Hand Out Network Security

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 6

BIRLA INSTITUTE OF TECHNOLOGY & SCIENCE, PILANI

WORK-INTEGRATED LEARNING PROGRAMMES DIVISION


BITS-WIPRO Collaborative Programme: MS in Software Engineering
II SEMESTER 2014- 2015
COURSE HANDOUT
Course No.

: SEWP ZG513

Course Title

: Network Security

Faculty details:

faculty_qry
name

mailid

Vagdevi S

[email protected]

Lohith J J

[email protected]

Mohammed
Tajuddin

[email protected]

Gururaja. H.S.

[email protected]

M. Rajeswari

[email protected]

Surabhi Narayan surabhi.narayan@gmail.


com
Saritha
Chakrasali

saritha.chakrasali@gmai
l.com

Course Description
The primary goal of the course is to introduce the student to system and application design aspects of
network security including cryptographic, systemic and computational security aspects of the network /
internetwork systems.
Scope and Objectives
The course covers fundamental aspects of security in a modern networked environment with the focus on
system design aspects and cryptography in the specific context of network / internetwork security. It also
dwells into basics of cryptographic techniques, algorithms and protocols required to achieve these properties;
computational issues in implementing cryptographic protocols and algorithms; and system/application
design issues in building secure networked systems.
Prescribed Text Book
T1.

William Stallings: Cryptography and Network Security, Principles and Practices, Fifth Edition,
Pearson Education.

Reference Books
R1.

Writing Secure Code by Michael Howard and David Deblanc Microsoft Press

R2.

Practical Packet Analysis 2nd edition by Chris Sanders

R3.

Kaufman, Perlman, and Speciner: Network Security, Private Communication in a Public World,
Second Edition, Pearson Education, 2006.

R4.

Bernard Menezes: Network security and Cryptography, CENGAGE Learning, 2010.

Plan of Self Study

Sl
.
N
o

# of
Lectur
es

Reference
in
the book

Learning objectives

T1: Chapter
1

Overview of Network
Security: Services,
Mechanisms, Threats,
Vulnerabilities and
Attacks.

1.
2.
3.
4.
)
5.

Classical Encryption
Techniques

This lecture must discuss the


basics of classical encryption
techniques. The Techniques
discussed would be : Symmetric
Cipher Model, Substitution,
Transposition Techniques and
Steganography. This will give
the students a background
about Cryptography and will
also tell them the limitations of
these classical techniques and
the need for more modern
techniques.

NIL

Block Ciphers and Data


Encryption Standard,
Block Cipher modes

This lecture must discuss the


principles of Block Ciphers and
the difference between stream
ciphers and block ciphers. This
must explain the algorithm of
DES. This lecture should also
give an outlines of the different
modes in which DES is used.
(ECB, CFB etc)

NIL

Stream Cipher (RC4),


Public Key Algorithm
(RSA), Relevant
Mathematics

This lecture must give an idea


about the Stream Cipher
method using RC4 as an
example. It should also discuss
the public key encryption
technique with RSA as the
example.

NIL

T1 Chapter 2

T1 Chapter
3, 6

T1 Chapter
6, 9

T1 Chapter
10, 11, 12

Key Management, Need


for authentication,
Hash algorithms

Important points to be
discussed

Security
Security
Security
Security

Trends
Attacks
Services ( X.800 )
Mechanisms ( X.800

Exercises to
be solved

1) Demo of
Nessus
2) Demo of
Nmap

Problems /
Assignments
to be given as
homework

See Assignment
Sheet 1

Model for Network Security

The importance of key


management must be
discussed. Diffie Hellman key
exchange algorithm can be
discussed. This can be followed
by an overview of why
authentication is required and
how authentication is done

NIL

See Assignment
Sheet 2

using the hash functions. SHA1


and MD5 can be shown as
examples of hashing functions.

R1: Chapter
8

To learn some common


mistakes that are made
when dealing with
implementation

This lecture should take care to


discuss the common mistakes
while implementing
cryptographic techniques:
Using Poor random number
generator, Using passwords to
generate cryptographic keys,
Key management issues,
Creating own cryptographic
functions, Reusing a buffer for
plain text and cipher text, bitflipping attacks against stream
ciphers etc.

T1 Chapter
14
T1 Chapter
15

Authenticaton
Applications,
E-Mail Security

1)
2)
3)
4)

10

11

NIL

REVIEW

Kerberos Version 4
X.509 Authinticaton Service
PGP
S-MIME

Example
programs will
be shown on
each of the
common
mistakes that
is being
discussed

IP Security,
Web Security

1) IPSec Archicture
2) AH & ESP
3) Security Associations
4) Secure Socket Layer ( SSL )
5) Secure Electronic
Transactions ( SET )

NIL

See Assignment
Sheet 3 & 4

T1 Chapter
18
T1 Chapter
19

Intruders,
Malicious Software

1) Intrusion Detection Systems


2) Viruses and their
countermeasures

NIL

NIL

T1 Chapter
19
T1 Chapter
20

Distributed Denial of
service attacks, Firewall
Design considerations,
and Number theory.

1) DDOS Attacks and their


Countermeasures
2) Packet Filters, Application
Level Gateways 3)Extended
Euclid and Modular Maths

NIL

NIL

T1 Chapter
16
T1 Chapter
17

12

13

14

15

Sample
programs to
highlight the
various points
of discussion
will be
discussed in
the class to
explain the
concepts. Also,
sample test
cases
specifically for
the validation
of the product
from a security
point of view
will be
discussed in
the class

NIL

R1: Chapter
15-17,19,
Reference
paper:
https://www
.cs.columbia.
edu/~smb/p
apers/acsacipext.pdf,
http://unixw
iz.net/techti
ps/iguidekaminskydnsvuln.html

Advanced secure
implementation
techniques as well as
verification techniques

This lecture should cover the


other practices that a
professional engineer should
follow while developing or
validating any product to
ensure that the security
aspects are not violated in the
product. This will cover among
other things: Socket security
mechanisms, Securing
applications that has been
implemented with RPC,
protecting against DOS/DDOS
attacks in the application,
development of security
validation test plans for a
product's security functionality
to be tested

Online
material:
http://www.f
aqs.org/docs
/iptables/
And
https://www
.cs.columbia.
edu/~smb/p
apers/distfw.
pdf

IPTables the most


popular firewall tool on
Linux

This lecture should


demonstrate the usage of
iptables firewall product and
highlight the usage of the
different firewall configurations

IPTables
firewall rules
will be demoed
and discussed
live in the class

NIL

Online
material:
http://lpilin
ux.com/snor
t-fulltutorial.html

Snort the most


popular Intrusion
Detection tool on Linux

This lecture should


demonstrate the usage of
SNORT IDS tool to prevent
attackers from being successful
in penetrating the network

SNORT will be
demonstrated
on Linux
machine and
IDS features
will be
demonstrated

NIL

Introduction to
wireshark for doing
network reconnaisance
activities

This lecture would demonstrate


the wireshark features that can
be made use of for checking the
security robustness of the
network. We will discuss and
demonstrate wireless security
common pitfalls using this tool.
Using Wireshark sample
captured files, we will
demonstrate, how network
security is audited or attempted
to be broken. Since wireless
security is also gaining
prominence owing to more
wireless network installations,
we will discuss the importance
of wireless security and
demonstrate using captured
wireshark packets

Example
wireshark
captured files
will be shown
and discussed
for the students
to understand
the concepts
discussed

NIL

R2: Chapter
10, 11.
Reference
paper
http://www.
phrack.com/
issues.html?
issue=51&id
=11&mode=t
xt

REVIEW

16
Evaluation Scheme:

EC No

Component & Nature

Duration

Weightage

Date & Time

1.5 hrs

30%

May 17, 2015 AN

--

10%

TBA

3 hrs

60%

Aug 02, 2015 AN

Mid-Semester Test
1.
(Closed Book)
2.
3.

Assignment
Compre. Exam

(Open Book)
* TBA = To be announced

Instructor-in-charge

You might also like