Special Topics (Computer and Network Security)

About

Catalog Description

Aim

This course aims to equip students with the knowledge and skills in identifying threats and vulnerabilities as well as developing protection mechanisms for computer systems and networks.

Objectives

At the end of this course the student should be able to:

1. explain the fundamental concepts in computer systems security: confidentiality, integrity, availability, asset, threat, attack, policy, mechanism;
2. find and identify software, platform, and network security vulnerabilities;
3. develop and use exploits for security vulnerabilities;
4. perform incident response and digital forensics after a security breach;
5. apply secure programming practices;
6. design, implement, and deploy secure network and web services; and
7. explain and evaluate the legal and ethical implications of security attacks and breaches.

Topics (based on ACM's 2013 Curriculum Guidelines)

1. IAS/Foundational Concepts in Security
2. IAS/Principles of Secure Design
3. IAS/Defensive Programming
4. IAS/Threats and Attacks
5. IAS/Network Security
6. IAS/Cryptography
7. IAS/Web Security
8. IAS/Platform Security
9. IAS/Security Policy and Governance
10. IAS/Digital Forensics
11. IAS/Secure Software Engineering

Specific topics

• Why Computer Security is challenging?
• Computer Security Strategy
• Symmetric Encryption
• Asymmetric Encryption
• Software Security
• Database Security
• Penetration Testing
• Buffer Overflow Attacks
• TCP/IP and attacks
• DNS and attacks
• Malicious Software
• IT Security Management and Risk Assessment
• IT Security Controls, Plans, and Procedures
• Human Resources Security

Evaluation/Grading(Tentative)

2 Long Exams	40%
Quizzes	10%
Laboratory Exercises	50%
Total	100%

Passing grade is 55%. No grade of 4.0 will be given. Grading scale is shown below.

0.00	54.99	5.0
55.00	59.99	3.0
60.00	64.99	2.75
65.00	69.99	2.5
70.00	74.99	2.25
75.00	79.99	2.0
80.00	84.99	1.75
85.00	89.99	1.5
90.00	94.99	1.25
95.00	100	1.0

Attendance Policy

Attendance will be checked every meeting. Students with four(4) or more absences will be automatically dropped from the course.

Collaboration Policy

Honor Code

• Properly acknowledge help received.
• No looking at solutions/programs from previous years.
• No sharing of code with other students.
• Be ready to explain your code.

Google Classroom:

Lecture/Laboratory

Meeting	Date	Topic	Readings/Slides	Homework	Laboratory
1	8/5/2019 M	(no meeting: bad weather)
2	8/12/2019 M	(no meeting))
3	8/19/2019 M	Introduction.Why computer security is challenging?	[STA] Ch. 1
4	8/26/2019 M	(no meeting)
5	9/2/2019 M	Environment Variables and setuid programs			[SEED]Environment Variable and Set-UID Program Lab
6	9/9/2019 M	Symmetric Cryptography	[STA]Ch. 2, [STA]Ch. 20, Frequency Analysis Tool		[SEED]Secret-Key Encryption Lab,ciphertext.txt,pic.bmp
(makeup class)	9/12/2019 M	Shellshock	[SEED Shellshock]		[SEED] Shellshock Attack Lab
7	9/16/2019 M	Asymmetric Cryptography	[STA]Ch. 21		[SEED]RSA Public-Key Encryption and Signature Lab,[SEED]Public-Key Infrastructure,Task3 Answer
8	9/23/2019 M	Database Security (Lecture by Marie Betel B. de Robles)	[STA]Ch. 5		[SEED]SQL Injection Attack Lab
9	9/30/2019 M	(no meeting)
10	10/7/2019 M	Software Security	[STA]Ch. 11		[SEED]XSS Attack Lab (Elgg)
11	10/14/2019 M	EXAM 1
12	10/21/2019 M	Penetration Testing	Penetration Testing
13	10/28/2019 M	TCP/IP Attack Lab	TCP/IP Attack Lab, [SEED]		[SEED]TCP/IP Attack Lab
14	11/4/2018 M	DNS Attack Lab	DNS Attack Lab,[SEED],Video		[SEED]Local DNS Attack Lab,Forward Zone File, Reverse Zone File
15	11/11/2019 M	[Malicious Software],[IT Security Management and Risk Assessment]	[STA]Ch.6, [STA]Ch.14		shingles32
16	11/18/2019 M	[IT Security Controls, Plans, and Procedures], [Human Resources Security]	[STA]Ch.15,[STA]Ch.17
17	11/25/2019 M	Buffer Overflow Attacks	BOF Attacks, Windows		Files
18	12/2/2019 M	EXAM 2

Resources

Textbook

• [STA]:Stallings, W. and Brown, L. (2015). Computer Security: Principles And Practice (3rd ed.) Pearson Education Inc.

Supplementary Textbooks

• Wenliang Du.(2017).Computer Security: A Hands-on Approach.
• Goodrich, M., & Tamassia, R. (2010). Introduction to computer security. Addison-Wesley Publishing Company
• Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
• Gollmann, D. (2011). Computer Security. John Wiley & Sons.
• Bishop, M. (2006). Introduction to computer security. Pearson Education India.
• Bishop, M. (2003). Computer Security: Art and Science. ISBN: 0-201-44099-7. Addison-Wesley Publishing Company.
• Kaufman, C., Perlman, R., and Speciner, M. (2002). Network security: private communication in a public world. Prentice Hall Press.
• Jon Erickson. (2008). Hacking: The art of exploitation. No Starch Press, Inc.
• Michael Sikorski and Andrew Honig.(2012). Practical Malware Analysis. No Starch Press, Inc.

Similar CNSEC Courses

• IT 280
• Stanford
• MIT
• UMD
• UCB

Software and Others

• Center for Internet Security
• The Hacker News
• NICE
• SecGen vuln VM generator
• Awesome Pentest
• ACM Cybersecurity Curricula Recommendations 2017
• Vagrant
• VirtualBox
• Kali Linux
• SEED Labs
• Phrack Magazine
• Exploit DB
• Common Vulnerabilities Exposures
• Damn Vulnerable Web Applications
• National Vulnerability Database
• PentesterLab
• Cybersecurity in the Philippines
• Penetration Test Execution Standard
• Vulnerable by Design
• Metasploit Unleashed
• Shellcode Database