Weekly Note 14 - Week 50

04 December 2019

Lecture - Monday, December 9th.

16-19 in U170

The lecture is MONDAY - not tuesday

This is the last week of classes, and in this lecture we will wrap up everything.

We will start with covering WiFi security, which we will extend a bit beyond the book, which does not cover WPA2 in depth. We will also study the KRACK vulnerabilities which targets WIFI.

Then, we will take a look at a few tools and methods for penetration testing/ethical hacking and security monitoring. This will include tools for

  • Staying anonymous/hidden (Proxies, MAC address changer)

  • Password cracking

  • DoS options

  • Exploiting using Metaspoit

  • Security testing with Owasp Zap

Please consider if something could be improved in the course. This year, there is no official evaluation, but I’m always open to ideas and opinions, that can improve the experience. You are encouraged to email sugguestions to me.

If there is time left, we will do a bit more pen-testing (either the last assignment), or for those that have handed it in, a different application.

If you have a preferred timeslot or day for the exam, you can signup for this at the class. If you do not sign up, I will assign one of the days. The official list will come from the secretary through blackboard.

Tutorial session

Friday December 13th. 12-14 in U24 or 14-16 in U146

Preparation:

Watch the video from the KRACK attack website.

Prepare a list of 10-15 keywords for the exam question: Mobility, Wireless networks and Wireless security.

Select one of the topics from this list, and prepare to give a 10 min. presentation to the class on the topic:

  1. Functionality and interfaces for the application layer of the TCP/IP model and the functionality of DNS

  2. Functionality and interfaces for the transport layer of the TCP/IP model and the difference between UDP and TCP

  3. Functionality and interfaces for the network layer of the TCP/IP model with focus on the data plane.

  4. Functionality and interfaces for the network layer of the TCP/IP model with focus on the control plane.

  5. Functionality and interfaces for the link layer of the TCP/IP model, including error detection and correction

  6. Symmetric and public key crypography, Key distribution and User authentication

  7. Security: Transport- and Network-layer security

  8. Security: Firewalls, intrusion detection

  9. Mobility, Wireless networks and Wireless security

  10. Penetration Testing: Planning and Methods

In class:

Use the first part of class to work on this exercise and discuss the content of your keyword lists, and consider possible alternatives.

  • P24 - Streaming encryption, and IV

from Chapter 8 in the textbook.

Use the second part of the class to give and see a few presentations that you have prepared at home.

This is You that should make the presentations, the TA will not step in and do them for You!

Material (Slides, etc.)

Available later