* = completed in class (as of the given date) * = completed outside class (as of the given date)
|1||breadth and spectrum of the field
operating systems' resource access controls as a foundation
|textbook chapters 1-3 (scan)
"Users, Passwords, and Authentication"
"Users, Groups, and the Superuser"
1 - review class website, esp. the links in the box with heading
"First-day administrative information you will need to know"
a CentOS6.4 machine
as platforms for doing exercises in this class. In the future I will feel
free to ask you to do work on these machines.
& Lies* (10/25)
threat models probably n.o.t. (not enough time)
secure boot probably n.o.t. (not enough time)
do -steganography - use s-tools in Windows to create an image file containing an embedded text file. Get s-tools here. Be guided closely but not completely by the instructions at "steganography". Assuming your name is John Smith (substitute your own real name), please name your files
In the txt file, put the sentence, naming you, like "my name is John Smith". The image file itself should be sunset.bmp, produced from sunset.bmp. Embed the text file into the image file, using password "password" and encryption algorithm IDEA. email to me the resultant file attached to a message entitled "steganography" (I will use an email filter based on that title, if you name it something else I won't get it). Email it to my private email address, not my SMC address. You get credit if I can extract your text file and read your name. (In the assignment as written up at the "steganography" link, ignore the 2nd portion about covert channels. The assignment was written for use in a slightly different setting. Follow it in terms of its step-by-step for using s-tools but not in terms of the assignment administration. Those just described here are the ones that apply for this class. In particular ignore the questions at the end. The assignment can be done on your Windows machine, or on my delivered VMware Windows virtual one you installed in Assignment 1. Be aware that some anti-malware tools may dislike s-tools. If yours does, turn it off if you are not uncomfortable doing so. You have every right to be and it's wholly your call. Else, use the VM.)* (11/7)
read - portions of Craig Rowlands' page about covert use of tcp and ip. Read the sections entitled "Application," "Implications...," and "Final Notes." Scan the other sections, which are more technical than we care about but show the utilization of something that by design is a non-channel (it's something else) as a channel.
covert channels* (11/1)
|read from textbook
a - chapter 6 "Filesystems and Security"
b - pp. 600-610 in the section of Chapter 19 "Defending Accounts" entitled " Administrative Techniques for Conventional Passwords."
c - pp 850-61 about processes and the ps command that reports on them; read this at a scan level, not to learn the detail in the tables and figures but the concepts in the narrative
read additional resources
the link at left entitled "File permissions"
the link at left entitled "Remote Unix access with ssh"
su, suid, sudo and process UID control
perform the exercise at the link entitled "version 1 - local" under the heading "ProcessUID control" at left. You can do it on your CentOS6.4 VMware virtual machine.
getting the needed files - the assignment asks you to acquire 2 files. They are available in the /home/public directory on sputnik.smc.edu. Use the method described here.
submit - When you are finished, answer the 3 questions at the end. Submit your answers following these preparation and submittal instructions (you will use scp to deposit your answer file in your "assignments" subdirectory on sputnik). Please name your file "uid.txt". I will grade these using an automated script, so the format of the answer is critical to intelligibility.* (11/5)
|processes (for background reference, will not present)|
read from additional (non-textbook) sources
a - the link entitled "File permissions" at left
b - Part 1 and part2 of an article from IBM about passwords. Don't worry about the parts where specific code examples are analyzed (unless particularly interested). Note the article's suggestion to utilize dice for composing passwords in order to achieve "a completely random distribution of passwords of a given length." Randomness is a virtue, and dice achieve it better than any computer.
c - a discussion of the importance of randomness for producing "perfect passwords" at Gibson Research Corporation.
visit - sites for a couple of password safes, products where you put a password on your collection of passwords.
podcast discussion about LastPass
road-test your DETER account by doing the exercise at
You need send me nothing for this, I can see as a DETER administrator. We'll use DETER more seriously later. This is just to get you familiar with it first.
(narrated version)* (11/8)
SElinux demo* (11/8)
message digests (hashing)
| read - article about Linked-In
password leak implications
read - from textbook, chapter 7 "Cryptography Basics"
listen to this discussion about message digests (cryptographic hashes). It's is a 34 minute conversation, of which you can skip the last 14 minutes for our purposes. Just listen to the first 20 minutes.* (11/8)
perform - the "message digests" exercise.* (11/12)
Do this assignment while logged in to your account on sputnik.smc.edu, in your home directory. Don't delete the files created while performing the assignment. I will look for them in your home directory later to evaluate you.
perform - the hashcat version of the above "Cracking passwords" exercise. Use the kali-linux virtual machine under VMware. When unzipped, kali-2015.zip yields a subdirectory named "kali-2015" in which are all the files VMware needs. Bring up kali linux in VMware. kali linux has hashcat pre-installed.
This exercise has several parts. Do them all. When finished,
maximize your command window and dump the file hashcat.pot to the screen with
|Pluggable Authentication Modules (PAM)
User authentication alternatives * (11/1)
read - the write-up at "Simplified
listen - to the two audio clips (see the icon)
"1. SDES - Simplified DES" and "3. SDES Mangler
Function." Optionally, also hear
"8. Cipher Block Chaining."*
do - the assignment at link entitled "S-DES algorithm". The assignment asks you to perform the S-DES algorithm on paper and turn in the paper. Do not turn in any paper, but please do perform the assignment on paper nonetheless. I have created some multiple-choice questions about your solution, and posted them as >>>your assignment here<<<. Submit your answers to those questions following these preparation and submittal instructions (you will use sftp to deposit your answer file in your "assignments" subdirectory on sputnik). Please name your file "sdes.txt". I will grade these using an automated script, so the format of the answer is critical to intelligibility.* (11/21)
(narrated version)* (11/15)
s-des backgrounder* (11/8)
|read - this article about one-time pad (perfect, unbreakable) encryption||
packet filter firewalls
(narrated version)* (11/29)
stream and block ciphers (stream) * (11/8 - partial)
arp spoofing (a man-in-the-middle attack)
read - from textbook chapters 11 and 12. Chapter 11 "TCP/IP Networks" should come in large measure as review to you. Chapter 12 "Securing TCP and UDP Services" is long, and covers a range of security considerations. Some of them are general but many are specific to particular services. The latter part of the chapter devotes a page or two to each of a dozen common services, describing it and its own unique security related characteristics. Read these chapters over the course of the next 3 or 4 weeks. They relate loosely to the network related class lectures and activities (e.g., firewalls and arp spoofing)
read - an explanation of arp spoofing
rfc defining arp protocol
home page, ettercap project
Arp spoofing (DETER)
You need to make a couple of
adjustments. Our project is known
to DETER by the name SMC-CS78. The instructions don't know that, they
think it's USCCsci530. Wherever you see the latter in any instruction,
substitute the former (e.g., where told to execute:
The questions for you to answer are the following, which are the same ones found at the end of the exercise in non-multiple-choice form, recast into multiple-choice form.
1. ARP poisoning of node4 from node1
4. Imagine you run a web hosting company. The manager at one of your clients, a medium
sized business, calls you in alarm and reports the apparent defacement of his website
running on your host machine. Images on the site have all been replaced with various
hacker images like the laughing skull. He heard about it from several of his employees,
then saw it with his own eyes on their terminals. His website has fallen victim to the same
mischief as the one on our node4. What is your course of action?
Submit your answers to the preceding 4 questions following these preparation and submittal instructions (you will use ftp to deposit your answer file in your "assignments" subdirectory on sputnik). Please name your file "arpspoof.txt". I will grade these using an automated script, so the format of the answer is critical to intelligibility.
stream and block ciphers (block) * (11/15 - finished)
listen to Security Now podcast episode
#183 "Modes of Encryption" from 50:45 to 1:18:07
| do the assignment entitled "GNUPrivacyGuard". There are no questions to answer and
nothing to turn in. But importantly this will familiarize you with
how GPG works. You will need that familiarity to apply GPG in doing the
upcoming follow-on assignment (GPG, community).
do the portion of the "GPG,
community" assignment in the paragraph entitled "Preliminary task: sign and circulate/upload/publicize a copy of the gettysburg
(narrated version)* (11/22)
RSA encryption 2
RSA public-key algorithm*
read the section entitled "RSA: The Most Used Asymmetric Algorithm" in "Asymmetric Cryptography" (http://www.informit.com/articles/article.aspx?p=102212&seqNum=4)
Diffie-Hellman key exchange
listen to this discussion about Diffie-Hellman key exchange.. The conversation is 37 minutes. The first 14 minutes concerns Diffie-Hellman. The rest is about public-key cryptography. Listen to the Diffie-Hellman segment. Optionally, to the rest.
|do the portion of the "GPG,
community" assignment in the paragraph entitled "Part
1 - signing".
In the server's /home/common ("common" account's password given in class) your signed copies of the gettysburg address have been or will shortly be renamed, per the assignment. You can now proceed to figure out who signed each one and submit "signers.txt". The students who signed these files have all published their public keys to us (by putting them in /home/common where they are at our disposal).
do the portion of the "GPG,
community" assignment in the paragraph entitled "Part
2 - encrypting".
do the assignment at the link entitled "RSA encryption 2". Perform it in the CentOS6.4 VM (it may also work on sputnik). When asked to choose 2 prime numbers, make sure you choose them large enough that their product is no less than 100. The assignment produces a file named "outfile". Please submit it to me by placing it in your "assignments" subdirectory on the server. Retain the values you generated for keys in this exercise (e.g., don't delete outfile) because I will ask you to use these keys again in a follow-on assignment. (I plan to encrypt something for you with the public key you give me in "outfile", then expect you to decrypt it. You'll need your matching private key to manage that, so retain it. Doing this assignment accomplishes the first 3 steps of the follow-on assignment, which is "Using RSA"* (11/21)
do the assignment at the link entitled "Primitive roots"
ssh - secure shell
Stack buffer overflow:
Hackin9 magazine article Overflowing the stack on Linux x86 by Piotr Sobolewski
GNU debugger (gdb) documentation
a bug in a library of code called crypt_blowfish. It applies the blowfish block cipher algorithm to the task of hashing passwords. It was utilized as the tool for doing that in some linux distributions (not fedora). The bug was there since about 1998 until patched in 2011. It substantially weakens the passwords it processes. It was found while trying to crack some passwords with John the Ripper.
do the assignment at the link entitled "Primitive roots"
do the assignment at the link entitled "Using RSA", using your private key to decrypt a message from me. Of the 8-item list at the beginning of the assignment, you accomplished the first 3 steps last week when you performed "RSA encryption 2". You generated a key pair. Then you published your public key to me when you put your "outfile" containing it within my reach in your assignments directory. I have since or will shortly perform step 4, encrypting a random string with your public key. All my random strings are 3-character uppercase-alpha strings.
The assignment calls upon you to get
stack buffer overflow under the
debugger - the environment suitable for doing it is the "Snort on Centos 4.3 minimal-with-gdb"
virtual machine. The instructions (above link) for causing/observing the stack overflow within that environment
be expected not to work in other environments. The sample files are
in the /root directory, within your virtual machine. (The instructions end
with some questions at the bottom. Ignore those, in favor of the
submittal instructions below.)
The file to submit - In a file submit answers to these questions following these preparation and submittal instructions (you will use sftp to deposit your answer file in your "assignments" subdirectory on sputnik). Please name your file "softwaresecurity.txt". I will grade these using an automated script, so the format of the answer is critical to intelligibility.
The first screenshot to submit - while doing the assignment you will produce a screen like the one shown in the "Application security" slides (next column) entitled "Stack separation between argument & return address" (it's approximately the 28th slide). I want a screenshot of that slide, in which however you don't use D's (use a different letter) and don't use 10 of them (use a different number). Send it to me as an email attachment. Be sure to 1) send it to my personal address (where a message filter awaits), not my smc address, and 2) title the message as instructed or it will get lost.
The second screenshot to submit - while doing the heartbleed assignment you will produce a screen like the one shown in the "Application security" slides (next column) entitled "Exploitation in the lab" (it's approximately the 44th slide). I want a screenshot of that slide, in which however you don't use EAZZZZZZZZZZZ2SEEEEE but rather use a variant of your name. Send it to me the same was as the first screenshot.
Application security (stack overflow, representing the category)* (11/22)
"IP in IP tunneling" "IP encapsulation within IP"
"Getting Started with ssh”
free clients for Windows
DETER "Tunnels and vpns" assignment
The instructions were written for a different class. They largely apply with a couple of exceptions.
First exception: do not use the network specification files offered within the instructions. Rather, use one adapted for this class. There are two of them. The first sets up Fedora machines within DETER, the second Ubuntu.
DETER has relatively more available machines able to run Ubuntu. That means when DETER is under heavy use you'll have a better chance of swapping in your experiment if you use the Ubuntu version. On the other hand, the Fedora version is tried-and-true and the Ubuntu one is brand new Nov 2012. I suggest you use the Ubuntu one, contact me if you observe fundamental problems, and use the Fedora version as fallback. DETER is particularly busy right now (mid-November 2012).
Here are the 2 ns files:
Second exception: our project is known to DETER by the name SMC-CS78. The instructions don't know that, they think it's USCCsci530. Wherever you see the latter in any instruction, substitute the former.
With those two caveats, here are the instructions to follow:
Tunnels and vpns (DETER)
You need not answer the questions found at the end of the assignment. I will grade you by 1) observing the presence of evidence on DETER that you did the assignment, and 2) screenshots you turn in. However, as a self-measurement, read the questions and see whether you think you understood their points or not.
What to turn in:
When you reach the point early in the assignment where you have opened 5 terminal windows connected to your 5 experiment nodes, print out a screenshot of it that looks like the one in the instructions.
When you reach the point in the assignment section about OpenVPN "Scenario 1: routed tunnel, unencrypted," print out a pair of screenshots showing the tunnel endpoint connection dialogs, just like what you see in the instructions.
Send me the two screenshots as email attachments.
|peruse article on digital forensics for an overview||Computer forensics (DETER)||computer forensics|
|write-up entitled "filesystem
encryption." It has 4 links at the bottom. Read them too (except for the last one, concerning FreeOTFE).
article on the Truecrypt vacuum
listen to this discussion about Truecrypt.
You can skip over the initial 14-minute conversational chit-chat and start
listening at the beginning of the description of the Truecrypt product.
view - the slides entitled "sshfs - remote filesystem." What relation does the ssh file system bear to encrypted filesystems? to encryption?
do the assignment at the link entitled "truecrypt". Where asked to get files, obtain them from the home directory of user "public" on sputnik.. You are supposed to submit to me a file you create, and to send me information about a file of mine. Do so by sending me a single email message. Make your file an attachment, and include the required information within the message. Make sure the message title is "Assignment 13 Truecrypt". I will use an email message filter that finds such messages and that's what I will grade. If you title your message differently your assignment may get lost. Send your message to email@example.com (not to my smc.edu address please).
do the assignment at the link entitled "encrypted
filesystems," at left. It is presented there as an in-class exercise.
It can be done either as an in-class or homework exercise. Do it as
|backup onto an encrypted filesystem|
|additional excercises we may potentially use||ssh lab||