CSC 421 COURSE COMPACT

Transcription

1 CSC 421 COURSE COMPACT Curse Cde: CSC 421 Curse Title: Cmputer Security Status: Cmpulsry Curse Unit: 2 Cntact Details Lecturer s Data Lecture perid: Tw hurs lectures per week fr 15 weeks (30 hurs) Name: Dr. D.T. Akmlafe Qualificatin: PhD Cllege: Cllege f Science and Engineering (Adjunct) [email protected] Fridays: 11am-1pm Curse Outline Intrductin:, privacy and ethics, risk analysis in cmputer security, threats and security, security measures, physical prtectin (natural disaster, physical facility, access cntrl), hardware and sftware security cntrl, viruses (trjan hrses, wrms a nd lgic bmb), encryptin and cryptgraphy techniques. Develping Secured Cmputer System: External security measures, issue, security mdels (specificatin and verificatin, Bell and LaPadulla Mdel, Clark-Wilsn Mdel, Gguen-Meseguer, TCSEC), discretinary access requirements, mandatry access requirements, user authenticatin, access and infrmatin flw cntrl, auditing and intrusin detectin, damage cntrl and assessment, micrcmputer Security. Netwrk and Telecmmunicatin Security: Fundamentals, issue, bjective and threats, security services, distributed system security, trusted netwrk interpretatin, TNI security services, AIS intercnnectin issues, firewalls-gateways, applicatin, cst and effectiveness. Database Security: Security requirements t Databases, designing the security, methds f prtectin, security f multilevel Database. Legal Issue and Current Legislatin: Cmputer crime, sftware vilatin, crimes, privacy cnsideratins, crprate plicy, managerial issues, gvernment-based security standards. Descriptin Nwadays, many rganizatins and cmpanies rely heavily n infrmatin systems t ensure that they wrk effectively and efficiently at any given time. Additinally, Infrmatin and Cmmunicatin Technlgies (ICTs) are increasingly intertwined in ur daily activities. Sme f these ICT systems, services, netwrks and infrastructures frm a vital part f the ecnmy and sciety, either by prviding essential gds and services r cnstituting the underpinning platfrm f ther critical infrastructures. Often, ICT systems are part f critical infrmatin infrastructures where their disruptin r destructin wuld have a serius impact n vital scietal functins. Often, security breaches were perfrmed by cmpetitrs and insiders, especially frmer emplyees. Further mre, cyber criminals are als increasing their effrts t 1

2 steal sensitive crprate data and infrmatin. Criminals are daily devising sphisticated means t take advantage f emplyees, new technlgies and sftware vulnerabilities. Cnsequently, this curse cvers fundamental issues and first principles f security that are capable f making attacks impssible. The curse will lk at the security plicies, mdels and mechanisms related t cnfidentiality, integrity, authenticatin, identificatin, and availability issues related t infrmatin.. Other tpics cvered include basics f cryptgraphy (e.g., digital signatures), Develping Secured Cmputer System, and netwrk security (e.g., intrusin detectin and preventin), risk management, and secure design principles. It will als cver tpics in netwrk and telecmmunicatin security and database security. Issues such as rganizatinal security plicy, legal and ethical issues in security, standards and methdlgies fr security evaluatin and certificatin will als be cvered. Justificatin Cmputer security is an emerging field f cmputer science and engineering with a cncentratin n the security issues in cmputer systems. Cmputer Security is gaining prminence due t an increase in criminal activity affecting cmputer systems. ICT systems are part f critical infrmatin infrastructures where their disruptin r destructin wuld have a serius impact n crprate rganizatins. Their multiplier effects are better imagined than experienced.als, with the advent f netwrks and expansin f cyber space, security and trust have becme a central challenge in cmputatin and in infrmatin systems.security breaches can have dire cnsequences bth in financial and scietal terms, therefre, securing the systems is f utmst imprtance. This applies bth t the cntainment f everyday risks such as the failure f individual cmpnents and t the preventin f malicius attacks frm utside the systems. This curse will prvide an verview f the crucial cncepts and techniques f securing ur systems either as a standalne r in netwrk Curse By the end f this curse, students will be able t: a. State the basic cncepts in infrmatin security, including security plicies, security mdels, and security mechanisms. b. Explain cncepts related t applied cryptgraphy, including plain-text, cipher-text, the fur techniques fr crypt-analysis, symmetric cryptgraphy, asymmetric cryptgraphy, digital signature, message authenticatin cde, hash functins, and mdes f encryptin peratins. c. Explain the cncepts f malicius cde, including virus, Trjan hrse, and wrms and cmmn vulnerabilities in cmputer prgrams d. Outline the requirements and mechanisms fr identificatin and authenticatin and discuss issues abut passwrd authenticatin, including dictinary attacks (passwrd guessing attacks), passwrd management plicies, and ne-time passwrd mechanisms. 2

3 e. Cmpare security mechanisms fr cnventinal perating systems, including memry, time, file, bject prtectin requirements and techniques and prtectin in cntemprary perating systems and identify the requirements fr trusted perating systems f. Describe security requirements fr database security, and describe techniques fr ensuring database reliability and integrity, secrecy, inference cntrl, and multi-level databases. g. Describe threats t netwrks, and explain techniques fr ensuring netwrk security, including encryptin, authenticatin, firewalls, and intrusin detectin. Prerequisites Basic knwledge f perating systems, data structures, database systems and netwrks. Curse Delivery Methd Lectures, individual assignments and grup presentatin Evaluatin Cmpnents Students must attend classes regularly and punctually t, read the assigned reading befre class and participate in class discussins and presentatins. The curse will be graded as fllws at the end f semester. 10% Grup presentatins, 5%class participatin and attendance 15% Cntinuus Assessments 70% Final Exam Week 1-2 Security Basics Present general verview f cmputer security Understand sme basic definitins and sme related terms Week 3-5 Threats and security, 3

4 Explain threats, disasters and the cmpnent f threats Identify and explain security measures Discuss hardware and sftware prtectins Week 6 Cntinuus assessment Test Objective T test student knwledge n what they have been taught s far Week 7-9 Basic Cryptgraphy and Netwrk security Explain authenticatin, prtcls and key management Discuss and illustrate encryptin and cryptgraphy technique Week 10 Presentatins Objective T test students knwledge n sme basic cncepts and principles f Security Week Develping Secured Cmputer System Discuss design principles Explain Security Mechanisms Understand the cncept f Auditing Systems Explain Risk analysis Get used t System verificatin and evaluatin 4

5 Week Netwrk and Telecmmunicatin Security Identify and explain Netwrk threats such as eavesdrpping, spfing, mdificatin, denial f service attacks Explain netwrk security techniques: firewalls Discuss Intrusin Detectin and Respnse Text bks i. Charlie Kaufman, Radia Perlman and Mike Speciner, Netwrk Security (Prentice Hall 2002, 2nd ed.) ii. ClinByd and Anish Mathuria, Prtclsfr Authenticatin and Key Establishment(Springer 2003) iii. Charles P. Pfleeger and Shari L. Pfleeger. Security in Cmputing (3rd editin). Prentice - Hall iv. Cmputer Security: Art and Scienceby Matt Bishp (ISBN: ), Addisn- Wesley