CIS 694: Network Security

CIS 694K: Network Security

Description

An introduction to network security; security threats, services, protocols, verification and design, architectures, technologies, testing, advances; elements of cryptography; securing network systems and applications.

Level and Credits

UG 3

Prerequisites

CIS 677 or permission of instructor

Quarters Offered

General Information, Exclusions, etc.

none

Objectives

Mastery of some protocols for security services
Familiarity with some fundamentals of cryptography
Familiarity with network security threats and countermeasures
Familiarity with network security designs using available secure solutions (such as PGP, SSL, IPSec, and firewalls)
Familiarity with advanced security issues and technologies (such as DDoS attack detection and containment, anonymous communications, and security properties testing, verification and design)
Exposure to original research in network security

Texts

William Stallings, Cryptography and Network Security: Principles and Practice, Third Edition, Prentice Hall, 2002. ISBN: 0-13-091429-0
Bruce Schneier, Applied Cryptography, (2^nd Edition), Wiley 1996 ISBN 0-471-11709-9 (reference)
Paul Campbell, Ben Calvert, Steven Boswell, Security + Guide to Network Security fundamentals, Thomson, ISBN 0-619-12017-7 (reference)
Charlie Kaufman, Radia Perlman and Mike Speciner, Network Security – Private Communication in a Public World, Prentice Hall, 1995. ISBN 0-13-061466-1 (reference)

Papers from the literature will be assigned.

Topics

Number of Weeks

Topics

0.5

Overview

Security principles and security threats

Security services: privacy, confidentiality, authentication, integrity, availability, non-repudiation, access control, etc.

Security threats: traffic analysis, IP spoofing, denial of service, routing attacks, information leakage, remote arbitrary code execution, viruses, etc.

Social, ethical, policy and legal issues

What we will teach and will not teach

Elements of cryptography

Classic ciphers, modern ciphers and stream ciphers and one-way functions

Secret key (symmetric): DES/AES and public key (asymmetric): RSA

Protocols for Security Services

Key distribution and management, Diffie-Hellman key exchange and certificate

Non-repudiation and digital signatures, ElGamal signature

Authentication and its protocols: Kerberos and Needham-Schroeder

Integrity

Privacy

Authorization

2.5

Securing Network Systems and Applications

Email security: Pretty Good Privacy (PGP)

Web security: Secure Sockets Layer (SSL)

Firewalls: intrusion detection

IP security and VPN: IPSec

Security in routing: OSPF and BGP

Advanced security issues and technologies

DDoS attack and its defense: types of DoS and DDoS attacks, trace-back and attack containment

Active worm defense

Anonymous communication

Wireless security

Security Process

Testing, verification and design of security properties

Integrating people, processes and technologies

Representative Lab Assignments

See attached

Grading Plan

Homework assignments	20%
Lab exercises	25%
Midterm exam	30%
Research project	25%