Lecture Notes
Class Outline
I Intend to cover from the following topics. Some of the outlines might be entirely from my lecture. The order will depend in part on student interaction and input.
- Crosscutting Concepts in Cybersecurity
- Confidentiality, integrity, availability
- Adversarial thinking
- Systems thinking
- Risks, threats, mitigations
- System access and authentication
- Authentication Methods
- Network Security
- Introduction to data communications
-
Network fundamentals and models
- Network Architectures
- Network Topology
- 7-layer OSI models
- Network Protocols
- Internet Protocol
- IP Packets
- TCP vs. UDP
- ICMP
- IPv4 vs. IPv6
- Packet Delivery
- Ethernet
- IP Addresses and Subnetting
- Network Address Translation
-
Networking devices
- Network interface cards
- Hubs
- Bridges
- Switches
- Routers
- Firewalls
- Virtualization
- Connection and transmission attacks
- Denial-of-Service Attacks
- Buffer Overflows
- Null Sessions
- Sniffing
- Spoofing
- Session Hijacking
- Man-in-the-Middle Attacks
- Replay Attacks
- Transitive Access
- Pharming
- Scanning Attacks
- Attacks on Encryption
- Address System Attacks
- Cache Poisoning
- Password Guessing
- Pass-the-Hash Attacks
- Software Exploitation
- Client-Side Attacks
-
Reconnaissance
- Network mapping
- port scanning
- packet sniffing
- Vulnerability assessment
-
Attacks and mitigation tools
- Metasploit
- Nmap
- Netcat
- Wireshark
- Web Security
-
Browser attacks
- Man-in-the-browser
- Keystroke logger
- Page-in-the-middle
- Program download substitution
- User-in-the-middle
-
Web attacks targeting users
- False or misleading content
- Defaced web site
- Fake web site
- Fake code
-
Malicious web content
- Fake code
- Substitute content
- Web bug
- Clickjacking
- Drive-by download
-
Obtaining user or website data
- Cross-site scripting
- SQL injection
- Dot-dot-slash
- Server-side include
-
E-mail and instant messaging security
- E-mail structure
- Fake email/ spoofing
- Link manipulation
- Malicious attachments
- Spam
- Social engineering
- Phishing
- Spear phishing
- Vishing
- Email do's and don'ts
- Software Security
- Fundamental design principles for secure software
- Security requirements and their role in system design
-
Implementation issues
- Error and exception handling
- Input and output validation
- Fuzzing
- Bug tracking
- Data encryption
- Secure storage
-
Malicious Code
- Viruses
- Worms
- Polymorphic malware
- Trojan horses
- Rootkits
- Logic bombs
- Spyware
- Adware
- Botnets
- Backdoors and trapdoors
- Ransomware
- Malware defenses
- Cryptography
-
Introduction
- Basic Terminology
- Cryptosystem
- Classical Cryptography
-
Transposition Techniques
- Rail Fence Cipher
- Interleaving Transposition Cipher
-
Substitution Techniques
- Caesar Cipher
- Monoalphabetic Cipher
- Polyalphabetic Cipher
- Playfair Cipher
- Vigenere Cipher
- One time pad (vernam) Cipher
-
Cryptographic Hash Function
- One-way Hash Function Properties
- Hashing Methodologies
- Birthday Attacks For Hash Collision
- Hashed Message Authentication Code (HMAC)
- MD2, MD4, MD5
- SHA-1, SHA-2, SHA-3
- System and Component Security
-
Authentication and access control
- User, group, and role management
- Identification, authentication, authorization
- Password policies
- Access control lists
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
- Role-Based Access Control (RBAC)
- Rule-Based Access Control
- Attribute Based Access Control (ABAC)
- Federated Authentication (OAuth)
-
Vulnerabilities of system components
Human Security
- Social engineering
-
Awareness and understanding of security issues
- System misuse and user misbehavior
- Proper behavior under uncertainty
- Enforcement and rules of behavior
Privacy
- Social and Behavioral Privacy
- Social Media Privacy and Security
Organizational and Societal Security
- Legal Issues and Ethics
- Cybercrime
- Cyber ethics
- The role of policy
