COM 260 COMPUTER AND NETWORK SECURITY

 

TEXT: Mark Stamp, Information Security: Principles and Practices, John Wiley & Sons, Hoboken, NJ, 2011.

 

Recommended Reading: William Stallings, Network Security Essentials, Fourth Edition, Prentice Hall, Upper Saddle River, NJ, 2011.

 

Related WebSites: http://www.cs.sjsu.edu/~stamp/infosec/

                              http://williamstallings.com/

                              http://www.williamstallings.com/StudentSupport.html

                              http://WilliamStallings.com/Crypto/Crypto5e.html

 

Chapter and Topic

Slides

Related links

1. Introduction

Chapter1

60 Minutes (cyberwarefare, hacking ATMs and the power grid)

http://www.youtube.com/watch?v=FZUzB8uC9bs (Sabatoging the System)

http://www.cbsnews.com/stories/2009/11/06/60minutes/main5555565.shtml

Cyber Security Tips

http://www.us-cert.gov/cas/tips/

 

http://www.internic.net

http://www.petri.co.il/sam_spade_tools.htm

http://www.arin.net

https://www.arin.net/knowledge/general.html

http://www.whois.net

http://tools.whois.net/ping/

http://whatismyipaddress.com/

http://www.traceroute.org/ ( See also extras)

 

 

2. Crypto Basics

Chapter2

 

Cryptography

Stallings Tutorial

 

Solve Cipher

 

Cryptography

 

Cryptograms

http://www.simonsingh.net/

http://www.simonsingh.net/The_Black_Chamber/

 

http://simonsingh.net/media/online-videos/cryptography/

 

http://en.wikibooks.org/wiki/Cryptography  (See Classical Cryptography)

http://www.cs.trincoll.edu/~crypto/index.html  ( Cryptography)

 

http://csrc.nist.gov/CryptoToolkit/modes/

 

http://www.math.ucsd.edu/~crypto/programs.html

 

http://www.umich.edu/~umich/fm-34-40-2/ ( Basic cryptanalysis)

http://pajhome.org.uk/crypt/index.html

http://starbase.trincoll.edu/~crypto/

 

http://www.garykessler.net/library/crypto.html (good overview & examples)

http://www.cryptographyworld.com/ ( tutorial & resources, source code)

http://www.pgpi.org/doc/pgpintro/  ( introduction to Cryptography)

http://www.skypoint.com/members/waltzmn/Cryptography.html (Biblical)

http://www.cryptograms.org/tutorial.php ( good explanation...)

http://www.cryptoquote-cryptogram-puzzles.com/easy-cryptograms.html (printable)

 

Caesar Cipher

http://www.seifried.org/security/cryptography/crypto-book/chapter-02.html

http://www.cs.trincoll.edu/~crypto/historical/caesar.html

http://www.dummies.com/how-to/content/easy-cryptograms-with-letter-substitutions0.html

 

Vigenere cipher

http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher (explanation)

http://math.ucsd.edu/~crypto/java/EARLYCIPHERS/Vigenere.html

http://user.it.uu.se/~olgag/Cryptology/vigenere.html

http://sharkysoft.com/misc/vigenere/ ( encoder)

http://smurfoncrack.com/pygenere/index.php ( decoder)

 

Online tools

http://rumkin.com/tools/cipher/

Secret Code Breaker - download - http://www.secretcodebreaker.com/scbsolvr.html

http://www.purplehell.com/riddletools/applets/cryptogram.htm

 

Useful Websites for Puzzle Solving

http://www.winterdragon.org/index.php?page=puzzle-sites

 

Online – Cryptography – Stanford U.

http://www.crypto-class.org/

MIT Short Course on Cryptography

http://saweis.net/crypto.html

Growth of Cryptography – Ron Rivest

http://mitworld.mit.edu/video/879

Cryptography- Science or Magic –MIT

http://mitworld.mit.edu/video/42

 

History of Secret Code Breaking – videos

http://www.secretcodebreaker.com/SCB&CipherMachines.wmv

Enigma simulations

http://www.enigmaco.de/enigma/enigma.html

Navajo CodeTalkers – WWII – IWO JIMA

http://www.lapahie.com/NavajoCodeTalker.cfm

http://www.youtube.com/watch?v=2JPIeyBPum0&feature=related

http://www.youtube.com/watch?v=YZuOiqo1glk (music video)

http://www.history.navy.mil/faqs/faq61-2.htm

 

Java Cryptography Extension

http://docs.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.html

http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html

 

 

3.  Symmetric Key Crypto

Chapter3

 

 

 

 

Examples

 

 

 

 

 

http://www.williamstallings.com/Crypt-Tut/Crypto%20Tutorial%20-%20JERIC.html

 

http://www.mycrypto.net/encryption/public_key_encryption.html

 

http://www.faqs.org/faqs/cryptography-faq/

 

http://www.acm.org/crossroads/xrds7-1/crypto.html#con-generator

http://xrds.acm.org/article.cfm?aid=351098

 

http://www.krellinst.org/UCES/archive/modules/charlie/pke/

 

http://pajhome.org.uk/crypt/rsa/rsa.html

4. Public Key Crypto

Chapter4

 

 

 

 

 

 

RSA

Key distribution Problem - Diffie- Hellman

The Science of Secrecy

http://simonsingh.net/media/online-videos/cryptography/

 

http://simonsingh.net/media/online-videos/cryptography/the-science-of-secrecy-going-public/

http://simonsingh.net/media/online-videos/cryptography/the-science-of-secrecy-going-public/

 

 

5. HASH Functions

 

Chapter5

 

6. Advanced Crypto

 

Chapter6

 

 

7. Authentication

Chapter7

 

http://oreilly.com/catalog/javacrypt/chapter/ch06.html  (Sample- Authentication)

 

8. Authorization

 

Chapter8

 

http://www.pgpi.org/

http://www.gfi.com/emailsecuritytest/

 

“Phishing”

http://en.wikipedia.org/wiki/Phishing

http://www.antiphishing.org/

http://www.webopedia.com/TERM/p/phishing.html

http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

 

Anti-spam Techniques

http://en.wikipedia.org/wiki/Anti-spam_techniques_(e-mail)

 

9. Simple Authentication

Protocols

Chapter9

 

http://en.wikipedia.org/wiki/TCP/IP_stack#Layers_in_the_internet_protocol_suite_stack

 

http://mute-net.sourceforge.net/howPrivacy.shtml

http://en.wikipedia.org/wiki/Transport_Layer_Security

 

10. Real-world Security Protocols

 

Chapter10

IPSec

Kerberos

 

IP Security (IPSec) Chapter8- Stallings

http://web.mit.edu/kerberos/www/

 

http://www.honeypots.net/

Intrusion Detection - Wikipedia

11. Software Flaws and Malware

Chapter11

 

Timeline of Notable Viruses and Worms

 

Virus Encyclopedia

http://www.viruslist.com/en/viruses/encyclopedia

 

Top 20 viruses for 2005

http://www.viruslist.com/en/analysis?pubid=1770870

 

Malware in 2007 – Online Gaming

http://www.viruslist.com/en/analysis?pubid=204791985

 

Netscape Virus Center

http://channels.netscape.com/tech/viruscenter.jsp?floc=ns-tos-mant-h-01

Malware Code Glossary

http://www.f-secure.com/virus-info/glossary.shtml

 

Conficker Worm

http://www.youtube.com/watch?v=Ar-l3FRUdGw&feature=relmfu (Leslie Stahl)

http://www.youtube.com/watch?v=jIoKQQTWde0&feature=related

http://www.youtube.com/watch?v=kQUG4_mhmQs&feature=relmfu

 

Viruses, worms and Bots

http://www.youtube.com/watch?v=c34QwtYI40g&feature=related

http://www.youtube.com/watch?v=a8hZQxWC3A8&feature=related

http://www.youtube.com/watch?v=K8lWLwuiDwk&feature=relmfu Symantec -phishing

http://www.youtube.com/watch?v=SubxMZxhiKo&feature=relmfu Symantec-bots

http://www.youtube.com/watch?v=dFsgggsxw6Q&feature=related Symantec-crime

http://www.youtube.com/watch?v=J0QXD2ts4Qc&feature=relmfu Symantec-downloads

http://www.youtube.com/watch?v=jc-S4fa5BxQ&feature=relmfu Symantec-DoS

http://www.youtube.com/watch?v=_4sFZgUWhB4&feature=related Symantec (V)

http://www.youtube.com/watch?v=pvIJuHectBY&feature=relmfu Symantec-data

http://www.youtube.com/watch?v=9TwEo2-APlA&feature=relmfu Symantec-netthreats

 

Botnets

 http://www.youtube.com/watch?v=IUfOCCU7TS0&feature=fvst

 

Root Kits

http://www.viruslist.com/en/analysis?pubid=168740859

http://www.youtube.com/watch?v=u5VvmL5Tqvc CISSP

http://www.youtube.com/watch?v=We4Qt-CWwHs&feature=related registry

http://www.youtube.com/watch?v=ic22k9Jsl0k&feature=related

http://www.youtube.com/watch?v=-GMjb65J0Gw

 

12. Insecurity in Software

 

Chapter12

 

 

13. Operating Systems and Security

 

Chapter13

 

 

Appendix-Network and Math Basics

Appendix

 

 

Software

 

Lab5- Hoaxes

http://www.research.ibm.com/antivirus/

http://www.eeggs.com/

http://en.wikipedia.org/wiki/Easter_egg_(virtual)

http://www.eggheaven2000.com/

http://www.dvdeastereggs.com/

http://smithsonianchips.si.edu/chipfun/graff.htm

http://www.symantec.com/avcenter/

http://computer.howstuffworks.com/virus.htm

 

More Easter Eggs

http://www.youtube.com/watch?v=4XQyVd9Ha2Y&feature=colike  Google

http://www.youtube.com/watch?v=gsv2g8BdRCo

http://www.youtube.com/watch?v=-hBNdLsVUDw&feature=related

http://www.youtube.com/watch?v=WPB4Oq3lKi4&feature=related

http://www.youtube.com/watch?v=3EOhD3NNa4g&feature=related calculator

http://www.youtube.com/watch?v=ptP19JFv-n4                 xbox

 

Root Kits

http://www.viruslist.com/en/analysis?pubid=168740859

http://www.youtube.com/watch?v=u5VvmL5Tqvc CISSP

http://www.youtube.com/watch?v=We4Qt-CWwHs&feature=related registry

http://www.youtube.com/watch?v=ic22k9Jsl0k&feature=related

http://www.youtube.com/watch?v=-GMjb65J0Gw

 

Scams and Hoaxes

http://www.youtube.com/watch?v=ukhscQp0_QI

http://www.youtube.com/watch?v=2I9ZRnvwKL4&feature=related

http://www.youtube.com/watch?v=QzZ-ZE-uggg&feature=related CompTIA

http://www.youtube.com/watch?v=zccAVStub0w&feature=related

http://www.youtube.com/watch?v=O6ByHvaJ8go&feature=related ( April, 1)

 

CompTIA

http://www.youtube.com/watch?v=fh7pudNGr5A&feature=relmfu (add-ons)

 

2012 Materials

 

 

11. Firewalls

 

Chapter11-Stallings

http://firewall.com/

http://www.interhack.net/pubs/fwfaq/

http://www.zonelabs.com/store/content/home.jsp

12. Network Mangement Security

Chapter 12-Stallings

 

http://www.simpleweb.org/

SNMP-Wikipedia

 

13. Legal and Ethical Aspects

Chapter 13-Stallings

 

Web Security

 

 

 

Chapter7

SET

SSH

Lab 7 – Digital Certificates

http://www.w3.org/Security/

http://code.google.com/edu/security/index.html

http://www.learnsecurity.com/ntk

 

http://www.alw.nih.gov/Security/security-www.html

http://www.spidynamics.com/spilabs/top5/index.html

 

Software

Vulnerabilities

 

 

Buffer Overflow –video http://www.youtube.com/watch?v=kZZgNnhxA_4

https://www.owasp.org/index.php/Buffer_Overflow

http://en.wikipedia.org/wiki/Buffer_overflow

http://www.cultdeadcow.com/cDc_files/cDc-351/

SQL Injection

http://msdn.microsoft.com/en-us/library/ms161953.aspx

https://www.owasp.org/index.php/SQL_Injection

http://www.unixwiz.net/techtips/sql-injection.html

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

 

General Resources

 

Department of Homeland Security - http://www.dhs.gov/cyber

 

http://ocw.mit.edu/OcwWeb/Electrical-Engineering-and-Computer-Science/6-857Fall2003/RelatedResources/index.htm

 

 

Cyber Security

 

 

 

 

Google

 

COAST

 

CERT

Computer Security Resource Center

 

 

 

 

Cryptography and Steganography

 

  

http://www.cybersecurityhome.com/

 

http://www.cybersecurity.com/

http://www.staysafeonline.org/

 

http://www.google.com/goodtoknow/

 

http://www.cerias.purdue.edu/about/history/coast/

 

http://www.cert.org/

http://www.cert.org/tech_tips/home_networks.html

http://www.us-cert.gov/cas/tips/

 

http://csrc.nist.gov/

 

http://www.microsoft.com/security/default.mspx

http://security.ittoolbox.com/

 

http://www.simonsingh.net/Crypto_Corner.html

http://www.jjtc.com/Steganography/

http://en.wikipedia.org/wiki/Steganography

http://www.garykessler.net/library/steganography.html

http://www.jjtc.com/pub/r2026.pdf  Computer Magazine

http://www.petitcolas.net/fabien/steganography/

http://www.securityfocus.com/infocus/1684

http://www.outguess.org/

http://elonka.com/steganography/  Slide show

http://steganography.tripod.com/stego/software.html

http://www.citi.umich.edu/press.html

 

http://openstego.sourceforge.net/ (on-line tool)

http://www.tech-faq.com/steganography.html

 

http://research.binghamton.edu/faculty/fridrich/fridrich.htm

http://www.wetstonetech.com/f/stego-kessler.pdf  technical

 

http://starbase.trincoll.edu/~crypto/

 

http://cse.stanford.edu/classes/sophomore-college/projects-97/cryptography/history.html

 

http://www.austinlinks.com/Crypto/

 

http://www.math.ucsd.edu/~crypto/internet.html

 

http://www.uni-mannheim.de/studorg/gahg/PGP/cryptolog1.html#Stego

 

Cryptographic Toolkit

 

 

http://csrc.nist.gov/CryptoToolkit/

 

Maple Worksheets for Crytpography

 

http://euler.slu.edu/courseware/CryptoSubmissionSet/Cryptography.html

 

Glossary and Acronym List

 

http://www.garlic.com/~lynn/secgloss.htm

Math Resources

 

http://en.wikibooks.org/wiki/High_School_Mathematics_Extensions/Discrete_Probability

 

Current topics

 

Security of the Internet

 

Cybersecurity

 

Security Incidents

 

Hoaxes

http://www.cert.org/encyc_article/tocencyc.html

 

http://www.insecure.org

 

 

http://blogs.zdnet.com/BTL/?p=2562

 

http://www.cert.org/encyc_article/tocencyc.html#NetSecInc

 

http://www.us-cert.gov/cas/tips/ST04-009.html

http://hoaxbusters.ciac.org/

http://www.truthorfiction.com/

http://www.snopes.com/college/exam/exam.asp

http://www.snopes.com/

 

Historical Questions and Resources

 

Senate Bill

 

Computer Security Act

 

HIPAA

 

Sarbanes-Oxley

http://csc.colstate.edu/summers/e-library/crypto.html

http://www.epic.org/crypto/legislation/s1587.html

 

http://www.net.ohio-state.edu/security/links/csa-1987.html

 

http://www.hipaadvisory.com/

 

http://www.aicpa.org/info/sarbanes_oxley_summary.htm

http://www.sec.gov/divisions/corpfin/faqs/soxact2002.htm

 

Security Organizations

Sans Institute

CERT

 

W3C Security

Cryptogram Assoc.

 

Securityfocus

http://www.sans.org/

http://www.cert.org/

 

http://www.w3.org/Security/

http://www.cryptogram.org/

 

http://www.securityfocus.com/

 

Tools

 

http://www.cryptool.org/en/

http://www.cryptool.org/en/jcryptool

 

Code of Ethics

 

ACM

http://www.acm.org/serving/se/code.htm