CIT 456: Wireless Networking Security and ManagementCourse Syllabus Spring 2012 (Subject to change with notice)

For the most recent updates see Blackboard LEARN Catalog Description Wireless Network Security and Management: A look at current methods of securing and managing wireless networks. As security concerns grow due to the proliferation of wireless networks, the means of keeping them secure has become increasingly important. This course looks at current security issues of wireless networks, as well as the many facets of managing these networks. Course Instructor Name Office Anthony Smith KNOY 213 Organization and Schedule Meeting Date Lecture Lab Quizzes Final Presentations Lab Reports Due Prerequisites: CIT 346 Keywords Applicable to Career Development and Job Hunting Wireless Security Wireless Management WWAN Security 802.11i Etc. Course Audience Selective for CIT NET Majors. Required Texts and Related materials White papers to be posted on Course Web Site. Additional material you may find helpful: See Course Web Site. Grades and Grading Type Labs Quizzes/Assignments Grading Scale Grade A B C D F Scale 90 - 100% 80 89.99% 70 79.99% 60 69.99% <60% Weighting 60% 40% TBA TBA As Announced Phone 49-66004 E-Mail Address ahsmith@purdue.edu Office Hours TBA

Lecture 2, Lab 2, Credit 3 Days Time Location M,W 1:30-2:20 ME1006 (subject to change) T Section 2 9:30-11:20 Section 3 1:30-3:20 ENAD 109-111

Miscellaneous 1. Any typewritten reports with excess spelling or grammatical errors will be returned for correction. The papers will be due in the CPT office before the beginning of the next scheduled class. Any papers returned in this manner will have a 10% penalty assessed. C&IT 456 Fall 2012 Syllabus AH Smith

2. Incompletes will only be given under extenuating circumstances. 3. You will be allowed to drop ONE quiz or homework score at the end of the semester. Learning Outcomes

1. Laboratory teams will need to effectively meet deadlines, produce appropriate outcomes, and coordinate workloads. 2. Understand and configure the dominant wireless security models and techniques used in 802.11 networks. 3. Produce written laboratory reports to document the work done and business objectives addre 4. Laboratory teams will need to be coordinated. 5. Laboratory teams will need to effectively meet deadlines, produce appropriate outcomes, and coordinate workloads. 6. Students will be responsible for understanding the difference between a lawful penetration te and using software tools in an unlawful manner. 7. In the laboratory actual wireless network realizations will be used to investigate and solve va networking situations and problems. 8. Implement solutions for centralized wireless network centralized management approaches. 9. Design networks exploring tradeoffs between various security and management models and 10. Demonstrate knowledge of currently available penetration testing tools.

Instructor Objectives Im here to facilitate learning material associated with wireless network security and management. Student Objectives Learn (from myself, and other students), contribute, go the extra mile.

Course Policies
Attendance, Preparation, and Courtesy Expectations and Policy 1. Class attendance is essential in this course. You are expected to be present at all class and lab meetings. A letter grade will be deducted from your final course score for every 3 absences. 2. Materials will only be handed out in class. On occasion, materials will be posted on the CPT499n web page. If you miss class on a day when handouts are provided, it is your responsibility to make a copy from another student. 3. Dont expect individual help if you dont attend class and lab on a regular basis or turn-in required assignments. 4. If you are late to class, please enter quietly through the back of the classroom. 5. Turn off your pagers, cell phones, and PDAs when you come to class. 6. Notebook computers will be allowed initially for note taking purposes only. Any instances of using computers in class for any other purpose (including IMing, web surfing, etc.) will result in immediate termination of computers being allowed in class FOR ALL STUDENTS. Add/Drop Expectations and Policy 1. According to CPT educational policy, this course may not be added to any students academic schedule after the first week of the semester. Very few exceptions are ever made, and must be approved by the Assistant Department Head or Department Head of Computer Technology. 2. According to CPT educational policy, no independent study course can be substituted for this course. Disabling Conditions 1. Any student who, because of a disabling condition, may require special arrangements in order to meet course requirements should contact the instructor no later than the third week of class in order to make necessary accommodations. Students who do not contact the instructor by the third week of class, or as soon as they know they have a disabling condition, forfeit their rights to special accommodations. Students must work with the Dean of Students Office in order to receive special accommodations for this class. Quiz and Exam Policy 1. Quizzes and Exams will begin at the beginning of class. If you are late to class you will NOT be given the opportunity to extend the exam time past the class end time. C&IT 456 Fall 2012 Syllabus AH Smith

2. Make-up exams will only be given in the case of serious illness as verified by the professor and/or the Dean of Students office with written documentation from a doctor. Make-up exams will almost certainly not be the same exam given during the regularly scheduled time. 3. Exams will not necessarily be returned. 4. Do not make plans for travel during finals week before the final exam schedule is released. Do not let anyone else (including parents, spouses, and significant others) make plans for you, either. The only reason a final exam will be rescheduled is if there is a conflict with another final, or you are scheduled for three final exams on the same day. Documentation of such conditions will be required. 5. Make-up quizzes will not be given UNDER ANY CIRCUMSTANCE. Homework Policy and Quality Expectations 1. All assignments, homeworks, or any take-home quizzes are to be handed in at the beginning of the class period, in the classroom, on the specified due date. If you arrive late, your assignment will be considered late. All work must be type-written. Hand-written assignments will not be accepted. 2. No homework will be accepted late, period. If you have to miss class, have someone else bring in you assignment, or email it to me. 3. Answers to homework questions must be in your own words. Direct copying of material form the text or other source material, in whole or in part, is unacceptable and will be given no credit. You can work together on assignments, but each answer must be in each students own words as well. If identical, or suspiciously similar, papers are found, a meeting between the students in question and the instructor will be held to resolve the issue. Instances of copying will be considered as academic dishonesty and turned over to the Dean of Students office. 4. Unsatisfactory or incomplete assignments will be returned for resubmission with no credit given. If they are returned with the proper corrections by the beginning of the next class, 50% credit will be given. Team Project Policy 1. We will be working in small groups as well as the whole class working on things as a large group. 2. The instructor will not assign project teams. You are responsible for forming your own project team. 3. One project report will be required per group. 4. Project grades will be assigned on a group basis. The procedures can be found on the class web page. Extra Credit Policy 1. There may be some extra credit assignments. Dont count on it to save you from a failing grade, however. Re-Grading Policy 1. A student wishing to request a re-grade for any assignment, quiz, or exam should return their paper with a written statement explaining the re-grade request. Any re-grade request must be requested no later than one week after the material was returned to the student. Re-grades for group projects must be requested by the entire group. 2. Any work returned for a re-grade will be re-graded in whole. 3. Any quiz or exam in which the student believes the scantron form was incorrectly scanned or the data was mis-entered by the student can be re-graded manually. This entails an automatic 10% reduction in the score which will be applied to the new score arrived at manually. Errors in marking the scantron are the students responsibility. 4. Discussion of corrected assignments, quizzes, and exams, as opposed to requests for re-grades, may be done during any office hour or by appointment. 5. According to University regulations, only final course grades can be appealed. There is a formal School of Technology and University timetable and process for grade appeals. It must be followed exactly. Questions about grade appeals should be directed to the Assistant Department Head of Computer Technology or the Chair of the School of Technology Grade Appeals Committee. 6. Keeping an accurate accounting of your grades is primarily YOUR RESPONSIBILITY. I will make every attempt to post current grades and averages in a timely manner. Any grade posted will STAND unless reported to the instructor AND TA within one week of the posting. After that time, ALL GRADES ARE FINAL. 7. Please keep in mind I dont give grades; I simply report your accomplishments. Lab Policies and Expectations (additional material to be handed out in first lab meeting) 1. If you use CPT laboratories, you are responsible for any and all laboratory policies including the security policies that govern your account. Policies do change from time to time; therefore, you should review the CPTnet and Laboratory Policies at the beginning of each semester. Accounts can be temporarily or permanently suspended for policy violations. C&IT 456 Fall 2012 Syllabus AH Smith

2. In the event that your account is suspended for any laboratory or network policy violation, this course will not extend deadlines or eliminate late penalties for assignments that could not be completed because of the suspension. 3. You MUST pass both the lab and lecture portion of this class to receive a passing grade for the course. Academic Dishonesty (Cheating) Policy 1. Any form of cheating will result in a penalty up to an automatic F grade for the course, as well as any disciplinary action that the Dean of Students may pursue. All instances of cheating will be forwarded to the Office of the Dean of Students for appropriate disciplinary action. 2. Passive forms of Academic Dishonesty: 1. Helping another student to cheat and cheating are considered equal cases of academic dishonesty and will be treated as outlined above. 2. Giving another student an electronic copy of your homework, or access to you computer account constitutes cheating on your behalf if that other student copies or uses any files that become implicated in a cheating case. 3. Cutting and pasting from Web Sites without proper referencing. 3. Dont cheat. Its not worth it. You wont like what happens. Dont let one bad decision ruin your academic career (and I will make sure it does). Purdues Policy on Academic Integrity: Purdue prohibits dishonesty in connection with any University activity. Cheating, plagiarism, or knowingly furnishing false information to the University are examples of dishonesty. [University Regulations, Part 5, Section III, B, 2, a] Furthermore, the University Senate has stipulated that the commitment of acts of cheating, lying, and deceit in any of their diverse forms (such as the use of substitutes for taking examinations, the use of illegal cribs, plagiarism, and copying during examinations) is dishonest and must not be tolerated. Moreover, knowingly to aid and abet, directly or indirectly, other parties in committing dishonest acts is in itself dishonest. [University Senate Document 72-18, December 15, 1972]. Additional information concerning Academic Integrity may be found in the online brochure, Academic Integrity: A Guide for Students from the Dean of Students office. NO EXCUSES POLICY When it comes to being responsible for your own actions, there are no excuses. Be an adult. The course web site and listserv are instructional aides only, and not a method for announcing important information which may only be announced in class.

Course Topics (subject to change without notice, watch the web and announcements in class)
1. Introduction & Review 1.1. Wireless Communications vs. Networking 1.2. 802.11 Framing 1.3. Mobility & Roaming Security Models 2.1. CIA Model 2.2. Security Context 2.3. Security Architecture Wireless Network Vulnerabilities and IDS/IPS 3.1. WarDriving, WarRiding, WarWalking, & WarChalking 3.2. Scanning 3.3. Denial of Service 3.4. Man-in-the-Middle 3.5. Evil Twin Access Points Previous 802.11 Security 4.1. MAC Address Filtering 4.2. 64, 128, and 256-bit WEP 4.3. SSID-Based Attempts 4.4. VPN-Based Solutions 4.5. IPsec Fall 2012 Syllabus AH Smith

2.

3.

4.

C&IT 456

4.6. Issues & Weaknesses 5. WPA Components 5.1. 802.1x & 802.1aa 5.2. Extensible Authentication Protocol 5.3. TKIP 5.4. WPA-PSK 802.11i (WPA2) 6.1. Transitional Secure Network 6.2. Robust Secure Network 6.3. EAP 6.3.1. LEAP 6.3.2. PEAP 6.3.3. EAP-FAST 6.3.4. TLS & TTLS 6.4. AES 6.5. CCMP 6.6. Authentication Servers 6.6.1. RADIUS 6.6.2. Kerberos 6.7. Certificate Servers Network Management 7.1. Centralized Management Approach 7.1.1. Software Solution Systems (CiscoWorks) 7.1.2. Wireless Management Switch Systems (Cisco & HP) 7.1.3. Other Management Approaches 7.2. Performance Monitoring 7.2.1. 802.11i vs. VPN 7.2.2. Wireless DMZ 7.3. Wireless Network Planning & Design 7.3.1. Spectrum/Frequency Reuse Plans 7.3.2. Basics Distribution System 7.3.3. Advanced Integration into Enterprise Network 7.4. Improving Network Coverage and Capacity 7.4.1. Cell Splitting 7.4.2. Cell Sectoring 7.4.3. Repeaters 7.5. Wireless Wide Area Networks 7.5.1. Leased Line Replacement Technologies 7.5.1.1. Motorola Canopy 7.5.1.2. Cisco 350 Wireless Bridge 7.5.1.3. Proxim Tsunami 7.5.2. LAN Bridging 7.5.3. Bandwidth and Resource Allocation Management Legal Issues 8.1. The Electronic Communications Privacy Act (18 U.S.C. 2701-11) 8.2. Pen/Trap Statute (18 U.S.C. 3121-27) 8.3. Cable Subscriber Privacy Act (47 U.S.C. 551)? 8.4. The Wiretap Statute, Title III (18 U.S.C. 2510-22) 8.5. HIPAA 8.6. FERPA 8.7. Sarbanes-Oxley 8.8. Gramm-Leach Bliley 8.9. State Laws 8.10. Ethics

6.

7.

8.

C&IT 456

Fall 2012 Syllabus

AH Smith

Student Agreement 1. I understand that I may be introduced to, and will be using in class, tools that test network security issues. Often these are considered hacker tools. I agree that I will not use the tools in any environment other than CIT laboratory environments specifically set up to test these tools, or my own private network. 2. I understand that using the above mentioned tools, or any software or hardware tools with the intent of accessing other individuals or businesss networks IS ILLEGAL under numerous local, state and federal laws. 3. I have read and understand this syllabus, and realize that this is a non-traditional problem-based learning class and I understand that my grade is based heavily on my involvement and effort that I put into the activities. 4. I have read and understand the rules and regulations of this class as stated in the syllabus. I also understand Purdues policy on academic dishonesty and understand that any form of cheating as outlined in this syllabus or in Purdue Official Policy (http://www.purdue.edu/usp/acad_policies/student_code.shtml) and "Academic Integrity: A Guide for Students" (http://www.purdue.edu/ODOS/osrr/integrity.htm), will be grounds for immediate action. Name__________________________________________________________________ Date_____________ Signed___________________________________________________________________________________

C&IT 456

Fall 2012 Syllabus

AH Smith