Overview

The course "Advanced Network Security and Analysis" dives into the essential skills needed to protect and analyze complex network environments. This course covers advanced topics like anonymization techniques, mobile application security, and in-depth analysis of DNS, HTTP, SMTP, and TCP protocols. Learners will gain practical experience in recognizing vulnerabilities and analyzing network traffic to detect potential threats. Each module offers hands-on insights into industry-standard tools and techniques, equipping students to address real-world security challenges confidently. Uniquely focused on practical application, the course empowers students to work with tools like Splunk, TCPDump, and Wireshark, ensuring they can navigate and mitigate complex network security scenarios. Through interactive content, learners will gain a comprehensive understanding of network protocols, explore the mechanics of cyber-attacks, and learn how to implement effective defenses. By the end of the course, students will have developed an advanced toolkit for safeguarding modern network infrastructures, making them valuable assets in any IT security environment.

Syllabus

Course Introduction

Throughout this course, we will explore key anonymization techniques and the associated challenges, including legal implications. You'll learn about various mechanisms for user anonymity, such as onion routing and DHTs, and uncover methods of deanonymization. We’ll also dive into cybersecurity threats, including ransomware and Bluetooth vulnerabilities, while discussing mobile application security in the context of BYOD policies. Finally, we'll cover DNS fundamentals, TCP/IP protocols, and hands-on analysis with tools like Wireshark.

Anonymization

In this module, we discuss techniques for anonymizing and deanonymizing network traffic data. Anonymization is the process of removing information that can be used to identify a user and may be done as a post-processing effort, or by using systems that hide the user’s identity during normal operations. Anonymity has been a major concern in network security for the past thirty years, with an especially active interest in the last decade with the rise and fall of Napster and other peer-to-peer applications.

Mobile Application Security

In this module, we will discuss and be introduced to various risks, threats, and attack vectors/surfaces for mobile platforms and devices. We will learn how DoS attacks on IEEE 802.11 protocols occur, gain a better understanding of WEP, WPA, and WPA2, and learn about the overall security issues surrounding mobile platforms. Students will discuss different pieces of legislation being considered to protect mobile application users & personal data privacy laws. Mobile application & cloud-based scanning tools, as well as OWASP mobile and application program interface vulnerabilities will be studied.

DNS Analysis

In this module, we will discuss the use of DNS, one of the Internet’s most important protocols. DNS is the protocol that translates domain names into IP addresses, but more importantly in the modern internet, it is used to hide the multiplexing and geolocation mechanisms that are used to enhance internet performance. Due to its centrality to network traffic, DNS is one of the most hacked and modified protocols in active use, and the way that it is used both by legitimate and illegitimate uses is critical for understanding modern Internet security.

HTTP Analysis

This module covers the evolution of the HTTP protocol and clarifies the distinctions between HTTP, HTML, and the web. It includes an overview of common log formats such as CLF and ELF, and practical configuration of Apache and IIS for log file generation. Students will delve into log collection and analysis tools, particularly Splunk, and learn about iframe exploitation, sandbox countermeasures against clickjacking, and frame-busting techniques along with HTTP headers rulesets.

SMTP Analysis

This module explores the journey of digital messages from origin to destination, highlighting the functions of DNS, SMTP, and POP/IMAP. It covers the role of priority in DNS MX records, how spammers exploit SMTP, and the use of Network Time Protocol (NTP). Students will also delve into various filtering techniques and data analysis tools.

TCP Analysis

This module covers the fundamentals of TCP state transitions, including predicting state changes based on incoming packets. Students will explore the TCP sequence numbering mechanism, the role of MTU, Ethernet, and lower-level protocols, and understand TCP addressing and session concepts. The course includes practical experience capturing sessions with TCPDump, distinguishing between promiscuous and normal modes, and analyzing traffic using TCPDump or Wireshark. Additionally, students will study common TCP attacks such as sequence number spoofing, Christmas tree packets, and TCP scanning.