CS 448/648 Computer Security

Course Syllabus

Fall, 2024

10:00- 11:15 M,W; TBE A-107

Prof. Hal Berghel; office: TBE B-378A; phone: 702-895-2441;

pick one: {hal.berghel \\unlv//edu, or hlb at either acm.org or computer.org }

office hours: M-F 8:30-9:50 and by appointment

Teaching Assistants: Natalie Tong (tongn2 \\unlv.nevada // edu), and

Daniel Hailu (hailud1 \\unlv.nevada // edu)

General notes:

1. the Syllabus for this course will be maintained on the instructor's website at www.berghel.net.
2. the assigned readings will come from online resources.  URLs for the readings will be listed in the syllabus under "reading assignments." Note that reading assignments are for the current syllabus entry (i.e., read the assignment for the next class ahead of class). Exam questions regarding the assigned readings will be taken from the course Study Guide.
3. The dates of a ny exams and homework will be posted on this online syllabus at least 10 days before the date. Homework may be periodically assigned, the value of which will be clearly indicated on the assignment. The exam component of your final exam will be weighted as follows: in-term exams, collectively, will represent 50% of the total exam grade; and the final exam will represent the other 50% of the exam component of the overall course grade. The weighting of other course requirements such as homework, projects, etc. will be specified on the assignments.
4. Attendance will be taken. Students with at most 1 (one) documented unexcused absence (e.g., due to health problems, official UNLV activities) as recorded by the classroom attendance sheet, will receive a bonus of 10% on their final grade.


5. UNLV POLICES AND RESOURCES
1. The current UNLV policies that govern instruction are posted on the website of the The Office of the Executive Vice President and Provost at https://www.unlv.edu/policies/students.
2. In addition, these resources may be of interest::
1. Writing Center Statement
2. Tutoring Availability
3. UNLV Annual Security Report
4. UNLV campus police crime log
5. UNLV Institutional Metrics
3. Additional University Policies: https://www.unlv.edu/policies/additional

Course Description:

Overview Of Computer Security, Threats, Vulnerabilities And Controls. Security Auditiung, Physical Security, Computer Security Policies And Implementation Plans, And Computer Forensics Including Penetration Testing And Investigation. Management Issues. Legal, Privacy And Ethical Issues. Prerequisites: CS 370. 3 Credits.

Course Materials:

Most reading assignments will either relate directly to the course notes/slides provided on this syllabus, or will be public domain material linked to this syllabus. In addition, you may find the following resources of value.
1. SANS Resources
1. SANS IPv4 TCP/IP and tcpdump Pocket Reference Guide (The version that will be attached to relevant exams)
2. Lenny Zeltser's Reverse Engineering Malware FAQs
2. Instructor's Notes
1. Instructor's notes on Positional Number Systems and Boolean Algebra
2. Instructor's notes on TCPdump commands and filters
3. Instructor's study guide to selected reading assignments
3. Instructor's Online Resources
1. Better Than Nothing Security Practices
2. The Packet Pal Primer (an Internet Protocol Resource)
3. The CGI-Bin Bin (a guide to CGI programming circa 1996
4. The World Wide Web Test Pattern (find out what the 1990's browser wars were about interactively)
4. Instructor's TCP/IP Lecture Slides (CS448/648 & CS449/649)
   1. IPv4
   2. TCP/UDP
   3. ICMP
   4. DNS-ARP
   5. HTTP
   6. BGP
   7. IPsec
   8. Instructor's Online Packet Guide: Packet Pal Primer
5. Useful Online References:
1. Wireshark References
1. Wireshark Capture Filter Expressions: http://wiki.wireshark.org/CaptureFilters
2. Wireshark Sample Captures: http://wiki.wireshark.org/SampleCaptures#ARP.2FRARP
2. Forensics Papers
1. Carrier, Brian and Eugene Spafford, "An Event-Based Digital Forensic Investigation Framework"
2. Carrier, Brian: "Degining Digital Forensic Examination and Analysis Tools"
3. Carrier, Brian: "Performing an Autopsy Examination on FFS and EXT2FS Partition Images"
3. Manuals and Reference Materials
1. WinDump Manual
2. Notes on TCPdump and Windump
3. Snort Commands
4. ASCII Table
5. Packet Pal Primer
6. Berghel/Hoelzer: Pernicious Ports , CACM, December, 2005
7. Wireshark Display Filters
4. Trusted-Source Network in Digital Security
1. Schneier on Security - the most accurate security blog on the internet
2. Krebs on Security - the best general-purpose security blog on the internet
5. Watchlist of Future Threat Vectors
1. Election Fraud and Digital Ballot Boxes:
1. The Verified Voting Foundation
2. The VVF's Principles for New Voting Systems
2. The NSA ANT Catalog
3. The DIY Ransomware software ad from the Isle of Man March 2, 2017
4. CIA Tradecraft DOs and DONT's for Malware Development (text; src: Wikileaks; cf. esp. "(U) Networking" ). See also Helpful(?) coding tips from the CIA's school of hacks , Ars Technica, March 8, 2017
5. The NSA's Media Engagement (aka: Deception) Plan
6. Micah Lee, It's Impossible to Prove your Laptop hasn't been Hacked..... ", The Interecept, April 28, 2018.
7. Micah Lee, Edward Snowden's New App uses your smartphone to physically guard your laptop , The Intercept, December 27, 2017.
6. Interesting Digital Archives
1. A Protocol for Packet Network Intercommunication Vint Cerf and Bob Kahn's seminal 1974 paper that outlines the TCP/IP protocol suite
2. IEEE Computer Society's Computing Conversations by Chuck Severance
3. AT&Ts Tech Channel
4. The IEEE Computer Society 2022 Report (predictions)
7. Dan Kaminsky's Black Ops Series
1. Dan Kaminsky: Black Ops of TCP IP 2008 (Defcon 16, 2008)
2. Dan Kaminsky: Black Ops of TCP IP 2011 (Defcon 19, 2011)
3. Dan Kaminsky: Black Ops of TCP IP 2013 (Defcon 20, 2012)
8. Relevant Videos
1. Whitfield Diffie: Information Security - Before and After Public-Key Cryptography; Computer Museum
2. Vint Cerf on the History of Packets(video)
3. NSA: Tell No One by James Bamford [31c3, Dec. 2014]
9. Innervation
1. Dr. Chuck's iPad Steering Wheel Mount
2. the ill-fated Clipper Chip
10. Miscellaneous
1. PRPL's: Security Guidance for Critical Areas of Computing , January, 2016
2. Dylan Curran, Are you ready? Here is all the data Facebook and Google have on you , The Guardian, March 30, 2018
3. Bruce Schneier: The Security Mirage (Online TED presentation)
• Recommended References: (although not required, these are standard references for computer and internet security).
  1. Brian Carrier, File System Forensic Analysis, Addison-Wesley, Reading
  2. Charles Kozierok, TCP/IP Guide, NoStarch Press, San Francisco (2014)
  3. Sherri Davidoff and Jonathan Ham, Network Forensics: Tracking Hackers through Cyberspace, Prentice-Hall (2012)
  4. Laura Chappell, Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide, Laura Chappell University (2010)
  5. Laura Chappell, Wireshark Network Analysis, 2nd ed., Chappell University (2012) [she has several good books on Wireshark, but this is the best IMHO]
  6. Charles and Shari Pfleeger, Security in Computing, Prentice Hall (2007)
  7. Gordon Fyodor Lyon, NMAP Network Scanning, Nmap Project (2009) (partially online @ nmap.org)
  8. John Vacca (ed.): Computer and Information Secutiy Handbook, Elsevier (2013) [a useful, encyclopedic approach]
  9. Dave Roberts, Internet Protocols Handbook, Coriolis Group (1996) [an oldie and a goodie - still a useful introduction to TCP/IP. If you can find it.]

Course Outcomes:

• By the end of the term, you will:

  1. Understand Internet Fundamentals
     • Understand the operation of packet-based switching networks
     • Understand the function of core protocols in the TCP/IP Protocol Suite
     • Understand the fundamentals of packet analysis in threat detection
     • Understand anomalous packet traffic and the role of RFCs in defining Internet Protocols
     • Understand the OSI and TCP/IP network models and their inter-relationship
     • Understand how ARP and DNS function
     • Understand the TCP 3-way handshake
     • Understand the role of data fields and flags within TCP/IP packets
  2. Understand the role of risk management and the law in computing security
  • Understand the economics of computing and network security
  • Understand how one measures the value of security
  • Understand the legal issues in network security
  • Understand how digital security is deployed in the public and private sector
  • Understand the tradeoff between security and usability
  • Understand best practices for program security
  3. Understand various models of digital security and security appliances
     • Understand the difference between open source and proprietary security software
     • Understand the security implications of open source vs. closed source (proprietary) software
     • Understand the relationship between hardware and software vis-a-vis computing security
     • Understand the levels of packet inspection that are used to detect anomalous network traffic
     • Understand the role of major categories of network appliances (e.g., IPS, IDS, firewall, router, gateway, etc.)
     • Understand such concepts as defense-in-depth, time-based security,
     • Understand trusted vs. untrusted systems
     • Understand how network topologies are developed and hardened
  4. Understand varieties of threat vectors in computing and networking security
     • Understand traditional categories of malware (malicious software)
     • Understand phishing and pharming
     • Understand spyware, pixelated anchors, cookies,
     • Understand how to detect out-of-band traffic, protocol bending,
     • Understand modern digital crime
     • Understand how digital money laundering works
     • Understand how programs may be written insecurely
     • Understand main classes of network security vulnerabilities
     • Understand main classes of computer security vulnerabilities
     • Understand modern cyberwarfare strategies and tactics
  5. Understand what it takes to audit and monitor networks and computers
     • Understand network scanning
     • Understand port scanning
     • Understand computer baseline analysis and patch maintenance
     • Understand network reconnaissance
     • Understand the complexity of network auditing
  6. Understand traditional methods of data hiding:
     • Understand basic cyptography, encryption standards, and metaphors
     • Understand the role of steganography and watermarking in data hiding
     • Understand the roles and types of anonymizers and remailers
  7. Understand the threats on personal privacy:
     • Understand how digital surveillance technology is used
     • Understand the major categories of threats on personal privacy
     • Understand the major categories of treats from digital telematics
     • Understand how business data surveillance is deployed (e.g., cel phone tracking, OnStar, etc.)
     • Understand the nature of government data surveillance (Echelon, Carnivore, PRISM, etc.)
     • Understand major categories of vulnerabilities from surveillance (stalking, blackmail, extortion, threats to journalists, etc.)
  8. Professional Ethics and Certifications
  • Understand the importance of professional ethics
  • Familiarization with the ACM Code of Ethics and Professional Conduct
  • Familiarization with SANS security training programs
  • Become familiar with digital security certifications and programs
  • Become familiar with computer organizations that support digital security (ACM, IEEE-CS, etc.)

  Core Competencies

  1. You will know where to look for industry best practices in computer and network security
  2. You will know where to look for legal advice in computer and network security
  3. You will be familiar with the main categories of malware and how they're deployed
  4. You will understand the basic approaches to hardening computers and networks
  5. You will understand the characteristics of a secure network topology
  6. You will understand the characteristics of standard encryption systems and their suitability for specific computing environments
  7. You will understand the role of standards and certifications in computing security
  8. You will understand the vulnerabilities of common desktop operating systems
  9. You will understand the core issues involved in administering security
  10. You will understand the legal, privacy and ethical issues in computing security
  
  

Syllabus

note: The UNLV IEEE Xplore digital library and ACM digital library institional licenses allow open access to UNLV students from any UNLV IP address). If a syllabus link to an assigned reading is fractured, use the title as a search term on the relevant portal. Whenever possible, I will provide alternative convenient links consistent with copyright laws, but I cannot guarantee the persistence of the links.

Week of August 26 - Internet Realities

• General Introduction to Course.
• PaSsWoRdZ
• Lecture Notes on Dark Web/Deep State
• Lecture Notes on Net Neutrality
• Reading Assignments
1. Net Neutrality Reloaded IEEE Computer, October, 2017; DOI: 10.1109/MC.2017.3641632
2. What is More Dangerous - the Dark Web or the Deep State? , IEEE Computer, July, 2017; DOI: 10.1109/MC.2017.215
3. Oh, What a Tangled Web: Russian Hacking, Fake News, and the 2016 US Presidential Election , IEEE Computer, September, 2017; DOI: 10.1109/MC.2017.3571054
• Study Guide to Assigned Readings - continuously updated throughtout the term

September 4 & 9-- Phishing and Trolling (note UNLV is closed for Labor Day on September 2)

• Lecture Notes on Phishing
• Lecture Notes on Trolling
• Reading Assignment
1. Trolling Pathologies, IEEE Computer, March, 2018; DOI: 10.1109/MC.2018.1731067
2. The Online Trolling Ecosystem, IEEE Computer, August, 2018; DOI: 10.1109/MC.2018.3191256
3. Phish Phactors: Offensive and Defensive Strategies, Advances in Computers, V. 70, 2007

September 11 & 16 -- The Darker Side of Computing and Networking -

• Lecture Notes
• Reading Assignments
1. Weaponizing Twitter Litter: Abuse Forming Networks and Social Media, IEEE Computer, April, 2018; DOI: 10.1109/MC.2018.2141019
2. Malice Domestic: The Cambridge Analytica Dystopia , IEEE Computer, May, 2018; DOI: 10.1109/MC.2018.2381135
3. Huawei, BIS, and the IEEE: It's Deja Vu All Over Again , IEEE Computer, October, 2019; DOI: 10.1109/MC.2019.2927074
4. Through the PRISM Darkly, IEEE Computer, 46:7, pp. 86-90, July, 2013 DOI: 10.1109/MC.2013.253
5. The QAnon Phenomenon: The Storm Has Always Been Among Us, IEEE Computer, 55:5, pp. 93-100, 2022. DOI: 10.1109/MC.2022.3154125

September 18 -25 - Digital Crime

• Lecture Notes
• Reading Assignments
1. The Future of Digital Money Laundering, IEEE Computer, August, 2014; DOI: 10.1109/MC.2014.225
2. The State of the Art in Identity Theft, Advances In Computers, v. 83, 2011; DOI: 10.1016/B978-0-12-385510-7.00001-1
3. Fungible Credentials and Next-Generation Fraud, Communications of the ACM, December, 20006; DOI: 10.1145/1183236.1183252
4. Identity Theft and Financial Fraud: Some Strangeness in the Proportions, IEEE Computer, 2012, DOI: 10.1109/MC.2012.16

Week of September 30 - The Hacking Landscape

• Lecture Notes
• Hacking Exploits
• Reading Assignments
1. On the Problem of (Cyber) Attribution, IEEE Computer, March, 2017. DOI: 10.1109/MC.2017.74

October 14: EXAM I - Note: All exams are closed book, closed notes, all electronic devices turned off. Failure to observe may result in a course grade of F.). The current version of the course Study Guide for this exam is rev: 081424.. Remember to refresh your browser cache in preparation for the exam.

Extra Credit (15 points possible): Answer the 6 questions following HALanon DROP #0.0 in The QAnon Phenomenon: The Storm Has Always Been Among Us. Submit in hardcopy and in class on or before October 23, 2024.

Week of October 16 - 21:Stuxnet, Zero Days, and Air Gaps

• Lecture Notes
• Reading Assignments
1. Farewell to Air Gaps - I , IEEE Computer, August, 2015; DOI: 10.1109/MC.2015.179
2. Farewell to Air Gaps - II , IEEE Computer, June, 2015; DOI: 10.1109/MC.2015.181
3. [OPTIONAL] Bruce Schneier on AI Security, IEEE Computer, November, 2024

October 23 - October 28 -- Topic: The IPv4 & ARP Protocols

• Lecture Notes
• Reading Assignment
• A Protocol Layer Survey of Network Security, Advances in Computers, v. 64 (2005). [Sections 1. - 3.]
• 911 Swatting, VoIP, and Doxxing, IEEE Computer, 2023
• [OPTIONAL] Additional Resources
• Instructor's notes on Positional Number Systems and Boolean Algebra
• Wikipedia on IPv4
• Wikipedia on VoIP

October 30 & November 4 - Topic: The TCP and UDP Protocols

• Lecture Notes
• Reading Assignment (continued)
• A Protocol Layer Survey of Network Security, Advances in Computers, v. 64 (2005). [Sections 1. - 3.]
• [OPTIONAL] Additional Resources
• Wikipedia on TCP
• Wikipedia on UDP

November 6: EXAM II - Note: All exams are closed book, closed notes, all electronic devices turned off. Failure to observe may result in a course grade of F.). The current version of the course Study Guide for this exam is rev: 081424.. Remember to refresh your browser cache in preparation for the exam. The scope of this exam will be all lectures and assigned readings since Exam I.

November 11: No Class - Veteran's Day Break

November 13 - 18: Topic: The ICMP Protocol and Packet Analysis with Wireshark

• Lecture Notes
• Assignments
• Wireshark practice exercise (download) [Answer questions prior to class]
• Wireshark Practice datafile for exercise (download)
• Selected answers to exercise.

November 20 - 25: Topic: Basic Computer Security

• Lecture Notes
• additional resources:
• Better-than-Nothing-Security-Practices for Windows 7
• Holzer/Berghel: Pernicious Ports, CACM (2005)

November 27: EXAM III (tentative) - Note: All exams are closed book, closed notes, all electronic devices turned off. Failure to observe may result in a course grade of F.). No questions on this exam will be drawn from the course study guide. Remember to refresh your browser cache in preparation for the exam. The scope of this exam will be all lectures and assigned readings dealing with TCP/IP protocols and any new material since Exam II .

December 2 - 4: Topic: Legal Issues in Computing and Information Technology

• Lecture Notes
• additional resources:
• Through the Prism Darkly , IEEE Computer (2013)
• 'Free' Online Services and Gonzo Capitalism, IEEE Computer (2023)

December 9- 10:10am - 12:10am: FINAL EXAM - Note: All exams are closed book, closed notes, all electronic devices turned off. Failure to observe may result in a course grade of F.). All questions on the final will be derived from the lectures, the lecture slides, and the assigned readings. The study guide will not be used in the generation of the final exam. Remember to refresh your browser cache in preparation for the exam. The scope of this exam is cumulative and spans all material covered thoughout the semester.