Course Guide

Updated Summer 2025

Cybersecurity Essentials

(CPSC 50600)

The course introduces and discusses elements of information, computer and network security, and its security operations. Topics include information assurance, symmetric/asymmetric encryption, security software (vulnerability) assessment, modern operating system security, access control, and authentication. Furthermore, the course introduces various malware behaviors, intrusion detection/prevention, security intelligence, and network security protocols. Students will use and develop software, virtual systems, programming, and tools to complete a graduate-level project or work on a research paper that reflects the skills they learned in the course.

WHAT YOU’LL LEARN:

– Security fundamental & Security requirements
– Introduction to cryptography
– User authentication
– Overview Intrusion Detection Systems
– Understanding Security Operations, Firewall, and SIEM

About Dr. Cho

With over 15 years of experience in information security, machine learning, and AI, I have held prominent roles, including a senior researcher at Samsung Electronics, where I developed security features for mobile devices and designed IoT and IIoT infrastructure. I also worked as an executive researcher and architect for IBM Security and IBM X-Force RED, leading projects across Korea, the Asia Pacific, and the Middle East.

Currently, I serve as an assistant professor at De La Salle Catholic Higher Education Institute – Lewis University, where I oversee multiple externally funded research projects. A native of Korea, my academic and professional journey has taken me from Seoul to Michigan, Chicago, Dubai, Saudi Arabia, Morocco, Jordan, Belgium, and now Illinois. In my free time, I enjoy reading, learning, and engaging in discussions over a beer.

MPI Clustering on Debian

 This guide outlines the steps to set up an MPI (Message Passing Interface) clustering environment on Debian and Red Hat-based systems. MPI is essential for parallel computing, allowing multiple nodes to work together on computational tasks.

1. Required Packages

For Debian

Install the following packages:

sudo apt install hwloc libhwloc-dev libevent-dev libpmix-dev libpmix-bin nfs-common ssh-client

For Red Hat

Install the corresponding packages:

sudo dnf install hwloc hwloc-devel hwloc-libs libevent-devel pmix-devel pmix-tools pmix nfs-utils openssh-clients

2. Install Open MPI

For Debian

Install Open MPI with the following command:

sudo apt install openmpi-bin openmpi-common

For Red Hat

Install the Open MPI packages:

sudo dnf install openmpi python3-openmpi openmpi-devel

2.1 If Using Fedora or RHEL

Reboot your system and load the Open MPI module:

sudo reboot
source /etc/profile.d/modules.sh 
module load mpi/openmpi-x86_64
mpicc  # This is for testing if MPI is set up correctly

3. Update /etc/hosts

Edit the /etc/hosts file to add the IP addresses or hostnames of all compute nodes and the master node:

sudo nano /etc/hosts

Add entries like the following:

192.168.0.2 master_node
192.168.0.3 worker1
192.168.0.4 worker2

4. Add User & SSH Key

1. Create a New User
   Create a user for running MPI jobs:

   sudo adduser mpiuser
   sudo usermod -aG sudo mpiuser
   

2. Switch to the New User
   Switch to the newly created user:

   su - mpiuser
   

3. Generate SSH Keys
   Generate SSH keys for passwordless login:

   ssh-keygen -t rsa
   

4. Add SSH Key to Authorized Keys
   Navigate to the .ssh directory and add the public key to authorized_keys:

   cd .ssh/
   cat id_rsa.pub >> authorized_keys
   

5. Copy SSH ID to Worker Nodes
   Use ssh-copy-id to copy the SSH key to the worker node:

   ssh-copy-id worker1
   

5. Create Hosts File for mpirun

Create a file to specify the hosts for mpirun. Each line should contain an IP address or hostname:

nano ~/hosts

Add entries like the following:

192.168.0.2
192.168.0.3

or

master_node
worker1
worker2

6. Set Environment Variables

Finally, set the LD_LIBRARY_PATH to include your SSH binaries:

export LD_LIBRARY_PATH=LD_LIBRARY_PATH64=/usr/bin/ssh

Setting Up OpenVPN3 Client

 In this guide, we will walk through the steps to install and configure the OpenVPN3 client on both Debian and RHEL systems.

1. Add Repositories and Install the Package

For Debian

1. Create Keyring Directory and Add Repository Key
   Execute the following commands to create a directory for the keyring and add the OpenVPN repository key:

   sudo mkdir -p /etc/apt/keyrings && curl -fsSL https://packages.openvpn.net/packages-repo.gpg | sudo tee /etc/apt/keyrings/openvpn.asc
   

2. Change $DISTRO
   Replace $DISTRO with your Debian distribution name (e.g., bookworm, bullseye, etc.), then run this command to add the OpenVPN repository:

   echo "deb [signed-by=/etc/apt/keyrings/openvpn.asc] https://packages.openvpn.net/openvpn3/debian $DISTRO main" | sudo tee /etc/apt/sources.list.d/openvpn-packages.list
   

3. Update Package List and Install OpenVPN3
   Finally, update your package list and install OpenVPN3:

   sudo apt update
   sudo apt install openvpn3
   

For RHEL

1. Install EPEL Repositories
   Ensure that you have the EPEL repositories added. Then, install the OpenVPN3 repository:

   dnf install https://packages.openvpn.net/openvpn-openvpn3-epel-repo-1-1.noarch.rpm
   

2. Install OpenVPN3 Client
   Next, install the OpenVPN3 client:

   dnf install openvpn3-client
   

2. Configure OpenVPN

After copying all required files (key, certificate, ta.key, ca.crt, and config.ovpn), follow these steps:

1. Convert the Key
   Ensure the key is converted to a new RSA key without password protection first (specific steps depend on your key generation method).

2. Import the Configuration
   Import your OpenVPN configuration:

   openvpn3 config-import --config /file/to/profile.ovpn --name $NAME --persistent
   

3. Set Access Control List (ACL)
   Set the ACL to lock down the configuration:

   openvpn3 config-acl --show --lock-down true --grant root --config $NAME
   

4. Enable and Start the OpenVPN Session
   Enable and start the OpenVPN session service:

   systemctl enable openvpn3-session@$NAME.service
   systemctl start openvpn3-session@$NAME.service
   

3. Check the Status

1. Check Service Status
   To verify that the OpenVPN session is running, use:

   systemctl status openvpn3-session@$NAME.service
   

2. Check VPN IP Address
   Find the VPN IP address by checking the network interfaces:

   ip addr
   

   Look for the tun0 device.

3. Ping the VPN Server
   Finally, test connectivity by pinging the VPN server (replace 10.8.0.1 with your server's IP address):

   ping 10.8.0.1
   

Installing ClamAV

ClamAV is an open-source antivirus software toolkit designed for detecting and removing malware, including viruses, trojans, and other malicious threats. It is widely used on mail servers for scanning attachments and is particularly known for its effectiveness in identifying threats on various platforms. 

In this post, we will go through the steps to install and configure ClamAV on Debian 12, ensuring your system is equipped to detect and manage malware effectively.

Installation Steps

1. Install ClamAV and ClamAV Daemon
   Use the following command to install ClamAV and its daemon:

   sudo apt install clamav clamav-daemon
   

   This command installs the ClamAV antivirus toolkit along with the daemon that allows for background scanning.

2. Comment Out NotifyClamd
   To prevent notification messages from being sent to users, you'll need to comment out the NotifyClamd line in the configuration file. This can typically be done by editing the clamav.conf file:

   sudo nano /etc/clamav/clamav.conf
   

   Locate the line that reads NotifyClamd and place a # at the beginning to comment it out. Save and exit the editor.

3. Stop ClamAV Freshclam
   Before updating the virus definitions, stop the Freshclam service:

   systemctl stop clamav-freshclam
   

   This ensures that no updates are attempted while you are performing the next steps.

4. Update Virus Definitions
   Update the virus definitions to ensure you have the latest protection:

   freshclam
   

   This command fetches the latest virus definitions from the ClamAV servers.

5. Start ClamAV Freshclam
   Once the update is complete, restart the Freshclam service:

   systemctl start clamav-freshclam
   

   This will allow Freshclam to run in the background and keep your virus definitions up to date.

Scanning for Infected Files

6. Scan for Infected Files
   To perform a scan of your system and move any infected files to a quarantine directory, use the following command:

   clamscan --infected --recursive --move=/home/quar / | grep FOUND >> /var/log/clamav.log
   

   • --infected: This option tells ClamAV to only report infected files.
   • --recursive: This ensures that all subdirectories are scanned.
   • --move=/home/quar: This specifies the directory where infected files will be moved.
   • | grep FOUND >> /var/log/clamav.log: This pipes the output to grep, which filters and logs the found infections into /var/log/clamav.log.

Package Autoupdates

Here’s how to configure automatic security updates on your Debian 12 system. It's like giving your server a little robot butler to keep it safe!

1. Install Unattended Upgrades:

   • First, install the unattended-upgrades package using apt. This also installs apt-listchanges, which helpfully shows you what's changed in each package update.

   sudo apt update
   sudo apt install unattended-upgrades apt-listchanges
   

2. Configure Unattended Upgrades:

   • Now, tweak the configuration file at /etc/apt/apt.conf.d/50unattended-upgrades.

   sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
   

   • Make sure it includes the following lines to enable automatic updates from the security repository and set up a nightly reboot (if needed):

   Unattended-Upgrade::Allowed-Origins {
   “${distro_id}:${distro_codename}-security”;
   };
   Unattended-Upgrade::Automatic-Reboot "true";
   Unattended-Upgrade::Automatic-Reboot-Time "02:00";
   

   • This setup ensures your system automatically installs security updates and reboots at 2 AM if required.

3. Enable Automatic Updates:

   • Edit the 20auto-upgrades file to enable the automatic updates feature.

   sudo nano /etc/apt/apt.conf.d/20auto-upgrades
   

   • Add these lines to make sure the package list is updated and the unattended upgrade runs daily:

   APT::Periodic::Update-Package-Lists "1";
   APT::Periodic::Unattended-Upgrade "1";
   

4. Test Unattended Upgrades:

   • Test your setup to ensure everything is working correctly. Use the following command to simulate an unattended upgrade:

   sudo unattended-upgrades --dry-run --debug
   

   • This command shows you what would happen during a real unattended upgrade, without actually installing anything.

Following these steps sets up your Debian 12 system to automatically install security updates. This is crucial for keeping your system secure and saves you time and effort. If you want even more streamlined operations, consider hiring remote DevOps engineers to professionally manage and secure your infrastructure.

Course Policy

 Please carefully review the class policy provided below. These policies and rules apply to all classes and are designed to ensure a productive learning environment. Please note that your course syllabus may include specific policies and rules that override the general policies outlined below. If you have any questions or concerns, please do not hesitate to contact either the teaching assistant or myself for further clarification.

1. Class Attendance
Attendance is mandatory for all classes at Lewis University. However, each class or course may have different attendance policies. Table 1 outlines the attendance policy for all of my classes.
- Online Course or Program
Students enrolled in an online course may have the opportunity to attend an in-person class for the same subject based on their concentration, subject to prior arrangement. if a student wants to attend an in-person class in advance, I will consider and evaluate the request on a case-by-case basis.
 - In-person Course or Program
Students enrolled in an in-person course may not have the opportunity to attend an online class for the same subject. However, if a student requires reasonable accommodation and requests permission to attend an online class in advance, I will consider and evaluate the request on a case-by-case basis.

1.1 Reasonable accommodation
The only approved reasonable accommodation in advance will be to excuse the student from attending. In such cases, the attendance record for the class will be marked as “excused” and will not be factored into the overall attendance grading. All reasonable accommodations required proper documents.

1.2 Overall attendance rate
Be aware that continuous absence from class may result in a report being filed with the student services and the department. Additionally, if a student’s attendance falls below 50% or misses the mid-term or final exam, they will receive a failing grade for the course.

2. Assignments & Writing style
All classes require college-level writing skills and styles for all assignments. Although some media types (such as online discussions or discussion boards) may not lend themselves to formal writing styles, it is essential to apply proper writing conventions (including references, in-text citations, and figure/table numbers and captions) as much as possible, unless specific exceptions are noted in advance.

2.1 Writing style
All written assignments, including lab reports, survey reports, design and build projects, and others, must adhere to the guidelines in the APA v7 style. Failure to follow these guidelines may result in minor point deductions. However, repeated or significant deviations from the guidelines may result in a more substantial points deduction. The quality and style should be similar to the sample – Purdue University student’s sample report (Link). You can find the APA v7 from the link (Link)

2.2 “Discussion” board
As part of their responsibilities, students are expected to compose their own posts using their ideas and provide constructive feedback to their peers. I recommend that students provide at least two positive and two negative comments for each post and include explicit references to support their comments.

2.3 Late submission
Late submissions will not be accepted or graded, except in cases where a student has received prior approval for reasonable accommodation from the instructor or academic advisor. In such cases, the duration of the allowed extension will be determined during the reasonable accommodation review process.

2.4 Reference
When writing reports or posts for the discussion board, it is important to only cite the core research or content related to the topic of the assignment. Including unrelated references is not permitted (just search a general abstraction of the topic and copy & paste it with the citation could subject to ethical issue). Please ensure that all references are relevant and support the arguments being made in your work. Multiple unrelated references in your work may be considered academic dishonesty and could be subject to review. It is essential to ensure that all references are relevant and contribute to the overall quality of your work.

2.5 Writing center
Students may be eligible for extra credit on their written assignments and final reports if they have utilized the writing center and incorporated their recommendations into their work. Please note that only recommendations that have been implemented and are evident in the final submission will be considered for extra credit (Visiting receipt will be shared by Writing Center)

3. Academic Dishonesty
3.1 Plagiarism/Self-plagiarism
Any instance of plagiarism or self-plagiarism will result in a failing grade for the assignment or failure of the course, and repeated offenses may result in further disciplinary action as outlined by the University policies. Students are expected to adhere to the highest academic integrity standards and take responsibility for their own work.

3.2 Unauthorized collaboration
Students are expected to complete all assignments and exams independently, unless otherwise specified by the instructor. Any collaboration that is allowed must be clearly outlined in the assignment instructions or with prior approval from the instructor. If there is any uncertainty about whether or not collaboration is allowed, students are encouraged to consult with the instructor for clarification. Any instance of unauthorized collaboration will result in a failing grade for the assignment or exam, and repeated offenses may result in further disciplinary action

3.3 Impersonating Another Person
Students are expected to use their own identity when participating in any class-related activities, including online discussions, written assignments, and exams. Any instance of impersonation will result in immediate disciplinary action, including but not limited to a failing grade for the assignment or exam and possible suspension or expulsion from the academic institution. It is essential that students maintain their own identity and take responsibility for their own work, as this is a fundamental aspect of academic integrity and honesty. If students have any concerns about their identity or privacy, they are encouraged to speak with the instructor or academic advisor for guidance on how to proceed.

3.4 AI-generated content
Students are expected to complete all assignments and exams using their original work, possibly used as a reference AI-generated content. This class is allowed to use any type of AI or AI-generated content but for reference purposes only (detail citation required). Any copy of AI-generated content, including but not limited to papers, essays, reports, and presentations, is not permitted. Copy of AI-generated content will result in a failing grade for the assignment or exam, and repeated offenses may result in further disciplinary action as outlined by the academic institution’s policies.

SNORT3 Installation Guide for RHEL9

Here's a comprehensive breakdown of the SNORT3 installation process on Red Hat Enterprise Linux 9, with explanations for each step:

1. System Update

dnf update

Purpose: Updates all installed packages to their latest versions, ensuring system security and compatibility before installing new software.

2. Install Development Tools

dnf group install "Development Tools"

Purpose: Installs essential compilation tools including GCC, make, and other utilities needed to build software from source code. Think of it as your digital toolbox for construction projects.

3. Install Core Dependencies

dnf install gcc gcc-c++ libnetfilter_queue-devel git flex bison zlib zlib-devel pcre pcre-devel libdnet tcpdump libnghttp2 wget xz-devel automake pkgconf-pkg-config

Purpose: Installs critical libraries and tools:

• gcc/gcc-c++: C/C++ compilers
• libnetfilter_queue-devel: Network packet filtering capabilities
• git: Version control (for downloading source code)
• flex/bison: Parser generators for processing configuration files
• zlib: Compression library
• pcre: Regular expression library (essential for pattern matching)
• libdnet: Low-level networking library
• tcpdump: Network packet analyzer

4. Install Additional Development Libraries

dnf install zlib-devel libpcap-devel pcre-devel libdnet-devel openssl-devel libnghttp2-devel luajit-devel

Purpose: Installs development headers for:

• libpcap: Packet capture functionality (the heart of network monitoring)
• openssl: Cryptographic functions
• luajit: Lua scripting engine for custom rules
• libnghttp2: HTTP/2 protocol support

5. Verify Additional Dependencies

*install hwloc cmake libtool and pkg-config if them have not installed.

Note: Check if these tools are installed. They're often included with Development Tools but may need manual installation.

6. Download LibDAQ (Data Acquisition Library)

wget https://api.github.com/repos/snort3/libdaq/tarball/v3.0.16

Purpose: Downloads the Data Acquisition library - SNORT's interface layer for capturing network packets from various sources.

7. Extract and Navigate

tar zxvf v3.0.16
cd v3.0.16

Purpose: Unpacks the downloaded archive and enters the source directory.

8. Build LibDAQ

./bootstrap
./configure --prefix=/usr/local/lib/daq_s3
make install

Purpose:

• bootstrap: Generates the configure script
• configure: Sets up build configuration with custom installation path
• make install: Compiles and installs LibDAQ to /usr/local/lib/daq_s3

9. Configure Dynamic Library Loading

touch /etc/ld.so.conf.d/snort.conf
echo "/usr/local/lib/daq_s3/lib/" > /etc/ld.so.conf.d/snort.conf
ldconfig

Purpose:

• Creates a configuration file telling the system where to find LibDAQ libraries
• ldconfig: Updates the dynamic linker cache so applications can locate the newly installed libraries

Pro Tip: This is like updating your GPS after building a new road - the system needs to know where to find your shiny new libraries!