ISA 564/CS499, Security Laboratory Fall 2015

[Class Schedule] [Projects]


Instructor: Angelos Stavrou
Lecture: Tuesday 7:20pm - 10:00pm
Room:
ENGR 5358
Office Hours: Tuesday 4:30pm - 6:30pm, and by appointment
Email: astavrou(_)gmu.edu

Teaching Assistant: Maofei Chen
Office:
ENGR 5321

Office Hours: Tuesday: 2:30pm - 4:30pm & Wednesday: 3:00pm -5:00pm

Email: mchen18(_)gmu.edu


Cour
se Description:

This class will be focused on current research in Security with emphasis in Network and Software Security including:


Class Objectives:


This course provides hands-on experience in configuring and experimenting with commodity networked systems and security software in a live laboratory environment, with the purpose of understanding real-world security threats. This course will take both offensive and defensive approaches and expose students to a variety of real-world attacks, including viruses, worms, rootkits, and botnets. Possible mitigation and defending mechanisms such as firewalls and intrusion detection software will also be covered.

Prerequisites:

The prerequisite for this topics class is a C or better in CS 310 Data Structures and CS 367 Computer Systems & Programming; or permission of instructor. The coursework will include substantial programming projects; in order to be able to complete the projects, the students must be comfortable with C and Systems' programming.

Grading:

Topics

Duration

(Weeks)

Grade

Class participation

10%

Lab 1: Buffer Overflows

2

10%

Lab 2: Network Penetration

1

5%

Lab 3: Malware & Shellcode

2

10%

Lab 4: Network Attacks & Remote Exploitation

1

5%

Lab 5: Firewalls &

Intrusion Detection Systems

2

10%

Lab 6: Wireless Exploitation

1

5%

Lab 7: Web Vulnerabilities

1

5%

Midterm

 

15%

Final or Team Project

 

25%

Total

100%

The students must achieve a total score of at least 90 (out of 100) to be considered for an A. This class is an advanced graduate-level class and is geared towards understanding the fundamental concepts behind Digital Forensics. The students will be expected to participate in large projects under the guidance of the instructor.

Bibliography:

We are going to cover topics using the provided slides, papers, and online material.

On the course web page you will also find assigned reading from on-line articles, code snippets, and research publications. I will also have supplementary materials on reserve or handed out during class.

Computer Accounts:

All students should have accounts on the central Mason Unix system mason.gmu.edu (also known as osf1.gmu.edu)
and on IT&E Unix cluster zeus.ite.gmu.edu (Instructions and related links are here). Please read the FAQ if you have any questions. Students can work in IT&E computer labs for programming projects during the specified hours.

Honor Code:

Please read and adhere to the University's Academic Honesty Page, GMU Honor Code, CS Department Honor Code

Disability Statement
If you have a documented learning disability or other condition that may affect academic performance you should:
1) Make sure this documentation is on file with the Office of Disability Services.
All academic accommodations must be arranged through the ODS. http://ods.gmu.edu
2) Talk with me to discuss your accommodation needs.


Other Usefull Resources


Writing Center:
A114 Robinson Hall; (703) 993-1200; http://writingcenter.gmu.edu
University Libraries: “Ask a Librarian” http://library.gmu.edu/mudge/IM/IMRef.html
Counseling and Phychological Services (CAPS): (703) 993-2380; http://caps.gmu.edu
University Policies: The University Catalog, http://catalog.gmu.edu, is the central resource
for university policies affecting student, faculty, and staff conduct in university affairs.


Class Schedule

Week & Date
Course Lectures & Readings (Tentative)

Week 1, Sept 1

Intro & Class Mechanics [PDF]

Metasploit using Kali Linux: https://www.kali.org/downloads/

Metasploitable: http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

Wireshark Lab [PDF]

Week 2, Sept 8

Lab 1: Buffer Overflows [Link] Guest Lecture Prof. Dan Fleck

Week 3, Sept 15

Lab 1: Buffer Overflows [Link]

Week 4, Sept 22

Lab 2: Network Reconnaissance and Pentration [Link]


Week 5, Sept 29

Lab 3: Malware & Shellcode

Week 6, Oct 6

Lab 3: Malware & Shellcode

Week 7, Oct 13

Columbus Day - No Class

Week 8, Oct 20

Midterm

Week 9,Oct 27

Lab 4: Network Attacks & Remote Exploitation

Week 10, Nov 3

Lab 5: Defenses: Firewalls & Intrusion Detection Systems

Week 11, Nov 10

Lab 5: Defenses: Firewalls & Intrusion Detection Systems

Week 12, Nov 17

Lab 6: Wireless Exploitation

Week 13, Nov 24

Thanksgiving recess - No Class

Week 14, Dec 1 Lab 7: Web Vulnerabilities
Week 14, Dec 7
Final or Final Project Presentations