COMPSCI 561 System Defense and Test (formerly COMPSCI 590A)
Syllabus
- Credits: 3
- When: February 1 - May 10, 2024. Tuesdays, 5:30-6:45 PM
- Location: In-person (undergrads) or in-person/synchronous remote via Zoom (grad students only) once a week for lecture. Materials are available via Blackboard. Classes will be recorded by Zoom & Echo360. Students must have a high-quality (high speed) connection to the Internet to access virtual machines in the cloud.
Required attendance during scheduled class day/times for class sessions, exams, labs or other class components, per UMass regulations. For more information please see: -
https://www.umass.edu/registrar/students/policies-and-practices/class-absence-policy
- Instructor: Dr. Parviz Kermani
- This class can be applied towards the Information Security Certificate or as an outside elective for the CS MS degree.
UNIV Section 1 Undergrad (Jr. & Sr. CS majors with prerequisites)
UNIV Section 2 (CS and ECE grad students)
UWW Section 1 (MS-CMPSCI students as well as any other grad students with instructor permission.
Prerequisite: Undergraduate students: COMPSCI 360 (or COMPSCI 460 or COMPSCI 660 or COMPSCI 590/597N formerly CICS 597C, INFOSEC 290S), and COMPSCI 453. All prerequisites require a "C" grade or better. A student may also be enrolled with instructor's permission.
No prerequisites for COMPSCI and ECE graduate students; however, knowledge equivalent to the undergraduate pre-requisites listed above is expected of any student graduate enrolled.
All participating students are expected to have a very good and detailed knowledge of computer networking and the TCP/IP protocol stack and some level of knowledge in socket programming.
Other grad students require permission of instructor.
Final Exam & Location: TBD. Please consult SPIRE for any change to the final date/time.
Texts (Principle):
- "Computer & Internet Security: A Hands-on Approach 3rd ed. Edition", Wenliang Du, Independent publisher, ISBN-13: 978-1733003940 (ISBN-10: 1733003940)
Texts (Additional):
- "Penetration Testing- A Hands-On Introduction to Hacking", Georgia Weidman, no starch press, ISBN 978-1-59327-8.
- "Basic Security Testing with Kali Linux 2" by Daniel Dieterle
- "The Shellcoder's Handbook: Discovering and Exploiting Security Holes" 2nd Edition by Chris Anley et al
- "Hacking: The Art of Exploitation", 2nd Edition by Jon Erickson
Course Objectives
* To learn and understand the phases of penetration testing (pentesting).
* To learn the core techniques of penetration testing from an ethical perspective, and to gain hands-on
experience with these techniques.
* To learn and gain hands-on experience with the core defenses against each technique.
* To learn how to apply these skills as a professional in information security.
This course trains students to detect and analyze weaknesses and vulnerabilities in target systems as a method of assessing the security of a system. Such techniques have various names, including penetration testing and ethical hacking. We focus on tools and techniques that an attacker would employ but from the perspective of an ethical system administrator. Broad topics include: tools and techniques for penetration testing and attacks, information gathering, social engineering, and defenses. Specific topics include malware, denial-of-service attacks, man-in-the-middle (MITM) attacks, SQL injection, buffer overflow, session hijacking, and system hacking, network sniffing and scans, wireless encryption weaknesses and other Wi-Fi issues, IDS/Firewall evasion, Metasploit tools, physical security, and setting up honeypots.
Assignments will include practical experience setting up defenses and launching attacks on real systems. The systems will be on a private network -- students in the class cannot attack systems owned by others. The class and its assignments may involve group work. There will also be readings and in-(virtual) class discussions, and written assignments will include creating write-ups of attacks and defenses performed on systems. Students will also participate in a lively class discussion. Students will be asked to express an opinion on many topics and challenge the instructor's views and analyses.
Course Layout
The class is conducted through UMass' Blackboard site. All homework and supporting materials are available on Blackboard as well. There are weekly lecture sessions during which students can participate.
In addition to assignments, there will be a semester-long project, the topic of which should be chosen and selected by student. Depending on the availability of time, students might be required to make a short project presentation at the end of the semester.
We plan to invite guest speakers from practitioners of the field. Participation in these talks, either in person or virtually via Zoom, is mandatory. Students are asked to provide a short report of their understanding of the talk.
Planned Weekly Schedule
Please Note: Content of this course is being redesigned. This section is subject to change.
In this course, students are required to complete number of labs experiments. The labs are in a virtual network environment. Additionally, students are asked to propose and work on a project of their own which they should complete by the end of the semester.
There will be a time-limited lab that students complete as their final exam. It is expected that students take the final exam/lab in a room which we reserve for this purpose. However, if a student, because of logistical reasons, cannot be in the reserved room, we will provide the student means to take the final remotely, at a limited time.
A tentative list of labs is provided below. Please note that this list may change in the course of the class. For each attack or strategy listed below, the corresponding defense will also be covered. Each week's topic and possible assignment follows.
1 Learning the Environment. Windows and Unix systems overview.
Possible assignments: Allocating, installing, and launching virtual machines on a personal system and in a private cloud. Starting, configuring, and stopping services. Installing patches. Recovering from backup. Learning Kali-Linux.
2 Network Reconnaissance. Using search engines and social networking sites, WHOIS and DNS records. Port scans. Network mapping, system identification (Nmap).
Possible assignments: Running network scanners and reconnaissance tools. Using Recon-NG. Using Shodan. Other tools: DMitry, Sparta, Netdiscover, Zenmap.
3 Exploitation. Introducing how powerful tools are used for exploitation, how remote connections are used to an exploited target or trick users into entering their company credentials into fake, cloned website.
Possible assignments: Running Metasploit in a virtual network environment to learn how to use it to exploit other hosts.
4 Finding Vulnerabilities. Using tools to discover various vulnerabilities, such as Vulnerabilities that allow a remote hacker to control or access sensitive data on a system, Misconfiguration, Denials of service against the TCP/IP stack.
Possible assignments: Using Nessus to find vulnerabilities
5 Capturing Traffic. Using tools, to sniff and manipulate traffic to gain useful information from other machines on the local network and remote hosts
Possible assignments: Introduction to Wireshark and its uses, using Wireshark for Capturing & Analyzing Traffic, finding a password, peeking through ARP cache, ARP cache poisoning with Arpspoof.
6 Man-in the middle (MITM) attacks. Using different tools do a MITM attack and reveal encrypted and hidden information of the target, attack an SSL connection.
Possible assignments: Using Ettercap to do a MITM attach and do ARP cache poisoning and reveal SSL connections. SSL stripping by using the SSLstrip tool.
7 Local privilege escalation. Password Security. Testing and rainbow tables. SQL injection. Buffer over- flow.
Possible assignments: SQL injection. Metasploit, PSEXEC, PTH-winex. Linux passwords
8 Network monitoring. Man-in-the-middle attacks. Wi-Fi security and defense.
Possible assignments: Wireshark, Xplico, Metasploit tools, Arpspoof, URLsnarf. SSL Strip.
9 Privilege escalation through network attacks II. Session hijacking. Trojans, backdoors, and rootkits. Administration of privilege via users or roles.
Possible assignments: Windows AV bypass with Veil- Evasion. Keyloggers.
10 File Systems. Samba scanners. File encryption.
Possible assignments: recovering deleted files; recovery of slack data; unauthorized connections to remote file systems; file encryption backdoors.
11 Covering tracks and Miscellaneous topics. Altering log files and histories. Hidden files and kernel modifications. Tor and VPNs. Physical security. Honeypots.
Possible assignments: File metadata re-writing with Metasploit. Lock picking. Setting up a honeypot.
In addition to the weekly lab assignment, there will be a weekly CTF challenge (Catch The Flag) assignment which students are ask to complete.
Semester-long Project
There will be two types of semester-long projects:
- A survey paper, along with a class presentation.
- A CTF creation and its incorporation in the CTFd platform of at CICS swarm cluster
Semester Project: Survey Paper
Students are given a list of topics. A student can choose a topic from this list or she/he can choose a topic of her/his interest, after consulting with me, the instructor.
The student learns about the topic submits a short report in the form of a PowerPoint presentation which the student presents in class (personally or virtually on Zoom). The student can, optionally, prepare an additional MS Word (preferred format; not TeX file please) document along with the PowerPoint presentation.
Semester Project: Creating a CTF challenge
A student choosing this option, develops a CTF of her/his choice. It is preferred that CTF be an original one. However, the student may choose to develop a variation of an already developed CTF. In the latter case, the student receives less credit (please see below, Grading). After developing such a CTF, the student should then incorporate the CTF in the CTFd platform which we have put together on the swarm cluster (swarm is a cluster of computers at CICF). The CTF will then be made available to the class for their education. To this end, the student should observe the following.
- The time to complete development of the CTF is shorter; the development should be completed by the 3rd week of March (please see the timetable below).
- After completion of the CTF, the student works with the staff of the course to incorporate it in the CTFd platform on swarm.
- All CTFs developed by students and successfully incorporated in the CTFd platform on the swarm cluster are then made available to the entire class for 2 weeks.
|
Phase No. |
Task |
Due Date |
|
1 |
CTF development completed |
March 15, 12:00pm |
|
2 |
Incorporate the CTF in the CTFd on swarm; |
April 12, 12:00pm |
|
3 |
ALL developed CTFs are closed to students |
May 3, 12:00pm |
As can be seen, this term project requires more effort and as such there is an extra 1% to 5% bonus credit for those who select this alternative.
Final Exam
There will be a final exam. The final is cumulative; it will cover material presented throughout the semester. The final exam is given in person or synchronized. Students should be present (either online or in person) at the time of the exam, unless they made a prior arrangement with instructor.
Please Note: You cannot pass this class without a passing grade on the final exam, even with full marks otherwise.
Grading:
Your overall grade for the course will be derived from three components. At a high-level grading is based on the following formula:
Criteria Percentage
Assignments 65%
(including class participation)
Semester-long project/CTFs 15%
Final Exam (in-class). 20%
Possible CTF Challenges 10 points
(Bonus)
Bonus, only for those who 1-5 points
create a CTF challenge as the
term project, as discussed above.
Each assignment will have a slightly different number of points. By doing the CTF challenges, you will earn an additional (bonus) 10 points. The 10 points is distributed proportionally (based on the level of difficulty) among the CTFs.
Your score will be the total number of points earned for the five elements above.
Note: The maximum number of points for the course is 100.
Note: Late submissions are NOT accepted.
Numeric/Letter Grading Scale
The following scale will be used to translate between numeric to letter grades for undergrad students.
|
High |
Low |
Letter |
|
100.00 |
93.00 |
A |
|
92.99 |
90.00 |
A- |
|
89.99 |
87.00 |
B+ |
|
86.99 |
83.00 |
B |
|
82.99 |
80.00 |
B- |
|
79.99 |
77.00 |
C+ |
|
76.99 |
73.00 |
C |
|
72.99 |
70.00 |
C- |
|
69.99 |
67.00 |
D+ |
|
66.99 |
60 |
D |
|
59.99 |
0 |
F |
|
High |
Low |
Letter |
|
100.00 |
93.00 |
A |
|
92.99 |
90.00 |
A- |
|
89.99 |
87.00 |
B+ |
|
86.99 |
83.00 |
B |
|
82.99 |
80.00 |
B- |
|
79.99 |
77.00 |
C+ |
|
76.99 |
73.00 |
C |
|
72.99 |
0 |
F |
Please note: One cannot pass this class without a passing grade on the final exam, even with full marks otherwise.
Audio/Video Recording
Lectures will be recorded. This class's lectures will be recorded on Zoom as well as Echo360. When physically present, every effort is made to not capture students' likenesses, as the system is designed to capture the instructor and the front of the classroom, however, students' audio participation might be recorded. These recordings will be made accessible to students enrolled this semester and in subsequent offerings of the class.
Policies
We follow all university adopted policies. Please read the UMass Academic Honest Policy
Inclusive Discussion. In this course, each voice in the classroom has something of value to contribute. Please take care to respect the different experiences, beliefs and values expressed by students and staff involved in this course. I support the commitment of the UMass Amherst College of Information and Computer Sciences to diversity, and welcome individuals of all ages, backgrounds, citizenships, disability, sex, education, ethnicities, family statuses, genders, gender identities, geographical locations, languages, military experience, political views, races, religions, sexual orientations, socioeconomic statuses, and work experiences.
Plagiarism. As a condition of continued enrollment in this course, you agree to submit all assignments to the Turnitin and/or My Drop Box services for textual comparison or originality review for the detection of possible plagiarism. All submitted assignments will be included in the UMass Amherst dedicated databases of assignments at Turnitin and/or My Drop Box. These databases of assignments will be used solely for the purpose of detecting possible plagiarism during the grading process and during this term and in the future. Students who do not submit their papers electronically to the selected service will be required to submit copies of the cover page and first cited page of eachsource listed in the bibliography with the final paper in order to receive a grade on the assignment.
Accommodation Statement. The University of Massachusetts Amherst is committed to providing an equal educational opportunity for all students. If you have a documented physical, psychological, or learning disability on file with Disability Services (DS), you may be eligible for reasonable academic accommodations to help you succeed in this course. If you have a documented disability that requires an accommodation, please notify me within the first two weeks of the semester so that we may make appropriate arrangements.
Academic Honesty Statement. Since the integrity of the academic enterprise of any institution of higher education requires honesty in scholarship and research, academic honesty is required of all students at the University of Massachusetts Amherst. Academic dishonesty is prohibited in all programs of the University. Academic dishonesty includes but is not limited to: cheating, fabrication, plagiarism, and facilitating dishonesty. Appropriate sanctions may be imposed on any student who has committed an act of academic dishonesty. Instructors should take reasonable steps to address academic misconduct. Any person who has reason to believe that a student has committed academic dishonesty should bring such information to the attention of the appropriate course instructor as soon as possible. Instances of academic dishonesty not related to a specific course should be brought to the attention of the appropriate department Head or Chair. Since students are expected to be familiar with this policy and the commonly accepted standards of academic integrity, ignorance of such standards is not normally sufficient evidence of lack of intent.(http://www.umass.edu/dean_students/codeofconduct/acadhonesty/ ).
Code of Conduct/Words of Caution. In this course, students will learn techniques which, if abused, could be potentially dangerous, and more important, illegal! As future experts in the field, students need to know tools that are at the disposal of malicious hackers and how to defend against them, hence the name System Test and Defense. I expect you are enrolled in this class to learn to defend networks from abuse. As you'll learn, it ismuch more challenging to defend networks and systems from attack than it is to attack them.
To allow you to apply the knowledge taught in this class, we have carefully set up a virtual environment for you to use and test attack techniques. Please be aware that use of attack tools in the real world on computers and sites around the Internet is illegal. Attacking computers and devices of friends, family, and colleagues is also illegal. Please be aware of these facts! Abuse of the knowledge in this will not be tolerated.