University of Southern California


CS530L - Security Systems
lab component
David Morgan

see "Syllabus" link for email address

German "Enigma" cryptographic device




Lab policies

Student lab times

CS530 main class

DETER net testbed
  get/use an account

a vi cheat sheet





Application security

Packet sniffing

Firewalls (DETER)

Intrusion detection

Arp spoofing (DETER)

Tunnels and vpns (DETER)

Computer forensics (DETER)





FALL 2013
lecture 4:30p - 5:20p Fri OHE122

Until recent years, information systems security was the limited focus of the military and the financial communities. With the recent explosive growth and merging of telecommunications and computing, security has become an integral element of any reliable and robust information systems environment. This class will cover information systems security at the graduate level. Students should have a basic understanding of networking and operating systems prior to attending the class.

Thank you for your efforts and interest in this subject and class. I enjoyed the opportunity to teach it. (11/15)

Tip - for copying the image file of the forensics lab's corrupted disk:


Suggest you use Ubuntu version of "tunnels" experiment - the original version of the experiment used Fedora on the nodes. Last year I added a second version that uses Ubuntu, because there are more physical nodes at DETER that can support it. On the main instruction page for "tunnels" you can choose either of two. That means when DETER is under heavy use you'll have a better chance of swapping in your experiment if you use the Ubuntu version. The Fedora version remains in place, but the recommendation is that you use the Ubuntu one. (11/8)

arpspoof lab problem - the instructions ask you to use "yum" to install packages on node1. Students report error messages suggesting to me that the DETER-internal yum server for node1's operating system (Fedora 8) may no longer be in place. They also report that for Fedora 6 a yum server is available. If you change the node1's OS to Fedora 6 it will be able to acquire the needed software packages (ettercap, wireshark). I tested this solution by performing the entire experiment and it worked. The change I have in mind is a matter of editing this piece of the arpspoof.ns file:

set node1 [$ns node]
tb-set-node-os $node1 FC8-STD

so that it contains FC6-STD instead of FC8-STD. That could be done on the local file, after downloading it from this website but before uploading it to DETER, or after uploading it, from the "NS File" tab and "Modify Experiment" menu option. (11/8)

Substitute router - the "commercial router" portion of the Firewalls lab offers you a public connection to such a router. I had a Netgear WGR614 configured, same model shown and described in the lab instructions, but it has died. In its place I've substituted a Linksys WRT54G, another (very) popular device. You can connect with it yourself as explained in the lab instructions to take a look around. All these little routers are similar, and their similarities both with each other and with the linux iptables command should be visible upon examination. (10/24)

Miderm lab calendar adjustments reminder -
 - no lecture next Friday Oct 18, midterm day
 - nothing due next week either; not for last week’s network sniffing lecture nor today’s firewalls lecture
 - due date for both is Friday 10/25, for everybody

Please "test" DETER today through Thursday - as explained in lab lecture yesterday. Please see the link at left entitled "get/use an account" under the heading "DETER net testbed." The test network in the experiment is documented to contain 3 nodes, however in the defining firstnet.ns "network specification" file I've reduced that to only 2 to minimize our consumption of nodes at DETER. (The instructions should work fine except where they ask you to ping node2, the one I eliminated.) (10/5)

Yesterday's slides about packet sniffing have been uploaded to their normal location on the this website where they are now accessible. (10/5)

DETER accounts created today - please expect to receive a welcome email with further information and instructions. (9/30)

Email filter rule keywords used for managing the 10 reports you submit are:


for the respective labs we do over 10 weeks. Please be sure to embed these keywords in the titles of the email messages in which you will submit your work. (9/20)

Friday 1:30pm batch - please leave the lab at 2:50pm to allow your 3:00pm classmates to start their lab. Do not remain in the lab at their expense. (9/19)

Extra lab time for Friday 3:00pm batch - I understand members of the 3:00pm group could not start at 3:00pm because the 1:30 group had not left the room. Consequently a number of 3:00pm students reported inability to finish the activity. For Friday 3:00pm's 21 members only, cryptography lab due date is postponed one week to Saturday 9/28 instead of Friday 9/20. The purpose is to let members who want more lab time to visit the lab, next week, in any of the other 3 sessions. You can sit in the back of the room and work on "cryptography" while the others are doing "authorization." This doesn't affect any other lab, or any other group. The room has 12 extra seats Monday, 14 Wednesday, and 6 Friday at 1:30. In aggregate that's enough to accommodate all 3:00pm members but not all at once. I will ask the graders to admit 3:00pm members on a first-come first-served basis. (9/17) 

Revised instructions for the authentication lab were posted late Sunday. If you previewed or printed the online instructions earlier please be aware they have changed somewhat. (9/16)

Personnel change - new grader Serhat Yilmaz will replace Ankit Nagda. (9/15)

New lab assignments posted - at link entitled "Student lab times" at left. Contains adjustments resulting from your email requests. (9/11)

New lab assignments posted - at link entitled "Student lab times" at left. If you were assigned a lab time previously it should not have changed. Please review your lab time and in particular check whether you are in tomorrow morning's session. See you at 10:30am at OHE406 if so. (9/8)

My RSA lecture available online - I ran out of time in today's lecture, without having talked adequately about the latter slides in my presentation. Those slides covered the steps and math of the RSA algorithm. They are closely related to the lab activity you'll do in a week. I have those slides online, with my narration. You may listen to them if you like (it would help) before coming to the lab next week. (9/6)

Timeslot assignments - the lab is set for

Mondays 10:30am-11:50am
Wednesdays 1:00pm-2:20am
Fridays 1:30pm-2:50pm
Fridays 3:00pm-4:20pm

The lab performed in a given week will be the one that was the lecture subject on the previous Friday. 
The due date for submitting its result will be by your particular lab time the following week. . Take as an example the cryptography topic and a student in the Wednesday lab. The lecture for it is today; you'll do the lab exercise next Wednesday September 11; your electronic submittal of the result is due the following Wednesday September 18 at lab time, 1:00pm. DEN students have a Friday 4:30 deadline; remote assignments on DETER are due Fridays at 4:30 2 weeks after lecture date.

If your name does not appear among the listed student lab times it is because you did not supply preferences or supplied them malformed. The web form is back up now. I will hold another round of time assignments for you. (You will have second priority, that is, I will not disturb or move any of the students already assigned to meet your preferences.) Please visit the web form today and express preferences (not by email any longer please). I will randomly give times to students who do not. (9/6)

Your graders - Radhika Srikanth and Ankit Nagda will be assisting you in the lab and grading your submittals. Radhika took CS530 last year.

Plan B for timeslot preference submittal - I need to gather the time preferences from those of you who didn't yet submit them through the web form before it went down this morning (modem equipment died; repair, replacement, or site relocation isn't possible quickly enough). Those students are listed below. I request that you send me your preferences in an email message. Please use a common format that will make my life a little easier, namely in a comma-separated list at the beginning of a single line in the chronological, monday-to-friday order of the offered timeslots, plus including your name at the end. So the preferences shown in the screenshot graphic below would become:


I'd like to centrally capture these incoming messages using a message filter. Please title your message "preferences" for that purpose. I appreciate your help and apologize for the equipment and web site problem. The students affected are the following:


(If your name isn't here, I have your data.) I will work on this from Thursday. So please get your preferences to me by the end of the day Wednesday. Thank you. (9/2 late)

Service interruption - Internet service to is down. You cannot currently connect to my web form. Please stand by. (9/2 9am)

Addenda to this afternoon's meeting
 - web form is fixed, please go ahead and use it
 - new students' names, given to me after class, have been added to the web form backend database (8/30)

First homework tasks -
 1) express your lab timeslot preferences (unless you are a DEN student) deadline: end of day Tuesday 9/3/13
If you are a DEN student, install VMWare Player (or other version of VMware) if you do not have it already. See "DEN students" comments below.
 2) as a tourist, visit the informational links listed at left under the heading "DETER net testbed". Gain initial familiarity with DETER at tourist level. We will arrange DETER accounts for you shortly.
 3) visit link at left entitled "Cryptography" under the heading "Labs." Our upcoming initial lab topic will be on the subject of cryptography. My lecture on the subject will be September 6, with corresponding lab exercise (the first one) performed the following week. (8/30)

Individual lab timeslot assignments

You will be assigned to a particular lab session. You will express preference among the timeslots using this web form:

On the form (which does not validate entries) please take care to enter a unique explicit digit from among 0, 1, 2, and 5 for each of the five lab timeslot possibilities.
 - enter 0 for any slot with which you have a bona fide conflict (other commitment that cannot be changed)
 - enter 1 for your most preferred non-conflicting timeslot
 - enter 2 for your second-most preferred non-conflicting timeslot
 - enter 5s for your less preferred non-conflicting timeslots

The software that will process your entry will filter it out if it deviates from that. So fill in the form correctly to avoid adversely affecting our meeting your preference. I will do my best to follow student preference within my ability to control. (8/30)

The web form is here  [ see "Service interruption" posting above ]. To use it, you need to supply an ID. Your ID is your last name, all lower case. On-campus  students who were registered as of yesterday are in the web form's database. I will make a supplemental update with names of later registrants sometime next week as a fresh class roster is made available to me. (8/30)

Slides from today's lecture in color or greyscale.(8/30)

Strong recommendation - each week, preview or scan the lab instructions in advance before your lab session. It will enable you to do the exercises more efficiently, with greater understanding, and ensure you can finish before the lab ends. (8/30)

Support questions - try the "Labs" category of the discussion board found on DEN/Blackboard for CS530. If it's a question of general interest (maybe somebody else has the same question in mind) put it there. Alternatively, or for more specifically personal questions, email address, shared by me and the lab grader. (8/30)

Lab location - room OHE406. The hardware-identical computers in this room have removable hard drives. You will be assigned a drive. You will insert it in one of the computers when you arrive at the lab each week. You will put it in a locker afterward, where it will be stored for you until the following week's session. (8/30)

DEN students - most if not all of the lab exercises are performed in VMware virtual machines. We will make available images of the same vm's that are installed in the lab, for you to install on your machine. You will then be able to run that vm using VMware player, which is distributed free from The lab handouts (instructions) will be posted online, here on this website, weekly. I intend to distribute the vm images to you via download, details to be posted on this website. (These are not for the consumption of on-campus students.) (8/30)

The University of Southern California does not screen or control the content on this website and thus does not guarantee the accuracy, integrity, or quality of such content. All content on this website is provided by and is the sole responsibility of the person from which such content originated, and such content does not necessarily reflect the opinions of the University administration or the Board of Trustees