Readings:

1. "Ignorantia legis neminem excusat": (Latin for "ignorance of the law excuses no one")

   Everything here was added for a good reason. Please make sure you explore this class web site completely and read all the material through here at least once. Especially important is the detailed description of your Term Project and what's expected from you and by when. Don't forget to check back between sessions for any updates or notices.

   As always, when in doubt don't be afraid to ASK!

2. Chapter 1 in Pfleeger & Pfleeger (P&P)
3. On-line: Cybersecurity Today and Tomorrow: Pay Now or Pay Later (2002) (pages 1 through 15)

Written Problems (max of 4 sentences per question):

1. P&P Chapter 1: Questions #2, #4, #18
2. "Cybersecurity Today and Tomorrow": Describe three things that individual organizations should be doing as part of their cybersecurity planning.

Other Tasks:

1. Visit the following security-related sites and use your own e-mail address to subscribe to each of the newsletters/mailing-lists mentioned below. You may subscribe to more news feeds as well, but these below must be included. In some cases you may have to create an account first (e.g., SANS) before you can subscribe to a newsletter:
   • CERT | 'Cyber Security Tips' & 'Cyber Security Bulletins'
   • SANS Institute | SANS NewsBites newsletter
   • The Risks Digest | Risks Digest mailing list

   Please take some time to wander around these sites when you sign up for the newsletters. They can be an invaluable resource to you during the semester.

2. And don't forget to find a print or web-based article on some facet of computer security that we can briefly discuss during the next session. Good places to look are at web sites like the NY Times or Washington Post, or more technical sources, such as, slashdot.org.

Readings:

1. Chapter 2 in P&P textbook
2. On-line: "Why Cryptography Is Harder Than It Looks" By Bruce Schneier

Written Problems (max of 4 sentences per question):

1. Question: "What distinguishes stream ciphers from block ciphers? Name one advantage and one disadvantage for each of them."
2. Question: "According to Schneier, what is often the hardest part of cryptography? Name several reasons why this might be so."

3. P&P Chapter 2: Question #20

Other Tasks:

1. None this week.

Again, please don't forget to find a print or web-based article on some aspect of computer security that we can briefly discuss next session.

Readings:

1. Chapter 3 in P&P textbook: Sections 3.1, 3.2 and 3.3

Written Problems (max of 4 sentences per question):

1. None this week

Other Tasks:

NOTE: DUE DATE FOR THESE TASKS IS 10/06/09

Note: Even if you have completed these tasks before next week, please wait to upload them until AFTER you've received Assignment #4. That task will be using your answers to this week's work as part of it, so hold off the FTP until after you see what's in Assignment #4 next session.

Please realize I am very well aware of all the crypto tools of various kinds that exist out there on the web; indeed, I have used many of them myself for various tasks and exploration. However, you will learn very little about cryptography and the cryptanalysis process if you don't try to do these exercises by hand. Don't worry, they're not really very hard, but they WILL reinforce some of the details we've been discussing. Also, if I were to ask specific questions on applying these techniques on an exam, what would you do then? I'll leave it up to you.

1. We are going to do a detailed cryptanalysis on a keyed Caesar ciphertext. The details of this assignment can be found on this page.
2. We are also going to work with a polyalphabetic block cipher (Playfair cipher) which uses digraph (two-letter) enciphering to make the task of frequency analysis much more difficult. This task doesn't require you to decrypt a ciphertext without the key. Here is the description for this second task.

As usual keep on the lookout for an interesting article on some aspect of computer security for our next session.

Readings:

1. Chapter 3 in P&P textbook: Sections 3.4 through 3.9
2. Please watch the short interview video on YouTube to hear from some real-world hackers in their own words. (http://www.youtube.com/watch?v=R9vDzaBwD_k&feature=related) If you can't view it on YouTube, try downloading it from here.

Written Problems (max of 4 sentences per question):

1. None this week

Other Tasks:

1. Remember that your one page Term Project Vision statement is due on 10/06/09. The details I expect to see in it can be found here. Please place the file in your 'termproject' FTP folder.
2. You are going to digitally sign and encrypt your answer file from last week's cipher-related tasks with a tool called "Gpg4win" (a set of Windows applications that use an open source Public Key encryption tool called 'gnupg' underneath). This is what I'd like you to accomplish:

   1. Download the Gpg4win program which you will be installing under MS Windows from here. (http://ftp.gpg4win.org/gpg4win-2.0.0.exe) The online version of the documentation for this program can be found here. (http://gpg4win.de/handbuecher/novices.html) Please read through it once to get an idea of what the programs do and the basic process of creating and managing public and private keys.
   2. Install the Gpg4win executable on your machine by running the program you just downloaded (gpg4win-2.0.0.exe) from wherever you just saved it.
   3. Under the Windows Start Menu you should now find the Gpg4win folder. In there is a program called 'GPA' which is your key manager application. Run this program to create your own private/public-key pair.
   4. Follow these instructions (http://gpg4win.de/handbuecher/novices_6.html) to generate a key-pair for yourself. Use your real name and a real e-mail address to identify the keys. You'll probably have to enter a passphrase to protect your certificates at this point. Note: if the application dies for some reason after saving the backup of your private key, don't worry: just restart GPA and continue.
   5. Download and save my public-key (in readable ASCII format) from tjm_at_cognosys.net_pubkey.asc to your machine. You can usually right-click on this link in your browser and choose to save the link in a location you designate. This file contains my public-key that you will be importing into Gpg4win so that you can encrypt last week's homework assignment before you digitally sign it with your own private-key. Once you've encrypted it with my public-key, then I will be the only one able to read that encrypted version after you upload it to the class FTP server.
   6. Next, you should use the GPA program to import my public-key into your 'keyring' using the file you just downloaded in the previous step. In the GPA menu use "Keys->Import Keys" and specify my public-key file (the one you just downloaded) when asked for a key to import. This will add my public-key to your local keyring for later use.
   7. Now use GPA to export your public-key to an external, ASCII readable file. First select the key-pair you created for yourself from the list of keys in the main window. Then use "Keys->Export Keys" to specify the directory and filename where you'd like your public-key saved. You'll need to upload this file later to the FTP server along with the signed and encrypted homework file so that I'll be able to verify that only you could have submitted your homework.
   8. Open the "Kleopatra" program that was installed along with GPA. We'll use this tool to sign and encrypt your cipher exercises from last week before you upload them to the FTP server under the 'assignment-4' subdirectory. Click on the 'Sign/Encrypt Files' button which will bring up a window where you specify the file(s) you'd like to digitally sign and encrypt.
   9. The next to last step is to Choose 'Sign and Encrypt (OpenPGP only)' and 'Text output (ASCII armor)' to generate the signed/encrypted copy of last week's homework file. When asked for them, 'Add' my public-key (for encrypting so that only I can read it) and 'Add' your private-key to the list of certificates you'll be using. Click on 'Next>' and then 'Sign & Encrypt' to create the .ASC file with the singed/encrypted assignment in it.
   10. FINALLY! Take this encrypted and signed output file and upload it along with the other .ASC file that contains your PUBLIC KEY to the 'assignment-4' directory on the server. Whew...

As usual keep on the lookout for an interesting article on some aspect of computer security for our next session.

Readings:

1. Chapter 4 in P&P textbook
2. On-line: "Beyond Fingerprinting" - Scientfic American Sept. 2008

Written Problems (max of 4 sentences per question):

1. P&P Chapter 4: Questions #9, #24, #25

Other Tasks:

1. None this week.

Don't forget to find a print or web-based article on some aspect of computer security that we can briefly discuss next session.

Since the mid-term will be held at the beginning of class on 10/20/09, there are no other assignments due this week. Please make sure that you go over all the lecture notes and readings from the semester thus far. The bulk of the exam material will be taken from those sources along with what you heard in class that wasn't specifically referenced in the on-line lecture notes. If you've paid attention in class and done all the homework faithfully, then the mid-term should be pretty straightforward.

Readings:

1. None this week.

Written Problems (max of 4 sentences per question):

1. None this week.

Other Tasks:

1. None this week.

Readings:

1. P & P: Chapter 7 - at least Sections 7.1 and 7.2, but you can read more, if you have time.

Written Problems (max of 4 sentences per question):

1. None this week.

Other Tasks:

1. Review the "Networking 101" lecture notes posted in the session documents section.
2. Watch the video entitled, "Warriors of the Net". It's a short, graphical view of how TCP/IP works in practice.
3. Attempt to boot your Intel-based computer with the Backtrack 3 (BT3) Live-CD disk I'll be giving you. This is a full Linux environment (specifically, a Slackware-based distribution which uses the KDE window manager) that contains a wealth of security-related tools. Note that running this should not make any permanent changes to your system once you reboot your system with the CD removed from your disc drive. Please play around with the tools. I'm not entirely sure at this point whether we will be using this CD for future assignments. That will be partially determined on everyone's personal experiences running BT3.
4. A high-level look at BT3 can be found in Wikipedia. A somewhat more detailed description of a number of the tools found on the BT3 Live-CD can be found here. Look these sources over to get an idea of the types of tools available for penetration testing, password cracking, system scanning/fingerprinting, intrusion detection, etc.

Readings:

1. P & P: Chapter 7 - at least Sections 7.3 through end

Written Problems (max of 4 sentences per question):

1. None this week.

Other Tasks:

Since the BT3 Live-CD turned out not to work properly on everyone's machine, we will be using alternative system and network reconnaissance tools for Windows. Here are the instructions for downloading and installing them:

1. wireshark: wireshark (nee ethereal) is a packet sniffing tool that can be used to eavesdrop on a network from the inside and analyze the packets of data that are being passed back and forth between hosts. Go to the wireshark.org website and download the Windows Installer (32-bit). After downloading the .exe file, run the installer on your machine. It will probably ask whehether is should install the winpcap libraries on your system. Say 'OK', if it does. This will allow you to capture packets in real time from your machine's local network. Please note that you need to have Windows Administrator privileges to properly install and run wireshark.
2. After your copy of wireshark has been installed, then watch this video which will give you a quick tutorial on how to start using wireshark. Note how there is an example of sniffing an unencrypted Telnet session. If you'd like to try the same thing, then start wireshark and begin capturing packets on your own network using your LAN or WiFi card as the interface to listen in on. Either use HyperTerminal to connect to "cs446.dyndns.org" as shown in the video or open a Windows Command Prompt console and run the command: 'telnet cs446.dyndns.org'. This will connect you to the class target server which will act as "bait" for our scanning. You can log in to that host with the username "cs446" and the password "s3cr3t". Issue a few telnet commands (try 'help' as a start) and then exit from telnet when you are done to logout. Go back to the wireshark window and hit the 'stop capturing packets' button on the menu. You can then analyze the packets as shown in the video. As the commentator says, telnet is notoriously insecure as you can see from the packet traces since your password appears in the clear.

   Another intorductory video can be found here in case you need more instruction on the basic operations of wireshark.

   Feel free to play around with the wireshark tool as much as possible on your own networks and hosts, but please do not use it in a business or similar environments. Your innocent sniffing could be misinterpreted and lead to serious consequences.

3. nmap/Zenmap: nmap is a system & network scanning tool that we will be using to find out information about our systems which might help an attacker. Go to the nmap website, which has extensive documentation as well, to download the Windows self-installer, which is currently 'nmap-5.00-setup.exe'. After downloading the installer, run it from wherever you saved it to do the nmap installation.
4. Please watch the short introductory video on using nmap.
5. After nmap (actually we'll be using the Zenmap GUI frontend to nmap) has been installed, run Zenmap to get familiar with how nmap works using the video as a guide. Again, you should only point the tool at the host, "cs446.dyndns.org", or at any of your own machines. Please do NOT use it indiscriminately, since people really do NOT like to have their systems scanned without permission. You can also try using "scanme.nmap.org", if you'd like.

Readings:

1. P & P: Chapter 8 - Sections 8.1 and 8.3

Written Problems (max of 4 sentences per question):

1. See "Other Tasks" below.

Other Tasks:

1. Open a Command Prompt (DOS console) window on your machine and issue the command: "ipconfig /all". What is the host name of your machine? What DNS domain (suffix) does the host belong to? You will have one (or more) Ethernet adapters on your machine, e.g., one for WiFi connections and another for hardwired LAN connections, each of which may currently be connected and active. What is the 6-byte MAC hardware address for each of the active connections? What is the IP address associated with each active connection? Making these associations and answering queries about them is the responsibility of the ARP and RARP network protocols in the Network Layer.
2. For the next set of questions open the Zenmap GUI front-end tool for the system reconnaissance tool, nmap.

• Run a "Quick scan plus" against the target subnet, "75.127.171.64/29". How many active hosts or devices do there appear to be on that subnet? What are their IP addresses and what are their DNS host names? Could you tell what operating system was running on each of the hosts you found (it would be listed under "Service Info" and/or "OS Details")?
• Run an "Intense scan" against the target with the IP address, "cs446.dyndns.org". It should list the version of the software that is running on each of the open ports it finds. Very briefly describe the apparent function for each of the open ports (use the Wikipedia List of TCP and UDP numbers as a guide) found on 75.127.171.66. Which of these open ports seems to be using encrypted connections of some kind for security?
• Finally, run a "Quick scan" against the machines on your own local subnet using the IP address you found using "ipconfig /all". You will specify the range of targets using the CIDR form of IP addressing to scan all 255 possible addresses in your vicinity. For example: if your machine's IP address is "192.168.1.99" and you specify "192.168.1.99/24", then you will actually be scanning all the machines from 192.168.1.1 to 192.168.1.255. How many systems did you manage to get information on? Did anything you found surprise you from a security perspective? How might any possible vulnerabilities you discovered be remedied?
3. Lastly, download and install the Microsoft Baseline Security Analyzer onto your own Windows machine. Note: the correct version for most Windows systems on the download page is called "fre\MBSASetup-x86-EN.msi". Now run the MBSA using your own machine as the target. What vulnerabilities were uncovered? Was anything found that should concern you? Why?

Readings:

1. P & P: Chapter 8 - Sections 8.2 and 8.4
2. Sample IT Security Policy documents from academia (be prepared to discuss their contents in class):

   • Berkeley
   • Washington U. in St. Louis

Written Problems (max of 4 sentences per question):

1. None this week. Instead, please continue to work on your term project reports and final presentations. Remember the term project represents 30% of your final grade, so it's important to make it as good as you can. I'd really like to see that you went into some detail into researching a topic you were interested in and learned somethings that you didn't know before.

Other Tasks:

Final Exam:

Take the time between now and then to prepare for the 3 hour final exam on 12/01/09. I will try to keep the primary focus of the exam on the material we've covered since the mid-term as much as I can. However, some questions will certainly also come from topics we learned earlier in the semester.

Concentrate mostly on the lecture notes and what we talked about in class, as well as reviewing the HW assignments you did. Use the textbook to flesh out those concepts and to clarify what we discussed in class.

The final exam format will contain a mixture of questions including some True/False, some Multiple Choice, and perhaps even a short Matching section. There will be no "Short answer" section on the final exam.

The majority of points on the final will consist of a number (I'm not quite sure how many you will be answering yet) essay-style questions. My plan is to post a list of questions by 11/22/09 at the latest for you to review and answer at home. On the day of the exam I will pick some number of these questions that MUST be answered in class and allow you to select some other number from the rest that you can choose from to answer. I reserve the right to add a question or two that you have not seen in advance.

Hopefully, by posting the bulk of the essay questions beforehand this will give even those in the class who need extra time to read and comprehend the questions completely the ability to think about and frame their answers properly. Of course, I expect everyone's essay answers to be that much better and more detailed because you will have see the majority of the questions beforehand.

The exam is closed-book and no other notes will be allowed during the exam.

Term Projects:

IMPORTANT REMINDER: Both your completely finished final report and the accompanying presentation MUST be uploaded to the class FTP server no later than Sunday, 12/6/09. No excuses, no delays, etc. will be accepted at that point. If for any reason you have trouble placing the documents into the "termproject" folder in your FTP account, please e-mail the doc and presentation to me by 12/6.

I'm expecting great things from each of you as upperclassmen (upperclasspersons?) and graduate students. Show me your best efforts!