Number and Title of Course: CPSC 6128 - Network Security

Instructor(s): Dr. Wayne Summers

Office: CCT455                                                           Office phone: (706) 568-5037
Department phone: (706) 568-2410                             Department FAX: (706) 565-3529
Office Hours: 10-10:50 a.m. MWF (in online chat); 3-3:50 p.m. TR (in online chat); via e-mail, net-meetings and by appointment
e-mail address: summers_wayne@ColumbusState.edu
homepage:http://csc.ColumbusState.edu/summers

 

Catalog Description of Course: (Prerequisite CPSC 6126 Information Systems Assurance or equivalent.) This course examines the fundamentals of security issues arising from computer networks. Topics include intrusion detection, firewalls, threats and vulnerabilities, denial of service attacks, viruses and worms, use and effectiveness of encryption, secure transactions and e-commerce, and network exploits. (3 credits).

Required Textbook(s):
Corporate Computer and Network Security by Raymond R. Panko, Prenticed-Hall, 2004, ISBN 0-13-038471-2.

 

Supplementary Books and Materials

  1. Introduction to Computer Security by Matt Bishop, Addison Wesley Professional, 2005, ISBN: 0-321-24744-2.
  2. The Art of Deception: Controlling the Human Element of Security, by Kevin D. Mitnick and William L. Simon, John Wiley & Sons, 2002, ISBN: 0471237124.
  3. Web Security, Privacy and Commerce; Simson Garfinkel and Gene Spafford; O’Reilly & Associates, Inc., 2002; ISBN 0-596-00045-6
  4. Secrets and Lies: Digital Security in a Networked World; Bruce Schneier; John Wiley & Sons, 2000; ISBN 0-471-25311-1
  5. Active Defense A Comprehensive Guide to Network Security; Chris Brenton and Cameron Hunt; SYBEX 2001; 0-7821-2916-1.
  6. Security+ Guide to Network Security Fundamentals by Cisco Learning Institute, Boswell, Calvert, Campbell, Course Technology, ISBN: 0-619-21294-2
  7. Lab Manual for Security+ Guide to Network Security Fundamentals by Paul Cretaro, Course Technology,  ISBN: 0-619-13104-7
  8. Web Security For Network and System Administrators by David Mackey, Course Technology,  ISBN: 0-619-06495-1
  9. Guide to Network Defense and Countermeasures by Greg Holden, Course Technology,  ISBN: 0-619-13124-1
  10. Guide to Firewalls and Network Security: Intrusion Detection and VPNs, Course Technology,  by Greg Holden ISBN: 0-619-13039-3
  11. The Cuckoo's Egg : Tracking a Spy Through the Maze of Computer Espionage; Clifford Stoll;Pocket Books;ISBN 0671726889

Software and manuals found in the lab and on the Internet

 

Course Objectives

1.        Students will understand the major issues in network and computer system security, focusing mainly on threats from malicious software.

2.        Students will have an understanding of common attacks on computer networks and methods to detect and remediate such attacks.

3.        Students will be able to identify threats and vulnerabilities to information systems.

4.        Students will be able to identify and detect data, computers and networks exploits.

5.        Students will be able to secure computer networks.

6.        Be able to use network security tools.

 

Major Topics

1.      Foundations of computer and network security.

2.      Access Control and Site Security.

3.      Threats and vulnerabilities.

4.      Attack Methods.

5.      Technical defenses: authentication, operating system security, firewalls, etc.

6.      Host Security.

7.      Elements of Cryptography.

8.      Cryptographic Systems: SSL/TLS, VPNs, Kerberos.

9.      Application Security: Electronic Commerce and E-mail.

10.  Network vulnerability assessment and intrusion detection.

11.  Remediation methods, including backup and repair strategies.

12.  Business continuity planning and disaster recovery planning

13.  Legal issues, privacy, cyberwar and cyberterror.

 

Instructional Methods and Techniques

  1. The class will be taught online. Learning sessions will usually be conducted via threaded discussion and will include recorded lectures on the instructor's web site. See http://cs.ColumbusState.edu/Academics/Online/OnlineInfo.asp for information on taking an online course.
  2. Students will be expected to participate in asynchronous threaded discussions.
  3. All students must have access to networked computers for doing assignments.
  4. Students will have an opportunity to use a variety of security tools to reinforce their learning of the concepts.
  5. Discussion may also be available through live chat.

How to Access the Course

This course is being offered through WebCT Vista. You can access WebCT Vista at: http://webct.ColumbusState.edu/ 

At this page, select the "Log on to" WebCT Vista link to activate the WebCT Vista logon dialog box, which will ask for your WebCT Vista username and password. Your Vista WebCT username and password are:

Username: lastname_firstname
Password: XXXX

Default password is your birthday in the format of DDMMYY.

If you try the above and WebCT Vista will not let you in, please use the "Comments/Problems" link on the WebCT Vista home page to request help. If you are still having problems gaining access a day or so after the class begins, please e-mail me immediately.

Once you've entered WebCT Vista, you will see a list of courses you have access to. The CPSC 6128 course is listed as "Network Security." Next to this, you should see my name as the instructor. You may also see new discussion postings, new calendar postings, and new mail messages. Clicking on the name of the course will take you to the course's home page. If you don't see the "Network Security" course in the list, please e-mail me immediately.

Once you have clicked on the course's name and accessed the particular course itself, you will find a home page with links to other sections and tools, and a menu on the left-hand side. Feel free to explore the areas in the course.

How This Course Will Work

This course will consist of readings, discussion questions, “lab” assignments, a final project and two exams. On a weekly basis, you will need to:

  1. review the week's lesson;
  2. complete the readings from the two texts;
  3. read and if possible, listen to the lectures;
  4. complete the “lab” assignments;
  5. submit responses to weekly discussion questions based on the readings;
  6. comment on other students' responses to the discussion questions.

In addition to the weekly requirements, you will need to:

decide on and complete a final project.

Online Discussions
To maximize your learning, you are expected to participate actively in the weekly discussions. To receive maximum credit for participating, you must post a response to EACH discussion question of at least 150 words and comment on ONE of the other students' responses for EACH discussion assignment. There is, of course, no upper limit on the amount of discussion in which you can be involved in.

The responses to other students' postings should add to the substance of the posting, request clarification, provide a different perspective, or challenge the assertions made by providing real or hypothetical scenarios that the original posting does not adequately address. Remember, the purpose of course discussions is to stimulate academic debate. Critical thinking is highly desirable!

I will read every response and every comment, but I will not necessarily respond to every response or to every comment. I will, however, interject comments where necessary for clarification.

Discussion Etiquette

CSU is committed to open, frank, and insightful dialogue in all of its courses. Diversity has many manifestations, including diversity of thought, opinion, and values. Students are encouraged to be respectful of that diversity and to refrain from inappropriate commentary. Should such inappropriate comments occur, I will intervene as I monitor the dialogue in the discussions. I will request that inappropriate content be removed from the discussion and will recommend university disciplinary action if deemed appropriate. Students as well as faculty should be guided by common sense and basic etiquette. The following are good guidelines to follow:

  • Never post, transmit, promote, or distribute content that is known to be illegal.
  • Never post harassing, threatening, or embarrassing comments.
  • If you disagree with someone, respond to the subject, not the person.

Never post content that is harmful, abusive; racially, ethnically, or religiously offensive; vulgar; sexually explicit; or otherwise potentially offensive.

 

Student Responsibilities

As a student in this course, you are responsible to:

  • manage your time and maintain the discipline required to meet the course requirements,
  • complete all readings,
  • complete all assignments,
  • actively participate in weekly discussions,
  • decide on and coordinate a final project with the instructor, and
  • read any e-mail sent by the instructor and respond accordingly.

“I didn’t know” is not an acceptable excuse for failing to meet the course requirements. If you fail to meet your responsibilities, you do so at your own risk.

Instructor Responsibilities

As your instructor in this course, I am responsible to:

  • post weekly lessons outlining the assignments for the week,
  • post weekly discussion questions,
  • read all responses to discussion questions and comments to responses,
  • actively participate in weekly discussions when necessary,
  • decide on and coordinate a final project with you, 
  • grade discussion questions, comments, assignments, and the final project, and post scores within one week of the end of the week in which they are submitted, and
  • read any e-mail sent by the you and respond accordingly within 48 hours.

Although I will read every posted discussion question and response, I will not necessarily respond to every post. 

 

Student Web Server Space

There may be times when you will want to use an actual Web server in response to discussion questions or for projects. All currently enrolled CSU students (including online students) can request free Web server space on the CSU student Web server. Simply go to http://students.ColumbusState.edu and click on the "Free Web Pages" icon. Then click on the link to request the account. Under normal circumstances, the account and space will be created in a matter of seconds. This server is also .NET capable.

 

Online Lab Assignments

The lab assignments will be of two types. Some assignments will require the use of your own computer. If you are using a computer at work, make sure that you have permission to use the software for the assignment. The second type of assignment will require you connecting to the Security and Assurance of Information Lab (SAIL Lab) through a VPN connection. This will require that you install the VPN client and the VNC software on your computer.

 

Assignments for Course

  • Readings from the textbooks.
  • Outside reading from popular computing and network periodicals.
  • Readings from documents found on the Internet.
  • Several lab homework assignments with security tools.

Course Evaluation (tentative):

  • Unit Homework Assignments = 200-300 pts.
    1. These may involve hands-on activities
    2. Some activities may require working with classmates.
  • Discussion Group, “Class Participation” (10-20 submissions) = 200 pts.
    1. second submission will be in response to other students comments (comments like “I agree” are not acceptable)
    2. Group discussion of concepts is a great way to learn the material. Additional discussion will be used to determine grades for students on the borderline between two letter grades.
  • One midterm test = 100 pts.
  • 1 Comprehensive FINAL EXAM = 200 pts.
  • Research paper or project = 100 pts. (topic must be approved before starting the paper/project)

Grades may be determined according to this scale:

A 90% - 100%

B 80% - 89%

C 70% - 79%

D 60% - 69%

 

General Policies

You are responsible for all class work missed, regardless of the reason for the absence(s). Late assignments will not be accepted. No makeup exams or quizzes will be given, so please make sure you are present for all exams/quizzes. Refer to the CSU Catalog (http://aa.ColumbusState.edu/advising/a.htm#Absence Policy) for more information on class attendance and withdrawal.

Academic dishonesty
Academic dishonesty includes, but is not limited to, activities such as cheating and plagiarism (http://aa.ColumbusState.edu/advising/a.htm#Academic Dishonesty/Academic Misconduct). It is a basis for disciplinary action. Any work turned in for individual credit must be entirely the work of the student submitting the work. All work must be your own. [For group projects, the work must be done only by members of the group.] You may share ideas but submitting identical assignments (for example) will be considered cheating. You may discuss the material in the course and help one another with debugging; however, any work you hand in for a grade must be your own.  A simple way to avoid inadvertent plagiarism is to talk about the assignments, but don't read each other's work or write solutions together unless otherwise directed by your instructor. For your own protection, keep scratch paper and old versions of assignments to establish ownership, until after the assignment has been graded and returned to you. If you have any questions about this, please see your instructor immediately. For assignments, access to notes, the course textbooks, books and other publications is allowed. All work that is not your own, MUST be properly cited. This includes any material found on the Internet. Stealing or giving or receiving any code, diagrams, drawings, text or designs from another person (CSU or non-CSU, including the Internet) is not allowed. Having access to another person’s work on the computer system or giving access to your work to another person is not allowed. It is your responsibility to prevent others from having unauthorized access to your work.

No cheating in any form will be tolerated. Penalties for academic dishonesty may include a zero grade on the assignment or exam/quiz, a failing grade for the course, suspension from the Computer Science program, and dismissal from the program. All instances of cheating will be documented in writing with a copy placed in the Department’s files. Students will be expected to discuss the academic misconduct with the faculty member and the chairperson. For more details see the Faculty Handbook: http://aa.ColumbusState.edu/faculty/FacHandbook0203/sec100.htm#109.14 and the Student Handbook: http://sa.ColumbusState.edu/handbook/handbook2003.pdf

You are expected to review the TSYS Department of Computer Science’s Academic Dishonesty Policy -  (http://csc.ColumbusState.edu/policy/Academic-Dishonesty-Policy.html)

 

Since this course includes the use of computer security tools and techniques, you are required to sign a Computer Security Agreement form at http://csc.ColumbusState.edu/summers/NOTES/6136/Computer-Security-Class-Student-Agreement.htm

 

Getting help
You can always contact me during my posted office hours, by e-mail, or by appointment.

CSU ADA statement
If you have a documented disability as described by the Rehabilitation Act of 1973 (P.L. 933-112 Section 504) and Americans with Disabilities Act (ADA) and would like to request academic and/or physical accommodations please contact Joy Norman at the Office of Disability Services in the Center for Academic Support and Student Retention, Tucker Hall (706) 568-2330, as soon as possible. Course requirements will not be waived but reasonable accommodations may be provided as appropriate.

          SUGGESTED WEEKLY SCHEDULE FOR COMPUTER SECURITY (tentative)

 

Lecture Topic

Homework

Week 1:

January 9-13

Chapter 1 – A Framework

See Website

http://csc.ColumbusState.edu/summers/NOTES/6128/labs-6128.htm and WebCT calendar

Week 2:

January 16-20

Chapter 1a – Examples of Security Problems

Hands-on Lab 1 - Footprinting the network

Week 3:

January 23-27

Chapter 2 – Access Control and Site Security

Hands-on Lab 2 - Passwords

Week 4:

Jan. 30 – Feb. 3

Chapter 3 – Review of TCP/IP Internetworking

 

Week 5:

February 6-10

Chapter 4 – Attack Methods

Hands-on Lab 3 - Antivirus Policy

Week 6:

February 13-17

Chapter 5 – Firewalls

Hands-on Lab 4 - Firewall Policy

Week 7:

February 20-24

Chapter 6 – Host Security

 

Week 8:

February 27-

March 3

MIDTERM EXAM

Hands-on Lab 5 - Host Security

Week 9:

March 6-10

SPRING BREAK

SPRING BREAK

Week 10:

March 13-17

Chapter 7 – The Elements of Cryptography

Hands-on Lab 6 - Encryption

Week 11:

March 20-24

Chapter 8 – Cryptographic Systems

 

Week 12:

March 27-31

Chapter 9 – Application Security

Hands-on Lab 7 - Email Security

Week 13:

April 3-7

Chapter 10 – Incident and Disaster Response

Hands-on Lab 8 - Network Security Auditing

Week 14:

April 10-14

Chapter 11 – Managing Security Function

 

Week 15:

April 17-21

Chapter 12 – The Broader Perspective

Hands-on Lab 9 - Network Security - Intrusion Detection

Week 16:

April 24-28

“Presentations”

Hands-on Lab 10 - Managing Network Security

Week 17:

May 2-6

“Presentations”

 

May 4 (tentative)

 

FINAL EXAM DUE