Post Mortem | Network Security
Summary
What this class is
This class is a good introduction to network security topics. It also covers a wide range of adjacent academic papers and their theoretical implementations. This class is mainly project based with quizzes and the final exam a small weight of it. Some of the concepts require solid computer network fundamentals and some exposure to security concepts. This class required mild programming in python and JavaScript. The class utilizes Gradescope for all project except project 5, so you know how you are doing as you complete them.
What this class is NOT
This class doesn’t go extremely in depth on topics in the lectures. The depth of the class can occur on topics relating to the projects. This class will not teach you the basics of networking, such as the OSI model and various protocols. That is prior knowledge that is essential to the class.
My Review (Overall Grade: 97%)
Background
Undergrad CS-major with prior experience in cybersecurity/computer networks. I have probably a little too much background for this class. Therefore, take my below time-spent statistics with a grain of salt.
Overview
Here is a link to the syllabus: https://omscs.gatech.edu/sites/default/files/documents/course_page_docs/syllabi/cs_6262_syllabus_and_schedule_2022-1.pdf
I meticulously tracked my time spent on this course and each individual project throughout the semester using a tracking app. The times stated are very accurate (+/- 5%).
Total Hours spent on this course: 63 hours and 32 minutes
Average hours per week: 3 hours and 44 minutes
Max hours spent in a week: ~9 hours (project 4, Snort/Network monitoring and project 3, web based attacks, took up the most time)
Min hours spent in a week: 0 hours
Lectures/Readings
The video lectures are quick and bite-sized chunks relating to the overall topics and sometimes the associated readings. They are easy to get through. The papers associated can be long. I recommend skimming them unless they directly relate to the project (such as the paper on PAYL for project 5). I did not study the lectures/readings very much.
Quizzes
Quizzes are open book, and weighted very low. I would just take them after looking at the lectures and they will be very easy.
Project 1 (4 hours 50 minutes, Grade: 100%)
This project was a good introduction to penetration testing. You fulfill most of the steps of a penetration test such as scanning, enumerating, to escalating privileges and even cracking password hashes. I have prior experience in penetration testing so this was fun and easy. The escalating privilege aspect of the project can be tough without prior experience.
Project 2 (9 hours 6 minutes, Grade: 98%)
Malware analysis. This project touched on some relevant techniques for malware analysis. However, the malware was very old. This project spanned using tools/techniques to analyze various samples of Linux and Windows malware. I had no prior experience in this and found it challenging but doable as long as you start early and read the writeup thoroughly.
Project 3 (14 hours 22 minutes, Grade 100%)
This project took the most time. It is very JavaScript heavy, with things such as Fetch() and Promise() comprising the most important concepts I wish I knew going into it. With zero JavaScript experience, this took me a lot of time of trial and error to get everything correct. However, I did eventually get it and got full points, so don’t get discouraged just keep plugging away. Review Mozilla Web Dev docs to get an idea of the basics concepts necessary.
Project 4 (13 hours 58 minutes, Grade 100%)
This project uses Snort rules and Wireshark to detect types of network attacks. It is an enlightening project that requires some understanding of Wireshark and network protocols to be efficient. Never used Wireshark before? This may be a tough project. Also, there are snort multithreading issues on the VMs given to the students. I spent a long time debugging an actually correct answer because a snort problem said my rule wasn’t working properly. In short, if it’s not working the way you expect, ask a TA in a private post on Piazza. They were helpful.
Project 5 (6 hours 57 minutes, Grade 100%)
This was by far the most rewarding project. It required reading a paper the professor authored on evading PAYL, which is an ML-based network intrusion detection system. In this project YOU are the attacker. In this project you write python code to implement the algorithms and designs from the paper in order to evade the PAYL by “blending” your network attack to look like normal traffic. This was rewarding as it takes in depth understanding of the paper, and recreating the results of it. There is no Gradescope for this project, but you can check your end result with a supplied makefile.
Exam
Final Exam: 76%
I did not study for this exam and took it quickly since I needed only a 5% to get an A in the class. If you watch the lectures and read the project writeups before the exam, an A is achievable.