Schedule
September 7: Introduction
Agenda:
Why should we care about network security?
Common misconceptions of network security
Examples of computer security issues and solutions
Overall structure of the course
Overview of labs and projects
Readings:
Google’s Networking Class on Coursera. You can audit the class for free.
Watch all videos under “Week 1”, “Week 2”, “Week 3”, and “Week 4.
Optionally, watch all videos under “Week 5” and “Week 6”.
https://www.theverge.com/2016/3/7/11173010/verizon-supercookie-fine-1-3-million-fcc
https://theintercept.com/2020/07/31/protests-surveillance-stingrays-dirtboxes-phone-tracking/
https://www.cnn.com/2013/12/17/justice/massachusetts-harvard-hoax/index.html
September 14: How does the Internet work
Agenda:
What happens when I visit "Google.com"?
How to capture and analyze packets with Wireshark and Pandas
Overview of protocols: IP, DHCP, ARP, DNS, TCP/UDP, HTTP, TLS
Readings:
Google’s Networking Class on Coursera. You can audit the class for free.
Watch all videos under “Week 1”, “Week 2”, “Week 3”, and “Week 4.
Optionally, watch all videos under “Week 5” and “Week 6”.
Read the following chapters of the Computer Networks Textbook (5th Edition) by Larry Peterson et al.
Chapter 2.6 - Ethernet
Chapter 3 - Inter-networking
Chapter 4 - Internet routing
Chapter 5.1 and 5.2 - UDP and TCP
Chapter 9.1.2 - HTTP
Chapter 9.3.1 - DNS
Optionally, check out the following YouTube videos from Princeton’s Networking Class
Videos 26-32: IP
Videos 33-34: Routing, autonomous systems
Videos 85-89: DNS
Videos 146-151: HTTP
Videos 154-159: CDNs
September 21: Local network security issues
Agenda:
In-class quiz: Networking Basics (2:15 - 2:45 pm)
Scanning with nmap
ARP spoofing
DHCP starvation
Readings:
September 28: Access to the local network
Agenda:
Lab 1 announced. See GradeScope.
ARP spoofing
Why does Bob flip back to the correct ARP table?
Does Bob know Alice is doing ARP spoofing?
Can Bob protect himself? DoH? VPN?
DHCP starvation
NAT
Readings:
October 5: Beyond the local network
Agenda:
DHCP Starvation vs ARP spoofing
How VPN works. TailScale.
Internet-exposed? NAT?
Scanning with nmap. Shodan.
BGP
Readings:
October 12: Cryptography
Agenda:
Guest lecture by Vijay Prakash
CIA triad
Historical cryptography & Kerckhoffs's principle of cryptography
Cryptographic setting
Modern cryptographic algorithms
Block cipher & Stream cipher
Symmetric and Asymmetric algorithms
DES
Diffie-Hellman
RSA
Digital signature
Hashes
Hash chaining
MAC
Readings:
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
Fun comic: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
The Code Book, by Simon Singh
[Zoom recording (NYU only)] [Slides]
October 19: TLS & Public Key Infrastructure
Agenda:
Lab 1 due and review.
Recap on RSA and DH
HTTPS: A primer on web security
PKI
Let's Encrypt, Certificate Transparency
Man-in-the-middling TLS connection
Readings:
RSA and DH
Cloudflare blogs
PKI
How LetsEncrypt works: https://letsencrypt.org/how-it-works/
Introduction to PKI and TLS: https://www.youtube.com/watch?v=fuK-OAyfET4
PKI: https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/
October 26: Enterprise security
(Pfizer Auditorium is booked for another event. The class will be on Zoom.)
Agenda:
Quiz 2 in class (14:00-14:30). Quiz 2 will be based on Lab 1.
Guest Lecture by Brandon Sloane
Job Market: Are there jobs out there and how much do they pay?
Industry Challenges: Blockchain, AI, VR, Quantum Computing, Regulatory Requirements
Industry Trends: Passwordless Authentication (Fido/U2F/etc), ZeroTrust (micro-segmentation, continuous authentication)
Firewalls, IPtables, IDS, IPS
Readings:
https://www.nist.gov/publications/zero-trust-architecture [Scan, don't read]
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf [Scan, don't read]
November 2: TLS + PKI + Authentication
(Pfizer Auditorium is booked for another event. The class will be on Zoom.)
Agenda:
Quiz 2 review
HTTPS: A primer on web security
PKI
Let's Encrypt, Certificate Transparency
Man-in-the-middling TLS connection
Readings:
PKI
How LetsEncrypt works: https://letsencrypt.org/how-it-works/
Introduction to PKI and TLS: https://www.youtube.com/watch?v=fuK-OAyfET4
PKI: https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/
Certificate transparency: https://blog.cloudflare.com/introducing-certificate-transparency-and-nimbus/
November 9: Web security and privacy
Agenda:
Signing
Certificate transparency, wrapping up
HTTP
Cookies
CSRF
XSS
Fingerprinting
Readings:
November 16: Web privacy continued
Agenda:
Lab 2 due (soft deadline) and review in class
Web privacy, continued
ToR
Readings:
December 7: Web privacy and IoT security & privacy
Agenda:
Web fingerprinting
Smart TV privacy
Tor
Ransomware,
Cryptocurrencies
Botnets
Readings:
Fingerprintintg:
Tor
Click Trajectory: https://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf
Ransomware: https://hdanny.org/static/oakland-18.pdf
December 14: Project Presentation + Quiz
This session will NOT be livestreamed.
All presentations will be in person. There will be 8 groups of presentations. Each group will give a ten-minute talk, followed by about five minutes of Q&A. We will spend about 100 minutes on the presentations. The remaining 50 minutes will be to wrap up the lecture on ransomware and other malware, and with concluding remarks.
Danny highly encourages everyone to attend in person and provide constructive feedback to individual groups. Extra credits will be awarded; please see this form.
Agenda:
Lab 3 due
In-class Quiz 4
Project presentations:
TBD
Ransomware + Malware
Ethics: censhorship and malware takedown
Conclusion