Agenda
Why should we care about network security?
Common misconceptions of network security
Examples of computer security issues and solutions
Overall structure of the course
Overview of labs and projects
Agenda
What happens when I visit "Google.com"?
How to capture and analyze packets with Wireshark and Pandas
Overview of protocols: IP, DHCP, ARP, DNS, TCP/UDP, HTTP, TLS
DHCP and ARP
[Zoom recording] [YouTube livestream of whiteboard] [Slides]
Agenda:
Overview of protocols: IP, DHCP, ARP, DNS, TCP/UDP, HTTP, TLS
ARP and DHCP
ARP spoofing
Learning goals:
Describe what packets are sent and received
[YouTube Recording of Board] [Zoom Recording] [Slides]
Agenda:
NAT and hole punching
VPN tunnels
IP tables and firewalls
[YouTube stream of the board] [Zoom recording] [Slides]
Agenda:
HTTP
CSRF and XSS
Lab:
Lab 1 due. Review of Lab 1.
Recommended readings before class:
Blogs and articles
How HTTP works: [Cloudflare article]
Paper: [IoT Inspector]
Video lectures [YouTube channel]:
How HTTP works: Videos 146-151
The Zoom recording is not available because Danny accidentally showed sensitive private info on the screen multiple times. If you need to review something, please contact Danny directly.
Agenda:
What happened to Facebook?
HTTP, CSRF, CSS continued
Recommended readings:
https://www.cloudflare.com/learning/security/glossary/what-is-bgp/
https://www.cloudflare.com/learning/security/glossary/bgp-hijacking/
Optional readings:
Lab
Overview of Lab 2
[YouTube stream part 1 ] [YouTube stream part 2] [Zoom recording]
Agenda:
Review of cryptography
TLS
PKI
Recommended readings:
https://developers.cloudflare.com/fundamentals/internet/protocols/tls
https://www.cloudflare.com/learning/ssl/transport-layer-security-tls/
https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
[YouTube stream] [Zoom recording] [Slides]
Agenda:
PKI
LetsEncrypt
MITM proxy
Certificate transparency
Revocation
Recommended readings:
How LetsEncrypt works: https://letsencrypt.org/how-it-works/
Introduction to PKI and TLS: https://www.youtube.com/watch?v=fuK-OAyfET4
PKI: https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/
https://www.cloudflare.com/learning/ssl/how-does-public-key-encryption-work/
https://www.cloudflare.com/learning/ssl/what-is-an-ssl-certificate/
Lab:
Lab 2 due. Review of Lab 2
[YouTube link] [Zoom recording] [Slides]
Agenda
PKI
LetsEncrypt
Certificate Transparency
MITM Proxy
IoT
Smart TV security
IoT Inspector
Recommended readings
PKI
https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/
https://www.cloudflare.com/learning/ssl/how-does-public-key-encryption-work/
https://www.cloudflare.com/learning/ssl/what-is-an-ssl-certificate/
https://emilymstark.com/2020/07/20/certificate-transparency-a-birds-eye-view.html
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-birge-lee.pdf
IoT
Lab:
Overview of Lab 3
Project
Overview of project proposals
[Zoom recording] [YouTube stream] [Slides]
Agenda:
Nmap
IoT Security
Readings:
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis
Ethics:
Project:
Review of project proposals
[Zoom recording] [YouTube recording] [Slides]
Agenda:
Cookies
Browser fingerprinting
Tor
Readings:
https://www.esat.kuleuven.be/cosic/publications/article-2334.pdf
https://www.esat.kuleuven.be/cosic/publications/article-2457.pdf
https://www.esat.kuleuven.be/cosic/publications/article-3196.pdf
https://www.theverge.com/2013/12/18/5224130/fbi-agents-tracked-harvard-bomb-threats-across-tor
Project
Continuous review of project proposals. All proposals should be finalized.
[Zoom recording] [YouTube stream]
Agenda:
Preliminary project progress report: Presentation
Lab 3 discussed
Tor, continued
Ransomware
Cryptocurrencies
Mirai
Project
Preliminary project progress report: Presentation
Lab:
Lab 3 due. Review of Lab 3
[Zoom recording] [YouTube Stream (no audio)]
No class. Thanksgiving.
Agenda:
DDoS
Ransomware
Cryptocurrencies
Mirai
Project
Interim project progress report: Update the slide deck
Recommended readings:
https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/
https://www.cloudflare.com/learning/ddos/dns-flood-ddos-attack/
https://www.cloudflare.com/learning/ddos/glossary/ip-spoofing/
https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/
https://blog.acolyer.org/2018/03/23/tracking-ransomware-end-to-end/
[Zoom recording] [Slides]
Agenda
Project presentation. Live presentation of projects during the class.
Schedule: See spreadsheet.
[Zoom recording (NYU Sign-in Required)]