Computer Networks and Security 2019/2020 - Course Details and Study Guide (00) Dr. Tanir Ozcelebi, Dr. Jerry den Hartog
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Computer Networks and Security - 2019/2020 Course Details and Study Guide (00) Dr. Tanir Ozcelebi, Dr. Jerry den Hartog TU/e Computer Science Security and Embedded Networked Systems
2IC60 • Staff • Dr. Tanir Ozcelebi - tel: 0 40 247 4426 - t.ozcelebi @tue.nl • Dr. Jerry den Hartog - tel: 0 40 247 2800 - j.d.hartog @tue.nl • Daan Leermakers - d.leermakers.1 @tue.nl • Sowmya Ravidas - s.ravidas @tue.nl • Stanley Clark - s.clark @tue.nl • plus some student assistants… • Course communication (web) • We will use Canvas for news and announcements. • You have a question that is not of personal nature? Use Canvas Discussion for asking it so that others can benefit from the answer. April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 2 Security and Embedded Networked Systems (SENS)
Pre-knowledge • 2IC30 - Computer Systems (recommended) • Basic knowledge of computer network (and Internet) building blocks • as treated by Sections 1.1, 1.2, 1.3 and 1.5 of ‘Computer Networking, A Top-Down Approach,’ by James F. Kurose and Keith W. Ross. Topics: What is a network? What is the Internet? What is a protocol? Physical media. Packet switching vs circuit switching. Protocol layers. • reading and understanding suffices. • Basic Java programming skills are needed for the lab sessions. April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 3 Security and Embedded Networked Systems (SENS)
Learning goals • Organization of computer networks. • Internet structure and solutions to standard problems. • Analysis of simple protocols − correctness, performance, reliability and security. • Security requirements of networking scenarios • Corresponding security technologies and their use • Ability to study literature and provide critical evaluation in writing. − professional skills component April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 4 Security and Embedded Networked Systems (SENS)
Forms of education • Lectures (digital) • Recordings of last year’s lectures linked in “Canvas under Schedule”. • Instructions / labs (digital) • We will do interactive sessions via Canvas Conferences and help you via Canvas Discussion forums. • Labs (digital) • We will do interactive session via Canvas Conferences. • Help you via Canvas Discussion forums. April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 5 Security and Embedded Networked Systems (SENS)
Organization • Lectures, instructions, labs • What you will do: • Do the weekly homework assignments • Do the essay assignment (professional skills) • Study for the final exam − (doing the lab exercises is part of this) April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 6 Security and Embedded Networked Systems (SENS)
Lectures • Load: ~ 4 hours / week • Video recordings of last year plus this lecture (also recorded). • Reading material available on Canvas (syllabus): • Lecture slides (all of them are already there in Canvas) • Lecture notes − Our version. − You may still want to take your own notes just for the exercise. − Writing helps you to learn! • Additional references to “required reading” in lecture notes. April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 7 Security and Embedded Networked Systems (SENS)
Video recordings of lectures • Last year this course was streamed live to the videocollege.tue.nl website. These video recordings are still there and will replace regular lectures due to coronavirus measures. • Video recordings are available for you to access at any time • Note that sometimes (not often) there may be remarks in the old videos that are relevant in the context of last year’s course instance. We will try to catch these and maintain a log of corrections (a dedicated page on Canvas). Ask in the Canvas Discussion forum when you are in doubt. • The schedule on Canvas gives a timeline of which lecture is relevant when. It also provides direct links to the lecture recordings. April 17, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 8 Security and Embedded Networked Systems (SENS)
Instruction / lab sessions • Check the schedule on Canvas for instruction / lab times. We will use Canvas Conferences for this purpose. • Instructors are there to explain lab exercises and help you with theory and lab related questions. • Raise hand for asking questions to instructors via a public or private message: “I have a question”. • Instructor shall confirm and either take you to a digital breakout room or answer the question for the entire group depending on the need. April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 9 Security and Embedded Networked Systems (SENS)
Lab exercises • You get some hands-on practical experience. • You need to prepare beforehand. • Follow guidelines on Canvas. • You are responsible for the things that you learn in these sessions. • You get one or more questions about this in the exam. April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 10 Security and Embedded Networked Systems (SENS)
Software for the labs • Wireshark • Network troubleshooter & analyzer • The capture driver needs root/admin permission • Preinstalled virtual machine (pwd: secnet) • Optional for first labs, required for later labs • See link on Canvas, Open Virtualization Format • run with virtual box (https://www.virtualbox.org/) − or your favorite VM software supporting the format. Tanir Ozcelebi, Jerry den Hartog Security and Embedded Networked Systems (SENS)
Content of the Labs • Preparation • install Wireshark, Virtualbox, download virtual machine. • Lab 1: Setup and Exploration • examine traffic between your Web browser ßà Web server. • Tools: Wireshark, your favorite Web browser • Lab 2: Wireshark - Exploring TCP/UDP • analyze TCP and its main mechanisms • capture and investigate UDP (for example, for name resolution or for a multimedia application such as Skype). • Tools: Wireshark, your favorite Web browser Tanir Ozcelebi, Jerry den Hartog Security and Embedded Networked Systems (SENS)
Content of the Labs (continued) • Lab 3: Java Socket Programming • Develop multithreaded Web server capable of serving multiple HTTP requests in parallel. • Tools: Java IDE (Eclipse, Netbeans etc), Web browser • Lab 4: Network forensics • analyze PCAP files containing recorded attacks over TCP and some application protocols. • Tools: Wireshark, tshark, your favorite search engine Tanir Ozcelebi, Jerry den Hartog Security and Embedded Networked Systems (SENS)
Content of the Labs (continued) • Lab 5: Web Security • Attacks against a locally hosted intentionally vulnerable web server (WebGoat), e.g. sniffing, parameter tampering, SQL injection, XSS, session forgery. • Tools used: WebGoat, Tamper Data, Firefox/Iceweasel • Lab 6: Public Key Encryption & Web of Trust • Build a `web of trust’; create your own (OpenPGP) public private key pair, share them with your peers, use them. • Tools used: GnuPG, your favorite FTP tool Tanir Ozcelebi, Jerry den Hartog Security and Embedded Networked Systems (SENS)
Homework assignments • 2 pts out of 10: You get 2 points out of 10 for “a serious attempt” to answer ALL questions. • 8 pts out of 10: A selection of 2 exercises in each homework set will be graded in detail. Example: Given exercises : 1, 2, 3, 4, 5, 6, 7, 8 Graded exercises : 2, 5 • We won't tell in advance which exercises will be graded. • We will discard your worst assignment (out of 6) in computing your average. April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 15 Security and Embedded Networked Systems (SENS)
Homework announcements, deadlines and submissions • HWs and deadlines are announced in Canvas. • Submissions are electronic (PDF) via Canvas. • You may, for example, • do your homework in any electronic editor and save/print to PDF. OR • scan your homework to PDF. − If you don’t have access to a scanner: Several free apps for iPhone and Android are available. Check app stores. Example: “Notes” app in iPhone. • make sure your scans are of GOOD QUALITY. April 17, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 16 Security and Embedded Networked Systems (SENS)
Homework submission • GOOD QUALITY means • Taken from a good angle. Nice resolution. Good light. Clearly readable. • Ask for help during instruction if you do not know how to • Scan to PDF, print to PDF, save as PDF… The The The GOOD BAD UGLY April 17, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 17 Security and Embedded Networked Systems (SENS)
The essay (professional skills) • Written based on a research paper studied. • in groups of 3 − You can form/join a group in Canvas now under People/Groups. • papers to study will be posted on Canvas • Peer assessment to identify free-riders: not everyone in a group gets the same grade. • Students must submit a peer assessment form (confidentially, separately to CANVAS). Answer ALL of the following: • How did you perform? • How did partner 1 perform? • How did partner 2 perform? April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 18 Security and Embedded Networked Systems (SENS)
Grading of the essay • There can be a maximum of 3 points (out of 10) difference between any two group members based on the peer review (i.e. unless free-riding is detected). • Examples: Consider an essay that deserves a score of 8 overall. • These examples do not cover the entire set of possible situations/scenarios, but are there to give the idea. Examples Student1 Student2 Student3 Scores 1 did significantly did less than others, but is not a did his/her share decently S1: 9.5 more/better free-rider either. S2: 6.5 S3: 8 2 did his/her share did his/her share did his/her share S1: 8 S2: 8 S3: 8 3 had to do more than contributed upon request, did not contributed upon request, did S1: 10 others and pull the take initiative. Was active but let not take initiative. Was active S2: 7 execution S1 do more work. but let S1 do more work S3: 7 April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 19 Security and Embedded Networked Systems (SENS)
Essay submission deadlines (Canvas info is leading over this) • Groups must be determined by: May 13, 23:59hr (submission by up to 3 students via CANVAS) • Essay submission deadline: June 12, 23:59hr (submission by the group of 3 students via CANVAS) • Peer assessment deadline: June 15, 23:59hr (individually submitted via CANVAS) • Confidential = Do not share your peer assessment with ANYONE, especially with essay partners. • Not submitting the assessment form equals not submitting the essay. − In CANVAS this is the assignment that gets graded. April 17, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 20 Security and Embedded Networked Systems (SENS)
Assessment is through… • Final exam à 40% (minimum requirement: 5.0) (possibly digital, proctored) • Homework assignments à 30% • I already did this last year. Do I have to do it again? − Yes (bachelor school rules). However, you can resubmit your work from last year (indicate that you do so, as well as the score that you got last time). − (Note that this leads over what is said in the video recording of last year’s lecture.) • Essay à 30% • Written in groups of 3: − Peer assessment survey to differentiate. − Identified free-riders will get zero. • I already did this last year. Do I have to do it again? − Yes (bachelor school rules). However, you can resubmit your work from last year (indicate that you do so, as well as the score that you got last time). − (Note that this leads over what is said in the video recording of last year’s lecture.) April 17, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 21 Security and Embedded Networked Systems (SENS)
Studying for this course 1. Study the lecture slides, lecture notes and required reading referenced inside lecture notes • Sometimes the slide sets have hidden slides that contain examples etc. (not shown in the classroom due to lack of time). • Download pdf slide sets provided on Canvas. 1. Do the lab assignments – not graded. • Exam question regarding labs. 1. Do the homework assignments – graded. 2. Do the essay - graded. April 18, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 22 Security and Embedded Networked Systems (SENS)
Weekly online surveys • Give us feedback, weekly (optional). • Find the links in Canvas (schedule) April 17, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 23 Security and Embedded Networked Systems (SENS)
Important rule Fraud is strictly forbidden. • See TU/e code of scientific conduct for reference. • Examples of fraud: − Copying from your peers, others, the Internet etc. − pieces of text, images, code, solutions etc. − Allowing your peers to copy from you, sharing your work publicly or privately. − keep your work private: e.g. an Internet search should not point to your solution. − etc. • Incidents caught will be handed off to the examination committee at once. April 17, 2020 Tanir Ozcelebi, Jerry den Hartog Slide 24 Security and Embedded Networked Systems (SENS)
You can also read