University of Cincinnati Logo

20-CS-5155 - Cyber Defense Overview
Electrical Engineering and Computer Science

Lecture Material and Notes Week
    Network architecture models/diagrams
Conceptual "attack landscape"
    Network Architecture and Topology (CK Slides) 21 Aug
Network Basics (wireshark, packets, etc.) 21 Aug
   WireShark 21 Aug
   Network Architecture and Topology 21 Aug
DMZ architecture (CK Slides) 21 Aug
   DMZ architecture 21 Aug
Hosted virtual machine architecture (CK Slides) 21 Aug
   Virtualizing I/O Devices on VMware Workstation's HVMM 21 Aug
Tools for Network Analysis
Lecture and demonstration by Doug Flick 30 Aug
Network traffic encryption and authentication
Secret-key and Public-key operation 4 Sep
Modular arithmetic 4 Sep
Generators 4 Sep
Merkel-Hellman encryption 4 Sep
Merkle-Hellman demo 4 Sep
Diffie-Hellman key exchange 4 Sep
Karn, Diffie-Hellman applet 4 Sep
RSA 4 Sep
AES 128 4 Sep
Transmission in blocks 4 Sep
Authentication handshakes and pitfalls 4 Sep
Kerberos 4 Sep
Authentication Mechanisms    
Elliptic Curve Crypto 11 Sep
Password authentication, KDCs and CAs 11 Sep
Public Key Infrastructure 11 Sep
Authentication and federated identity 11 Sep
Cyber kill chain attack model
Cyber attack landscape 11 Sep
  Mandiant: Anatomy of an Attack 11 Sep
Cyber kill chain (LMCO) 11 Sep
  Alignment to cyber kill chain 11 Sep
  Intel-Driven Defense (LMCO) [pdf] 11 Sep
  Cyber kill chain (Nige Security Blog) 11 Sep
  Practicality 11 Sep
Passive network security monitoring systems
Logging systems 18 Sep
Network Security Monitoring 18 Sep
Bro network security monitor 18 Sep
Bro exercises 18 Sep
Bro log file identifiers 18 Sep
Packet capture systems 18 Sep
Secure store-and-forward 18 Sep
Securing out-of-band architectures 18 Sep
Secure in-band wireless pairing 18 Sep
In-band vs. out-of-band solutions 18 Sep
Network Security Monitoring (CK Slides) 25 Sep
Security Onion Introduction 25 Sep
Security Onion VirtualBox Install 25 Sep
Active network security monitoring systems
Active Defense (CK Slides) 25 Sep
Firewall basics 25 Sep
IPTables configuration for Linux 25 Sep
IPTables rules to block common attacks 25 Sep
Securing Cisco routers 25 Sep
Firewalls, iptables (JF Slides) 2 Oct
iptables and DDoS? (JF Slides) 2 Oct
Proxy servers, vpn, configuration pitfalls (JF Slides) 2 Oct
Proxy servers for privacy and security 2 Oct
Securing email servers 2 Oct
Incident response organization and process
Computer Security Incident Response Teams (JF Slides) 9 Oct +
Organization and Process 9 Oct +
Handbook for Computer Security Incident Response Teams 9 Oct +
Organizational Models 9 Oct +
How to create a CSIRT 9 Oct +
NIST Computer Security Incident Handling Guide 9 Oct +
Implementing a CSIRT in limited resource organizations 9 Oct +
Incident Handler's Handbook 9 Oct +
Best practices for victim response and reporting of cyber incidents 9 Oct +
SANS Computer Incident Response Team 9 Oct +
Immediate power down may cause problems 9 Oct +
Example attack patterns
Example security incidents 16 Oct
Introduction to attack patterns 16 Oct
Attack patterns 16 Oct
Five most common sttack patterns of 2014 16 Oct
Attack patterns as a software assurance knowledge resource 16 Oct
SANS attack prevention 16 Oct
Attack vectors
OWASP Top 10 Attack Vectors for 2013 16 Oct
SQL-injection, watering hole, spear phishing (JF Slides) 16 Oct
SQL-injection 16 Oct
watering hole attacks 16 Oct
spear phishing 16 Oct
Internet-facing server considerations 16 Oct
Common Stealth Attacks 16 Oct
Tool and attack examples 16 Oct
Configuring apps and systems for defense 16 Oct
Container model of file structure
PDF vulnerabilities, Vtable exploits, Use-After-Free, REMnux (JF Slides) 23 Oct
pefile module for Python, to analyze Windows EXE/DLL files 23 Oct, by Didier Stevens 23 Oct against PDF CVE-2013-2729 vulnerability, by "" 23 Oct, by John Davison (unixfreak0037) 23 Oct
Analysis of CVE-2012-0158 exploit, RTF encoded OLE 23 Oct
Organizing a Security Operations Center
Security Operations Center (SOC) 23 Oct
McAfee: Creating & Maintaining a SOC 23 Oct
Defense in Depth
Intro to Defense in Depth (JF Slides) 30 Oct
Example IA security policies 30 Oct
Example IA security procedures 30 Oct
National Information Assurance Partnership (NIAP) 30 Oct
Information Assurance Directorate (IAD - need account) 30 Oct
Federal Interagency Security Committee (FISC) risk management process 30 Oct
Types of attacks 30 Oct
The Common Criteria
Intro to the Common Criteria (JF Slides) 30 Oct
The Common Criteria 30 Oct
The Common Criteria Introduction and General Model 30 Oct
The Common Criteria Security Functional Components 30 Oct
The Common Criteria Security Assurance Components 30 Oct
Microsoft Windows Security Target 30 Oct
US DoD firewall Protection Profile 30 Oct
SANS Institute Common Criteria Protection Profiles 30 Oct
Information sharing
Resources 6 Nov +
  Glossary 6 Nov +
Competitions 6 Nov +
  Capture the Flag Competitions 6 Nov +
  List of CTF opportunities 6 Nov +
  Cyber Defense Exercise (CDX) 6 Nov +
  National CCDC 6 Nov +
Conferences 6 Nov +
  RSA Conference 6 Nov +
  Black Hat 6 Nov +
  Black Hat YouTube Channel 6 Nov +
  DEF CON 6 Nov +
  DEF CON CTF 6 Nov +
  What is a CTF? 6 Nov +
Blogs/Periodicals 6 Nov +
  Schneier Blog 6 Nov +
  Matt Blaze 6 Nov +
  The CyberWire 6 Nov +
  The CyberWire Dispatch 6 Nov +
Professional Societies 6 Nov +
  IEEE Cyber Security 6 Nov +
  IEEE Center for Secure Design 6 Nov +
  IEEE Cipher News Letter 6 Nov +
  Usenix (orig: Unix Users Group) 6 Nov +
Cyber Security Databases 6 Nov +
  Mitre Corporation 6 Nov +
  CMU Software Engineering Institute, Computer Emergency Response Team 6 Nov +
  National Vulnerability Database 6 Nov +
  Veris Database 6 Nov +
  Application Security Failures 6 Nov +
  Indicator Feed & Database: (searchable) 6 Nov +
  Feed & Tools: Collective Intelligence Framework 6 Nov +
  Artifact Database: (searchable) 6 Nov +
Private Companies 6 Nov +
  Kaspersky Lab 6 Nov +
  SANS Institute 6 Nov +
  FireEye 6 Nov +
  CrowdStrike Technical Analysis: Putter Panda Group 6 Nov +
  Rapid7: Metasploit 6 Nov +
Communities 6 Nov +
  Open Web Application Security Project (OWASP) 6 Nov +
  OWASP Top 10 6 Nov +
  Community: National Council of ISACs (industry-focused information sharing) 6 Nov +
  Tools for finding malware in files 6 Nov +
  Community: DeepEnd Research (& Yara Exchange) 6 Nov +
  example yara rules 6 Nov +
Reverse Engineering
Analyze software from captured laptop 13 Nov
Determine IED IP address from captured traffic 13 Nov
Decrypt key file to disarm IED 13 Nov
Generate one time key code 13 Nov
Use the one time key codes to disarm IEDs 13 Nov
Analyze code that overwrites the return address on the stack 13 Nov
Remove malware from malicious binary 13 Nov
Basic malware analysis
Malware analysis (JF slides) 13 Nov
Malware analysis guide 13 Nov
Introduction to malware analysis 13 Nov
Hashing algorithms to identify malware 13 Nov
Entropy algorithms to identify malware 13 Nov
Identifying malware and shellcode in apps
Obfuscation methods 13 Nov
Tools to detect tampering 13 Nov
Instructions for environment setup 20 Nov +
Guide for securing Oracle Linux 20 Nov +
Guide for hardening Ubuntu Linux 20 Nov +
Ubuntu Security Notices 20 Nov +
Impact of virtualization
The cloud, virtualization, and security 27 Nov
Secure virtualization for cloud computing 27 Nov
Event knowledge management
cyber intelligence storage, collection, retrieval
CRITs intelligence database 27 Nov
Will provide VM with CRITs 27 Nov
Tie historical data to emerging attacks 27 Nov
Important use-cases for knowledge management 27 Nov
Public and private communities 27 Nov
Evaluating solutions and services
Communities - OWASP, ISSA 27 Nov
Communities - Common Criteria 27 Nov
Aligning solutions against kill chain detectability 27 Nov
Resource Access Control
Introduction 27 Nov
Virtual Private Network (VPN) 27 Nov
VPN explained 'in plain English' - thanks Linda Garth 27 Nov
Digital Rights Management 27 Nov
Integration of detection, defense, KM tools
Discussion 27 Nov
+ Class is held only on Wednesday of this week.
Paul Erdos
Ladies on Campus
Oscar Robinson