Académique Documents
Professionnel Documents
Culture Documents
Introduction
Unit 1: Computing Security Concepts and Problems 1
Upon completion of this unit, you will be able to:
Video Lectures
(mm:ss) indicates the time for video lectures
Vulnerabilities (3:57)
Additional Resources
Data Breaches
The TCP/IP Guide: This free online guide to the basic communication language and protocol of
the internet contains clear information on many of the concepts covered in this course.
Breaking: Ransomware
Cyberthreat Maps
>> If you know the enemy, and know yourself, you need not fear the result of 100 battles.
If you know yourself, but not the enemy, for every victory gained, you'll also suffer defeat.
If you know neither the enemy nor yourself, you will succumb in every battle.
These ideas come from Chinese General and Philosopher, Sun Tzu's, The Art of War,
ADDITIONAL RESOURCES
These news stories and articles can give you more detail on many of the topics covered in the videos.
General
World's Biggest Data Breaches, Information is Beautiful
2017 Cyber Risks to Intensify as Hackers Become More Cunning: Report, Energi
Defining Cybersecurity
The Security Mindset, Schneier on Security
Vulnerabilities
Network live IP video cameras directory, Insecam.org
This website lets you view video from unsecured cameras around the world
Hackers Remotely Kill a Jeep on the Highway—With Me in It, Andy Greenberg, Wired
With 'recall,' Fiat Chrysler makes its car hack worse, Colin Neagle, Network World
Florida man wins over 1 million miles for hacking United Airlines, Jack Corrigan, WGN TV
Computer hackers can now hijack toilets, Sarah Griffiths, Daily Mail
It’s Way Too Easy to Hack the Hospital, Monte Reel and Jordan Robertson, Bloomberg
Personal Security
Here's What We Know About the Massive Cyber Attack That Took Down the Internet on Friday, Peter Dockrill,
Science Alert
How the Dyn DDoS attack unfolded, Tim Greene, Network World
Anatomy of the Target data breach: Missed opportunities and lessons learned, Michael Kassner, ZD Net
Home Depot: Massive Breach Happened Via Third-Party Vendor Credentials, Tara Seals, Infosecurity Magazine
Home Depot Hacked After Months of Security Warnings, Benjamin Elgin, Michael Riley, and Dune Lawrence,
Bloomberg
Inside the Cyberattack That Shocked the US Government, Brendan I. Koerner, Wired
What to know about the Ashley Madison hack, Robert Hackett, Fortune
'I was sent a video of my wife having sex': Ashley Madison members and their heartbroken spouses reveal the
devastating impact last year's hack had on their lives, Martha Clifford, Daily Mail
This basic security mistake led to the Houston Astros hack that shook baseball, Andrea Petersen, The
Washington Post
The LastPass security breach: What you need to know, do, and watch out for, Ian Paul, PC World
How Hacking Team got hacked, J.M. Porup, Ars Technica
This big U.S. health insurer just got hacked, Claire Groden, Fortune
Anthem Hacking Points to Security Vulnerability of Health Care Industry, Reed Abelson and Matthew
Goldstein, The New York Times
Premera health insurance hack hits 11 million people, Jose Pagliery, CNN
Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid, KimZetter, Wired
Ukraine’s Power Grid Gets Hacked Again, a Worrying Sign for Infrastructure Attacks, Jamie Condliffe, MIT
Technology Review
How a Typo Stopped Hackers from Stealing $1 Billion from Bank, Swati Khandelwal, The Hacker News
SWIFT Banking System Was Hacked at Least Three times This Summer, Reuters, Fortune
Hackers are trading millions of Gmail, Hotmail, Yahoo logins, Nathan Ingraham, Engadget
Hack Brief: Your Old Myspace Account Just Came Back to Haunt You, Brian Barrett, Wired
LinkedIn Urges Users To Change Passwords: Hacker Puts 117 Million Accounts Up For Sale, Dave Calpito, Tech
Times
Yahoo Says 1 Billion User Accounts Were Hacked, Vindu Goel and Nicole Perlroth, The New York Times
‘Guccifer 2.0’ Releases Documents From DCCC Hack, Tom Winter, Alex Seitz-Wald and Phil Helsel, NBC
News
Hillary Clinton's campaign got hacked by falling for the oldest trick in the book, Ben Gilbert, Business Insider
DNC chief Podesta led to phishing link ‘thanks to a typo,’ Lisa Vaas, Naked Security
Why Clinton’s Private Email Server Was Such a Security Fail, Andy Greenberg, Wired
BREAKING: RANSOMWARE
In the unit's last video, recorded months ago, I predicted something like this. Less than two weeks before
this course opened, it happened!
Here are some articles about the WannaCry ransomware attack and its aftermath.
U.K. Hospitals Hit in Widespread Ransomware Attack, Krebs on Security
Massive ransomware attack hits UK hospitals, Spanish banks, Sebastian Anthony (UK), Ars Technica
What you need to know about the WannaCry Ransomware, Symantec Security Response, Symantec Connect
How an Accidental ‘Kill Switch’ Slowed Friday’s Massive Ransomware Attack, Lily Hay Newman, Wired
WannaCry hackers still trying to revive attack says accidental hero, Samuel Gibbs, The Guardian
WannaCry: Smaller businesses are at great risk, Andrew Stuart, (IN)SECURE Magazine
WannaCry Hit Windows 7 Machines Most, Kelly Jackson Higgins, Dark Reading
A WannaCry Flaw Could Help Some Victims Get Files Back, Andy Greenberg, Wired
WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom, Swati Khandelwal,
The Hacker News
Indicate the color of "hat" worn by each type of hacker by typing the appropriate letter
next to the definition.
B
Hacks into systems with malicious intent correct
B or Black or Black hat
Hacks into systems, without permission, and requests payment to fix vulnerabilities
W
incorrect
G or Gray or Gray hat or Grey or Grey hat
Hacks into systems, with permission, to uncover vulnerabilities so they can be fixed
G
incorrect
W or White or White hat
Video Lectures
(mm:ss) indicates the time for video lectures
Additional Resources
ADDITIONAL RESOURCES
Authentication
'Bob' outsources tech job to China; watches cat videos at work, Jaikumar Vijayan, Computerworld
10 Reasons Why Biometrics Won’t Replace Passwords Anytime Soon, Tom, Dashlane
NIST declares the age of SMS-based 2-factor authentication over, Devin Coldewey, TC’s Crunchboard
NIST Denounces SMS 2FA - What are the Alternatives?, Kevin Townsend, Security Week
Standards body warned SMS 2FA is insecure and nobody listened, Darren Pauli, The Register
Exploits
Microsoft Security Bulletin MS08-067 – Critical: Vulnerability in Server Service Could Allow Remote Code
Execution (958644), Microsoft
Squirrels outrank hackers as threat to U.S. electrical grid, Martin Anderson, The Stack
Grid Confronts a Threat from Mother Nature, Matthew L. Wald, The New York Times
Power grid cyber security 'in chaos' | State ponders ways to guard against attacks by humans as well as Mother
Nature, Hartford Business Journal
Each year, Verizon publishes its Verizon Data Breach Investigations Report (DBIR), which lists and examines
thousands of incidents from around the world. Verizon uses that data to create the Data Breach Digest,
detailed case studies of cybercrimes that illustrate many of the common or emerging cyberthreats.
You will use the Data Breach Digest to delve into a cybercrime case study in a discussion in section 2.3.
Unit 3: Cryptography
Upon completion of this unit, you will be able to:
Video Lectures
(mm:ss) indicates the time for video lectures
Hashing (4:55)
Additional Resources
Cryptography
Additional Resources
Bookmark this page
ADDITIONAL RESOURCES
Kerckhoff's Principle
Encryption
This video explains how the RSA public key and private key are created to be fully dependent on each
other. The first part of the video explains the concepts with paint and colors. The second part contains
heavy duty math, which may not be as easily understood:
Public Key Cryptography: RSA Encryption Algorithm (video), Art of the Problem (16:30)
Watching this video may help you understand the XOR Activity in Section 3.3.
Heartbleed
These links detail the Heartbleed bug from 2014. This vulnerability shows that even though data is
protected both in transit and at rest with encryption, data that is being processed is not protected. The
encrypted data needs to be decrypted before it’s processed, and therefore is vulnerable at this stage.
Heartbleed, Wikipedia
Heartbleed, xkcd
Google is fighting with Symantec over encrypting the internet, Kate Conger, TechCrunch
Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs, Dan Goodin, Ars Technica
Google slaps Symantec for sloppy certs, slow show of SNAFUs, Simon Sharwood, The Register
Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates, Swati Khandelwal, The
Hacker News
Cyberespionage groups are stealing digital certificates to sign malware, Lucian Constantin, PCWorld
Attackers Stole Certificate From Foxconn to Hack Kaspersky With Duqu 2.0, Kim Zetter, WIRED
How Attackers Steal Private Keys from Digital Certificates, Hiroshi Shinotsuka, Symantec Connect
Malware is being signed with multiple digital certificates to evade detection, Val S, Symantec Connect
Unit 4: Networking 1
Introduction
Bookmark this page
Networking Introduction
Upon completion of this unit, you will be able to:
Pre-Reading
Networking Pre-read
Video Lectures
(mm:ss) indicates the time for video lectures
Additional Resources
Before watching the videos for this unit, you should review material contained in The
TCP/IP Guide. There will also be additional content to read following some of the
videos.
Networking
Activity & Discussion
ADDITIONAL RESOURCES
Here are some additional topics that take what we’ve learned even further, depending on how deep you
want to explore. They are optional, but highly recommended.
Local Area Networks (LANs), Wireless LANs (WLANs) and Wide Area Networks (WANs) and Variants
(CANs, MANs and PANs)
Binary Information and Representation: Bits, Bytes, Nibbles, Octets and Characters
Bit Masking (Setting, Clearing and Inverting) Using Boolean Logical Functions
TCP/IP Protocols
Additional Topics
Private Addressing
Subnetting
NAT
IPv6
OTHER SOURCES
VLAN
Cisco IOS Switching Services Configuration Guide, Routing Between VLANs Overview
Cisco ONS 15454 SONET/SDH ML-Series Multilayer Ethernet Card Software Feature and Configuration Guide,
Release 4.1.x, Chapter 6, Configuring STP and RSTP
Video Lectures
(mm:ss) indicates the time for video lectures
Ports (4:55)
Additional Resources
More on EIGRP
Additional Resources
Bookmark this page
ADDITIONAL RESOURCES
MORE ON EIGRP
Enhanced Interior Gateway Routing Protocol (EIGRP) Informational RFC Frequently Asked Questions (Cisco)
BGP Topology, Speakers, Border Routers and Neighbor Relationships (Internal and External Peers)
BGP Route Storage and Advertisement, and BGP Routing Information Bases (RIBs)