Schedule
September 2: Introduction
Agenda
Why should we care about network security?
Common misconceptions of network security
Examples of computer security issues and solutions
Overall structure of the course
Overview of labs and projects
September 9: Capturing and analyzing packets
Agenda
What happens when I visit "Google.com"?
How to capture and analyze packets with Wireshark and Pandas
Overview of protocols: IP, DHCP, ARP, DNS, TCP/UDP, HTTP, TLS
DHCP and ARP
[Zoom recording] [YouTube livestream of whiteboard] [Slides]
September 16: Attacks on the local network
Agenda:
Overview of protocols: IP, DHCP, ARP, DNS, TCP/UDP, HTTP, TLS
ARP and DHCP
ARP spoofing
Learning goals:
Describe what packets are sent and received
[YouTube Recording of Board] [Zoom Recording] [Slides]
September 23: Firewalls, NATs, & tunnels
Agenda:
NAT and hole punching
VPN tunnels
IP tables and firewalls
[YouTube stream of the board] [Zoom recording] [Slides]
September 30: Web security
Agenda:
HTTP
CSRF and XSS
Lab:
Lab 1 due. Review of Lab 1.
Recommended readings before class:
Blogs and articles
How HTTP works: [Cloudflare article]
Paper: [IoT Inspector]
Video lectures [YouTube channel]:
How HTTP works: Videos 146-151
The Zoom recording is not available because Danny accidentally showed sensitive private info on the screen multiple times. If you need to review something, please contact Danny directly.
October 7: Web security
Agenda:
What happened to Facebook?
HTTP, CSRF, CSS continued
Recommended readings:
https://www.cloudflare.com/learning/security/glossary/what-is-bgp/
https://www.cloudflare.com/learning/security/glossary/bgp-hijacking/
Optional readings:
Lab
Overview of Lab 2
[YouTube stream part 1 ] [YouTube stream part 2] [Zoom recording]
October 14: TLS and Public Key Infrastructure - Part 1
Agenda:
Review of cryptography
TLS
PKI
Recommended readings:
https://developers.cloudflare.com/fundamentals/internet/protocols/tls
https://www.cloudflare.com/learning/ssl/transport-layer-security-tls/
https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
[YouTube stream] [Zoom recording] [Slides]
October 21: TLS and Public Key Infrastructure - Part 2
Agenda:
PKI
LetsEncrypt
MITM proxy
Certificate transparency
Revocation
Recommended readings:
How LetsEncrypt works: https://letsencrypt.org/how-it-works/
Introduction to PKI and TLS: https://www.youtube.com/watch?v=fuK-OAyfET4
PKI: https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/
https://www.cloudflare.com/learning/ssl/how-does-public-key-encryption-work/
https://www.cloudflare.com/learning/ssl/what-is-an-ssl-certificate/
Lab:
Lab 2 due. Review of Lab 2
[YouTube link] [Zoom recording] [Slides]
October 28: PKI
Agenda
PKI
LetsEncrypt
Certificate Transparency
MITM Proxy
IoT
Smart TV security
IoT Inspector
Recommended readings
PKI
https://blog.cloudflare.com/how-to-build-your-own-public-key-infrastructure/
https://www.cloudflare.com/learning/ssl/how-does-public-key-encryption-work/
https://www.cloudflare.com/learning/ssl/what-is-an-ssl-certificate/
https://emilymstark.com/2020/07/20/certificate-transparency-a-birds-eye-view.html
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-birge-lee.pdf
IoT
Lab:
Overview of Lab 3
Project
Overview of project proposals
[Zoom recording] [YouTube stream] [Slides]
November 4: IoT security and scanning
Agenda:
Nmap
IoT Security
Readings:
https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis
Ethics:
Project:
Review of project proposals
[Zoom recording] [YouTube recording] [Slides]
November 11: Privacy and anonymity
Agenda:
Cookies
Browser fingerprinting
Tor
Readings:
https://www.esat.kuleuven.be/cosic/publications/article-2334.pdf
https://www.esat.kuleuven.be/cosic/publications/article-2457.pdf
https://www.esat.kuleuven.be/cosic/publications/article-3196.pdf
https://www.theverge.com/2013/12/18/5224130/fbi-agents-tracked-harvard-bomb-threats-across-tor
Project
Continuous review of project proposals. All proposals should be finalized.
[Zoom recording] [YouTube stream]
November 18: DDoS, botnets, malware
Agenda:
Preliminary project progress report: Presentation
Lab 3 discussed
Tor, continued
Ransomware
Cryptocurrencies
Mirai
Project
Preliminary project progress report: Presentation
Lab:
Lab 3 due. Review of Lab 3
[Zoom recording] [YouTube Stream (no audio)]
November 25: Thanksgiving
No class. Thanksgiving.
December 2: Malware and Cyber Crime
Agenda:
DDoS
Ransomware
Cryptocurrencies
Mirai
Project
Interim project progress report: Update the slide deck
Recommended readings:
https://www.cloudflare.com/learning/ddos/dns-amplification-ddos-attack/
https://www.cloudflare.com/learning/ddos/dns-flood-ddos-attack/
https://www.cloudflare.com/learning/ddos/glossary/ip-spoofing/
https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/
https://blog.acolyer.org/2018/03/23/tracking-ransomware-end-to-end/
[Zoom recording] [Slides]
December 9: Project presentation
Agenda
Project presentation. Live presentation of projects during the class.
Schedule: See spreadsheet.
[Zoom recording (NYU Sign-in Required)]