University of Cincinnati Logo
 

20-CS-6055 - Cyber Defense Overview
Electrical Engineering and Computer Science

Probable Schedule
   
  Week   Topics Reading
 Ref 1   Ref 2   Ref 3 
8/21
  Network architecture models/diagrams
  Conceptual attack landscape
    - Host, Network, Perimeter, DMZ, internet
 
-- --  -- 
9/4
  Network traffic encryption and authentication
  shared secret, key exchange, public key
  RC4, AES128
 
-- -- --
9/11
  Computer network instrumentation
  Alignment to cyber KC
Authentication mechanisms
  Kerberos, PKI, trust systems & models
  Federated vs. Centralized
Cyber kill chain attack model
 
-- -- --
9/18
  Passive network security monitoring systems
  Logging systems
    - signature and non-signature (Snort, Bro)
  Full packet capture systems
    - store-and-forward, store-and-retrieve
  in-band and out-of-band architectures
 
-- -- --
9/25
  Active network security monitoring systems
  Firewalls, routers, gateways, proxies, mail exchanges
 
-- -- --
10/2
  Host monitoring and prevention
  event-driven, scheduled, log collection, etc.
Attack and intrusion detection
  successful & unsuccessful activity
  alerting, event handling, severity, etc.
 
-- -- --
10/9
  Incident response organization and process
  how to learn the scope of the attack
  why immediate power down may cause problems
  network isolation
 
-- -- --
10/16
  Example attack patterns
  line up attack stages to Cyber KC
Attack vectors
  (spear) phishing, watering holes, SQL-injection
  internet-facing server compromises
  tool and attack examples
  configuring apps & architecting systems
    to defend and prevent attacks
 
-- -- --
10/23
  Identifying maliciousness in files from apps
  PDFs, Office documents, etc.
  obfuscation and encryption
    XOR, ROR, ROL, SNAK, CUP, CDN
  tools to detect tampering
  basic structure of "Office OLE" and "PDF" formats
 
-- -- --
10/30
  Information Sharing
  FireEye, CrowdStrike, Feed & Tools
  Artifact database
  National Council of Industry Focused Info Sharing
  Offensive computing
  DeepEnd Research & Yara Exchange
 
-- -- --
11/6
  Centralized logging and event handling
  SIEM, SOC, CIRT
  Logstash, Kibana, ElasticSearch
 
-- -- --
11/13
  Basic malware analysis
  map collection requirements to detect/prevent capabilities
  entropy and hashing algorithms for identifying
    suspicious code
 
-- -- --
11/20
  Effect of "cloud" and other virtualized environments
  on the conventional landscape model
 
-- -- --
11/27
  Event and knowledge management
Cyber intelligence storage collection, retrieval
  CRITS intelligence database (VM provided)
  historical activity tied to emerging attacks
  important use cases for KM
  public and private communities (RedSky, iSight. etc.)
Integration across detection, defense, KM tools
Evaluating solutions and services
  communities (OWASP, ISSA, CommonCriteria.org, etc.)
Aligning solutions against kill-chain detectability
Resource access control
  VPN, DRM, etc.
Segmented and secured host architectures
  MILS, VDI, SeLinux, Virtualization, Realities
 
-- -- --
ERC
MainStreet
Paul Erdos
NIT
Ladies on Campus
Oscar Robinson