CSC 474

Network Security

Level:
[Undergrad]
Number:
CSC 474
Title:
Network Security
Format:
In-person, recorded lectures
Credits:
3
Offerings:
2025 Spring, 2025 Fall
Introductory computer security course for undergraduate students covering network attacks and vulnerabilities as well as current defenses. Topics covered include cryptography, authentication protocols, VPNs & firewalls, routing and DNS security, and anonymity
Rotating Instructors: Note that this course is taught by a rotating set of instructors depending on availability. This course page reflects my offering of the course. Structure and content may vary between instructors.

Overview #

This introductory course will impart a broad understanding of the underpinnings of security techniques, security best practices, and security failures. Coverage of high-level concepts such as confidentiality, integrity, and availability applied to hardware, software, and data.

The course should help students to understand the mindsets of attackers (the bad guys and gals who do malicious things on the network) and system designers and defenders (the good guys and gals who try to stop the attackers). The course should prepare students to understand and assess security threats, become familiar with security engineering best practices, and write better software, protocols, and systems.

Topics #

Security Fundamentals

Security Fundamentals

Intro to key security concepts and principles like terminology, CIA triad, and security modeling.
Intro to Cryptography

Intro to Cryptography

Intro to basic cryptographic concepts including symmetric and asymmetric encryption, hashing, and digital signatures.
Network Security

Network Security

Overview of network security principles, protocols, and practices, including routing, TLS, Wi-Fi security, and VPNs.
Web Security

Web Security

Overview of web security on the client and server side, including common vulnerabilities like XSS, CSRF, and SQL injection.
Web Security

Web Security

Overview of web security on the client and server side, including common vulnerabilities like XSS, CSRF, and SQL injection.

Topic List #

  1. Course Introduction: Course introduction, syllabus, activity waiver
  2. Security Fundamentals: Security terminology, security models
  3. Intro to Cryptography: Crypto terms, cryptographic systems
  4. Symmetric Cryptography: Stream ciphers, block ciphers, modes of operation
  5. Hashes and MACs 1: Cryptographic hash functions, message authentication codes
  6. Hashes and MACs 2: Message authentication, other hash uses
  7. Asymmetric Cryptography: Asymmetric crypto, RSA, digital signatures
  8. Key Management: Diffie Hellman, key exchange, PKI
  9. User Authentication: Credentials, passwords, multi factor authentication
  10. Authentication Protocols 1: Cookies, mutual authentication
  11. Authentication Protocols 2: Mediated authentication, Kerberos, federated identity, OAuth
  12. Transport Layer Security: TLS handshake, session resumption, attacks
  13. Network Background and TCP IP Attacks: Network layers, TCP IP attacks
  14. Malware: Malware, ransomware, malware defenses, detection
  15. Firewalls and Tunnels: Firewalls, VPNs, tunnels
  16. Intrusion Detection Systems: IDS, confusion matrix, ROC curve
  17. Routing Security: Routing, routing attacks, BGP attacks, BGPSEC, RPKI
  18. DNS Security: DNS, DNS attacks, cache poisoning, SAD DNS, DNSsec
  19. Wireless Security: WEP, WPA, WPA2, WPA3, KRACK attack, EAP
  20. Cloud Security: Public clouds, private clouds, virtualized execution, cloud security
  21. Web Security: URI, JavaScript, same origin policy, CORS, CSRF, XSS
  22. Anonymity: Internet anonymity, dining cryptographer problem, overlay networks, anonymity strength, proxies, VPNs, Crowds, Tor
  23. AI and Network Security: AI in networking security contexts