Module in Information Assurance for
Telecommunications/
Data Communication Course
Cybersecurity
Workshop at
Charles
R. Woratschek (woratschek@rmu.edu) &
Terri L. Lenox (lenoxtl@westminster.edu)
1.0 Introduction.
The general introductory networking course on the
undergraduate level provides the student with an introduction to the theory and
practice of 1) data communications (transmission, media, signal encoding, link
control and multiplexing); 2) communication networks (ATM, LAN); and 3) TCP/IP
protocols.
It is possible to integrate an information assurance module (security) into this course by eliminating one or more of the topics offered in the traditional course.
Why add information assurance to the traditional
telecommunications course?
2.0 Possible Module Topics
The following lists the possible topics for the information assurance module. The information provided in this list was developed by Wayne Summers for the Information Assurance Workshop at IUP (http://csc.ColumbusState.edu/summers). Since this document describes a multi-week module in an existing course, this list must be pruned. See section 8.0 for an estimate of the hours required for each topic.
a. Who.
b. IP addresses
c. Active machines.
d. Open ports or access points.
e. Operating system.
f. Services on each port.
g. Mapping the network.
· E.g., Lc4 (l0phtcrack), NTFS to DOS,
· E.g., PGP (Pretty Good Privacy), S/MIME.
· Intruders & viruses.
o CodeRed, Nimda
o http://www.mcafee.com/anti-virus/default.asp
o http://www.cert.org
· Firewalls.
o E.g., Cyberguard, CheckPoint
· Examine the files for unauthorized activity.
o E.g., TripWire
· Periodically check for Rootkits
o E.g., Carbonite
· E.g., Tripwire, Portblocki.
· Turn off Telnet, gopher, ftp.
· E.g., Kerberos, X.509.
· E.g., ANT Exp, Attacker, klaxon.
3.0 Hands-on Exercises In Class.
Types of exercises will depend partly on whether or not an isolated network is available.
· Try some of the software tools, such as :
o ARIN
o Neotrace, traceroot.
o Ping, Ping Plotter.
o Virus detection software – e.g., CodeRed .
· Ethereal or tcpdump exercise. Watch packets across the network.
· Password cracking exercise? Think carefully about implications & what machines to use.
4.0
Assignments.
Types of assignments will depend partly on whether or not an isolated network is available.
a. Outline components of security policy at your university/college or organization.
· What elements are missing?
· Modify the policy.
·
Write a security policy for
· If you were to require laptop computers for all students, what security issues would arise?
· Using a wireless network?
b. Using Ping or Ping Plotter, find the route from your computer to the following sites. What’s the latency?
·
http://csc.ColumbusState.edu
·
http://www.ed.ac.uk/
c. Build a wireless network antenna from a Pringle’s can.
· Antenna on the Cheap (http://www.oreillynet.com/lpt/wlg/448).
d. Install and run the Attacker software on your computer. Monitor the activities for a 48 hour period. If an off campus IP address appears, try to trace the source using Neotrace and ARIN.
e. Track & decipher e-mail headers to find where an e-mail message originates.
f. Perform an analysis of a network security tool with source code. (http://www.cse.fau.edu/%7edan/COT4930/) Explain its use, give examples, and how it is used for protecting/attacking systems. The goal of this analysis is for us to be able to build a similar tool using the architecture and flow chart that you reverse-engineered. Below is a list of the tools that you can research on.
· Snort (http://www.clark.net/~roesch/security.html)
· Tripwire (http://www.tripwire.com)
· Netcat (http://www.10pht.com/)
· Tcpdump (http://www.tcpdump.org/)
· Nmap (http://ww.insecure.org/nmap)
g. Describe briefly a model for protecting your computer(s) at home.
h. Describe a comprehensive solution for protecting your credit card information transmitted through Internet. What security services need to be provided? What types of cryptographic algorithms that you need to build a solution? (http://www.cse.fau.edu/%7edan/COT4930/)
5.0 Expected Outcomes.
6.0 Issues to be resolved.
7.0 Possible Text Books.
8.0
Topics
and Time Frames
Topics |
Possible
Software |
Est. Hours |
Useful in
Another Course |
Introduction. |
|
1 |
Intro |
Definitions. |
|
|
|
Threats
to computer security. |
|
|
|
Scope
of computer crime. |
|
|
|
Security
policies. |
|
|
|
Risk
assessment. |
|
|
|
Information gathering. |
|
2 |
|
Who. |
Sam Spade, Whois, Nslookup,
ARIN, Neotrace, Traceroute, Ping, Ping War, Ping Plotter |
|
|
Open
ports or access points. |
NetBrute, Nmap, THC-Scan. |
|
|
Operating
system. |
Nmap. |
|
OS |
Services
on each port. |
|
|
|
Mapping
the network. |
Traceroute, Visual ping,
Cheops, WhatsUp. |
|
|
Spoofing. |
|
.5 |
|
Session hijacking. |
Nmap, packet sniffer
software, Juggernaut, Hunt, TTY Watcher, IP Watcher. |
1 |
|
Denial of service. |
|
1 |
|
Buffer overflows. |
|
.5 |
Intro programming |
Password. |
Lc4 (l0phtcrack), NTFS to
DOS. |
1 |
|
Viruses, worms, Trojan
horses, and logic/time bombs |
CodeRed, Norton, McAfee. |
1 |
|
Hackers. |
|
.5 |
|
Security solutions. |
|
4 |
System |
System
Security. |
PGP (Pretty Good Privacy),
S/MIME. |
|
Tele |
Encryption. |
|
|
Tele., Programming |
Access
control. . |
Tripwire, Portblocki. |
|
Tele |
Automatic
call back. |
|
|
Tele |
Node
authorization. |
Kerberos, X.509. |
|
|
Differentiated
access rights. |
|
|
|
User
authentication. |
|
|
|
Passwords
& passphrases |
|
|
Programming |
Challenge-response
systems. |
|
|
|
Token
or smart cards. |
|
|
Tele |
Exchange
of secret protocol. |
|
|
|
Biometrics. |
|
|
|
Warning
systems. |
ANT Exp, Attacker. |
|
|
Disaster
planning. |
|
|
System |
Common criteria from NIST. |
|
2 |
System |
Database security &
privacy issues. |
|
|
Database |
Ethics & privacy
issues. |
|
1 |
Intro |
|
|
15 hours. |
|