COMPUTER SECURITY CS 470 Ctlog Description PREREQUISITE: CS 350. Study of network security rchitectures nd models, cryptogrphy, uthentiction nd uthoriztion protocols, secure ppliction nd systems development, nd federl regultions nd complince. Emphsis is on security professionl certifiction. Course Objectives To develop n understnding of bsic computer security terminologies nd concepts. To understnd the prcticl relities of computer security through hnds-on cse studies. To understnd the concepts of security design principles. To fmilirize nd understnd current federl regultions nd complince issues pertining to computer security nd privcy. To understnd the concepts of bsic cryptogrphy nd ccess control. Course Mterils Textbook Softwre Title: Introduction to Computer Security Author: Mtt Bishop Publisher: Person Eduction/Addison Wesley Dte: 2005 NMp Nessus NetStumbler WinHex Wireshrk NetBens 6 Jv Softwre Development Kit Supplementry Resources
Informtion Security by Mrk Stmp. John Wiley nd Sons, 2006. notes, project descriptions, homework problems, nd frequently sked questions (FAQ) bout the course mterils re freely ccessible through JSU's Blckbord system. Detiled Course Outline Topic I Overview of Computer Security 1.5 Confidentility b Integrity c Avilbility d Threts e Assurnce f Risk Anlysis nd Benefits II Access Control Mtrix Protection Sttes III Security Policies 2 Trust b Types of Security Policies c Access Controls 1 IV Confidentility Policies Bell-LPdul model b Exmples V Integrity Policies 1 Bib model b Clrk-Wilson model c Exmples VI Hybrid Policies 1 Chinese Wll model b Clinicl informtion systems security c ORCON d RBAC VII Bsic Cryptogrphy 4 Clssicl systems 1 b Public Key cryptogrphy 1 c c Cryptogrphic checksums Comprison of techniques: RSA, DES, MD5, SHA, 3DES, RC4, 1 1
Topic nd AES fetures nd strengths VIII Key Mngement 1.5 Session nd Interchnge keys b Key exchnge c Storing nd revoction d Digitl signtures IX Authentiction 1.5 Psswords b Chllenge Response c Biometrics d Loction X Design Principles 2 Lest privilege b Fil-sfe defults c Economy of mechnisms d Complete medition e Open design f Seprtion of privilege g h Lest common mechnism Psychologicl cceptbility XI Access Control 2.5 Cretion nd Mintennce b Cpbilities c Locks nd keys d Ring-bse ccess control e Propgted ccess control XII Auditing 1.5 Logging, nlyzing, notifying b Auditing mechnisms c Auditing file systems XIII Intrusion Detection, Penetrtion Testing, nd Vulnerbility Anlysis Models: nomly, misuses, specifiction 3.5 b Intrusion response c Intrusion hndling d Flw hypothesis, generliztion, nd testing e Informtion gthering
Topic f Vulnerbility clssifiction g Frmeworks XIV Network nd Physicl Security 2.5 Orgniztion b Policy development c Firewlls nd proxies d Lyered security e Physicl Security XV System Security 3 Networks b Users c Authentiction d Processes e Files f Devices: USB drives, Fx, Videocms g Zone of control h XVI Dtbses, Dtwrehouses, Dt mining Secure Appliction nd System Development Requirements nd Policy b Design c d e Refinement nd Implementtion Common securityrelted ppliction development problems Testing, vlidtion, verifiction, mintennce, nd opertion 3 XVII Web Security 2 SQL Injection b Buffer Overflow c Cross site scripting d Web services security XVIII Evluting Systems 3.5 Forml evlution b TCSEC/ITSEC 1 c FIPS140 d Common Criteri 1 e SSE-CCM XIX Security Certifiction 1 CISSP certifiction 0.75 1
Topic b Smple test questions Course Policy Grding Policy Test 1 25% Test 2 25% Reserch Pper 10% Cse Studies/HW/Projects 15% Finl Exm 25% Grding scle (Percentge) A 90 - bove B 80-89 C 70-79 D 60-69 F below 60 Mke-up Exms To tke mke-up exm, student must hve legitimte reson for hving missed the exm. No student, regrdless of the reson, my tke more thn two mke-up exms. It is the responsibility of the student to request mke-up exm. No mke-up will be given on ny missed pop test. Be prepred to tke the mkeup exm s soon s you return to clss. Lte Assignments All homework ssignments re to be turned in t midnight on the due dte. Lte homework will be chrged 10% deduction per dy. Other Course Policies Any individul who qulifies for resonble ccommodtions under the Americns With Disbilities Act or Section 504 of the Rehbilittion Act of 1973 should contct the Instructor immeditely. Course Syllbus The syllbus for this course cn be downloded here in PDF formt.
2008 Jcksonville Stte University