You are on page 1of 9

CNS 389 - Cyber Defense Exercises and Attack Responses

Course Overview

This is a hands on, laboratory based applied security course in which students will work
in teams, defend against cyber attacks, and implement services in a hostile cyber
environment. Most activities will be derived from Cyber Defense and Cyber league
competitions and will prepare students to participate and excel in these competitions.
This course is open to all students, including inexperienced ones in Cyber Defense
competitions. Repeat enrollment is encouraged.

Notice: This syllabus is fluid and WILL change. All changes will be announced.

Mandatory Registration to National Cyber League

As part of this course, all students (except for unusual circumstances approved by the
instructor) will be required to register and participate in the Fall season of the National
Cyber League competition.

http://www.nationalcyberleague.org/index.shtml
http://www.nationalcyberleague.org/schedule.shtml

Registration is now open and the sooner you register, the sooner you can start getting
used to the environment.

http://www.nationalcyberleague.org/registration.shtml

You will be required to participate in the pre-season as well as the 2 live regular season
games on 10/31 and 11/14

Use J.P. Labruyère as your coach for NCL:


J P Labruyère
jpl@cdm.depaul.edu
Tel: 312-362-5550

Some of you may fall into the "unusual circumstance" and may not be able to participate
or qualify to participate in the NCL. If this is the case, please contact me and I will
discuss with you alternate assignments.

Textbooks and Printed Resources - All optional

The Web Application Hacker's Handbook 2nd edition - Dafydd Stuttard - Marcus Pinto

ModSecurity Handbook: The Complete Guide to the Popular Open Source Web
Application Firewall - Ivan Ristic
Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort – M.
Rash
Grading

Each class missed beyond the first will lead to -10% on the final grade

Tentative grading scheme:

● National Cyber league participation and ranking: 30% (plus possible extra 30%)
Students will receive 30% credit based on participation in the pre-season and 2
regular season games. Additional (extra credit) % points will be granted based on
the student performance and ranking during that competition.

● Individual homework: 30%

● Team injects and reports: 20%

● Team lab exercises and in class CTF/CCDC competition simulation: 15%

● Individual Checklists: 5%

Optional grading items:

● Post season (team) NCL participation and ranking (optional): 10 -30%


Students will receive 10% extra credit based on participation in the post-season.
Additional (extra credit) % points will be granted based on the student/team
performance and ranking during that competition.

● Short individual student presentation: 10%


The "short" presentation is on a topic chosen by the student and approved by the
instructor that will be 15-30 minutes long. It could be:
▪ Presentation of an application/service and its hardening
▪ Presentation of a defensive tool and its usage
▪ Presentation of an offensive tool and its usage

● Long individual student presentation: up to 30%


The "long" presentation is on a topic chosen by the student and approved by the
instructor that will be over 60 minutes long. It could be:
▪ Presentation of an operating system and its hardening
▪ Presentation of a complex service and its hardening
▪ Any large presentation on an appropriate subject

Note: It is encouraged that all presentation (short and long) have a demonstration/lab
component to illustrate the subject presented.

● Final exam (if necessary): 20%


Grading Scale: (This may change to your advantage later)

A 93-100%
A- 90 – 92%
B+ 87-89%
B 84-86%
B- 80-83%
C+ 77-79%
C 74-76%
C- 70-73%
D+ 67-69%
D 61-66%
F £ 60%

IMPORTANT:

Grading for group activities will be group-


based but an individual grade adjustment
coefficient (0.7-1.3) will be applied based on
peer assessment and instructor’s observations.

Students Roles

Student will work in groups of up to 8 students.


Tentative Schedule

Week 1: Course Overview and Organization/Basic Networking/Windows Intro

Intro to Cyber Defense Course and Format.

Class Intros

Review final project.

Introduce Checklists.

Networking Intro – Follow the Packet


IP/TCP/UDP Headers -
NAT
ARP
Various Protocols (DNS, NTP, SSL, SMTP, POP3, IMAP, FTP, etc)
Basic Troubleshooting

Windows Intro

Week 2: Windows Administration

Assignment of teams.

Team discussion and possible assignment of roles. (Roles may change, need redundancy
also)

Server Administration
Active Directory
DNS
DFS
SMB
IIS
FTP
Password Hashes
SID/GID
Powershell
VBS
Logs

Suggested Reading: Linux Firewalls Chapters 1 (9-12, 20-32) 2,3,4

Week 3: Intro to Linux

Mandatory Reading:
Introduction to Linux:
http://linuxcommand.org/lc3_learning_the_shell.php (Chapters 1 - 10)
Optional Reading:
CentOS Project: http://www.centos.org/about/
FHS in CentOS:
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-filesystem-fhs.html

Resources:
FreeBSD Emulator: http://cb.vu/
Linux Emulator: http://bellard.org/jslinux/
Commands: http://cb.vu/unixtoolbox.xhtml

Topics in class:
Linux Filesystem
CLI Basics
File Manipulation
Permissions
Networking
Advanced IPtables
Package Management System
Challenges

Week 4: Linux Administration

Resources:
CentOS HowTos: http://wiki.centos.org/HowTos

Topics in class:
Linux Security
Source Code
Apache
PHP
MySQL
SSH

Extra Challenges

Week 5: Attack Tools

Mandatory Reading: Find vulnerabilities for your network.

Exploit Research
exploit-db
cvedetails
osvdb
nvd
bugtraq

Mitigation Tech
Persistence
Windows persistence points
Linux persistence points
0-days
Custom Exploits

Week 6: Network Defense

DNS
Bro IDS
Wireshark, tcpdump

Week 7: Incident Response

Mandatory Reading: https://help.ubuntu.com/community/LinuxLogFiles

Resources:
https://www.splunk.com/web_assets/v5/book/Exploring_Splunk.pdf
http://www.sans.org/reading-room/whitepapers/detection/practical-ossec-33699

Incident Response
What to monitor - logs, network, file integrity
How to determine if a breach has happened
OSSEC/SPLUNK/Tripwire
Securing Your System
Real Life / vs competitions

Week 8: Web App Security I

Suggested Reading: Web Application Hackers Handbook Chapters 1 – 3


Mandatory Reading: OWASP Top 10

Authentication
Session management
access control
HTTP Methods
TLS & SSL
Proxy
Cookies
OWASP Top 10

Week 9: Web App Security Part II

Suggested Reading: Web Application Hackers Handbook Chapter 9

Database Review
Code Review
Server & Client side vulnerabilities
Week 10: Final Lab

Week 11: Final exam (if necessary) or Mandatory Final Lab review

Changes to Syllabus

This syllabus is subject to change as necessary during the quarter. If a change occurs, it
will be thoroughly addressed during class, posted under Announcements in D2L and sent
via email.
Depaul Policies

Online Course Evaluations

Evaluations are a way for students to provide valuable feedback regarding their instructor
and the course. Detailed feedback will enable the instructor to continuously tailor
teaching methods and course content to meet the learning goals of the course and the
academic needs of the students. They are a requirement of the course and are key to
continue to provide you with the highest quality of teaching. The evaluations are
anonymous; the instructor and administration do not track who entered what responses. A
program is used to check if the student completed the evaluations, but the evaluation is
completely separate from the student’s identity. Since 100% participation is our goal,
students are sent periodic reminders over three weeks. Students do not receive reminders
once they complete the evaluation. Students complete the evaluation online
in CampusConnect.

Academic Integrity and Plagiarism

This course will be subject to the university's academic integrity policy. More
information can be found at http://academicintegrity.depaul.edu/. If you have any
questions be sure to consult with your professor.

Academic Policies

All students are required to manage their class schedules each term in accordance with
the deadlines for enrolling and withdrawing as indicated in the University Academic
Calendar. Information on enrollment, withdrawal, grading and incompletes can be found
at: cdm.depaul.edu/enrollment.

Students with Disabilities

Students who feel they may need an accommodation based on the impact of a disability
should contact the instructor privately to discuss their specific needs. All discussions will
remain confidential.
To ensure that you receive the most appropriate accommodation based on your needs,
contact the instructor as early as possible in the quarter (preferably within the first week
of class), and make sure that you have contacted the Center for Students with Disabilities
(CSD) at: csd@depaul.edu.

Lewis Center 1420, 25 East Jackson Blvd.


Phone number: (312)362-8002
Fax: (312)362-6544
TTY: (773)325.7296

You might also like