning with nmap. Shodan.
BGP
Readings:
March 5: Local network vs the Internet
Agenda:
Lab 1 due and review.
NAT
Nmap
Port scanning
Shodan
Firewalls, IP Table
IDS, IPS
BGP
Readings:
March 12: TLS & Public Key Infrastructure
Agenda:
Quiz 2 in class (18:15-18:45). Quiz 2 will be based on Lab 1.
Extra credit projects
March 19: TLS + PKI + Authentication
Agenda:
Lab 2 announced
Firewalls, IP Table
IDS, IPS
BGP
Recap on RSA and DH
HTTPS: A primer on web security
PKI
Let's Encrypt, Certificate Transparency
Man-in-the-middling TLS connection
Readings:
https://www.cloudflare.com/learning/security/glossary/what-is-bgp/
RSA and DH
Cloudflare blogs
PKI
How LetsEncrypt works: https://letsencrypt.org/how-it-works/
Introduction to PKI and TLS: https://www.youtube.com/watch?v=fuK-OAyfET4
PKI: https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/
HTTPS: A primer on web security
PKI
Let's Encrypt, Certificate Transparency
Man-in-the-middling TLS connection
Readings:
PKI
How LetsEncrypt works: https://letsencrypt.org/how-it-works/
Introduction to PKI and TLS: https://www.youtube.com/watch?v=fuK-OAyfET4
PKI: https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/
Certificate transparency: https://blog.cloudflare.com/introducing-certificate-transparency-and-nimbus/
March 26: No class
April 2: Web security and privacy
Agenda:
Signing
Certificate transparency, wrapping up
HTTP
Cookies
CSRF
XSS
Fingerprinting
Readings:
Entropy: https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy
https://www.theguardian.com/technology/2015/aug/03/privacy-smartphones-battery-life
April 9: Web privacy continued
Agenda:
Web privacy, continued
ToR
Readings:
April 16: Quiz + Latest trends
Agenda:
Lab 2 due
Quiz 3 in class
Industry Challenges: Blockchain, AI, VR, Quantum Computing, Regulatory Requirements
Industry Trends: Passwordless Authentication (Fido/U2F/etc), ZeroTrust (micro-segmentation, continuous authentication)
Firewalls, IPtables, IDS, IPS
End to end encryption
Readings:
https://www.nist.gov/publications/zero-trust-architecture [Scan, don't read]
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf [Scan, don't read]
April 23: Web privacy and IoT security & privacy
Agenda:
Web fingerprinting
Smart TV privacy
Tor
Ransomware,
Cryptocurrencies
Botnets
Readings:
Fingerprintintg:
Tor
Click Trajectory: https://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf
Ransomware: https://hdanny.org/static/oakland-18.pdf
April 30: Project Presentation + Quiz
This session will NOT be livestreamed.
All presentations will be in person. There will be 8 groups of presentations. Each group will give a ten-minute talk, followed by about five minutes of Q&A. We will spend about 100 minutes on the presentations. The remaining 50 minutes will be to wrap up the lecture on ransomware and other malware, and with concluding remarks.
Danny highly encourages everyone to attend in person and provide constructive feedback to individual groups. Extra credits will be awarded; please see this form.
Agenda:
Lab 3 due
In-class Quiz 4
Project presentations:
TBD
Ransomware + Malware
Ethics: censhorship and malware takedown
Conclusion