Network SecurityNYIT Vancouver - Fall 2017

Course Information• Me: Pooya Jaferian

• Prerequisites:

• Computer Networks

• Familiarity with Unix based operating systems

• Some programming experience can be good

• Familiarity with setting up virtual machines

• Should have: bring your laptop to the class or a smartphone

Learning Objectives

• Identify important components in network security

• Design defence in depth strategy for a network

• Evaluate security of a network

GradingInstruments Percentage of Total

GradeIn-class quizzes 10 + 5

Group Based Projects ( two projects ) 20

Midterm Exam 20

Final Exam 35

Topic Presentation 10

Total 100

Policy• Attendance: Students are required to attend the

classes

• Late assignment/projects: 30% deduction for each day late

• Academic integrity: http://www.nyit.edu/images/ uploads/academics/AcademicIntegrityPolicy.pdf

Resources• Optional: Mark Stamp, Information Security:

Principles and Practice, 2011

• Optional: William Stallings “Cryptography and Network Security, Principles and Practices,” Pearson, 6th edition

• Optional: Stephen Northcutt, Lenny Zeltser, Scott Wintters, Karen Kent, Ronald W Ritchney “Inside Network Perimeter Security,” Sams Publishing, 2nd edition, 2005, ISBN: 0-672-32737-6

Course Topics• Fundamentals

• Symmetric & Asymmetric Crypto

• Key-exchange, mutual authentication, etc.

• Network Security

• Protocol security issues ( TCP, DNS, routing, etc.)

• Network defense (Firewalls, VPNs, IDS, filters, etc.)

• Web Security

• Web application security, user authentication, HTTPS, browser security

Projects

• Part I: Setup your personal network security lab

• Part II: Analyze network traffic

Presentation Topic• Protocols

• TCP protocol stack

• Using wireshark and nmap

• DNS protocol

• DNS cache poisoning and DNS rebinding attacks

• NAT

• Firewalls

Presentation Topic• iptables demo

• Intrusion Detection Systems

• Honeypots

• Denial of service attacks

• OWASP top 10

Introduction

• “The field of network and Internet security consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information.” — Stallings

Security

• Confidentiality• Keeping data and resources hidden

• Integrity• Data integrity (integrity) • Origin integrity (authentication)

• Availability• Enabling access to data and resources

Network

• A network can be defined as a group of computers and other devices connected in some ways so as to be able to exchange data.

OSI Security Architecture

• Security Attacks

• Security Services

• Security Mechanisms

Security Attacks (Passive)

Security Attacks (Active)

Security Services• Authentication

• Peer entity authentication

• Data origin authentication

• Access Control

• Data Confidentiality

• Data Integrity

• Nonrepudiation

• Availability

Security Mechanisms• Encipherment

• Digital Signature

• Access Control

• Data Integrity

• Authentication Exchange

• Traffic Padding

• Routing Control

• Notarization

• Trusted Functionality

• Security Label

• Event Detection

• Security Audit Trail

• Security Recovery

Security Services &

Mechanisms