Fridays, Fall 2004 1. Sep 10 2. 24 Oct 1 : adirondack; NICISS 3. Oct 8 4. 22 5. Nov 5 6. 19 7. Dec 10 Last year, top down : 1. overview, start HTTP 2. more HTTP, DNS 3. TCP/IP, security 101 4. Ethernet, crypto 5. Firewalls, more security 6. network management This year, bottom up : Steven's book 1. overview of course protocol definition overview of internet protocol stack chap 1 review math base conversions ethernet addressing , link/physical layer chap 2 unix command line basics, Q&A 2. IP concepts and addressing chap 3 Routing algorithm chap 9 CIDR and subnets chap 10 (some of it) related services: ARP chap 4 DNS chap 14 traceroute chap 8 3. TCP/UDP chap 17-24 selections 3 way handshake, windows, etc. ports packet sniffing, ethereal nmap "fake" connections, SYN floods, ... 4. application layer HTTP online sources SMTP chap 28 talk to 'em with telnet a bit about web applications ? somthing bout MIME types ? 5. internet application examples and some details discuss client/server model vs peer to peer apache server, config, startup at boot online other unix services (not sure which ones) : subversion inetd sendmail bind NFS, Samba nmap to see what's running where... 6. security 1 - basic ideas crypto : hashes, public keys, tools applications and protocols : ssh, sftp, tunneling, https network filtering : firewalls, iptables 7. security 2 - offense and defense system hardening, nessus intrusion detection: IDS, lsof, last, .bash_history, logs good guys and bad guys: CERT, famous worms and holes exploits: * what is a "buffer overflow" * SQL injection attacks, cross scripting attacks * web application shell escapes what's in the news ?