Advanced Network Security & Forensics (ELEC567)

Instructor

Dr Issa TRAORE, P.Eng.

Office: EOW415


 

Office hours: Monday, Thursday: 10:00-12:00
Email: itraore@ece.uvic.ca
Phone: (250) 721-8697

Students are advised to read the faculty of Engineering document Standards for professional behavior (http://www.engr.uvic.ca/policy/professional-behaviour.html), which contains important information regarding conduct in courses, in labs and in the general use of facilities.

Time/Location:
ECS 130, 8:30-9:50am, Monday, Thursday.

Course Presentation

Course Overview:

Recent years have seen a steady increase in the number of attacks on computer systems and networks. It is essential to understand the nature and modus operandi of these attacks in order to be able to design or select effective countermeasures. The course introduces fundamental concepts and techniques underlying the science and art of computer security. Examples of attack techniques and tools are introduced. Network and web application vulnerability assessment (i.e. penetration testing) techniques are covered. Various countermeasures are presented, with a particular emphasis on network protection technologies such as firewall, intrusion detection systems, virtual private network, and access control policies and mechanisms.

The fundamentals of network forensics and cyber-crime scene investigations and analysis are introduced.

In order to give students hands-on experience, practical assignments are conducted in a security lab environment using a test-bed on which various attack scenarios and countermeasures can be explored.

Since some of the techniques learned in this course could be misused, students will be asked at the beginning of the course to sign a consent form in which they accept not to use any of the techniques learnt malevolently.

Prerequisites:

It is assumed that students have basic knowledge of networking concepts and protocols, notions of operating systems, and basic programming skills in at least one of the following languages-Java, C or C++.

Textbook:

"Computer Network Security: Theory and Practice" by Jie Wang, Springer, 2009.

Syllabus:

The following syllabus is subject to the time available and may change during the term. Some of the topics may not be covered.

 

Unit 1: An Overview of Computer Security  

-         Ethical issues.

-         Introduction of fundamental security principles and concepts.

 

Unit 2: Network Attacks and Penetration Testing

-         Review of attack methods and tools

-         Generic penetration testing methodology

-         Port scanning, denial of service, attack on authentication system, and input validation attacks

-         Web application attacks (e.g. SQL injection, Cross-Site Scripting, Directory traversal) etc.

Unit 3: Malicious Logic 

-         Trojan horses

-         Rootkits

-         Viruses

-         Worms

-         Botnets

Unit 4: Security Policies

-         Notions and examples of security policies and models: Bell-LaPadulla, Biba, Chinese Wall etc.

-         Basic access control model, reference monitor concept, security kernel.

-         Role-based access control model.

Unit 5: Firewall Systems

-         Classes of firewall

-         Firewall configurations and architectures

-         Network Address Translation (NAT)

-         Linux IP Tables

Unit 6: Intrusion Detection Systems (IDS)

-         IDS models, architectures, and tools

-         IDS performances

Unit 7: Network Forensics

-         Digital Crime Scene

-         Forensics Logs

-         Investigation of network hacking incidents

Unit 8: Computer Forensics

-         Investigative Techniques

-         Linux-based Forensics Analysis

-         Windows-based Forensics Analysis

Unit 9: E-mail and Mobile Device Forensics

-         Identifying and converting e-mail evidence

-         E-mail forensics analysis

-         Mobile evidence

-         Extracting and analyzing mobile evidence

Unit 10: Virtual Private Network (VPN)

-         Network Layer Security

-         IPSec protocol

-         VPN Technology

-         Secure Network Architecture

Schedule

The dates given are subject to change, so you are responsible for checking this page regularly.

 

Jan 6-10

Unit 1: An Overview of Computer Security

Jan 13-17, 20-24

Unit 2: Network attacks and Penetration Testing

Jan 27-31

Unit 3: Malicious Logic

Feb 3-7

Unit 4: Security Policies

Feb 10

Family day (statutory holyday)

Feb 10-14

Reading break

Feb. 17-21

Unit 5: Firewall System

Feb. 24-28

Unit 6: Intrusion Detection System

Mar. 3-7

Unit 7: Network Forensics

Mar. 10-14

Unit 8: Computer Forensics

Mar. 17-21

Unit 9: E-mail and Mobile Device Forensic

Mar. 24

Midterm exam

Mar 24-28, Mar. 31- Apr 4

Unit 10: Virtual Private Network

Apr 4

Last day of classes

Evaluation

Activity

Weight

Assignment (due Feb. 3/2014)

10%

Project Part I Network Penetration Testing (due Feb. 24/2014)

25% 

Project Part II Digital Forensics Analysis (due April 3/2014)

25%

Mid-term Exam (March 24/2013)

35%

Attendance and Participation

5%

Course Material

The following course material can be accessed through Moodle.

1. Lecture Notes and Slides

2. Assignment & Project

3. Laboratory Notes

4. Mid-Term Guidelines and Review Questions

5. Final Grades

 

References

1. Basic Networking Concepts

2. "A Security Policy for Clinical Information Systems", Ross J. Anderson, IEEE Symposium on Security and Privacy, 1996.

3. “Hacking Exposed-Computer Forensics: Secrets and Solutions”. Aaron Philipp, David Cowen, Chris Davis. Mc Graw Hill Professionals, ISBN: 0072256753, 2005

4."Hacking Exposed: Network Security Secrets and Solutions", 4th Edition, S. McLure, J. Scambray, G. Kurtz