cmsc414 vs. cmsc417

The following information was provided by Dr. Dave Levin.

At the highest level, 417 is about networks (network security is about 5% of the class), and 414 is about security (networking is usually about 5% of the class, but in Dave's 414, it's more).

Digging more into the topics: If you want to know how networks actually work-and thereby study one of the most impressive, resilient examples of modular design ever constructed-then 417 is for you. You will learn about all "layers in the network stack" (which means that you learn how bits get transmitted over a wire all the way up to how applications communicate internationally at a much higher level of abstraction). You will also gain experience in writing networking code and implementing algorithms at various points in the stack (routing, TCP, etc.).

If you want to know how to make networks (and other systems) work when someone is actively trying to bring them down, then 414 is for you. It's a smattering of topics, but typically from 4 areas: software security (e.g., buffer overflows), web security (e.g., cross-site scripting), crypto (teachers' 414 spend much more time on this than others'), and networking security (e.g., VPNs, firewalls, DoS prevention).

But even more than covering different topics, they approach their topics with a different set of goals in mind: 417 tries to create something to allow billions of cooperating entities to achieve something that they couldn't possibly do alone. 414 tries to keep one or more malicious entities from breaking something that others benefit from.