Schedule


September 2: Introduction


Agenda

  • Why should we care about network security?

  • Common misconceptions of network security

  • Examples of computer security issues and solutions

  • Overall structure of the course

  • Overview of labs and projects


[Recording] [Slides]


September 9: Capturing and analyzing packets


Agenda

  • What happens when I visit "Google.com"?

  • How to capture and analyze packets with Wireshark and Pandas

  • Overview of protocols: IP, DHCP, ARP, DNS, TCP/UDP, HTTP, TLS

  • DHCP and ARP

[Zoom recording] [YouTube livestream of whiteboard] [Slides]



September 16: Attacks on the local network


Agenda:

  • Overview of protocols: IP, DHCP, ARP, DNS, TCP/UDP, HTTP, TLS

  • ARP and DHCP

  • ARP spoofing


Learning goals:

  • Describe what packets are sent and received


[YouTube Recording of Board] [Zoom Recording] [Slides]


September 23: Firewalls, NATs, & tunnels


Agenda:

  • NAT and hole punching

  • VPN tunnels

  • IP tables and firewalls


[YouTube stream of the board] [Zoom recording] [Slides]


September 30: Web security


Agenda:

  • HTTP

  • CSRF and XSS


Lab:

  • Lab 1 due. Review of Lab 1.


Recommended readings before class:

  • How HTTP works: Videos 146-151


[YouTube stream]

The Zoom recording is not available because Danny accidentally showed sensitive private info on the screen multiple times. If you need to review something, please contact Danny directly.


October 7: Web security


Agenda:

  • What happened to Facebook?

  • HTTP, CSRF, CSS continued


Recommended readings:


Optional readings:


Lab

  • Overview of Lab 2


[YouTube stream part 1 ] [YouTube stream part 2] [Zoom recording]


October 14: TLS and Public Key Infrastructure - Part 1


Agenda:

  • Review of cryptography

  • TLS

  • PKI


Recommended readings:


[YouTube stream] [Zoom recording] [Slides]


October 21: TLS and Public Key Infrastructure - Part 2


Agenda:

  • PKI

  • LetsEncrypt

  • MITM proxy

  • Certificate transparency

  • Revocation


Recommended readings:


Lab:

  • Lab 2 due. Review of Lab 2


[YouTube link] [Zoom recording] [Slides]


October 28: PKI


Agenda

  • PKI

    • LetsEncrypt

    • Certificate Transparency

    • MITM Proxy

  • IoT

    • Smart TV security

    • IoT Inspector


Recommended readings


Lab:

  • Overview of Lab 3


Project

  • Overview of project proposals


[Zoom recording] [YouTube stream] [Slides]


November 4: IoT security and scanning


Agenda:

  • Nmap

  • IoT Security


Readings:


Project:

  • Review of project proposals


[Zoom recording] [YouTube recording] [Slides]


November 11: Privacy and anonymity


Agenda:

  • Cookies

  • Browser fingerprinting

  • Tor


Readings:


Project

  • Continuous review of project proposals. All proposals should be finalized.


[Zoom recording] [YouTube stream]


November 18: DDoS, botnets, malware


Agenda:

  • Preliminary project progress report: Presentation

  • Lab 3 discussed

  • Tor, continued

  • Ransomware

  • Cryptocurrencies

  • Mirai


Project

  • Preliminary project progress report: Presentation


Lab:

  • Lab 3 due. Review of Lab 3


[Zoom recording] [YouTube Stream (no audio)]

November 25: Thanksgiving


No class. Thanksgiving.


December 2: Malware and Cyber Crime


Agenda:

  • DDoS

  • Ransomware

  • Cryptocurrencies

  • Mirai


Project

  • Interim project progress report: Update the slide deck


Recommended readings:


[Zoom recording] [Slides]


December 9: Project presentation


Agenda

  • Project presentation. Live presentation of projects during the class.

  • Schedule: See spreadsheet.


[Zoom recording (NYU Sign-in Required)]