Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus



Similar documents
Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

Network Security Essentials:

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Major prerequisites by topic: Basic concepts in operating systems, computer networks, and database systems. Intermediate programming.

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

Curran, K. Tutorials. Independent study (including assessment) N/A

CS 450/650 Fundamentals of Integrated Computer Security

Cryptography and network security CNET4523

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

Common Syllabus Revised

How To Protect Your Data From Attack

Tele3119 Trusted Networks Course Outline 2013

CRYPTOGRAPHY AND NETWORK SECURITY

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Chapter 10. Network Security

Chapter 17. Transport-Level Security

Network Security. Introduction. Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus

CS 464/564 Networked Systems Security SYLLABUS

EXAM questions for the course TTM Information Security May Part 1

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

CSCI 4541/6541: NETWORK SECURITY

CRYPTOG NETWORK SECURITY

Computer and Network Security PG Unit Outline School of Information Sciences and Engineering

Chapter 7 Transport-Level Security

SE 4472a / ECE 9064a: Information Security

CS 5490/6490: Network Security Fall 2015

(IŞIK - IT201) 1 / 6 COURSE PROFILE. Theory+PS+Lab (hour/week) Local Credits. Course Name Code Semester Term ECTS

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Course Syllabus. Course code: Academic Staff Specifics. Office Number and Location

NETWORK ADMINISTRATION AND SECURITY

University of Wisconsin-Whitewater Curriculum Proposal Form #3 New Course

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

CSCI 4250/6250 Fall 2015 Computer and Network Security. Instructor: Prof. Roberto Perdisci

Network Security SWISS GERMAN UNIVERSITY. Administration Charles Lim

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

NETWORK SECURITY (W/LAB) Course Syllabus

CS 340 Cyber Security Weisberg Division of Computer Science College of Information Technology & Engineering Marshall University

CSC 474 Information Systems Security

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

Boston University MET CS 690. Network Security

Weighted Total Mark. Weighted Exam Mark

CNA 432/532 OSI Layers Security

CSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; /6834)

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Network Security Fundamentals

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Applied Network Security Course Syllabus Spring 2015

Network Access Security. Lesson 10

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

Network Security Essentials Chapter 5

Computer Science 3CN3 Computer Networks and Security. Software Engineering 4C03 Computer Networks and Computer Security. Winter 2008 Course Outline

Fundamentals of Network Security - Theory and Practice-

Chapter 8. Network Security

12/8/2015. Review. Final Exam. Network Basics. Network Basics. Network Basics. Network Basics. 12/10/2015 Thursday 5:30~6:30pm Science S-3-028

Information Security

CS 1340 Sec. A Time: 8:00AM, Location: Nevins Instructor: Dr. R. Paul Mihail, 2119 Nevins Hall, rpmihail@valdosta.

Lecture 1: Introduction. CS 6903: Modern Cryptography Spring Nitesh Saxena Polytechnic University

Course Outline Computing Science Department Faculty of Science. COMP Credits Computer Network Security (3,1,0) Fall 2015

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

e-code Academy Information Security Diploma Training Discerption

ICTTEN8195B Evaluate and apply network security

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

Transport Level Security

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Communication Systems SSL

Communication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009

Computer and Network Security

Course Content Summary ITN 262 Network Communication, Security and Authentication (4 Credits)

How To Understand And Understand The Ssl Protocol ( And Its Security Features (Protocol)

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Data Encryption and Network Security

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN

Joseph Migga Kizza. A Guide to Computer Network Security. 4) Springer

Lecture 9 - Network Security TDTS (ht1)

Chapter 32 Internet Security

COURSE DESCRIPTION. Required Course Materials COURSE REQUIREMENTS

San José State University College of Engineering/Computer Engineering Department CMPE 206, Computer Network Design, Section 1, Fall 2015

Content Teaching Academy at James Madison University

Savitribai Phule Pune University

Information Security Course Specifications

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

TLS and SRTP for Skype Connect. Technical Datasheet

CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING

New York City College of Technology Computer Systems Technology Department

Network Security. Lecture 3

Network Security Course Specifications

Web Security Considerations

Security + Certification (ITSY 1076) Syllabus

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

ABNORMAL PSYCHOLOGY (PSYCH 238) Psychology Building, Rm.31 Spring, 2010: Section K. Tues, Thurs 1:45-2:45pm and by appointment (schedule via )

COSC 472 Network Security

CS 758: Cryptography / Network Security

Transcription:

Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems and discusses potential solutions. The course covers a broad variety of important security topics, such as cryptography mechanisms, intrusion detection, and network perimeter security. By the end of this course, students will understand basic security terms such as plaintext, cipher-text, encryption/decryption, and authentication. Students will be able to explain the basic number theory required for cryptographic applications, and manually encrypt/decrypt and sign/verify signatures using cryptographic approaches. Students will be able to identify typical security pitfalls in authentication protocols, and outline the protocols, i.e., AH and ESP protocols, for IP Security. Textbook W. Stallings, Network Security Essentials: Applications and Standards, 4 st Edition, Prentice Hall, ISBN: 0136108059, 2010. Recommended Supplement C. Kaufman, R. Perlman, and M. Speciner, Network Security: Private Communication in a Public World, 2 st Edition, Prentice Hall, ISBN: 0130460192, 2002. W. Stallings, Cryptography and Network Security: Principles and Practice, 5 st Edition, Prentice Hall, ISBN: 0136097049, 2010. Richard E. Smith, Elementary Information Security, 1 st Edition, Jones & Bartlett Learning, ISBN: 0763761419, 2011. M. Stamp, Information Security: Principles and Practice, 2 st Edition, Wiley, ISBN: 0470626399, 2011. Prerequisite CSCI-360: Computer Networks CSCI-342: Introduction to Information Security Major Topics 1. Introduction 1.1. Computer Security Concepts 1.2. The OSI Security Architecture 1.3. Security Attacks 1.4. Security Services 1.5. Security Mechanisms

1.6. A Model for Network Security 1.7. Standards PART ONE CRYPTOGRAPHY 2. Symmetric Encryption and Message Confidentiality 2.1. Symmetric Encryption Principles 2.2. Symmetric Block Encryption Algorithms 2.3. Random and Pseudorandom Numbers 2.4. Stream Ciphers and RC4 2.5. Cipher Block Modes of Operation 3. Public-Key Cryptography and Message Authentication 3.1. Approaches to Message Authentication 3.2. Secure Hash Functions 3.3. Message Authentication Codes 3.4. Public Key Cryptography Principles 3.5. Public-Key Cryptography Algorithms 3.6. Digital Signatures PART TWO NETWORK SECURITY APPLICATIONS 4. Key Distribution and User Authentication 4.1. Symmetric Key Distribution Using Symmetric Encryption 4.2. Kerberos 4.3. Key Distribution Using Asymmetric Encryption 4.4. X.509 Certificates 4.5. Public Key Infrastructure 4.6. Federated Identity Management 5. Transport-Level Security 5.1. Web Security Issues 5.2. Secure Sockets Layer (SSL) 5.3. Transport Layer Security (TLS) 5.4. HTTPS 5.5. Secure Shell (SSH) 6. Wireless Network Security 6.1. IEEE 802.11 Wireless LAN Overview 6.2. IEEE 802.11i Wireless LAN Security 6.3. Wireless Application Protocol Overview 6.4. Wireless Transport Layer Security 6.5. WAP End-to-End Security 7. Electronic Mail Security 7.1. Pretty Good Privacy (PGP) 7.2. S/MIME 7.3. Domain Keys Identified Mail (DKIM) 8. IP Security 8.1. IP Security Overview 8.2. IP Security Policy 8.3. Encapsulating Security Payload 8.4. Combining Security Associations 8.5. Internet Key Exchange

8.6. Cryptographic Suites 9. Intrusion Detection 9.1. Intruders 9.2. Intrusion Detection 9.3. Host-Based Intrusion Detection 9.4. Distributed Host-Based Intrusion Detection 9.5. Network-Based Intrusion Detection 9.6. Distributed Adaptive Intrusion Detection 9.7. Intrusion Detection Exchange Format 9.8. Honeypots 9.9. Example System: Snort 10. Firewalls and Intrusion Prevention Systems 10.1. The Need for Firewalls 10.2. Firewall Characteristics 10.3. Types of Firewalls 10.4. Firewall Basing 10.5. Firewall Location and Configurations 10.6. Intrusion Prevention Systems 10.7. Example: Unified Threat Management Products 11. Network Management Security 11.1. Basic Concepts of SNMP 11.2. SNMPv1 Community Facility 11.3. SNMPv3 Learning Outcomes Grading A student completing this course is expected to be able to: 1. Explain concepts related to applied cryptography, including plaintext, ciphertext, symmetric cryptography, asymmetric cryptography, and digital signatures. 2. Explain the theory behind the security of different cryptographic algorithms. 3. Explain common network vulnerabilities and attacks, defense mechanisms against network attacks, and cryptographic protection mechanisms. 4. Outline the requirements and mechanisms for identification and authentication. Identify the possible threats to each mechanism and ways to protect against these threats. 5. Explain the requirements of real-time communication security and issues related to the security of web services. 6. Explain the requirements of non-realtime security (email security) and ways to provide privacy, source authentication, message integrity, non-repudiation, proof of submission, proof of delivery, message flow confidentiality, and anonymity. Letter Grade A 90 100 B 80 89 C 70 79 D 60 69 F 0 59

Evaluation Procedures Homework Assignment 20% Quiz 10% Midterm Exam 10% Final Exam 20% Project &Presentation 40% Projects The group projects will involve setting up systems and writing programs that demonstrate important concepts and mechanisms introduced in the classes. The most common reason for not doing well on projects is not starting them early enough. You will be given plenty of time to complete each project. However, if you wait until the last minute to start, you may not be able to finish. Start early and plan to have it finished a few days ahead of the due date. Many unexpected problems typically arise during programming, particularly when debugging. You should plan for these things to happen. The department computer lab will be available for project work. We will also make an environment available for you that can be used to work on projects on your own computer. Your lack of staring early is not an excuse for turning in your project late, including having your computer crash. There are a number of sources for help. This includes office hours, and discussion groups on the class website. Group Rules: each group is to have a maximum 2 people. This means that you can work on your project individually or with another person. If you work in a group of two, you may collaborate on ONLY with your group member and not with a member of another group. Group selection is made by emailing the instructor by the 3 rd class meeting. Once you select a group member, you may not change group membership. Each project submitted by a group will include a separate submission by each group member indicating a percentage describing each group member s contribution. Equal contribution means each member (in a 2 person group) contribute 50%. Anything different from equal contribution will result in a reduction in grade from the group member who contributes less and an increase in grade for the group member who contributes more. The oral class presentation will be done in groups of 2. If there are an odd number of students registered for the class, a single student will have the option of either presenting individually or joining a group (making a single group of 3). Homework All work will be submitted electronically. Homework and Projects are due at 11:59 PM on the due date described in the assignments. Late policy is as follows: 10% grade penalty for one day of lateness 50% grade penalty for two days of lateness A grade of zero for >2 days of lateness Note: plagiarism, copying, or cheating of any kind will result in a minimum of an F in the course for all parties involved and a maximum of expulsion from the University should I warrant the need to report it to the Student Judicial Affairs office.

Attendance Policy Attendance is mandatory. It is the responsibility of the student to ensure that they sign the signin sheet prior to leaving class. Students that have not signed the sign-in sheet will be considered absent even if they attended class for that day. Students are allowed a maximum of two unexcused absences during the semester. Students that have more than two unexcused absences but less than or equal to four unexcused absences will have their course average reduced by five points. In addition, for each unexcused absence above four, students will receive an additional two points off from their course average. Excused absences require documentation from an authorized party. An absence due to medical reasons will require a note or document from a medical practitioner or institution. Where possible, permission to be absent from class should be obtained in advance. Attempting to obtain permission for being absent after the fact and without proper documentation is not acceptable. Cell Phone Policy Cell phones should be turned off or in silent mode and should be tucked away somewhere not visible to anyone, especially to the instructor. Students will receive a warning on their first infraction of this policy and will be asked to leave the class on each additional infraction and considered absent. In addition, the student will receive an F on any graded work that is due or carried out on that day. Under no circumstance is a student to use the phone in class in any capacity. This includes text messaging! Students that leave the class to talk on their cell phones will not be allowed to return to class. This policy is in effect from the start of class until the instructor dismisses the class. Test Taking Policy During a scheduled exam or quiz, you are required to clear all material from the desk or table prior to beginning your exam or quiz. All books, bags, and other personal material should be placed on the floor. Cell phone policy remains in effect during an exam or quiz. This means that the use of a cell phone without permission from the instructor will result in a zero. Please make sure to use the restroom prior to beginning your exam. If you must use the rest room during the exam, you will need to submit your exam or quiz and it will be graded as is. Cheating and Collaboration Policy Collaboration is a healthy and constructive way to learn and accomplish tasks. Unfortunately, many students often do not realize that what they believe to be collaboration is actually cheating. Cheating on assignments or projects does not benefit anyone, especially you, and undermines our trust. Because the line between collaboration and cheating can get confusing for students, especially those not exposed to proper collaboration behavior, you are asked to carefully consider what is discussed in this section; however, the rule of thumb should always be that when in doubt about whether a particular action can be considered cheating, ask your instructor. In this course, engaging directly with one another on assignments and projects can only enhance the learning process. But how you engage is very important. Discussing assignments and projects at a conceptual level, helping with conceptual bugs in code, or discussing lecture and text material is acceptable. When you turn in assignments, the content must be completely yours! Exceptions occur when your instructor allows you to use material in the public domain; however, you will be required to reference the work. For the purpose of this course, using snippet of code from classmates accomplishes nothing! In the end, it is about what you have learned. Your grade means absolutely nothing to anyone once they figure out you cannot program. In the same token, helping someone by looking at their code, more

often than none, leads to copying at some level. Please note that this is not the same as looking at someone else s code to learn to become a better programmer. In general, you are better off asking your instructor prior to looking at another classmate s code. Verbal collaboration is generally acceptable. Examples of acceptable collaboration: Discussing ambiguities in assignments or course materials to gain a better understanding of them; Providing assistance with Java, either in using the system facilities or with debugging tools. Discussing and explaining code provided in the course. Obtaining help on general programming issues (i.e. what does a specific error mean?); As a general rule, if you do not understand or cannot explain what you are handing in, or if you have written the same code as someone else, you are probably cheating. If you have given somebody some code, simply so that it can be used in that person's project, you are probably cheating. Here are some examples of clear cases of cheating: Copying files or parts of files (such as source code, written text, or unit tests) from another person or source. Copying (or retyping) files or parts of files with minor modifications such as style changes or minor logic modifications. Allowing someone else to copy your code or written assignment in any form. Getting help from someone whom you do not acknowledge on your solution. The policies in this section were adapted from those instituted in the Computer Science Department at Carnegie Mellon University.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information