Show The Graduate Center Menu

Penetration Testing

Penetration Testing
An in-depth study of the theory and practice of intrusion detection and prevention in cyberspace. Topics include network security, monitoring, auditing, intrusion detection, intrusion prevention, and ethical penetration testing. Emphasis is on methods to identify system vulnerabilities and threats and prevent attacks.
Class format: Discussing, reading and writing research papers, plus presentation.
Textbook: Computer and information security handbook, by Vacca, J.R. (Ed.) (2009), Morgan Kaufman Publishers, 978-0-12-374354-1
Learning Goals:
At the end of this course, students should be able to:

  1. Apply the basic principles and mechanism in detecting cybersecurity incidents.
  2. Assess the main threats and attacks to wired and wireless networks from inside and outside an organization.
  3. Apply current penetration testing tools, technique, and procedures.
  4. Apply the main host-based and network-based intrusion detection techniques to build effective intrusion prevention system.
  5. Assess the strength and weakness of two widely-deployed intrusion detection systems.
  6. Critically assess the mechanisms for security monitoring, auditing, and logging focusing on the information systems security audit process.
  7. Apply the measures and techniques used in detecting and countering data leakage and web security incidents.
  8. Critically assess modern security architectures to include their building blocks.
Grade Information
                        11 assignments                  55
                        2 labs                                 10
                        2 papers                             20
                        Final                                   15

Week 1 Advanced TCP/IP protocols

Optional Reading

Assignment 1
Week 2 Pre-attack phases: reconnaissance, scanning and enumeration
  • Wentao Liu, “Design and Implement of Common Network Security Scanning System”, Intelligent Ubiquitous Computing and Education, International Symposium, PP 148-151, May 2009.
  • Susmit Panjwani et al., “An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack”, International Conference on Dependable Systems and Networks, pp 602-611, July 2005.
  • Cynthia B. Lee et al., “Detection and Characterization of Port Scan Attack”, 2004.
    Retrieved from:
  • Fyodor Yarochkin, “Remote OS Detection Via TCP/IP Stack FingerPrinting”, Oct 1998.
    Retrieved from:
  • Matthew Smart et al., “Defeating TCP/IP Stack Fingerprinting”, 9th USENIX Security Symposium, pp. 229-240, 2000. Retrieved from:
Assignment 2
Week 3 Switching and Routing Vulnerabilities (Critically assess layer 2 and layer 3 attacks and vulnerabilities)
  • S.L. Murphy and M.R. Badger, “Digital Signature Protection of the OSPF Routing Protocol”, Symposium on Network and Distributed System Security, Feb 1996.
  • F. Wang et al., “An Experimental Study of Insider Attack for OSPF Routing Protocol”, IEEE International Conference on Network Protocols, pp 293, Oct 1997.
  • Thawatchai Chomsiri, “Sniffing Packets on LAN without ARP Spoofing”, International Conference on Convergence Information Technology, pp. 472-477, Nov 2008.
  • Cristina L. Abad and Rafael Bonilla, “An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks”, 27th International Conference on Distributed Computing Systems Workshops, 2007.
  • Michael Goodrich and Roberto Tamassia, Intro to Computer Security, 2010: chapter 5.1, 5.2 & 5.3, pp. 222-244.
Optional Reading
  • Ralph Droms, “Automated Configuration of TCP/IP with DHCP”, IEEE Internet Computing, pp. 45-53, July 1999. Note: this is a good tutorial paper on DHCP.
Assignment 3
Week 4 TCP/IP Vulnerabilities (Identify main threats and attacks on TCP/IP protocols)
  • W. Eddy, “TCP SYN Flooding Attacks and Common Mitigation”, RFC 4987, Aug 2007.
    Retrieved from:
  • Suranjith Ariyapperuma et al., “Security Vulnerabilities in DNS and DNSSEC”, Second International Conference on Availability, Reliability and Security, 2007.
  • Stefan Savage et al., “TCP congestion control with a misbehaving receiver”, ACM SIGCOMM Computer Communication Review, Vol.29, Issue 5, 1999.
  • B. Harris, R. Hunt, “TCP/IP Security Threats and Attacks Methods”, Computer Communication, Vol. 22 (10), pp. 885-897, June 1999.
    Retrieved from:
  • Michael Goodrich and Roberto Tamassia, Intro to Computer Security, 2010: chapter 5.4, 5.5 & 6.1, pp. 246 -285.
Optional Readings
  • Ross Anderson, Security Engineering, Wiley, 2010: chapter 21,pp.633-678.
Assignment 4   
Week 5 Lab 1 Nmap & Nessus
Lab 1
Week 6  Web Security (Discuss the major security vulnerabilities in web applications and tools available for assessing web application security)
·       Chen, et al, “Secure Web Development Teaching Module”, Ch. 1-8,
  • Michael Goodrich and Roberto Tamassia, Intro to Computer Security, 2010: chapter 7, pp. 328-382. Note: the book has an excellent chapter on web security.
  • Engin Kirda et al., “Client Side Cross Site Scripting Protection”, Computer and Security Journal, Elsevier, Vol.28 (7), pp. 592-604, 2009. 
  • Collin Jackson et al., “Protecting Browsers from DNS Rebinding Attacks”, In Proceedings of ACM CCS, 2007.
Optional Readings
  • P. Wurzinger et al., “SWAP: Mitigating XSS Attacks Using a Reverse Proxy”, Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems, May 2009.
  • Joon S. Park and Ravi Sandhu, “Secure Cookies on the Web”, IEEE Internet Computing, Vol. 4(4), pp. 36-44, July 200.
Assignment 5   
Week 7  Individual Project (research paper survey)
Project 1
Week 8 Covert Channels and Data Leakage (Identify various types of covert channels and analyze how data can be leaked through covert channels)
  • R. A. Kemmerer “A practical approach to identifying storage and timing channels: Twenty years later”, Eighteenth Annual Computer Security Application Conference, Las Vegas, Nevada., Dec 2002.
    Retrieved from:
  • Ira S. Moskowitz et al., “The Pump: A Decade of Covert Fun”, Computer Security Applications Conference, pp. 352-360, Dec 2005.
  • Jason Jaskolka and Ridha Khedri, “Exploring Covert channels”, Proceedings of the Hawaii International Conference on System Sciences, pp. 1-10, 2011.
  • Craig H. Rowland, “Covert Channels in the TCP/IP Protocol Suite”, First Monday Peer-Reviewed Journal on the Internet, Vol. 2(5), May 1997.
    Retrieved from
Assignment 6  
Week 9 Intrusion Detection and Prevention Systems (Apply the main host & network based intrusion detection techniques to build effective intrusion detection systems)
  • Martin Roesch, “Snort – Lightweight Intrusion Detection for Networks”, Proceeding of LISA 99: 13th Systems Administration Conference, Nov 1999.
    Retrieved from:
  • Robin Sommer, “Bro: An Open Source Network Intrusion Detection System”, Proc. DFN-Arbeitstagung ├╝ber Kommunikationsnetze, 2003.
    Retrieved from:
  • Robin Sommer and Vern Paxson, “Enhancing Byte-Level Network Intrusion Detection Signatures with Context”, Proceeding of the 10th ACM conference on Computer and Communication Security, 2003.
  • Richard Lippmann et al., “The 1999 DARPA Off-line Intrusion Detection Evaluation”, Computer Network Vol. 34 (4), pp. 579-595, Oct 2000.
Assignment 7  
Week 10  Lab 2 IDS -- Snort
Week 11  IPsec VPN (Critically assess how an IPsec VPN connection can be established in modern security architectures)
  • Sheila Frankel et al., “Guide to IPsec VPNs”, NIST Special Publication 800-77, Dec 2005.
    Retrieved from:
  • Radia Perlman, “Key Exchange in IPSec: Analysis of IKE”, IEEE Internet Computing, Vol. 4(6), 2000.
  • Sheila Frankel et al., “Guide to SSL VPN”, NIST Special Publication 800-113, July 2008.
    Retrieved from:
  • AbdelNasir Alshamsi and Takamichi Saito, “A Technical Comparison of IPSec and SSL”, Proceedings of the 19th International Conference on Advanced Information Networking and Application, pp. 395-398, 2005.
Optional Reading
  • John R. Vacca, Computer and Information Security Handbook, MorganKaufmann, 2009: chapter 30, pp. 507-517.
Assignment 8
Week 12  Group Paper
Week 13  Wireless LAN Security (Critically assess wireless LAN vulnerabilities and exploits in modern security architectures)
  • Finn Michael Halvorsen and Olav Haugen, “Cryptanalysis of IEEE 802.11i TKIP” June 2009: Chapter 1 & 2.
    Retrieved from:
  • Gill, R., Smith, J., Looi, M., & Clark, A. , “Passive techniques for detecting session hijacking attacks in IEEE 802.11 wireless networks”, Proceedings of the AusCERT Asia Pacific Information Technology Security Conference Refereed R&D Stream, Australia, 26-38. May 2005.
    Retrieved from:
  • Kshitiz Saxena, “ Multi-dimensional Analyses of 802.11 Wireless Network Security Protocol”, International Journal of the Computer, the Internet and Management Vol. 18 (2), pp. 40-47, May 2010.
Assignment 9
Week 14 Network Security Architecture (Identify design and placement issues for network security elements such as Honypot/IDS, VPN, VLAN, DMZ, etc.)
  • Sean Convery, “Authenticated Network Architecture”, 2008. 
    Retrieved from:
  • Abhishek Mairh, “Honeypot in Network Security: A Survey”, Proceeding of the International Conference on Communication, Computing & Security, pp. 600-605, 2011.
  • Sylvia Bosire, “Information Security Management: Firewall Selection Factors Surrounding the Selection and Implementation of a Firewall System for an Organization”, Information Security Curriculum Development Conference, pp. 121-127, 2009.
  • Garrett Leischner and Cody Tews, “Security Through VLAN Segmentation: Isolating and Securing Critical Assets Without Loss of Usability”, Proceedings of the 9th Annual Western Power Delivery and Automation Conference, April 2007.
    Retrieved from:
Assignment  10
Week 15 Security Logging and Auditing (Critically assess the mechanisms for security monitoring, auditing, and logging)
  • Karen Kent et al., “Guide to Computer Security Log Management”, NIST Special Publication 800-92, Sept 2006. 
    Retrieved from:
  • Hiroshi Tsunoda et al., “A Prioritized Retransmission Mechanism for Reliable and Efficient Delivery of Syslog Messages”, Seventh Annual Communication Networks and Services Research Conference, 2009.
  • Dario V. Forte et al., “SecSyslog: an Approach to Secure Logging Based on Covert Channels”, IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 248-263, Nov 2005.
  • R. Gerhards et al., “The Syslog Protocol”, RFC 5424.
    Retrieved from:

Assignment 11  
Week 16  FINAL WEEK  (Take-home exam and group paper presentation)