ISA 564: Security Laboratory, Spring
2016
á Tuesday 4:30-7:10 in ENGR 5358
á Dr. Ryan Farley, rfarley3@gmu.edu
o For email, prefix subject line with ISA564, possible 12-24 hour delay for response
o Online office hours by appointment (Google hangout if needed)
á Teaching Assistant and contact TBD
o Plan to ask for TA help/individual attention during class instead of outside
á No text book (any readings will be available online)
Course Description
This course provides hands-on experience in configuring and experimenting with commodity networked systems and security software in a live laboratory environment, with the purpose of understanding real-world security threats. This course will take both offensive and defensive approaches and expose students to a variety of real-world attacks, including viruses, worms, rootkits, and botnets. Possible mitigation and defending mechanisms such as firewalls and intrusion detection software will also be covered.
Class Objectives
á An understanding on real-world security vulnerabilities, exploits and defense
o Mechanics of both aged but seminal works as well as start of the art
á First hand experience in network and system security experiments
o Both network and host based attacks, defenses, forensics, diagnostics
á Install and test defenses including Intrusion and anomaly Detection Systems (IDS)
á Examine the functionality of Botnets, Malware, anti-virus, anti-spyware
á Obtain a deep enough understanding of existing tools (and the security concepts they implement) to not be a script kiddie
Prerequisites
á ISA 562 and ISA 563 or equivalent
á Coursework will include substantial programming projects; in order to be able to complete the projects, you are expected to have competence in programming that can be applied to to systems and networking (C, Python, etc.)
á You are expected to have a good understanding of operating system internals (system call internals, run-time memory organization, assembly language/x86)
á To be clear, you will be exposed to, and expected to implement, projects related to some subset of these:
o Web application security, wireless vulnerabilities, socket programming, C2 protocols, PE lifecycle, binary packers, x86 shellcode (arbitrary code execution via stack smashing, heap spray attacks, ROP gadgets), IDS and analytics, incident response, penetration testing, maliciously repackaging mobile applications.
o If you had to google any of that, then think seriously about not taking this course or expect a very steep learning curve at points along the way.
Grading
5 or 6 Lab Assignments 60%
Final Team Project 30%
Class Discussion Participation 10%
The students must achieve a total score of at least 90 (out of 100) to be considered for an A. This class is an advanced graduate-level class and is geared towards understanding the fundamental concepts behind Digital Forensics. The students will be expected to participate in large projects under the guidance of the instructor.
Computer Accounts
All students should have accounts on the central Mason Unix system mason.gmu.edu (also known as osf1.gmu.edu) and on IT&E Unix cluster zeus.ite.gmu.edu (Instructions and related links are here). Please read the FAQ if you have any questions. Students can work in IT&E computer labs for programming projects during the specified hours.
Honor Code
Please read and adhere to the University's Academic Honesty Page, GMU Honor Code, CS Department Honor Code.
Disability
Statement
If you have a documented learning disability or other condition that may affect academic performance you should:
1) Make sure this documentation is on file with the Office of Disability Services.
a. All academic accommodations must be arranged through the ODS. http://ods.gmu.edu
2) Talk with me to discuss your accommodation needs
Other Useful
Resources
á Writing Center: A114 Robinson Hall; (703) 993-1200; http://writingcenter.gmu.edu
á University Libraries: Ask a Librarian http://library.gmu.edu/mudge/IM/IMRef.html
á Counseling and Psychological Services (CAPS): (703) 993-2380; http://caps.gmu.edu
á University Policies: The University Catalog, http://catalog.gmu.edu, is the central resource for university policies affecting student, faculty, and staff conduct in university affairs.