Cybersecurity: An Overview

This is an overview course on modern cybersecurity aimed at general computer science graduate students. Due to most text books being out of date or too specific we will be using a variety of freely available online resources these include:

1. The Cyber Security Body Of Knowledge This comprises approximately 20 recent documents on many important topics in cybersecurity. We will cover a portion of these.
2. National Cybersecurity Training & Education (NCyTE) Center Has resources on many important cybersecurity topics aimed at all levels of education.
3. NIST: Computer Security Resource Center The (US) National Institute of Standards and Technology publishes many standards, guides, etc. in the area of cybersecurity we will get "hands on" with some of these.
4. CIS Controls The Center for Internet Security (CIS) publishes a very good prioritized list and document of security controls with explanations appropriate to different types of enterprises.

Supplemental Readings and Podcasts may be assigned throughout the course. In particular we will get many of our case studies from the Darknet Diaries podcast. We will also use various rigorous security blogs for our case studies.

Assignments (Spring 2022)

• Homework 12
• Homework 11
• Homework 10
• Homework 9
• Homework 8
• Homework 7
• Homework 6
• Homework 5
• Homework 4
• Homework 3
• Homework 2
• Homework 1

Working Schedule and Lectures (Spring 2022)

This schedule will be updated as the course progresses. Case studies are from the Darknet Diaries podcast and Mandiant Podcast: State of the Hack.

Date	Week	Topic(s)
01/17	1	No Monday class, Intro, personalGit, GitClass, Markdown, Overview, CyBOK, Case study EP 79: Dark Basin
01/24	2	Risk, What are we protecting: Data and Systems, CIA, Case study EP 76: Knaves Out
01/31	3	Access Control, Law, Case StudyEP 53: Shadow Brokers
02/07	4	NetworkIntro, Networking from the security point of view, EP 72: Bangladeshi Bank heist
02/14	5	Physical Layer, HTTPIntro, More DNS, Case study EP 54: NotPetya
02/21	6	DoS Attacks and Botnets, Midterm #1, Case Study EP 94: Mariposa Botnet
02/28	7	Email Systems, Phishing, Social Engineering, and Fraud, Case study EP 86: The LinkedIn Incident
03/07	8	Cryptography Basics, AES, Case study EP 80: The Whistle blower
03/14	9	Public Key Crypto, Hashes, Case study Ep 85: Cam the Carder
03/21	10	Signatures and TLS, Malware, Malware Analysis, Case study EP 73: WannaCry
03/28	11	Spring recess (no classes)
04/04	12	Malware Detection, Midterm #2, Case study Ep 68: Triton
04/11	13	Tactics, Techniques, and Procedures (TTPs), Case study EP 82: Master of Pwn
04/18	14	Vulnerabilities, Recon, Case study EP 98: Zero Day Brokers
04/25	15	Security principles, Security controls, Case study EP 103: Cloud Hopper
05/02	16	Intrusion Detection, Architectures For Security, VPN and Tor
05/09	17	Final Exam Week

Code Examples

These are simple examples to illustrate various security concepts and not to be taken as good programming practice, secure coding practice, or (especially) proper use of cryptographic primitives. In fact one is an example of completely incorrect use of AES!

• Basic Cryptography simpleCipher.ipynb, test file sherlockHolmes.txt
• AES PythonCrypto1.ipynb
• Public-Key PublicKey1.ipynb
• Hash Functions and One Time Passwords HashFunctions.ipynb, topTest.py