ISA 564: Security Laboratory, Spring 2016

 

      Tuesday 4:30-7:10 in ENGR 5358

      Dr. Ryan Farley, rfarley3@gmu.edu

o   For email, prefix subject line with ISA564, possible 12-24 hour delay for response

o   Online office hours by appointment (Google hangout if needed)

      Teaching Assistant and contact TBD

o   Plan to ask for TA help/individual attention during class instead of outside

      No text book (any readings will be available online)

 

Course Description

This course provides hands-on experience in configuring and experimenting with commodity networked systems and security software in a live laboratory environment, with the purpose of understanding real-world security threats. This course will take both offensive and defensive approaches and expose students to a variety of real-world attacks, including viruses, worms, rootkits, and botnets. Possible mitigation and defending mechanisms such as firewalls and intrusion detection software will also be covered.

 

Class Objectives

      An understanding on real-world security vulnerabilities, exploits and defense

o   Mechanics of both aged but seminal works as well as start of the art

      First hand experience in network and system security experiments

o   Both network and host based attacks, defenses, forensics, diagnostics

      Install and test defenses including Intrusion and anomaly Detection Systems (IDS)

      Examine the functionality of Botnets, Malware, anti-virus, anti-spyware

      Obtain a deep enough understanding of existing tools (and the security concepts they implement) to not be a script kiddie

 

Prerequisites

      ISA 562 and ISA 563 or equivalent

      Coursework will include substantial programming projects; in order to be able to complete the projects, you are expected to have competence in programming that can be applied to to systems and networking (C, Python, etc.)

      You are expected to have a good understanding of operating system internals (system call internals, run-time memory organization, assembly language/x86)

      To be clear, you will be exposed to, and expected to implement, projects related to some subset of these:

o   Web application security, wireless vulnerabilities, socket programming, C2 protocols, PE lifecycle, binary packers, x86 shellcode (arbitrary code execution via stack smashing, heap spray attacks, ROP gadgets), IDS and analytics, incident response, penetration testing, maliciously repackaging mobile applications.

o   If you had to google any of that, then think seriously about not taking this course or expect a very steep learning curve at points along the way.

Grading

5 or 6 Lab Assignments 60%

Final Team Project 30%

Class Discussion Participation 10%

 

The students must achieve a total score of at least 90 (out of 100) to be considered for an A. This class is an advanced graduate-level class and is geared towards understanding the fundamental concepts behind Digital Forensics. The students will be expected to participate in large projects under the guidance of the instructor.

 

Computer Accounts

All students should have accounts on the central Mason Unix system mason.gmu.edu (also known as osf1.gmu.edu) and on IT&E Unix cluster zeus.ite.gmu.edu (Instructions and related links are here). Please read the FAQ if you have any questions. Students can work in IT&E computer labs for programming projects during the specified hours.

 

Honor Code

Please read and adhere to the University's Academic Honesty Page, GMU Honor Code, CS Department Honor Code.

 

Disability Statement

If you have a documented learning disability or other condition that may affect academic performance you should:

1)    Make sure this documentation is on file with the Office of Disability Services.

a.     All academic accommodations must be arranged through the ODS. http://ods.gmu.edu

2)    Talk with me to discuss your accommodation needs

 

Other Useful Resources

      Writing Center: A114 Robinson Hall; (703) 993-1200; http://writingcenter.gmu.edu

      University Libraries: Ask a Librarian http://library.gmu.edu/mudge/IM/IMRef.html

      Counseling and Psychological Services (CAPS): (703) 993-2380; http://caps.gmu.edu

      University Policies: The University Catalog, http://catalog.gmu.edu, is the central resource for university policies affecting student, faculty, and staff conduct in university affairs.