University of Cincinnati Logo

20-CS-5155 - Cyber Defense Overview
Electrical Engineering and Computer Science

Lecture Material and Notes Week
    Network architecture models/diagrams
Conceptual "attack landscape"
    Network Architecture and Topology (CK Slides) 27 Aug
Network Basics (wireshark, packets, etc.) 27 Aug
   WireShark 27 Aug
   Network Architecture and Topology 27 Aug
DMZ architecture (CK Slides) 27 Aug
   DMZ architecture 27 Aug
Hosted virtual machine architecture (CK Slides) 27 Aug
   Virtualizing I/O Devices on VMware Workstation's HVMM 27 Aug
Tools for Network Analysis
Nessus vulnerability scanner 27 Aug
Kali Linux 27 Aug
Security Onion 27 Aug
Lecture and demonstration by Doug Flick 27 Aug
Network traffic encryption and authentication
Secret-key and Public-key operation 10 Sep
Modular arithmetic 10 Sep
Generators 10 Sep
Merkel-Hellman encryption 10 Sep
Merkle-Hellman demo 10 Sep
Diffie-Hellman key exchange 10 Sep
Karn+Diffie-Hellman 10 Sep
Modular Inverse 10 Sep
Chinese Remainder Theorem 10 Sep
Fermat's Little Theorem 10 Sep
Roots Modulo N 10 Sep
Square Roots Modulo N 10 Sep
Prime Testing and Generation 10 Sep
RSA 10 Sep
AES 128 10 Sep
Transmission in blocks 10 Sep
Authentication handshakes and pitfalls 10 Sep
Kerberos 10 Sep
Authentication Mechanisms    
Elliptic Curve Crypto 17 Sep
Password authentication, KDCs and CAs 17 Sep
Public Key Infrastructure 17 Sep
Authentication and federated identity 17 Sep
Cyber kill chain attack model
Cyber attack landscape 17 Sep
  Mandiant: Anatomy of an Attack 17 Sep
Cyber kill chain (LMCO) 17 Sep
  Alignment to cyber kill chain 17 Sep
  Intel-Driven Defense (LMCO) [pdf] 17 Sep
  Cyber kill chain (Nige Security Blog) 17 Sep
  Practicality 17 Sep
Passive network security monitoring systems
Logging systems 24 Sep
Network Security Monitoring 24 Sep
Bro network security monitor 24 Sep
Bro exercises 24 Sep
Bro log file identifiers 24 Sep
Packet capture systems 24 Sep
Secure store-and-forward 24 Sep
Securing out-of-band architectures 24 Sep
Secure in-band wireless pairing 24 Sep
In-band vs. out-of-band solutions 24 Sep
Network Security Monitoring (CK Slides) 1 Oct
Security Onion Introduction 1 Oct
Security Onion VirtualBox Install 1 Oct
Active network security monitoring systems
Active Defense (CK Slides) 1 Oct
Firewall basics 1 Oct
IPTables configuration for Linux 1 Oct
IPTables rules to block common attacks 1 Oct
Securing Cisco routers 1 Oct
Firewalls, iptables (JF Slides) 8 Oct
iptables and DDoS? (JF Slides) 8 Oct
Proxy servers, vpn, configuration pitfalls (JF Slides) 8 Oct
Proxy servers for privacy and security 8 Oct
Securing email servers 8 Oct
Incident response organization and process
Computer Security Incident Response Teams (JF Slides) 15 Oct +
Organization and Process 15 Oct +
Handbook for Computer Security Incident Response Teams 15 Oct +
Organizational Models 15 Oct +
How to create a CSIRT 15 Oct +
NIST Computer Security Incident Handling Guide 15 Oct +
Implementing a CSIRT in limited resource organizations 15 Oct +
Incident Handler's Handbook 15 Oct +
Best practices for victim response and reporting of cyber incidents 15 Oct +
SANS Computer Incident Response Team 15 Oct +
Immediate power down may cause problems 15 Oct +
Example attack patterns
Example security incidents 22 Oct
Introduction to attack patterns 22 Oct
Attack patterns 22 Oct
Five most common sttack patterns of 2014 22 Oct
Attack patterns as a software assurance knowledge resource 22 Oct
SANS attack prevention 22 Oct
Attack vectors
OWASP Top 10 Attack Vectors for 2013 22 Oct
SQL-injection, watering hole, spear phishing (JF Slides) 22 Oct
SQL-injection 22 Oct
watering hole attacks 22 Oct
spear phishing 22 Oct
Internet-facing server considerations 22 Oct
Common Stealth Attacks 22 Oct
Tool and attack examples 22 Oct
Configuring apps and systems for defense 22 Oct
Container model of file structure
PDF vulnerabilities, Vtable exploits, Use-After-Free, REMnux (JF Slides) 29 Oct
pefile module for Python, to analyze Windows EXE/DLL files 29 Oct, by Didier Stevens 29 Oct against PDF CVE-2013-2729 vulnerability, by "" 29 Oct, by John Davison (unixfreak0037) 29 Oct
Analysis of CVE-2012-0158 exploit, RTF encoded OLE 29 Oct
Organizing a Security Operations Center
Security Operations Center (SOC) 29 Oct
McAfee: Creating & Maintaining a SOC 29 Oct
Defense in Depth
Intro to Defense in Depth (JF Slides) 5 Nov
Example IA security policies 5 Nov
Example IA security procedures 5 Nov
National Information Assurance Partnership (NIAP) 5 Nov
Information Assurance Directorate (IAD - need account) 5 Nov
Federal Interagency Security Committee (FISC) risk management process 5 Nov
Types of attacks 5 Nov
The Common Criteria
Intro to the Common Criteria (JF Slides) 5 Nov
The Common Criteria 5 Nov
The Common Criteria Introduction and General Model 5 Nov
The Common Criteria Security Functional Components 5 Nov
The Common Criteria Security Assurance Components 5 Nov
Microsoft Windows Security Target 5 Nov
US DoD firewall Protection Profile 5 Nov
SANS Institute Common Criteria Protection Profiles 5 Nov
Information sharing
Resources - Nov +
  Glossary - Nov +
Competitions - Nov +
  Capture the Flag Competitions - Nov +
  List of CTF opportunities - Nov +
  Cyber Defense Exercise (CDX) - Nov +
  National CCDC - Nov +
Conferences - Nov +
  RSA Conference - Nov +
  Black Hat - Nov +
  Black Hat YouTube Channel - Nov +
  DEF CON - Nov +
  DEF CON CTF - Nov +
  What is a CTF? - Nov +
Blogs/Periodicals - Nov +
  Schneier Blog - Nov +
  Matt Blaze - Nov +
  The CyberWire - Nov +
  The CyberWire Dispatch - Nov +
Professional Societies - Nov +
  IEEE Cyber Security - Nov +
  IEEE Center for Secure Design - Nov +
  IEEE Cipher News Letter - Nov +
  Usenix (orig: Unix Users Group) - Nov +
Cyber Security Databases 6 Nov +
  Mitre Corporation - Nov +
  CMU Software Engineering Institute, Computer Emergency Response Team - Nov +
  National Vulnerability Database - Nov +
  Veris Database - Nov +
  Application Security Failures - Nov +
  Indicator Feed & Database: (searchable) - Nov +
  Feed & Tools: Collective Intelligence Framework - Nov +
  Artifact Database: (searchable) - Nov +
Private Companies - Nov +
  Kaspersky Lab - Nov +
  SANS Institute - Nov +
  FireEye - Nov +
  CrowdStrike Technical Analysis: Putter Panda Group - Nov +
  Rapid7: Metasploit - Nov +
Communities - Nov +
  Open Web Application Security Project (OWASP) - Nov +
  OWASP Top 10 - Nov +
  Community: National Council of ISACs (industry-focused information sharing) - Nov +
  Tools for finding malware in files - Nov +
  Community: DeepEnd Research (& Yara Exchange) - Nov +
  example yara rules - Nov +
Reverse Engineering
Analyze software from captured laptop - Nov
Determine IED IP address from captured traffic - Nov
Decrypt key file to disarm IED - Nov
Generate one time key code - Nov
Use the one time key codes to disarm IEDs - Nov
Analyze code that overwrites the return address on the stack - Nov
Remove malware from malicious binary - Nov
Basic malware analysis
Malware analysis (JF slides) - Nov
Malware analysis guide - Nov
Introduction to malware analysis - Nov
Hashing algorithms to identify malware - Nov
Entropy algorithms to identify malware - Nov
Identifying malware and shellcode in apps
Obfuscation methods - Nov
Tools to detect tampering - Nov
Instructions for environment setup - Nov +
Guide for securing Oracle Linux - Nov +
Guide for hardening Ubuntu Linux - Nov +
Ubuntu Security Notices - Nov +
Impact of virtualization
The cloud, virtualization, and security - Nov
Secure virtualization for cloud computing - Nov
Event knowledge management
cyber intelligence storage, collection, retrieval
CRITs intelligence database - Nov
Will provide VM with CRITs - Nov
Tie historical data to emerging attacks - Nov
Important use-cases for knowledge management - Nov
Public and private communities - Nov
Evaluating solutions and services
Communities - OWASP, ISSA - Nov
Communities - Common Criteria - Nov
Aligning solutions against kill chain detectability - Nov
Resource Access Control
Introduction - Nov
Virtual Private Network (VPN) - Nov
VPN explained 'in plain English' - thanks Linda Garth - Nov
Digital Rights Management - Nov
Integration of detection, defense, KM tools
Discussion - Nov
+ Class is held only on Wednesday of this week.
Paul Erdos
Ladies on Campus
Oscar Robinson