#Network Security <!-- [Lectures](#lectures) | [Handouts](#handouts) | [Assignments](#assignments) | [Class Schedule](http://bitdegree.ca/index.php?Program=NET&Section=Courses&Page=Year3) | [News](#news) | [Events](#events) | [Resources](#resources) --> [News](#news) | [Events](#events) | [Resources](#resources) ![Source: https://c1.staticflickr.com/3/2866/11857802413_a3c8589332_b.jpg](https://c1.staticflickr.com/3/2866/11857802413_a3c8589332_b.jpg) <!-- **NET3007 Network Security** is a course taught at the Algonquin College [School of Advanced Technology](http://www.algonquincollege.com/sat/) as part of the [BIT-NET](http://bitdegree.ca/index.php?Program=NET) (Bachelor of Information Technology - Network Technology) program which is a joint partnership between [Algonquin College](http://www.algonquincollege.com/) and [Carleton University](https://carleton.ca/). --> <!-- #Lectures<a name='lectures'></a> - **Week 1** [Slides](index.php?week=1&style=slides) [HTML](index.php?week=1&style=notes) [Text](notes/week1.md.txt) - **Week 2** *See Week 1* - **Week 3** [Slides](index.php?week=3&style=slides) [HTML](index.php?week=3&style=notes) [Text](notes/week3.md.txt) - **Week 4** [Slides](index.php?week=4&style=slides) [HTML](index.php?week=4&style=notes) [Text](notes/week4.md.txt) - **Week 5** [Slides](Week11-2-hour-F18-compress.pdf) [AES Animation](Rijndael_Animation_v4_eng.swf) - **Week 6a** [Slides](CCNASv2_studentPPT_CH8.pdf) - **Week 6b** [Slides](index.php?week=6&style=slides) [HTML](index.php?week=6&style=notes) [Text](notes/week6.md.txt) - **Week 7** [Slides](CCNASv2_StudentPPT_CH9.pptx) - **Week 8a** [Slides](IntroCyberv2.1_Student.pdf) Parts or all of the following videos have been shown in class: - **No Tech Hacking** [Video](https://www.youtube.com/watch?v=5CWrzVJYLWw) - **Citizen Four** [Video](https://www.rottentomatoes.com/m/citizenfour/) - **How Not To Do Security: Lessons Learned From The Galactic Empire** [Video](https://sector.ca/sessions/how-not-to-do-security-lessons-learned-from-the-galactic-empire/) - **Theory and Practice of Cryptography** [Video](https://www.youtube.com/watch?v=IzVCrSrZIX8) ----------------------------- #Handouts<a name='handouts'></a> - Handout 1a [PDF](handout1.pdf) - Handout 1b [PDF](handout1b.pdf) - Handout 3a [PDF](handout2.pdf) ----------------------------- #Assignments<a name='assignments'></a> Visit the NET3007 [Brightspace](https://brightspace.algonquincollege.com/) course to view and download assignments. Students are welcome to attend any lab section. Extra seats are available on a first come, first served basis. --> ----------------------------- #News<a name='news'></a> * [AlienVault](https://www.alienvault.com) has become [AT&T Cybersecurity](https://www.alienvault.com/blogs/security-essentials/att-cybersecurity-is-born) - _AlienVault_ - _posted Sun Apr 28 16:32:30 EST 2019_ * [Thunderbolt enables severe security threats](https://www.osnews.com/story/129501/thunderbolt-enables-severe-security-threats/) - _OS News_ - _posted Sat Mar 7 22:55:12 EST 2019_ * Gone in six seconds? [Exploiting car alarms](https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/) - _Pen Test Partners_ - _posted Fri Mar 8 11:11:44 EST 2019_ * How Amazon Web Services runs [security at a global scale](https://www.zdnet.com/article/how-amazon-web-services-runs-security-at-a-global-scale/) - _ZDNet_ - _posted Wed Dec 12 22:22:51 EST 2018_ * Statistics Canada release [data on Cyber-Security and Cyber-Crime](https://www.caubo.ca/latest-news/statistics-canada-release-data-on-cyber-security-and-cyber-crime/) - _CAUBO_ - _posted Fri Dec 7 15:37:16 EST 2018_ * Professor: Quebec an [embarrassement in dealing with cybersecurity issues](https://montreal.ctvnews.ca/professor-quebec-an-embarrassment-in-dealing-with-cybersecurity-issues-1.4181998) - _CTV_ - _posted Sun Nov 18 19:37:09 EST 2018_ * Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software [Denial of Service Vulnerability](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos) - _Cisco_ - _posted Fri Nov 2 21:30:54 EDT 2018_ * How a [dorm room Minecraft scam](https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/) brought down the Internet - _Wired_ - _posted Fri Nov 2 19:57:56 EDT 2018_ * New [privacy rules](https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/) will force [Canadian companies to report security breaches](https://www.cbc.ca/news/business/pipeda-privacy-data-1.4886061) - _CBC_ - _posted Thu Nov 1 22:13:02 EDT 2018_ * A future where [everything becomes a computer](https://www.nytimes.com/2018/10/10/technology/future-internet-of-things.html) is as creepy as you feared - _The New York Times_ - _posted Sat Oct 13 15:26:17 EDT 2018_ * [California bans default passwords on any internet-connected device](https://www.engadget.com/2018/10/05/california-default-password-ban-information-privacy-connected-devices-bill/) _posted Sat Oct 6 21:42:59 EDT 2018_ * [Canadian retailer's servers storing 15 years of user data sold on Craigslist](https://www.zdnet.com/article/canadian-retailers-servers-storing-15-years-of-user-data-sold-on-craigslist/) * In Town and Out: [Cyber Security Challenge](http://www.cbc.ca/news/canada/ottawa/programs/intownandout/cyber-security-challenge-1.3858908) * This [$5 Device](http://motherboard.vice.com/read/this-5-device-can-hack-your-locked-computer-in-one-minute) Can Hack Your Locked Computer In One Minute _posted Fri Nov 18 15:52:00 EDT 2016_ * Slashdot Interview with [Security Expert Mikko Hypponen](https://interviews.slashdot.org/story/16/10/15/1835243/the-slashdot-interview-with-security-expert-mikko-hypponen-backupception) _posted Sat Oct 15 17:21:43 EDT 2016_ * Yes, [Anti-Facial-Recognition Glasses](https://www.fastcompany.com/3050252/tech-forecast/yes-anti-facial-recognition-glasses-are-coming) Are Coming _posted Thu Oct 13 14:39:12 EDT 2016_ * Yahoo [secretly scanned customer emails](http://news.trust.org/item/20161004170601-99f8c) for US intelligence _posted Thu Oct 13 14:07:01 EDT 2016_ * Researchers have found a new strain of document-based macro malware that [evades discovery using a novel technique](https://threatpost.com/malware-evades-detection-with-novel-technique/120787/) _posted Fri Oct 7 11:57:00 EDT 2016_ * In IT security, "100-per-cent secure" is [100-per-cent pure baloney](http://www.theglobeandmail.com/report-on-business/rob-commentary/in-it-security-100-per-cent-secure-is-100-per-cent-pure-baloney/article31597907/) _posted Tue Sep 6 14:27:32 EDT 2016_ * This [router](http://news.softpedia.com/news/this-chinese-router-is-depressingly-insecure-and-downright-evil-507518.shtml#ixzz4JR2svHJ1) is depressingly insecure and downright evil _posted Mon Sep 5 21:32:43 EDT 2016_ ----------------------------- #Local Events<a name='events'></a> None at present. #International Events - [International Day Against DRM](https://www.fsf.org/events/international-day-against-drm-idad-2019) October 12, 2019 ##Past Events - [HTCIA Ottawa Meeting](https://htcia-ottawa.org/2019/04/03/may-event-what-is-the-involvement-and-expectations-of-you-and-the-police-during-a-cyber-incident/) May 14, 2019 - [Cyber Security Challenge Ottawa](http://cybersecuritychallenge.ca/cybersci-ottawa/) November 17, 2018 - [Federal Safety, Security, and Intelligence Career Fair](https://www.canada.ca/en/services/policing/career-fair.html) November 15, 2018 - [BSides Ottawa](https://www.bsidesottawa.ca/) November 8-9, 2018 - [Countermeasure](https://www.countermeasure.ca/) November 1-2, 2018 - [Galatecha](http://www.galatecha.com/) October 20th, 2018 <!-- ------------------------------ #Other Courses - [CST8207 Linux I 18F](http://teaching.idallen.com/) - [CST8177 Linux II 17F](http://linux2.ca) --> ------------------------------ #Resources<a name='resources'></a> ##Articles - Pwning WPA/WPA2 Networks With [Bettercap and the PMKID Client-Less Attack](https://www.evilsocket.net/2019/02/13/Pwning-WiFi-networks-with-bettercap-and-the-PMKID-client-less-attack/) - Why [Raspberry Pi isn't vulnerable to Spectre or Meltdown](https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/) - Are CEH and OSCP certifications comparable? [Part 1](https://www.peerlyst.com/posts/are-ceh-and-oscp-certifications-comparable-part-1-david-dunmore?trk=wall_page_activity_feed) [Part 2](https://www.peerlyst.com/posts/are-ceh-and-oscp-certifications-comparable-part-2-david-dunmore?utm_source=peerlyst_perspective&utm_medium=email&utm_content=peerlyst_post&utm_campaign=top_posts_on_peerlyst_this_week_12042018) - This is how [one man accidentally destroyed the Internet](https://www.inverse.com/article/50422-worlds-first-cyberattack-happened-30-years-ago-robert-tappan-morris) 30 years ago - [In the Beginning was the Command Line](http://cristal.inria.fr/~weis/info/commandline.html) - [This World of Ours](http://scholar.harvard.edu/files/mickens/files/thisworldofours.pdf) - [PIN Analysis](http://www.datagenetics.com/blog/september32012/) - [SegmentSmack and FragmentSmack](https://access.redhat.com/articles/3553061) ##Maps * [Cybersecurity Supply and Demand Heat Map](http://cyberseek.org/heatmap.html) * [Kaspersky](http://usa.kaspersky.com/?domain=kaspersky.com) Cyberthreat [Real-Time Map](https://cybermap.kaspersky.com/) * [Norse](http://www.norsecorp.com/) [Cybersecurity map](http://map.norsecorp.com/#/) ##Guides * [Privacy Toolkit: A Guide for Businesses and Organizations](https://www.priv.gc.ca/media/2038/guide_org_e.pdf) * [Surveillance Self-Defense](https://ssd.eff.org/) ##Radio<a name='radio'></a> - [Internet plus: Now everything can be hacked!](https://www.cbc.ca/radio/spark/internet-plus-now-everything-can-be-hacked-1.4824151) via [Spark](https://www.cbc.ca/radio/spark) * [Radiolab - Long Distance](http://www.podtrac.com/pts/redirect.mp3/audio.wnyc.org/radiolab/radiolab022012c.mp3) - the story of Joe Engressia Jr. who learned to hack phone systems by whistling ##Video<a name='video'></a> - [No Tech Hacking](https://www.youtube.com/watch?v=5CWrzVJYLWw) - [Breaking the x86 Instruction Set](https://www.youtube.com/watch?v=KrksBdWcZgQ) - [LuciuOS](https://www.youtube.com/watch?v=WUyarCCqDzs), a comprehensive malware development framework * [Public Key Cryptography - Diffie-Hellman Key Exchange](https://www.youtube.com/watch?v=YEBfamv-_do) * [DefCon 15 - No-Tech Hacking](https://www.youtube.com/watch?v=5CWrzVJYLWw) * [How NOT to do Security - Lessons Learned from the Galactic Empire](http://2012.video.sector.ca/video/51119497) * [Mikko Hypponen TED Talk: How the NSA betrayed the world's trust](https://www.ted.com/talks/mikko_hypponen_how_the_nsa_betrayed_the_world_s_trust_time_to_act?language=en) ##Books<a name='books'></a> - [xchg rax,rax](https://www.amazon.ca/xchg-rax-xorpd/dp/1502958082/ref=pd_rhf_se_p_img_8?_encoding=UTF8&psc=1&refRID=N9P877B6EVM6C70YAQK1) - [Rtfm: Red Team Field Manual](https://www.amazon.ca/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=sr_1_1?s=books&ie=UTF8&qid=1539743302&sr=1-1&keywords=red+team) - [Blue Team Field Manual (BTFM)](https://www.amazon.ca/Blue-Team-Field-Manual-BTFM/dp/154101636X/ref=sr_1_1?s=books&ie=UTF8&qid=1539743346&sr=1-1&keywords=blue+team) - [Hash Crack: Password Cracking Manual](https://www.amazon.ca/Hash-Crack-Password-Cracking-Manual/dp/1975924584/ref=pd_sim_14_5?_encoding=UTF8&pd_rd_i=1975924584&pd_rd_r=6e4da1cd-d1b4-11e8-9f14-73fc20980c51&pd_rd_w=2pOcd&pd_rd_wg=9UP7C&pf_rd_i=desktop-dp-sims&pf_rd_m=A3DWYIK6Y9EEQB&pf_rd_p=f2db799a-cb6a-4ff5-b84b-b317891b94a8&pf_rd_r=MGYN2R3PYQWCMG1WKQ0W&pf_rd_s=desktop-dp-sims&pf_rd_t=40701&psc=1&refRID=MGYN2R3PYQWCMG1WKQ0W) - [Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground](https://www.amazon.ca/Kingpin-Hacker-Billion-Dollar-Cybercrime-Underground/dp/0307588696) ##Organizations * [Canadian Security Establishment](http://cse-cst.gc.ca) * [Electronic Frontier Foundation](https://www.eff.org/) ##Conferences * [BlackHat](https://www.blackhat.com/) * [Def Con](https://www.defcon.org/) * [SecTor](https://www.sector.ca) * [Recon](https://recon.cx/) ##Websites * [Defective By Design](https://defectivebydesign.org) * [Threatpost](https://threatpost.com) * [CFB Leitrim](http://jproc.ca/rrp/leitrim.html) * [XKCD](https://xkcd.com) * [Robert Half 2019 Technology & IT Salary Guide](https://www.roberthalf.ca/en/salary-guide/technology) * [Lux Ex Umbra](https://luxexumbra.blogspot.com/) ##Tools<a name='tools'></a> ###Breach browser * ['--have i been pwned?](https://haveibeenpwned.com/) ###Identity generators * [Fake Face Generator](https://www.thispersondoesnotexist.com/) * [Fake Name Generator](https://www.fakenamegenerator.com/) * [Fake Mail Generator](https://http://www.fakemailgenerator.com) * [Fake Article & Comment History Generator](https://www.reddit.com/r/SubredditSimulator/) ###Network monitoring * [ELSA](https://github.com/mcholste/elsa) * [Zeek](https://www.zeek.org/) * [Sguil](https://bammv.github.io/sguil/index.html) * [Glasswire](https://www.glasswire.com/) * [ntopng](http://www.ntop.org/products/traffic-analysis/ntop/) High-Speed Web-based Traffic Analysis and Flow Collection. ###Virtual Machines - [VulnHub](https://www.vulnhub.com/) - [Kali Linux](https://www.kali.org/downloads/) - [OpenVAS](https://www.greenbone.net/en/install_use_gce/) - [Metasploitable](https://sourceforge.net/projects/metasploitable/) - [pfSense](https://www.pfsense.org/download/) ###Password checkers - [How Secure Is My Password?](https://howsecureismypassword.net/) ###Password lists - [danielmiessler / SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) - [Default Router Username and Password List](https://192-168-1-1ip.mobi/default-router-passwords-list/) - [defaultpassword.com](http://www.defaultpassword.com/) - [Default Password List](http://phenoelit.org/dpl/dpl.html) ###Password crackers * [crackstation.net](https://crackstation.net/) Free Password Hash Cracker - [Cisco type 7 / 'enable password' password cracker](http://www.ifm.net.nz/cookbooks/passwordcracker.html) - [Cisco type 5 / 'enable secret' password cracker](http://www.ifm.net.nz/cookbooks/cisco-ios-enable-secret-password-cracker.html) ###Intel ME attacks - [Intel Management Engine JTAG Proof of Concept](https://github.com/ptresearch/IntelTXE-PoC) ###Mail servers * [iRedMail](http://www.iredmail.org/) Free mail server * [MailInABox](https://mailinabox.email/) Another free mail server ###Electronic Music<a name='music'></a> - [Sea Wall](https://song.link/ca/i/1291058471) - Benjamin Wallfisch - [Loungemeister](https://song.link/ca/i/1438971017) - Ugress - [Virus](https://song.link/ca/i/288544325) - Deltron 3030 - [Technologic](https://song.link/ca/i/693751201) - Daft Punk - [Badtimes](https://song.link/ca/i/3028725) - Laika - [Power Management](https://song.link/ca/i/1242859444) - Covox - [Get Better John](https://song.link/ca/i/679931164) - Mux Mool - [Dayvan Cowboy](https://song.link/ca/i/81696232) - Boards of Canada - [Sky Trees](https://song.link/ca/i/926717669) - Solar Fields - [Tick of the Clock (Film Edit)](https://song.link/ca/i/632148943) - Chromatics - [Light Powered](https://song.link/ca/i/681202768) - Deastro - [Slip Away](https://song.link/ca/i/1244305726) - Sidewalks and Skeletons - [To Jupiter and Back](https://song.link/ca/i/518337907) - Kebu - [What Is Real?](https://song.link/ca/i/890558503) - Trevor Something - [Gazebo](https://www.youtube.com/watch?v=28guh6qG6OM) - Fairmont - [Always (Ls Vintage Edit)](https://song.link/ca/i/1223152579) - Asura - [Exercise 1](https://song.link/ca/i/1216918257) - Bent - [You're Already There](https://song.link/ca/i/1365712902) - Fairmont - [Levels](https://song.link/ca/i/487946085) - Avicii - [The Grid](https://song.link/ca/i/406192541) - Daft Punk - [Small Little Green Cubes](https://song.link/ca/i/878570371) - Solar Fields - [Hasty Boom Alert](https://song.link/ca/i/724922943) - µ-Ziq - [Arp #1](https://song.link/ca/i/669006413) - Jackson and His Computer Band - [PIXELOVE](https://song.link/ca/i/563146693) - LukHash - [System Override](https://song.link/i/531883472) - Makeup and Vanity Set - [Discovery (Playstation 4 Theme)](https://song.link/ca/i/733865257) - Good Blood - [Letters to the Void](https://song.link/ca/i/656956619) - Metaform - [Open Eye Signal](https://song.link/ca/i/766062592) - Jon Hopkins - [Phase 09](https://song.link/ca/i/579459229) - Solar Fields - [February](https://song.link/ca/i/679248687) - Lusine - [Mighty Girl](https://song.link/ca/i/253685204) - Lindstrøm & Prins Thomas - [Winter Linn](https://song.link/ca/i/917623424) - Clark - [LA Trance](https://song.link/ca/i/1288518127) - Four Tet - [Surrender](https://song.link/i/714174443) - The Chemical Brothers - [Purple (Jaia Remix)](https://song.link/ca/i/597784751) - Vibrasphere - [Hello E](https://song.link/ca/i/1222644322) - TEPR - [Selfoss](https://song.link/ca/i/435449406) - Gusgus - [Pangea](https://song.link/ca/i/679649692) - Professor Kliq - [Rooftop Paradise](https://song.link/ca/i/890727483) - Weval - [Wayfarer](https://song.link/i/1141188980) - Kavinsky - [Artificial Light](https://song.link/ca/i/1364885747) - Amy Brandon *Last updated November 3, 2019*<br/> *Contact <a href='m&#97;ilto&#58;r&#111;b&#46;b%72a%6E&#100;o&#110;&#64;a%6C%6&#55;o&#37;&#54;E&#113;uin%63%6&#70;%6Cl%65&#37;6&#55;e&#46;com'>ro&#98;&#46;&#98;&#114;andon&#64;al&#103;&#111;nq&#117;&#105;nc&#111;&#108;le&#103;e&#46;com</a> to suggest updates or for more information about this web page* Estimated total visits: <b>10338</b>* _*Visits on different days are counted as separate visits, if the user allows cookies._