IEG 7006: System Administration and Network Security (2008)

Information of the course IEG7006
Tutorial and Lab: Every Saturday from 2:00 p.m. to 5:00 p.m. (for 12 weeks)
Venue: Room 1009 and 1007, William M W Wong Engineering Building (ERB), CUHK
Course web page: http://course.ie.cuhk.edu.hk/~ieg7006/
Instructor: Alan S. H. Lam

This course will be graded by

• 12-week assignment (40%)
  Make up assignments are welcome
  The cut-off date of all assignment submission is Dec 15 at 09:00AM.
  After this date, no assignment will be marked.
• Final Exam (60%, open book exam)
  On December 20, 2008 (Sat) 14:00 - 17:00 .
  Please bring your student ID card with you.
• Your NTEC hosts will be close
  at 09:00 AM on Dec 17, 2008 (Wed) for exam preparation

Communication Channels

• For course announcement and discussion
  news://news.erg.cuhk.edu.hk/cuhk.ie.7006
  If you access from non-cuhk host and cannot use VPN, you can access
  • http://course.ie.cuhk.edu.hk/news
• For inquiry
  mailto:ieg7006@ntec.ie.cuhk.edu.hk

Click here for Course Outlines

Please check the Preliminary class list . If you have registered this class but cannot find your name on the list or you are going to add this class, please inform ieg7006@ntec.ie.cuhk.edu.hk of your name.

• Check your admin no. and hosts from Administrator List
• Instruction to login your hosts
• Instruction to configure your ntec host network interface
• Instruction to upload and download files to your ntec host
• Instruction to set Xwin display to your desktop host
• Instruction to access your own ntec hosts by VM remote console
• Communication Channels

• Unix Command Quick references
• Linux Command Quick references comparing with DOS command
• Using Linux
• Linux Administration in brief
• Perl Regular Expression Quick Reference
• CIDR Conversion Table

• 1. DNS Setup
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.

  1.1. Setting up and maintaining your domain and sub domain
  1.2. Setting up Master and Slave DNS server
  1.3. Using domain registration query tools such as nslookup, dig and whois

  First Week FAQ

  First week mark which bases on this check result.
  Full mark is 1.

• 2. Mail Server Setup
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.

  2.1. Configuring the sendmail mc file
  2.2. Setting up mail aliases and virtual mail host
  2.3. Anti-spamming and anti-virus

  Second week mark
  Full mark is 1.

• 3. Building Public Key Infrastructure (PKI)

  
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.

  3.1. PKI model
  3.2. Setting up secure HTTPS web server
  3.3. Operating a Certificate Authority (CA)
  3.4. Client Authentication and Web Access Control
  

  Third Week FAQ

  Third week mark .
  Full mark is 1.

• 4. Network Monitoring and Debugging (part I)
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.

  4.1. Using network trouble shoot tools such as tcpdump, netstat, ping, traceroute
  4.2. Network Traffic Analysis

  Supplement Note

  Netmask bit conversion table
  Subnetting Chart
  Some network IP map examples
  Network protocol review

  assignment examples (I)
  assignment examples (II)
  assignment examples (III)

  Fourth week mark .
  Full mark is 1.

• 5. Network Monitoring and Debugging (part II)
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.

  5.1 Tools for traffic analysis
  5.2 Setting up SNMP service
  5.3 Setting MRTG service

  Fifth week mark .
  Full mark is 1.

• 6. Hacking Techniques (Part I: Trends, Scanning, and Buffer Overflow)
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.

  6.1 The Trends
  6.2 Stealth and decoy port scans
  6.3 Buffer Overflow Examples
  6.4 Examples of local and remote root exploit through buffer overflow

  Lab 6 FAQ
  assignment examples

  Sixth week mark .
  Full mark is 1.

  Some good works in this class

• 7. Hacking Techniques (part II)
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.

  7.1 Examples of remote root exploit through unhandled input (Format String Vulnerabilities)
  7.2 Local root exploit through SUID and Race Condition
  7.3 Examples of CGI exploit, XSS, CSRF, and SQL injection
  7.4 Phishing (Internet Fraud by 'spoofed' e-mails and fraudulent websites)
  7.5 Some real case studies

  Lab 7 FAQ

  Lab 7 demo link

  Seventh week mark
  Full mark is 1.

  ssignment examples (I)
  assignment examples (II)
  assignment examples (III)
  

• 8. Hacking Techniques (part III)
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.

  8.1 Sniffer
  8.2 Man-in-the-middle attack by

  DNS Poisoning
  DNS Hijacking
  ARP Poisoning
  8.3 Pharming
  8.4 WLAN sniffer and WEP cracking
  8.5 Distributed Denial of Service (DDoS) analysis
  8.6 Back door establishment and detection

  Assignment examples (I)
  Assignment examples (II)
  Assignment examples (III)
  

  Eighth week mark
  Full mark is 1.

  Some good work in this class

• 9. Computer Forensics Analysis
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.

  9.1 Basic computer forensics techniques
  9.2 On-line and Off-line inspection

  • Preserving evidences
    (e.g. clone the disk, copying data and dumping the memory content)
  • Collecting network information (e.g. capturing suspected traffic)
  • Examining the log files and data files
  • Malware Analysis. Reverse engineering of suspicious programs/files
  • Recovery and exam of removed files (not from back up tape)
    

  9.3 Forrensics for Windows
  9.4 Rootkit analysis (Trojan horse program)

  Assignment examples
  Assignment examples I
  Assignment examples II
  Assignment examples III

  Nineth week mark
  Full mark is 1.

• 10. Security Audit
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.
  

  10.1 Security Model
  10.2 General steps and procedures to conduct a security audit
  10.3 Using vulnerability scanner (NESSUS)
  10.4 Writing a vulnerability analysis report of a network
  

  Tenth week mark
  Full mark is 1.

• 11. Intrusion Detection System (IDS)
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.
  • Host base and network base IDS
  • Setting up a Network Intrusion Detection System (NIDS,e.g. SNORT)
  • Fine tuning the NIDS (excluding the false alarm)
  • Setting up a IDS console with database and web interface support

  11th week mark
  Full mark is 1.

• 12. Firewall
  Slides in (PPT|PDF)
  PPT is for internal use only. To download PDF, please login CUHK ITSC VPN first.
  
  • Firewall architectures
  • Setting private network with Network Address Translation (NAT)
  • Setting up transparency proxy with NAT and squid
  • Setting up VPN server
  • Fine tuning the firewall rules to suit your access control policy
  • Examining the firewall log
  • Setting up a IDS gateway or Network Intrusion Prevention System (NIPS) by integrating the firewall and NIDS
  • Common Leaks of Firewall

  12th week mark
  Full mark is 1.

• Review (restricted to CUHK host access)
  • Past Exam Papers (restricted to CUHK host access)
  Assignment Mark update

Hacking Demo (restricted to CUHK host access)

Real Cases Studies (some links are restricted to CUHK host access)

• ADM Hacking
• BIND 8.2 NXT BUG Hacking
• DDoS Attack
• Code Red and Nimda Attack
• SSHD hack in
• HoneyNet Project
  • sshd CRC32 Overflow
  • Buffer overflow in openssl
  • WU-FTP RNFR ././ attack
  • execve/ptrace race condition
  • Network flood DOS
  • IRC proxy
  • MP3 streaming server
• MS-SQL Slammer
• MSBLASTE Worm
• W32/Nachi Worm
• W32/SWEN Worm
• Pishing and Malware Webpage Demo page