Introduction to Computer Security CICS 290S/CICS 597-C-01 Credits: 3 Logistics When: September 6 - October 27. This course is designed to last 8 weeks. Each week is comprised of two 3-hour sessions. Where: UMass Center at Springfield Readings: There three textbooks for this class, depending at what level the student is taking the course, s/he uses 2 of the textbooks. All of the following three books are also available in digital format at a lower price, 1. CompTIA Security+ SY0-401 Cert Guide, Academic Edition by David L. Prowse, published by Pearson 2015, ISBN-10: 0-7897-5363-4, ISBN-13: 978-0-7897-5363-2. Alternatively, you can use the following book which has the exact same content by at a lower price (does not include a DVD for supplementary material). CompTIA Security+ SY0-401 Cert Guide, Deluxe Edition, 3rd Edition, by David L. Prowse, published by Pearson 2015, ISBN-10: 0-7897-5333-2, ISBN-13: 978-0-7897-5333-5. 2. Network Security Essentials (6th Edition) by William Stallings, published by Pearson 2017, ISBN-13 978-0134444284. 3. The Basics of Web Hacking, 1st Edition- Tools and Techniques to Attack the Web, by Josh Pauli, Publisher by: Elsevier / Syngress 2013, ISBN 9780124166004. This course provides an introduction to the principles and practice of computer and network security with a focus on both fundamentals and practical information. s include ethics, primary definitions, applied cryptography, networking (e.g., firewalls, VPNs, wireless security), operating systems, malware, and incident handling. The course will also cover application areas, such as data centers, mobile applications, payment systems, and data security. 3 credits Because of special circumstances regarding the audience, we will cover 3 sets of topics 1. Introductory topics most useful to students with little (or no) background in the subject 2. Intermediate topics which a security related practitioner should be aware of 3. Advanced topics meant for the advance students in the course The coverage and relevance of topics are best shown in van diagram below
Textbooks: 1. For the introductory topics we use the first textbook, CompTIA Security+ SY0-401 Cert Guide, Academic Edition. While this course is not related in any way to CompTIA Security+ Certification, the material within this book are very well suited for a person not familiar with the field of computer security. 2. For the intermediate topics we use the textbook Network Security Essentials: Applications and Standards, 6th Edition by William Stallings. 3. For the advanced topics we use the book The Basics of Web Hacking, 1st Edition- Tools and Techniques to Attack the Web by Josh Pauli. It is expected that the novice audience will follow the first 2 books and the advance students will follow the last 2 books. Most chapters of Book #1 will be assigned to students to read and will be discussed inclass. the class lectures will cover book 1 and 2. Book 3 will be used exclusively by the advanced students. The following topics will be covered:
Introductory s 1. Introduction to security principles 9. Physical Security and authentication Models 2. Computer system security 10. Access Control Methods and Models 3. OS Hardening & Virtualization 11. Vulnerability and Risk Assessment 4. Application Security 12. Monitoring and Auditing 5. Network Design Elements 13. Encryption and Hashing Concepts 6. Networking Protocols and Threats 14. PKI and Encryption Protocols 7. Network Perimeter Security 15. Redundancy and Disaster Recovery 8. Securing Network Media and Devices 16. Policies, Procedures, and People Intermediate s 1. Cryptography: 3. Network Security Application Symmetric and Message Confidentiality Key Distribution & User Authentication Public-key cryptography & Message Network Access Control & Cloud Security authentication Transport Level Security 2. System Security Wireless Security Malicious Software Electronic Mail Security Intruders IP Security Firewalls Advance s 1. The Basics of Web Hacking 2. Web Server Hacking 3. Web Application Recon and Scanning 4. Web Application Exploitation with Injection 5. Web Application Exploitation with Broken Authentication and Path Traversal 6. Web User Hacking 7. Fixes Prerequisites: The novice audience is expected to have a general familiarity with computers and system. Some basic background in mathematics is very useful. The course tries to build up knowledge in the novice audience so that the student acquires a general knowledge in security at the end of the course.
For the advanced audience it is expected that the audience starts the course knowing the security fundamental. Through extensive hands-on projects, this class of audience enhance and perfect their knowledge of the security field. Coursework This course requires a great amount of reading. Homeworks will be assigned and short quizzes will be given. There will be a final exam. Students will also be assigned a topic to do a mini research and prepare a short report. Your overall grade for the course will be derived from several components, based on the following formula: 50% Assignments 15% Quizzes (In-class or Take home) 15% Final Exam (in class or take hom) 20% Project Weekly Schedule The topics shown in the two tables above, Introductory topics, and Intermediate topics will be covered in class during the course. The daily progress depends on the level of discussion and involvements of the audience, as such it is very dynamic. The table will be updated as we progress Lecture 1 -Introduction to security environment Prowse: Chapter 1 Stallings: Lecture 2 -Introduction -computer system hardening Prowse: Chapter2 & 3 Stallings: Chapter 2 -OS Hardening and Virtualization Lecture 3 -Symmetric Encryption and Message Confidentiality - Application hardening Prowse: Chapter 4 Stallings: Chapter 2 Lecture 4 Lecture 5 Lecture 6 Lecture 7 Lecture 8 Lecture 9 Lecture 10 Lecture 11 -Public Key Cryptography and Message Authentication -Hash functions - Network Design Elements Prowse: Chapter 5 Stallings: Chapter 3
Lecture 12 Lecture 13 Lecture 14 Lecture 15 Lecture 16 Policies In this course, each voice in the classroom has something of value to contribute. Please take care to respect the different experiences, beliefs and values expressed by students and staff involved in this course. I support the commitment of the UMass Amherst College of Information and Computer Sciences to diversity, and welcome individuals of all ages, backgrounds, citizenships, disability, sex, education, ethnicities, family statuses, genders, gender identities, geographical locations, languages, military experience, political views, races, religions, sexual orientations, socioeconomic statuses, and work experiences. Cell phones, laptops, and similar devices may not be used during class. Accommodation Statement: The University of Massachusetts Amherst is committed to providing an equal educational opportunity for all students. If you have a documented physical, psychological, or learning disability on file with Disability Services (DS), you may be eligible for reasonable academic accommodations to help you succeed in this course. If you have a documented disability that requires an accommodation, please notify me within the first two weeks of the semester so that we may make appropriate arrangements. Academic Honesty Statement: Since the integrity of the academic enterprise of any institution of higher education requires honesty in scholarship and research, academic honesty is required of all students at the University of Massachusetts Amherst. Academic dishonesty is prohibited in all programs of the University. Academic dishonesty includes but is not limited to: cheating, fabrication, plagiarism, and facilitating dishonesty. Appropriate sanctions may be imposed on any student who has committed an act of academic dishonesty. Instructors should take reasonable steps to address academic misconduct. Any person who has reason to believe that a student has committed academic dishonesty should bring such information to the attention of the appropriate course instructor as soon as possible. Instances of academic dishonesty not related to a specific course should be brought to the attention of the appropriate department Head or Chair. Since students are expected to be familiar with this policy and the commonly accepted standards of academic integrity, ignorance of such standards is not normally sufficient evidence of lack of intent ( http://www.umass.edu/dean_students/codeofconduct/acadhonesty/ ).