Advanced Computer Networking ì

CYBR 230 | Fall 2018 | University of the Pacific | Jeff Shafer

 3

Motivating Question

ì How do [wired/wireless/mobile] networks work,

and where do we even begin to secure them?
ì Routing, network, and application-layer protocols
ì Tools for network mapping, analysis, and security
ì Cellular and mobile technologies

Advanced Computer Networking Fall 2018

 4

ì
Course Overview
Advanced Computer Networking Fall 2018
 5

Websites

Main website

• https://cyberlab.pacific.edu/

Canvas CMS (gradebook only)

• http://canvas.pacific.edu
Advanced Computer Networking Fall 2018
 6

Textbook

ì No official textbook

ì Please suggest useful online or print references

throughout the semester
ì Goal is to make the cyberlab website a
comprehensive resource

Advanced Computer Networking Fall 2018

 7

Class Time

ì The goal* in designing this course:

100%

75%

50%

25%

0%
Me Talking You Doing
(Hands-on activities)
* Actual time in any specific class may vary
Advanced Computer Networking Fall 2018

ì Network layer
ì IPv6
ì Transport layer
ì QUIC – Quick UDP Internet
Connections
ì Application Layer
ì HTTP/2
ì DOH – DNS over HTTP
ì Wireless
ì 802.11 / WPA3
ì Bluetooth(?)
Advanced Computer Networking
8
Lecture Topics
ì Network monitoring tools
ì Other topics?
ì Software Defined Networking
(SDN)
ì TOR - Routing, overlay
networks, and cryptography
ì Whatever background
information is required for
projects
ì Other topics you are interested
in?
Fall 2018
 9

Grading

ì 100% - Projects
ì Implementation
ì Written documentation
ì Oral presentation

No homework, no exams
Advanced Computer Networking Fall 2018
 10

ì
Course Projects
Advanced Computer Networking Fall 2018
 11

Courseware Version 0.2a

ì Networking is a huge field

ì Too much content to cover

ì Only 15 weeks in a semester

ì The clock is ticking now!

ì What to cover in projects?

ì Network protocols?
ì Transport protocols?
ì Application protocols?
ì Wired/wireless/mobile?

Advanced Computer Networking Fall 2018

 12

Advanced Computer Networking Fall 2018

 13

Advanced Computer Networking Fall 2018

 14

COURSE
FEEDBACK!
Advanced Computer Networking Fall 2018
 15

Courseware Version 0.1a

ì Congratulations on your new role!

ì Guinea pig / beta tester

ì Last year’s class were also guinea pigs, and focused

significantly on the physical network construction.
Could repeat that effort again… but why?

Advanced Computer Networking Fall 2018

 16

Give and Take

I Promise… … If You Promise

ì To keep the projects fun ì To communicate often with me
ì To be flexible with
requirements and deadlines
as we work through the
projects
ì How long did the project
take?
ì What was easy?
ì What was hard?
ì What additional resources
(lectures, examples, …)
would help?
ì Should we do this project
next year?

Advanced Computer Networking Fall 2018

 17

Advanced Computer Networking Fall 2018

 18

Course Projects

ì Project – Lab Network Design and Configuration

ì Current lab network is rudimentary
ì How do we design a lab network for
safety/isolation, remote access, wireless, …?
ì Intent: This will be permanent lab infrastructure for
all cybersecurity courses
ì So it should be good! (secure, well designed, etc.)
ì And well documented!
ì And maintainable!

Advanced Computer Networking Fall 2018

 19

Course Projects
(Monitoring)

ì Project – Lab Network Monitoring: Setup

ì How do we monitor the network we created?
ì Full packet capture and flow data
ì Logging logging logging
ì Analysis tools

Advanced Computer Networking Fall 2018

 20

Course Projects
(Monitoring)

ì Project – Lab Network Monitoring:

Background –vs– Malicious Traffic
ì Lab network is too quiet
ì How do we generate some legitimate traffic?
ì Proposal: Programmatically automate web browsers
to surf top-100 sites
ì How do we generate some malicious traffic?
ì Proposal: Run actual malware
ì Use monitoring tools to identify presence of
malware (signal vs noise of background traffic)

Advanced Computer Networking Fall 2018

 21

Course Projects
(Monitoring)

ì Project – Honeypot Internet monitoring & data

collection system
ì Inspired by Thinkst “Canary” devices
ì Impersonate specific “victim”
ì IOT camera?
ì Synology NAS?
ì File server?
ì Web server?
ì Needs to be protocol accurate – don’t want attacker
to easily tell the difference
ì Hosted on AWS?

Advanced Computer Networking Fall 2018

 22

Course Projects
(Network Layer - Wireless)

ì Project – 802.11 Attacks

ì Force de-authentication and re-auth?
ì RTS/CTS control frame attack?
ì Evil twin attack?

Advanced Computer Networking Fall 2018

 23

Course Projects
(Network Layer - Wired)

ì Project - Layer 2 Attacks (TBD)

ì Spanning tree?
ì Cisco Discovery Protocol?
ì Dynamic Trunking Protocol?
ì 802.1Q? (VLANs) 802.1X? (Port-based access
control)
ì Examples: http://www.yersinia.net/
ì Projects would involve writing attack code and
detection/monitoring code)

Advanced Computer Networking Fall 2018

 24

Course Projects
(Transport / Application Layer)

ì Project – Secret Tunnels

ì Part 1 - Research all the tunnel methods that the
campus network blocks
ì Categorize by obfuscation methods used
ì Explain (hypothesize?) methods of detection
ì Part 2 - Find a way to tunnel anyway and implement!
!

Advanced Computer Networking Fall 2018

 25

Course Projects
(Application Layer)

ì Project - Application Layer Attacks

ì DNS spoofing attack?
ì DHCP attack?
ì Amplification attack? (Memcached, DNS, NTP, etc…)
ì Anything that can be requested via UDP (easier to
forge source address without TCP’s 3-way handshake)
and has reply message much larger than request
ì HTTP/HTTPS MITM attack?
ì Example: https://www.bettercap.org/
ì Projects would involve writing attack code and
detection/monitoring code)

Advanced Computer Networking Fall 2018

 26

Course Projects
(Application Layer)

ì Project – DNS Spoofing

ì Part 1 – Write a tool that will produce a malicious
DNS response faster than the legitimate DNS server
ì Result: megabank.com goes to attacker IP
ì Part 2 – How can you detect this attack?
ì Can you write a plugin for something like the Bro IDS?

Advanced Computer Networking Fall 2018

 27

Course Projects
(Application Layer)

ì Project – HTTP/2 (or DOH, or ….) implementation

ì Either client or server (not both)
ì All headers are compressed
ì Fully multiplexed
ì Server can push file to client without client even
requesting it!

Advanced Computer Networking Fall 2018

 28

Course Projects

ì At some point December

arrives and class is finished!

ì Discuss
ì Project Preferences?
ì Where should we start
first?

Advanced Computer Networking Fall 2018

 29

Questions?

ì Questions?
ì Concerns?

Advanced Computer Networking Fall 2018