Network Security (CIS-4080) Home Page

This is the home page for Peter Chapin's Computer Security course notes for the Spring 2023 semester. Here you will find electronic versions of class handouts, homework assignments, lecture slides, and links to other references of interest. If you are a student taking Network Security you should bookmark this page.

• The Zoom meeting URL gives you access to the live lectures.
• The homework submission area and grade book are on Canvas. All other course resources are here.
• The course syllabus gives an overview of the course and its content, lists course resources, and describes the grading policy and related issues.
• Some of the assignments will require Packet Tracer, a network simulator made by Cisco. You can access Packet Tracer by creating a Skills for All account (if you have a Cisco Networking Academy account already you can use that to log into Skills for All). To get started, enroll in the "Getting Started with Cisco Packet Tracer" course. You can download Packet Tracer from there. The "Getting Started..." course is worth working through if you are new to Packet Tracer.
• There is an experimental network in the BLP-210 lab that we can use for some physical network demonstrations and assignments.
• I've prepared some general information on submitting assignments.
• My home page contains other resources of potential interest.

Lecture Topics

The lectures for this course are on Zoom.

• 2021-01-18. Introduction to the course and to Packet Tracer. Started looking at the "basic settings" for Cisco routers.
• 2023-01-23. More on router basic settings and discussion of Homework #1.
• 2023-01-25. Discussed "views" as implemented on Cisco routers.
• 2023-01-30. Introduced network management and discussed logging via syslog.
• 2023-02-01. Discussed Homework #2 and NTP.
• 2023-02-06. Discussed locking down router services (and related topics).
• 2023-02-08. Discussed the BLP-210 experimental network.
• 2023-02-13. Quick introduction to GNS3. Discussed AAA.
• 2023-02-15. [Off-topic lecture] Demonstrated the IPv6 tunnel between Lemuria and Twilight.
• 2023-02-20. No class (Vacation).
• 2023-02-22. No class (Vacation).
• 2023-02-27. Introduced Homework #3. Started discussing router ACLs.
• 2023-03-01. Continued discussion of ACLs ("Complex" ACLs).
• 2023-03-06. Discussed firewalls.
• 2023-03-08. Discussed intrusion detection/prevention systems (IDS/IPS).
• 2023-03-13. Described the current status of the BLP-210 experimental network.
• 2023-03-15. Discussed Homework #4 and started discussing network attack methods.
• 2023-03-20. No class.
• 2023-03-22. Introduced IPsec.
• 2023-03-27. More discussion about the configuration of the experimental network and about an upcoming Homework #5 related to using Snort as an intrusion detection system.
• 2023-03-29. Still more discussion about the configuration of the experimental network and the saga of getting things set up for use there!
• 2023-04-03. No class (Vacation).
• 2023-04-05. No class (Vacation).
• 2023-04-10. Demonstrated snort on Mu in package capture and packet logging mode.
• 2023-04-12. More demonstrations using the experimental network: nmap logging, router attack tools.
• 2023-04-17. Demonstrated snort in IDS mode.
• 2023-04-19. Discussed Homework #6.

Slides

These slides are by Jean Hakim. I have made some modifications/updates to them. Most of these slides were converted from PDF to PowerPoint and then back to PDF (the original PowerPoint was lost). The conversion process created some formatting issues, which I am slowly correcting.

• Overview
• Securing Network Devices, Part 1
• Securing Network Devices, Part 2
• Securing Network Devices, Part 3
• AAA
• Firewalls and ACLs
• Intrusion Prevention Systems
• Network Attacks
• Securing Layer 2

Homework

1. Homework #1. Securing the Router. Due: 2023-01-27.
2. Homework #2. Views, Logging, and NTP. Due: 2023-02-10
3. Homework #3. Configure AAA Authentication on Cisco Routers. Due: 2023-03-10.
4. Homework #4. Configure Router Access Control Lists. Due: 2023-03-24.
5. Homework #5. Capturing Traffic on the Experimental Network. Due: 2023-04-14.
6. Homework #6. Using Snort in IDS Mode. Due: 2023-05-05

Resources/Articles

Cybersecurity Organizations

• Cybersecurity and Infrastructure Security Agency (CISA)
• US Computer Emergency Readiness Team (US-CERT)
• SysAdmin, Audit, Network, and Security Institute (SANS Institute)
• International Information Systems Security Certification Consortium (ISC2, pronounced as "ISC squared")

Infrastructure Devices

• Five Different Types of Firewalls
• Here is a list of tools on Kali systems.
• Network Access Control refers to technologies intended to control which devices can be connected to a network.

Cisco-Specific Information

• The basic settings we use for the routers and switches in our labs and assignments.
• A through discussion of ICMP redirect messages and the Cisco NX-OS commands to manage them.
• Here is a nice description of how to set up AAA on a Cisco Network Access Server (NAS).

Product References

• Snort is an intrusion detection/prevention system. Here is the documentation for Snort v3 (note that version 3 is significantly different than version 2).
• strongSwan is an IPsec implementation for Linux and other systems. Here is a document that describes how to install strongSwan on Ubuntu 20.04.
• Graylog is a commercial product that does log integration. It can use ML/AI methods to correlate log events to identify attacks that are not discernible from individual log events.

RFCs

• IPsec is described by RFC-4301 (Security Architecture), RFC-4302 (Authentication Header), RFC-4303 (Encapsulating Security Payload), RFC-7296 (IKE v2), and RFC-4309
• A few of my notes on IPsec.
• IPsec Evaluation. This document by Ferguson and Schneier is critical of the original IPsec design.
• RFC-8446 describes the TLS protocol, version 1.3.
• A document that summarizes the Kerberos v4 protocol.

Other

• A list of mythical lands that can serve as future computer names!

Last Revised: 2023-04-20
Copyright 2023 by Peter Chapin <pchapin@vtc.edu>