Network Security (ISA 656) Spring 2013

Instructor: Damon McCoy (mccoy(at)
Time: Tuesday 4:30 pm - 7:10 pm
Room: Nguyen Engineering Building 5358
Office Hours: Tuesday 2:00 pm - 4:00 pm also by appointment
Office: 5328 Engineering Building

Teaching Assistant: Rahul Murmuria (rmurmuri(at)
Office Hours: Tuesday 7:00 pm - 9:00 pm
Office: 4456 Engineering Building

Course Website:
Course Forum: piazza We will be using piazza for discussions on current security topics, and if you have a question this is the best place to ask it. We will check the page regularly and other students will be able to help as well.

Course Description:

GMU catalog: This course is an in-depth introduction to the theory and practice of Network Security. It assumes basic knowledge of cryptography and its applications in modern network protocols. The course studies firewalls architectures and virtual private networks and provides deep coverage of widely used network security protocols such as SSL, TLS, SSH, Kerberos, IPSec, IKE, and LDAP. It covers countermeasures to distributed denial of service attacks, security of routing protocols and the Domain Name System, Email security and spam countermeasures, wireless security, multicast security and trust negotiation.

This course will present current attacks and and defenses against networked computers. As a growing number of everyday things not typically thought as computer gain computational ability and in turn are connected to networks traditional security methods, such as locks and physical security mechanisms are no longer sufficient to protect them. This course will delve into the concepts and tools defenders have at their disposal and which threats they can mitigate.


ISA 562 and CS 555; or permission of instructor. There will be substantial programming involved in the assignments, and students should be familiar with programming in C, Java or another language.


Midterm: 25% (Open book)
Labs: 5% (There will 2-3 in class labs)
Assignments: 30% (I will assign 2-3 that will be mostly programming)
Final Project: 30% (You will work in groups of 2-3 on a class project in network security with a writeup/presentation due at the end)
Class/Forum Participation: 10%

Assignments received later that day lose 5%, the next day 20%, two days late 40%, after that no credit will be given. Please email or come and talk with me if you cannot turn in an assignment on time for some unforeseeable reason.

Required Materials:

Text Book:

Kaufman, Perlman, and Speciner. Network Security: Private Communication in a Public World, Second Edition, Prentice Hall PTR, 2002, ISBN 0130460192. (Required).

There will also be on-line news articles and research publications that will be required reading before some of the lectures.


HW1 due Feb. 7 before class
Please download the VM image for Lab 1 again if you downloaded it before 2/1/2013
HW2 due Mar. 8 11:59pm
HW3 due Apr. 16 4:30pm

Lectures (tentative)

Lab: Firewalls, and Network Vulnerability Scanners

The topic and list of required readings are below.

week and date Book Topic and Required Reading
week 1, Jan 22nd Course Overview and Introduction to Network Security [slides and HW 1 on blackboard]
week 2, Jan 29th Chapter 23 Firewalls

Chapman, "Network (In)Security Through IP Packet Filtering"
week 3, Feb 5th Intrusion Detection Systems
Lab: IDS/Network Sniffers [instructions on blackboard under assignments]
HW 1 Due before class
week 4, Feb 12th Chapters 4,5,6 Cryptography Review
week 5, Feb 19th Chapters 9.1-2, 10, 11.1-2, 12.2,13,14 Authentication Methods
week 6, Feb 26th Chapters 15,19 SSL, TLS, SSH
week 7, Mar 5th Chapters 17,18 Virtual Private Networks (IPsec/IKE)
DNS Security
HW 2 Due March 8th
week 8, Mar 12th Spring Break
week 9, Mar 19th Routing Protocol Security (BGP)
DDoS Attacks and Mitigation
week 10, Mar 26th Chapters 20,25 Email Security
Midterm Review
week 11, Apr 2nd Midterm
week 12, Apr 9th Malware
The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, DHS, SRI, APWG Report, October 2006
THE PARTNERKA . WHAT IS IT, AND WHY SHOULD YOU CARE?, Dmitry Samosseiko, SophosLabs tech report 2009
The Underground Economy of Spam: A Botmaster.s Perspective of Coordinating Large-Scale Spam Campaigns, Brett Stone-Gross, Thorsten Holzz, Gianluca Stringhinix, and Giovanni Vigna, LEET 2011
Measuring Pay-per-Install: The Commoditization of Malware Distribution, Juan Caballero, Chris Grier, Christian Kreibich, Vern Paxson, Usenix Security 2011
week 13, Apr 16th Wireless Security
HW 3 Due before class
week 14, Apr 23rd Privacy/Anonymity
Lab:Firewalls/Network Scanners
week 15, Apr 30th LDAP/OAuth
Web Security
Final May 14th 4:30-7:15 Final Project Presentations

Honor Code:

Please read and adhere to the University's Academic Honesty Page, GMU Honor Code, CS Department Honor Code

Disability Statement:

If you have a documented learning disability or other condition that may affect academic performance you should:
1) Make sure this documentation is on file with the Office of Disability Services.
All academic accommodations must be arranged through the ODS.
2) Talk with me to discuss your accommodation needs.

Other Usefull Resources:

Writing Center: A114 Robinson Hall; (703) 993-1200;
University Libraries: .Ask a Librarian.
Counseling and Phychological Services (CAPS): (703) 993-2380;
University Policies: The University Catalog,, is the central resource for university policies affecting student, faculty, and staff conduct in university affairs.