|
課程名稱 |
網路攻防實習
Practicum of Attacking and Defense of Network Security |
|
開課學期 |
109-2 |
|
授課對象 |
電機資訊學院 電信工程學研究所 |
|
授課教師 |
林宗男 |
|
課號 |
EE5188 |
|
課程識別碼 |
921 U2660 |
|
班次 |
|
|
學分 |
3.0 |
|
全/半年 |
半年 |
|
必/選修 |
選修 |
|
上課時間 |
星期二7,8,9(14:20~17:20) |
|
上課地點 |
電二229 |
|
備註 |
總人數上限:65人 |
|
Ceiba 課程網頁 |
http://ceiba.ntu.edu.tw/1092_CyberSecurity |
|
課程簡介影片 |
|
|
核心能力關聯 |
本課程尚未建立核心能力關連 |
|
課程大綱
|
|
為確保您我的權利,請尊重智慧財產權及不得非法影印
|
|
課程概述 |
Practicum is traditionally referenced as a course of supervised study in a professional field. In the context of computing education, it is also used for practices at a lab environment which emulates the real world situation. With the advancement of computing technology, a lab environment could be a physical lab or a virtual lab.
This is a practicum course of computer network security where students will learn to create a virtual computing network environment. Students will then use open source tools to create different attacking scenarios and then implement defense solutions to protect the network from those attacks. A major learning outcome is to design an enterprise network with security consideration to protect from various hacking and intrusion attacks. The course starts with a brief review of security requirements and then emerges students in various security tools to experiment on various attacking and defense scenarios.
PREREQUISITE (knowledge): (1) TCP/IP protocols, (2) Linux operating system, and (c) one programming language course (C++ or Python is preferred) |
|
課程目標 |
1. Specify security requirements in an enterprise environment. Distinguish and classify security attacks in four major categories: eavesdropping, authentication, integrity, and availability.
2. Design the enterprise network for maximal security protection
3. Identify vulnerabilities in network protocols.
4. Practice Open-Source tools to emulate various security attacks.
5. Configure network device (e.g., firewall) to protect and defend security attacks.
6. Design, configure, and build Virtual Private Network (VPN) which can be adopted in a real enterprise environment. Experiment with different encryption algorithms to evaluate the effectiveness of security protection. |
|
課程要求 |
Students will learn how hackers launch network attacks by practicing these attacks in a Virtual Machine (VM) environment. Students will then apply defense countermeasures to prevent or mitigate these attacks.
. |
|
預期每週課後學習時數 |
|
|
Office Hours |
|
|
指定閱讀 |
待補 |
|
參考書目 |
1. William Stallings, Cryptography and Network Security: Principles and Practice, 7th ed. Prentice Hall (2015)
2. William Stallings, Lawrie Brown, Computer Security: Principles and Practice: Fourth edition, |
|
評量方式
(僅供參考) |
|
|
週次 |
日期 |
單元主題 |
|
第1週 |
2/23 |
Course Introduction & Cybersecurity Basic
|
|
第2週 |
3/02 |
VM Setup and Network Config
|
|
第3週 |
3/09 |
Traffic Sniffing and Scanning (Wireshark) & nmap
|
|
第4週 |
3/16 |
Web technology and vulnerability (Front-end)
|
|
第5週 |
3/23 |
Web technology and vulnerability (Back-end)
|
|
第6週 |
3/30 |
CSRF & XSS
|
|
第7週 |
4/06 |
XXE & Serialization
|
|
第8週 |
4/12 |
Web Penetrate
|
|
第9週 |
4/20 |
期中考 (Midterm Project)
|
|
第10週 |
4/27 |
Malware Analysis (調查局)
|
|
第11週 |
5/04 |
Network Practice analysis (調查局)
|
|
第12週 |
5/11 |
Reverse 1
|
|
第13週 |
5/18 |
Reverse 2
|
|
第14週 |
5/25 |
Pwn 1
|
|
第15週 |
6/01 |
Pwn 2
|
|
第16週 |
6/07 |
密碼學
|
|
第17週 |
6/15 |
Cyber Security Intelligence (TWCERT)
|
|