CS 286 Course Syllabus
- Instructor Information
- Name: Mark Stamp
- Office: MQH 216
- Office hours: Tuesday, 10am - 2:15pm, or by appointment
- Phone: 408-924-5094
- email: stamp286@gmail.com
- The best way to contact me is via email
- Greensheet: http://www.cs.sjsu.edu/faculty/stamp/CS265/syllabus/syllabusSpr08.html
- Who am I?
- Course Overview and Description: We will
study attacks and countermeasures related to networks.
- Prerequisites: CS149 or instructor consent.
- Required Text:
- Counter Hack Reloaded: A Step by Step Guide to Computer
Attacks and E�ective Defenses, 2nd edition, E. Skoudis and T. Liston,
Prentice Hall, 2006, ISBN 0-13-148104-5.
There are many books that claim to
provide information on how to foil hackers, but this is
by far the best that I have seen.
The book is well written and fun to read. Buy it and read it—unlike
most textbooks, you won't regret it.
- Other useful security books:
- Information Security: Principles and Practice,
Mark Stamp, Wiley-Interscience, 2005, ISBN: 0-471-73848-4.
This book, which is the required text for CS166,
provides an introduction
to many technical issues in information security.
The book is focused on
four major topics: cryptography, access control,
protocols and software.
We will cover some topics from this book,
most of which are
generally not covered in CS166.
- Network Security: Private Communication in a
Public World, second edition, Charlie Kaufman,
Radia Perlman and
Mike Speciner, Prentice Hall, 2002, ISBN: 0-13-046019-2.
This book provides good coverage of basic cryptography and excellent
detailed coverage of many security protocols.
- Reversing: Secrets of Reverse Engineering,
Eldad Eilam, Wiley, 2005, ISBN: 0764574817. This is the best book
available on reverse engineering software. The book also discusses
various software protection techniques.
- Security Engineering: A Guide to Building
Dependable Distributed Systems, Ross Anderson, John Wiley
& Sons, Inc., 2001, ISBN: 0-471-38922-6; see
Ross Anderson's Security Engineering website
http://www.cl.cam.ac.uk/~rja14/book.html, where you can obtain
a free (and legal) copy of the book.
This is an excellent book for an
overview of security in general, but
it is not very focused.
- Security in Computing, third edition,
Charles P. Pfleeger and Shari Lawrence Pfleeger, Prentice Hall,
2003, ISBN: 0-13-035548-8. The strength of this book is
its coverage of the security issues related to software. In particular,
operating systems and some aspects
of secure software engineering are covered well. This book
also has some good basic information on viruses.
- Applied Cryptography: Protocols,
Algorithms and Source Code in C, second edition, Bruce Schneier,
John Wiley & Sons, Inc., 1995, ISBN: 0-471-11709-9.
For better or for worse this is the
standard reference for cryptography, particularly
in industry.
- Counter Hack Reloaded: A Step-by-Step
Guide to Computer Attacks and Effective Defenses,
Ed Skoudis with Tom Liston, Prentice Hall, 2006,
ISBN: 0-13-148104-5. There are many books that claim to
provide information on how to foil hackers, but this is
by far the best that I have seen. This is an updated version
of the original Counter Hack, published
in 2001.
- Computer Viruses and Malware,
John Aycock, Springer, 2006, ISBN: 0387302360.
This book gives a good introduction to research topics
related to malware. The book is well-written and
surprisingly easy reading, given the technical nature
of the material. However, it is somewhat uneven in its
coverage, with many interesting topics only mentioned
in passing, and some of the more lengthy discussions
allocated to topics of marginal interest (at least to me).
- PowerPoint Slides: Slides presented in class are
available here.
- Student Learning Objectives: After completing this course
you will have a good understanding of the tools and techniques
used by hackers to attack systems in the real world. You will
also learn techniques that can help to defend against
attacks. You should also have a understanding of some of the
deeper issues that make security such a
challenging and interesting topic.
- Grading:
- Test 1, 100 points. Date: Wednesday, March 19.
- Homework, in class assignments, and other work as
assigned, 100 points. Note that a subset of the assigned problems
will be graded.
- Project
- Written report, software, and documentation: 100 points,
Due Monday, April 21.
- Oral reports: 100 points, Beginning Wednesday, April 23.
- Final, 100 points. Date and time:
Monday, May 19 at 7:45pm.
- Semester grade will be computed as a
weighted average of the 5 major scores
listed above.
- No make-up tests will
be given and no late homework, projects,
or other assignments will be accepted.
- Grading Scale:
| Percentage | Grade
|
|---|
| 92 and above | A
|
| 90 - 91 | A-
|
| 88 - 89 | B+
|
| 82 - 87 | B
|
| 80 - 81 | B-
|
| 78 - 79 | C+
|
| 72 - 77 | C
|
| 70 - 71 | C-
|
| 68 - 69 | D+
|
| 62 - 67 | D
|
| 60 - 61 | D-
|
| 59 and below | F
|
- Homework: Turn in a hardcopy
in class on the due date.
All solutions must by typed, and
source code must be included.
Each problem requires a solution
as well as some explanation of how you
arrived at the solution or work
showing how the solution was obtained.
- Assignment 1: Due Wednesday, February 6
Problem 1: Open a telnet session on port 25 on your SMTP server and send yourself
a forged e-mail with a fictitious sender. You will use the SMTP commands HELO, MAIL,
FROM:, RCPT TO:, DATA, and QUIT.
Problem 2: Use an online Webmail service (gmail, hotmail, yahoo, etc.) to send
yourself an email. Analyze the header. Can you track the sender of
such an email message? Can you send an anonymous email message using
the selected Webmail service?
Problem 3: Send your self an email using your usual email client.
Examine the header to determine all information that
is revealed about the sender.
Problem 4: An "open relay" is an SMTP server that is
willing to process messages that are neither "to" nor "from"
a local user. Why would a spammer prefer to use an open relay?
Problem 5: Suppose that an SMTP open relay is configured so that
when it receives a message with a valid domain name, but an
invalid username, it sends the complete message back to the sender,
along with a brief error message saying that the message could
not be delivered. How could you use this server to send an
anonymous email message to "stamp@cs.sjsu.edu"? Give the SMTP
commands that you would use to send the anonymous email.
Problem 6: To reduce spam, it is sometimes suggested that
a cost be associated with sending email. One such technique
is outlined here. Although such an approach
seems appealing, there are some significant drawbacks.
List at least three significant drawbacks of such an approach.
- Assignment 2: Due Wednesday, February 13
Problem 1: Trudy noticed that a DNS zone transfer request (which is used
to provide a DNS server with the information it needs regarding the zones it serves)
is always 27 bytes long, while the DNS server, say, dns.server.com, always
responds with 745 bytes. Assume the communication uses UDP. How can Trudy
use this information to conduct a DoS attack on, say, victim.com? If Trudy has
bandwidth of 256 Kbps and can use 100% of this for the attack, how
much of victim.com's bandwidth will be consumed by Trudy's attack?
Problem 2: What is the difference between an IP spoofing attack
(such as "Kevin's attack") and a TCP hijacking
attack? Draw a diagram to illustrate a TCP hijacking attack.
Problem 3: DHCP is used to dynamically provide IP addresses
to hosts on a network. When a computer needs an IP address, it
sends a DHCPDISCOVER request to all hosts on the same LAN. A DHCP
server will respond with DHCPOFFER packet containing an IP address
and other useful information, such as the gateway's IP address.
The requesting host can then use the given IP address
for some specified period of time. Note that
there is no authentication or other security measures applied
to these communications. Describe a simple attack that would
allow Trudy to prevent any host from obtaining an IP addresses
from the DHCP server. How can Trudy "improve" this attack
so that she is able to intercept the outbound communications
of any computer on the LAN?
- Assignment 3: Due Wednesday, February 20
Problem 1: a) What is an SQL injection attack?
b) What is cross site scripting and how can it be used in an attack?
Problem 2: When browsing the Web, you are often asked to fill in
an online form. Data from these forms is often sent to a server to
be processed by a CGI (Common Gateway Interface) program. CGI programs
can be written in Perl, PHP, C, etc. Consider the html
in this file.
Suppose that the CGI program that processes the input is the
Perl script in this file.
a) What is the developer's objective for this CGI program?
b) Trudy can only fill in the fields of the form.
Intuitively, what can she try to do?
c) How can Trudy receive (via email) the password file (/etc/passwd)
of the HTTP server?
- Assignment 4: Due Wednesday, March 12
Problem 1: Perform thorough reconnaissance on the domain
cs.sjsu.edu. At a minimum, you must apply all of the techniques
discussed in Chapter 5 of the text, with the exception of
any that are illegal (e.g., "physical break in").
For each technique that you employ, answer
the following questions.
a) What did you do?
b) What relevant information, if any, did you discover?
c) For any information that you deem relevant, why is it relevant?
Problem 2: Based on your findings in Problem 1,
recommend practical measures that could be taken
to make cs.sjsu.edu more resistant to
the types of reconnaissance that you performed.
For each recommendation that you provide, briefly discuss
the positive and negative effects that would occur
if you recommendation were actually implemented.
- Assignment 5: Due TBD
- Assignment 6: Due TBD
- Assignment 7: Due TBD
- Assignment 8: Due TBD
- Other Important Stuff:
- No extra credit is anticipated
- No late assignments or tests will be accepted
- Keys to success: Do high quality work on the project
and the homework, attend class
- Cheating will not be tolerated...
- ...but working together is encouraged
- Student must be respectful of the teacher and other students.
- No disruptive or annoying talking
- Turn off cell phones
- Class begins on time
- Class is over when I say it's over
- Etc.
- Valid picture ID required at all times
- Why study security?
- Guest lecture
- Speaker: TBD
Title: TBD
Date: TBD
Time: TBD
Location: TBD
- Boring Stuff:
- University, College, or Department Policies:
- Academic integrity statement (from Office of Judicial Affairs):
"Your own commitment to learning, as evidenced by your enrollment at
San Jose State University and the University's Academic Integrity
Policy requires you to be honest in all your academic course work.
Faculty are required to report all infractions to the Office of Judicial Affairs."
The policy on academic integrity can be found
here.
- Campus policy in compliance with the Americans with Disabilities Act:
"If you need course adaptations or accommodations because of a
disability, or if you need special arrangements in case the building
must be evacuated, please make an appointment with me as soon as
possible, or see me during office hours. Presidential Directive 97-03
requires that students with disabilities register with DRC to establish a
record of their disability."
- Academic Honesty:
Faculty will make every reasonable effort to foster honest academic conduct in their courses. They will secure examinations and their answers so that students cannot have prior access to them and proctor examinations to prevent students from copying or exchanging information. They will be on the alert for plagiarism. Faculty will provide additional information, ideally on the green sheet, about other unacceptable procedures in class work and examinations. Students who are caught cheating will be reported to the Judicial Affairs Officer of the University, as prescribed by Academic Senate Policy S04-12.
- Appendix:
- You are responsible for understanding the policies and procedures about add/drops, academic renewal, withdrawal, etc. found
here.
- Expectations about classroom behavior; see Academic Senate Policy S90-5 on Student Rights and Responsibilities.
- A definition of plagiarism can be found
here.
- If you would like to include in your paper any material you have submitted, or plan to submit, for another class, please note that SJSU's Academic Integrity policy S04-12 requires approval by instructors.
- The name and contact information for the librarian liaison. (I have
no idea.)
- Evacuation plan for the classroom: Exit the classroom
through the door,
go down the nearest stairs and exit the building.