Network Security (ISA 656) Spring 2012

Instructor: Damon McCoy (mccoy(at)
Time: Tuesday 4:30 pm - 7:10 pm
Room: Nguyen Engineering Building 4457 [map]
Office Hours: Tuesday 2:00 pm - 4:00 pm also by appointment
Office: 5328 Engineering Building

Teaching Assistant: Anis Alazzawe

Course Website:
Course Forum: piazza We will be using piazza for discussions on current security topics, and if you have a question this is the best place to ask it. We will check the page regularly and other students will be able to help as well.

Course Description:

GMU catalog: This course is an in-depth introduction to the theory and practice of Network Security. It assumes basic knowledge of cryptography and its applications in modern network protocols. The course studies firewalls architectures and virtual private networks and provides deep coverage of widely used network security protocols such as SSL, TLS, SSH, Kerberos, IPSec, IKE, and LDAP. It covers countermeasures to distributed denial of service attacks, security of routing protocols and the Domain Name System, Email security and spam countermeasures, wireless security, multicast security and trust negotiation.

This course will present current attacks and and defenses against networked computers. As a growing number of everyday things not typically thought as computer gain computational ability and in turn are connected to networks traditional security methods, such as locks and physical security mechanisms are no longer sufficient to protect them. This course will delve into the concepts and tools defenders have at their disposal and which threats they can mitigate.


ISA 562 and CS 555; or permission of instructor. There will be substantial programming involved in the assignments, and students should be familiar with programming in C, Java or another language.


Midterm: 25% (Open book)
Labs: 5% (There will 2-3 in class labs)
Assignments: 30% (I will assign 2-3 that will be mostly programming)
Final Project: 30% (You will work in groups of 2-3 on a class project in network security with a writeup/presentation due at the end)
Class/Forum Participation: 10%

Assignments received later that day lose 5%, the next day 20%, two days late 40%, after that no credit will be given. Please email or come and talk with me if cannot turn in an assignment on time for some unforeseeable reason.

Required Materials:

Text Book:

Kaufman, Perlman, and Speciner. Network Security: Private Communication in a Public World, Second Edition, Prentice Hall PTR, 2002, ISBN 0130460192. (Required).

There will also be on-line news articles and research publications that will be required reading before some of the lectures.


HW1 due Feb. 7 before class
HW2 due Mar. 7 11:59pm
HW3 due Apr. 17 before class


Feb. 21 IDS/Network Sniffers VM image for Lab please download this and install VMware. (Location Engineering Center 1505, during class)
Feb. 24 Java network programming (Location Engineering Center 1505, 7pm-9pm Not graded Optional)
Mar. 20 Firewalls, and Network Vulnerability Scanners VM image for Lab please download this and install VMware. (Location Engineering Center 1505, during class)

Lectures (tentative)

Lab: Firewalls, and Network Vulnerability Scanners

The topic and list of required readings are below.

week and date Book Topic and Required Reading
week 1, Jan 24th Course Overview and Introduction to Network Security [slides on blackboard]
week 2, Jan 31st chapter 23 Firewalls [slides on blackboard]

Chapman, "Network (In)Security Through IP Packet Filtering"
week 3, Feb 7th Malware [slides on blackboard]
The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, DHS, SRI, APWG Report, October 2006
THE PARTNERKA . WHAT IS IT, AND WHY SHOULD YOU CARE?, Dmitry Samosseiko, SophosLabs tech report 2009
The Underground Economy of Spam: A Botmaster.s Perspective of Coordinating Large-Scale Spam Campaigns, Brett Stone-Grossx, Thorsten Holzz, Gianluca Stringhinix, and Giovanni Vigna, LEET 2011
Measuring Pay-per-Install: The Commoditization of Malware Distribution, Juan Caballero, Chris Grier, Christian Kreibich, Vern Paxson, Usenix Security 2011
HW1 Due
week 4, Feb 14th chapters 4,5,6 Guest Lecuter: Professor Angelos Stavrou
week 5, Feb 21st Intrusion Detection Systems [slides on blackboard]
Lab: IDS/Network Sniffers [instructions on blackboard under assignments]
week 6, Feb 28th Chapters 17,18,19 Virtual Private Networks (IPsec/IKE)
week 7, Mar 6th DNS Security
Routing Protocol Security (BGP)
week 8, Mar 13th Spring Break
week 9, Mar 20th DDoS Attacks and Mitigation
Lab:Firewalls/Network Scanners
week 10, Mar 27th Chapters 20,25 Email Security
Midterm Review
week 11, Apr 3rd Midterm
week 12, Apr 10th Wireless Security
Embedded Device Security
week 13, Apr 17th Privacy/Anonymity
Cloud Security
week 14, Apr 24th LDAP/OAuth
Web Security
week 15, May 1st TBD (Possible topics Browser Security Models, HCI and Network Security, Cellular Network Security)
Final May 15th 4:30-7:15 Final Project Presentations

Honor Code:

Please read and adhere to the University's Academic Honesty Page, GMU Honor Code, CS Department Honor Code

Disability Statement:

If you have a documented learning disability or other condition that may affect academic performance you should:
1) Make sure this documentation is on file with the Office of Disability Services.
All academic accommodations must be arranged through the ODS.
2) Talk with me to discuss your accommodation needs.

Other Usefull Resources:

Writing Center: A114 Robinson Hall; (703) 993-1200;
University Libraries: .Ask a Librarian.
Counseling and Phychological Services (CAPS): (703) 993-2380;
University Policies: The University Catalog,, is the central resource for university policies affecting student, faculty, and staff conduct in university affairs.