============================================================

Updated Homework Instructions
by Steven Gordon - Wednesday, 27 November 2013, 8:25 AM
 
A student pointed out that my original instructions would not work if we try to encrypt a large Bash script file with RSA. Thanks.

To overcome this problem I've updated the instructions to also use AES. Please re-read the instructions and follow the new set. There are now 7 steps. Steps 1-2 and 4-7 are performed using OpenSSL commands. You need to perform them first, then save the commands in a Bash script (step 3), then you'll need to repeat steps 4, 6, 7 (using the Bash script as input).

Follow the links to see examples of using OpenSSL commands for each step.

Steve

============================================================

Re: Updated Homework Instructions
by Steven Gordon - Friday, 29 November 2013, 2:47 PM
 
In the homework you are asked to submit a Bash script containing your commands. The purpose of this is that I know which commands you run, so I can check your answers (especially if they are incorrect). You should make sure the commands in this file are they exact ones you used, so I suggest you copy and paste your commands into the file (rather than re-typing them, in case you make a typing mistake).

I will not execute your Bash script; I will just look at the commands inside it. So long as your individual commands are correct, I will not penalise you if your Bash script has other errors. However if you want to make your Bash script execute all your commands automatically, then you may make use of a variable (especially for the secret key). I've updated the Bash shell script example on the homework instructions to show how to use a variable. You may use this if you wish (but no need to).

Steve

============================================================

SIIT Closed on 3-4 December
by Steven Gordon - Monday, 2 December 2013, 4:25 PM
 
Thammasat Uni, including SIIT, will be closed for an additional two more days: Tuesday 2 December and Wednesday 3 December. Also Thursday 5 December is a public holiday, so currently SIIT classes will start on Friday 6 December.

For ITS335, your homework task is still due 5pm Wednesday 4 December. If you have questions then contact me by email (steve@siit.tu.ac.th or steve.siit@gmail.com). If you have problems with OpenSSL or virtnet, then include a screenshot or the text output in your email so I can help.

Since Tuesday 10 December is also a public holiday, our next lecture will be Thursday 12 December. However in the next day or two I will add a practice online quiz for you to take before the next lecture and may add another exercise. Although not assessed, if you try the quiz/exercise you will be prepared for the next topic.

See you next week.

Steve

============================================================

Assignment Group and Homework 1 Extension
by Steven Gordon - Tuesday, 3 December 2013, 4:26 PM
 
As some students may need to use SIIT computers, I've extended deadline for homework 1 until 5pm Friday 6 December (lets hope SIIT is open on Friday!).  If you've already submitted, you may update your submission if you like (contact me if you have problems re-submitting).

I've also released some initial info about the assignment. You should form your groups and read the document I provide. I will add more instructions over the next two weeks, as well as give an explanation of the tasks in the lecture. The assignment will be due towards the end of the semester.

A reminder: try Practice Quiz 2 to test your knowledge on cryptography.

Steve

============================================================

Homework 1 Results
by Steven Gordon - Monday, 9 December 2013, 4:31 PM
 
I've completed the initial marking of homework 1. Login to Moodle, view the homework and scroll down to the bottom of the page to see a file with feedback comments.

The feedback gives you a result of either "Pass" or "Fail". If you have "Pass", then everything is ok. You don't need to do anything.

If you have "Fail", then at least one of the steps did not work when I tried to decrypt/verify your submission. You have until 5pm Thursday 12 Dec to check you submission and submit "Online text" describing either what you did wrong and/or why you think your answer is correct. To help you debug, you can see my private key on the homework page. (You may also ask me, as well as look at my examples on the website). You may want to include the commands you used in the "Online text". Do not change the uploaded files or upload new files. Only edit the "Online text". I may then consider to increase your score for this homework.

The actual scores will be released after I re-mark those that received a "Fail".

Steve

============================================================

In-class quiz tomorrow
by Steven Gordon - Wednesday, 18 December 2013, 12:36 PM
 
There will be a short quiz at the start of the lecture tomorrow (19 Dec). It will cover topics from Cryptography and User Authentication, including some questions on concepts/equations of encryption, signatures, hashes etc (similar to online quiz) and password storage.

Steve

============================================================

Re: In-class quiz tomorrow
by Steven Gordon - Sunday, 22 December 2013, 4:07 PM
 
Scores and answers of the in-class quiz are online. Scanned PDFs will be added later.

Many people had trouble with the quiz. I suggest you gain further practice by taking the (unassessed) online quizzes:

Quiz 2 on cryptography principles

Quiz 4 on password schemes

If after 2 attempts on these practice quizzes you cannot obtain close to 100%, then either come discuss with me or consider withdrawing from this course. The principles and logic covered in these practice quizzes is important assumed knowledge in the rest of the course.

Finally, let me know your assignment groups (by email or give me a list of names) by the end of the lecture on Tuesday. On Tuesday afternoon I will assign any remaining students randomly to groups.

Steve

============================================================

Homework 2 and RSA
by Steven Gordon - Wednesday, 25 December 2013, 11:23 AM
 
Homework 2 is available on the website. It requires you to try some Linux access control on a virtual node. Please read now and ask questions about it tomorrow in the lecture.

Another topic: we mentioned in Cryptography topic that RSA is an example of public key crypto algorithm. Last week there were reports of an attack on RSA, e.g.:

http://arstechnica.com/security/2013/12/new-attack-steals-e-mail-decryption-keys-by-capturing-computer-sounds/

Several students asked me about the attack. I have read the paper to try to understand how it works and will give a presentation on the attack on this Friday 27 Dec at 12noon (lunch).

Anyone is welcome to attend. You are not required to attend, and attending will probably not help you in this course. The presentation may be complex, so only suited to those that are interested in security and cryptography.

So that I know which room to book, I'd like to know who will attend. Either send me an email if you want to attend or sign up on the list in the lecture tomorrow. Then I will inform you of the room.

Steve

============================================================

Midterm Exam Hints
by Steven Gordon - Monday, 30 December 2013, 2:02 PM
 
Hints on the Midterm Exam are on the website. Since this is the first year I have taught this course, there is no past exams as examples. I've included some details in the hints to give you some guidance to the topics and types of questions.

In our lecture on Thursday 2 Jan we will finished the last few slides of Malicious Software than review the topics covered so far this semester.

Steve

============================================================

Homework 2 Feedback
by Steven Gordon - Sunday, 5 January 2014, 4:09 PM
 
I haven't marked your homework yet, but I have written up a detailed example showing a possible solution.

http://sandilands.info/sgordon/example-of-setting-linux-file-permissions

It is much more detailed than what is necessary knowledge for the Mimterm exam, but there are some examples of chown and chmod, as well as of password storage.

See you in the exam.

Steve

============================================================

Midterm Exam Scores
by Steven Gordon - Sunday, 12 January 2014, 2:40 PM
 
Scores for Midterm exam are available on Moodle.

http://ict.siit.tu.ac.th/moodle/mod/assign/view.php?id=503

When you look at your "grades" in Moodle, e.g. here:

http://ict.siit.tu.ac.th/moodle/grade/report/user/index.php?id=11

you should see your score, rank, class average as well as the scores for each question.

The answers are also on Moodle. I just noticed there are some blank answers in my answer sheet - I will update it soon.

Steve

============================================================

Lecture This Week
by Steven Gordon - Tuesday, 14 January 2014, 1:17 PM
 
According to the SIIT announcement (http://www.siit.tu.ac.th/announcedetail_en.php?id=605), lectures will start tomorrow Wed 15. However I am aware some lectures/labs for other courses may be canceled this week and some students may not be able to attend Bangkadi.

For ITS335 on Thursday 16 Jan, I will have a lecture at normal time. However I will not start on a new topic; instead I will provide some feedback on the Midterm Exam (you will be able to check your exam) and discuss the assignment. So if you miss the lecture Thursday then you may catch up by viewing the video on YouTube and/or asking your friends/me next week.

Steve

PS Next ITS332 Network Lab for IT students is Monday 20 January.

============================================================

Re: Lecture This Week
by Steven Gordon - Wednesday, 15 January 2014, 3:57 PM

A reminder that our lecture starts at 9am tomorrow (Thursday). I will bring your exams for you to look at and we will discuss some of the answers.

Then we will discuss the assignment. I've just added more details of the assignment tasks. Try to read the instructions before the lecture tomorrow:

http://ict.siit.tu.ac.th/moodle/mod/assign/view.php?id=490

I will bring a hardcopy of the "overview of security risk analysis" document for each group tomorrow.

If we have time at the end, we may discuss some other aspects of security (e.g. on Linux, OpenSSL, virtnet). I know many of you do not have another class at 10:40 tomorrow, so that may be a good time for you to ask further questions about security, assignment, Linux or other things of interest.

Steve

PS Your homework 2 scores are available on Moodle.

============================================================

Ping Flooding Denial of Service Attack
by Steven Gordon - Tuesday, 21 January 2014, 8:01 PM
 
In the lecture today I introduced denial of service attacks and gave an example of a simple ping flooding attack. We will continue with some more examples on Thursday. I have written up the steps for performing the attacks. It requires using the virtual network (virtnet) software you used in previous homeworks, as well as knowledge of ping. You may try it in your own virtual network if you wish. Of course, never perform DoS attacks in real networks! The instructions are at:

http://sandilands.info/sgordon/ping-flooding-dos-attack-in-a-virtual-network

Steve

============================================================

Re: Ping Flooding Denial of Service Attack
by Steven Gordon - Monday, 27 January 2014, 8:24 PM
 
If you tried the ping DDoS attack then you probably noticed an error when trying to create topology 26. That is because I forgot to include instructions that you must update the SVN repository on both host (real) computer and the base virtual machine. Its not hard to update. I've added a description of how to update (as well as some other troubleshooting) at:
http://sandilands.info/sgordon/virtnet-troubleshooting#updatesvn
(under the title "Topology number X does not exist").

I recommend you try the ping DDoS attack in virtnet. The next homework will require you to perform a similar attack but using NTP. Details to follow soon.

Steve

============================================================

Re: Ping Flooding Denial of Service Attack
by Steven Gordon - Monday, 27 January 2014, 9:41 PM
 
As promised, here are some instructions for adapting the ping flooding attack shown in class to perform a more realistic NTP DDoS attack:
http://sandilands.info/sgordon/ntp-ddos-attack-in-a-virtual-network

If you've tried the ping flooding attack, then its not too hard to get NTP working. Please give me any feedback on the instructions, especially if something doesn't work for you.

Steve

============================================================

Re: Ping Flooding Denial of Service Attack
by Steven Gordon - Wednesday, 29 January 2014, 12:46 PM
 
Homework 3 requires you to do the NTP attack mentioned above (which is easiest to perform if you've already run the Ping attack).

http://ict.siit.tu.ac.th/moodle/mod/assign/view.php?id=514

Steve

============================================================

Lecture Notes on Firewalls and Web Security
by Steven Gordon - Monday, 3 February 2014, 8:31 AM

Lecture notes for the next two topics, Firewalls and Web Security, will be placed in the Copy Centre this morning - should be available by lynch time.

Steve

============================================================

NTP Flooding Homework
by Steven Gordon - Friday, 31 January 2014, 3:31 PM 

Thanks to the feedback from several students over the last few days, I've fixed some bugs in my initial instructions for setting up the Ping and NTP attacks. I've updated the instructions today, so if you've tried before today and it didn't work, try again. I've now seen (or heard that) several students have been successful in running the ping and NTP attacks. The summary of the steps are:

1. Install and update virtnet. If you've already installed from previous homeworks, then to update you can follow the instructions at:

http://sandilands.info/sgordon/virtnet-troubleshooting#updatesvn

Alternatively, you can download the new base virtual machine (which includes the up-to-date files already) and install it again. See:

http://sandilands.info/sgordon/automatic-creation-of-virtual-network-with-vboxmanage

 

2. Create topology 26 and setup for the Ping flooding attack. Especially important are the command "tc" and "sysctl" for setting rp_filter on nodes. They are needed for both Ping and NTP attacks to work. You don't need to go through all steps of the Ping attack (although it is useful to do so).

http://sandilands.info/sgordon/ping-flooding-dos-attack-in-a-virtual-network

 

3. Perform the NTP attack.

http://sandilands.info/sgordon/ntp-ddos-attack-in-a-virtual-network

 

You should use tcpdump on different nodes to see which nodes are receiving/sending packets. In particular in the NTP attack, you should see node 3 (and other reflectors) receive NTP request packets and send larger NTP replies to node 8.

A reminder that virtnet is already installed on the Macs on 3rd floor. I saw several students there today perform the NTP attacks.

Steve

============================================================

Re: NTP Flooding Homework
by Steven Gordon - Friday, 31 January 2014, 4:37 PM

And further information: computers 30, 31, 36 and 37 in the Mac lab have already been updated. You should be able to boot OSX, open a terminal, cd to svn/virtnet/bin/host and create the topology:

bash vn-createtopology 26

For other computers in the Mac lab you need to first do the svn update.

Steve

============================================================

Re: NTP Flooding Homework
by Steven Gordon - Sunday, 2 February 2014, 7:33 PM
 
If anyone has questions about the NTP attack, I will be in the Apple Mac lab (3rd floor) tomorrow (Monday 3 Feb) from 4pm til 5pm, or until there are no more questions.

Steve

============================================================

Re: NTP Flooding Homework
by Steven Gordon - Tuesday, 11 February 2014, 5:54 PM
 
I've added a summary of students' NTP amplification attack results at:

http://ict.siit.tu.ac.th/moodle/mod/assign/view.php?id=514

And some notes on task 2 for the assignment which we will discuss in the next lecture:

http://ict.siit.tu.ac.th/moodle/mod/assign/view.php?id=490

Try the firewall practice quiz at:

http://ict.siit.tu.ac.th/moodle/mod/quiz/view.php?id=527

Steve

============================================================

Assignment Submission
by Steven Gordon - Friday, 21 February 2014, 1:09 PM
 
I have browsed through task 3 submissions for the groups. I notice that many groups have quite short descriptions of the attacks - about 3 or 4 lines of text. But a few groups have very detailed descriptions, including multiple paragraphs of text, commands/software that can be used in the attack and screenshots of possible attacks.

I suggest those that have short descriptions, update their submission to include more details. I'd like to see detailed example of how someone could perform an attack. In the course we have covered several types of attacks (passwords, access control, intrusions, DoS, HTTP/HTTPS, web applications) so you could refer to those, or describe other types of attacks.

You should have detailed descriptions of at least 2 of the 5 attacks, preferably all of them. By detailed, I mean several paragraphs or list of dot points explaining the steps. If you explain the software/techniques, even better.

I know all groups have submitted, but I will extend the deadline to 9am Thursday  27 February to give a chance to update if you wish.

Steve

============================================================

Quiz and Assignment on Thursday
by Steven Gordon - Monday, 24 February 2014, 2:55 PM
 
In a previous email I said the assignment was extended until Thursday 27, but I forgot to update the deadline on Moodle. I have now updated it. To summarize our schedule for remaining two weeks:

Tuesday 25 Feb: new lecture on Internet Security (available in Copy Center)

Thursday 27 Feb: QUIZ on web security and web attacks, course evaluation, assignment due

Tuesday 4 Mar: finish lecture on Internet Security (and if time, Internet Privacy)

Thursday 6 Mar: review course, prepare for exam

Monday 10 Mar: final exam

Steve

============================================================

Final Exam Scores
by Steven Gordon - Tuesday, 11 March 2014, 6:23 PM 

Final exam scores are on Moodle. I haven't uploaded the answers yet, nor finished grading the assignment. Hopefully that will be complete in the next few days.

Steve

============================================================