This fall, I’ll be teaching network security class for the IT program at Gallaudet University:
Here’s an overview of the topics in order. At this time, I’m open to further suggestions and feedback.
Goals and attitude of the network security professional: “Prevention eventually fails.”
Federal Laws covering computer hacking, fraud, abuse, intrusions and unauthorized access.
Organizational/Human Factors: setting network security policy, human judgement/decision-making about possible attacks, and the insiders threat
Profiles of different types of network attackers: from script-kiddies to hacktivists (people hacking for social, political or religious causes) to state-sponsored professional teams.
Emerging trend: (APT) Advanced Persistent Threats (sophisticated adversary engaged in information warfare in support of long-term strategic goals.)
Stages of successful attack/exploitation
Cover different attack vectors, mobile smartphones (iPhone/Android), Honeypots as early warning systems, social engineering threat.
(sprinkled throughout the course) Real world scenarios and personal war stories.
Review Linux system admin skills
Explaining/demo of stack/buffer overflows (NOP slide, shellcode, polymorphic shellcode)
Refresh networking knowledge
TCP/IP headers and handshake, ICMP types
Using wireshark for packet analysis
nmap and different types of port scanning to identify open/closed ports.
Review the structure of a DNS Record, A, CNAME, MX, NS, SOA – then show a breakout of a SOA Record (Serial number Refresh Retry Expire TTL). Showing them the tools such as nslookup, dig, samspade, host etc.
arp-poisoning, DNS poisoning (malware for local /etc/hosts or break into DNS master and force trx of bad DNS entries to DNS slave servers) and other L2/L3 attacks.
Using dsniff suite with a VMWare switch in “hub” mode.
Other information gathering methods (DNS zone xfers / Google reconnaissance)
Cryptography (symmetric / asymmetric encryption)
WiFi – encryption methods and attack methods
Installing LAMP
OS hardening
Sandboxing (jails)
Firewall with iptables
XSS and SQL injection attacks, obfuscation, the hex encoding of characters to obfuscate attack code / redirected URLs.
IDS using Snort in-line with iptables
Secure network architecture/design (External/DMZ/Wireless/VPN/VLANs/etc)
Using Metasploit framework for penetration testing.
Cloud computing infrastructure- risk not any less, just shifted. (Blue pill attacks to break out of guest virtual machine to the host.)