IA Course CPSC 4660:
System Vulnerability Analysis and Auditing
Course Description
The course covers the assessment of systems to discover resources that are susceptible to damage if intrusions and unauthorized access occur. The analysis of system vulnerability, identification of security deficiencies, security measurement, effectiveness and adequacy, and estimation of vulnerability of system resources to potential disaster hazards of unknown origin are also covered. Prerequisites: CPSC 160, 375, and 426 or 444 with grades of C or better.
Textbook
Matt Bishop, Introduction to Computer Security, Edition 1, Addison- Wiley, ISBN: 0-321-24744-2
Syllabus: Here
Lecture Notes
Lecture 1: An Overview of Computer Security; The Need for Security
Lecture 2. Access Control Matrix
Lecture 3. Security Policies
Lecture 4. Confidentiality Policies
Lecture 5. Integrity Policies
Lecture 6. Hybrid Policies
Lecture 7. Basic Cryptography
Lecture 8. Authentication
Lecture 9. Vulnerability Analysis
Lecture 10. Auditing
Lecture 11. Intrusion Detection
Lecture 12. Network Security, Introduction to Network; Network Protocol
Lab Manual and Exercises
Randy Weaver, Guide to Network Defense and Countermeasures, Thomson course technology,
ISBN: 1-4188-3679-6
- Lab 1: Gathering WHOIS Information, Manual DNS Zone Transfers, Network Reconnaissance, and Network Ping Sweeps Using nmap
- Lab 2: UDP Scan Using nmap, TCP Connect Scan Using nmap, TCP SYN Scan Using nmap, TCP SYN Scans Using hping, Decoy Scan Using nmap
- Lab 3: Banner Grabbing Using Telnet, Banner Grabbing Using Netcat, Active Stack Fingerprinting Using nmap, Passive Stack Fingerprinting Using Ettercap, FTP Enumeration, SSH Enumeration, SMTP Enumeration Using Telnet, HTTP Enumeration Using Nikto
- Lab 4: Null Session Enumeration from a Windows-Based System, Null Session Enumeration Using WinScanX, SNMP Enumeration Using snmpcheck, MySQL Enumeration
- Lab 5: FOR Loop Attack, Poor Man’s Privilege Escalation, MSRPC/DCOM Exploit Using Metasploit (CLI), Determining the Auditing Policy, Using Netcat to Set Up a Reverse Shell, GUI Remote Control Using Remote Desktop Protocol (RDP)
- Lab 6: Dumping Windows Password Hashes Using Metasploit, Cracking Windows Password Hashes Using Cain, Cracking Windows Password Hashes Using John the Ripper, Keylogging Using Metasploit, Taking Screen Shots Using Metasploit
- Lab 7: Command-Line File Searching Using a Windows Command Shell, Erasing Windows Logs Using elsave, Hiding Files Using attrib, Hiding Files Using Alternate Data Streams, ARP Poison Routing Using Cain
More IA Study Materials:
-
IA Academic Links
- Institute of Electrical and Electronics Engineering/Institution of Engineering and Technology
- ACM Homepage
- National Information Assurance Training and Education Consortium (NATEC): http://www.niatec.org/
- CiteSeer.IST: http://citeseer.ist.psu.edu/
- National Vulnerability Database: http://nvd.nist.gov/
- The United States Computer Emergency Readiness Team (US-CERT): http://www.us-cert.gov/
- Computer Security Articles by Bruce Schneier: http://www.schneier.com/essays-comp.html
- National Institute of Standards and Technology: http://csrc.nist.gov/
- National Security Agency: http://www.nsa.gov/
- Department of Homeland Security: http://www.dhs.gov/index.shtm
- Protocols from The Internet Engineering Task Force (IETF)
- Transmission Control Protocol (TCP): http://www.faqs.org/rfcs/rfc793.html
- User Datagram Protocol (UDP): http://tools.ietf.org/html/rfc768
- Hypertext Transfer Protocol (HTTP): http://www.ietf.org/rfc/rfc2616.txt
- HTTP over TLS: http://www.ietf.org/rfc/rfc2818.txt
- Domain Name Service (DNS): http://www.ietf.org/rfc/rfc1035.txt
- File Transfer Protocol (FTP): http://www.ietf.org/rfc/rfc0959.txt
- Simple Mail Transfer Protocol (SMTP): http://www.ietf.org/rfc/rfc0821.txt
- POP3: http://www.ietf.org/rfc/rfc1939.txt
- IMAP: http://www.ietf.org/rfc/rfc2060.txt
- Internet Protocol (IP): http://www.ietf.org/rfc/rfc0791.txt
- IPv6: http://www.ietf.org/rfc/rfc2460.txt
- The IP Network Address Translator (NAT): http://www.ietf.org/rfc/rfc1631.txt
- Internet Control Message Protocol (ICMP): http://www.ietf.org/rfc/rfc792.txt
- Internet Routing Protocol Standardization Criteria: http://tools.ietf.org/html/rfc1264
- Session Initiation Protocol (SIP): http://www.ietf.org/rfc/rfc2543.txt
- Routing Information Protocol (RIP): http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rip.htm
- Open Shortest Path First (OSPF): http://www.ietf.org/rfc/rfc2328.txt ; http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ospf.htm
- Border Gateway Protocol (BGP): http://www.ietf.org/rfc/rfc1772.txt
- RTSP: http://www.ietf.org/rfc/rfc2326.txt
- Ethernet
- Address Resolution Protocol (ARP): http://www.ietf.org/rfc/rfc826.txt
- The Point-to-Point Protocol (PPP): http://www.ietf.org/rfc/rfc1661.txt
- Asynchronous Transfer Mode (ATM): http://www.techfest.com/networking/atm/atm.htm
- CSMA/CD: http://www.erg.abdn.ac.uk/users/gorry/eg3561/lan-pages/csma-cd.html
- CSMA/CA: http://www.science.uva.nl/research/air/projects/old_projects/wlan/simulations/Intro_-_WLAN/Intro_-_CSMA_CA/intro_-_csma_ca.html
- IEEE 802.11: http://www.ieee802.org/11/
- Extensible Authentication Protocol (EAP) Key Management Framework: http://tools.ietf.org/html/draft-ietf-eap-keying-11
- An Architecture for Differentiated Services (Diffserv): http://www.ietf.org/rfc/rfc2475.txt
- Multipurpose Internet Mail Extensions (MIME): http://www.ietf.org/rfc/rfc2045.txt
- Resource ReSerVation Protocol (RSVP): http://www.ietf.org/rfc/rfc2205.txt
- OpenPGP Message Format: http://www.ietf.org/rfc/rfc2440.txt
- TLS: http://www.ietf.org/rfc/rfc2246.txt
- Security Architecture for the Internet Protocol (IPSec): http://www.ietf.org/rfc/rfc2401.txt
- A Simple Network Management Protocol (SNMP): http://www.ietf.org/rfc/rfc1157.txt
- UNIX/sockets/C/C++/PERL/JAVA manuals
- Database Privacy from Microsoft Research: http://research.microsoft.com/research/sv/DatabasePrivacy/
-
IA Journals
- University of Tennessee at Chattanooga (UTC) library: http://www.lib.utc.edu/ Note many journals are available in UTC libraries, and some of them are accessible from any computers in UTC.
- ACM Transactions on Information and System Security (TISSEC): http://tissec.acm.org/ (On-line journal is accessible from any computer in UTC)
- IEEE security & privacy (available in UTC library): http://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=8013
- The Virus Bulletin: http://www.virusbtn.com/index
- IEEE Transactions on Dependable and Secure Computing (available in UTC library):
- Information Systems Control (available in UTC library): http://www.isaca.org/Content/NavigationMenu/Members_and_Leaders/Publications/Journal/Information_Systems_Control_Journal_Home.htm
- IEEE communications magazine (available in UTC library)
- IEEE distributed systems online (available in UTC library)
- IEEE eTransactions on network and service management (available in UTC library)
- IEEE internet computing (available in UTC library)
- IEEE network (0890-8044)(available in UTC library)
- IEEE parallel & distributed technology (available in UTC library)
- IEEE personal communications (available in UTC library)
- Journal of Cryptography: http://www.springer.com/west/home/computer/lncs?SGWID=4-164-70-1009426-0&referer=www.springeronline.com&SHORTCUT=www.springer.com/sgw/cda/frontpage/0,11855,4-164-70-1009426-0,00.html
- International Journal of Information and Computer Security: http://www.inderscience.com/browse/index.php?journalCODE=ijics
-
Interesting books
- Where Wizards Stay Up Late: The Origins of the Internet History of how a group of computer scientists tackled and achieved the "impossible", and created the Internet; fun and non-technical reading of how the Internet as we know it today got started and developed.
-
Historical Documents
- A Graph-Based System for Network-Vulnerability Analysis
-
An Intrusion Detection Model paper
-
Trust in Cyberspace: http://www.nap.edu/readingroom/books/trust/
-
Access Control (Dictionary access control, The Bell-LaPadula Model, The Biba Model, Role-based Access Control) in paper
- A Graph-Based System for Network-Vulnerability Analysis
Resources
Secure Use |
|
General Security Policy: Cyber Ethics |
Cyber Ethics |
General Security Policy: Information Technology Security Evaluation Criteria (ITSEC) |
ITSEC Definition |
General Procedures: Inference |
Inference Definition |
General Procedures: Rainbow Series |
Rainbow Series |
General Procedures: NSTISSAM COMPUSEC/1-99 Insider Threat to Government Computer Systems |
NSTISS Glossary
|
General Countermeasures and Safeguards: Computer Law |
Computer Law |
General Countermeasures and Safeguards: Computer Media |
Computer Media
|
General Countermeasures and Safeguards: Evaluate Security Testing Tools |
Security Testing Tools |
Administrative Countermeasures/Safeguards: Control Management |
Change Control
|
Administrative Countermeasures/Safeguards: Privacy Act |
Privacy Act of 1974 |
Operations Policies/Procedures: Keystroke Monitoring |
Keystroke Monitoring |
Operations Policies/Procedures: Disaster Recovery Planning |
Disaster Recovery |
Incidents |
|
Policy and Procedures: Incident Response |
Incident Response |
Policy and Procedures: Witness Interrogation |
Witness Interrogation |
Operations Countermeasures/Safeguard: Computer Attacks |
Computer Attacks
|
Operations Countermeasures/Safeguard: Computer Emergency Readiness Teams |
CERT |
Configuration |
|
Administrative Policies/Procedures: Approval to Operate |
Approval to Operate |
Administrative Policies/Procedures: Configuration/Change Control |
Change Control |
Administrative Policies/Procedures: Copyright Protection |
Copyright Protection |
Administrative Policies/Procedures: Patch Management |
Patch Management |
Administrative Policies/Procedures: Records Management |
Records Management |
Administrative Policies/Procedures: Wireless Use Policies |
Wireless Use Policy |
Anomalies and Integrity |
|
General Risk Management: Computer System Risk Management |
Risk Management |
Access Control Safeguards: Computer System Access Control |
Access Control |
Access Control Safeguards: Protected Distribution Systems |
Protected Distribution System |
Access Control Safeguards: Information Systems Access Restrictions |
Access Restrictions |
Administration |
|
Access Control Mechanisms: KMI Applications |
Key Management |
Access Control Mechanisms: Single Sign-on |
Single Sign On |
IA Sites
- National Security Agency, Central Security Service—Information Assurance
- Information Assurance Support Environment
- Information Design Assurance Red Team (IDART)
- National Institute of Standards and Technology (NIST) Computer Security Division
- NIST Computer Security Resource Clearinghouse
- National Telecommunications and Information Administration (NTIA)
- ICAT Metabase
- ICAT is a searchable index of information on computer vulnerabilities. It provides search capability at a fine granularity and links users to vulnerability and patch information.
- National Vulnerability Database (NVD)
- STRATCOM
- ASD NII
- Defense Advanced Research Projects Agency (DARPA)
- Defense Information Systems Agency (DISA)
- Internet Traffic Report
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100 and is updated ever 15 minutes. Higher values indicate faster and more reliable connections. - Electronic Privacy Information Center Home Page
Public interest research center in Washington, D.C. - Information Security Portal
This site provides information concerning the topic of Information Warfare including security tools, the law and legal issues, espionage, terrorism, and information operations. - Internet Privacy Coalition
- International Computer Security Association (ICSA)
ICSA is known worldwide as an objective source for security assurance services. - Glossary of Information Warfare Terms
- Cyberwar - Information warfare and psychological operations
Provides information on the topics of propaganda analysis, online journals, index and metapages, general resources, intelligence agencies, and articles and documents. - Reliable Software Technologies (RST): Information Warfare
- Forum of Incident Response and Security Teams (FIRST)
- FIRST brings together a variety of computer security incident response teams from government, commercial, and academic organizations. FIRST aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large.
- International Association for Cryptologic Research (IACR)
The International Association for Cryptologic Research (IACR) is a non-profit scientific organization whose primary purpose is to further research in cryptology and related fields. - International Biometrics Industry Association (IBIA)
- Common Vulnerabilities and Exposures
- A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.
- Institute for Applied Network Security (IANETSEC)
The Institute for Applied Network Security is the premier membership organization for practicing information security professionals. The Institute's mission is to provide key technical and business insights to help members solve their most pressing professional challenges. - Reliability Information Analysis Center (RIAC)
Reliability Information Analysis Center (RIAC) : A Government and Industry focal point for Reliability, Maintainability, Quality, Supportability, and Interoperability related Engineering, Data, Software, Information, Training and Technical Assistance.