MW 515-545, TU 1-3; and other times by appointment



Similar documents
CSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; /6834)

EC Council Certified Ethical Hacker V8

CIS 4204 Ethical Hacking Fall, 2014

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

CS 450/650 Fundamentals of Integrated Computer Security

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

[CEH]: Ethical Hacking and Countermeasures

Weighted Total Mark. Weighted Exam Mark

CSC 474 Information Systems Security

EC-Council. Program Brochure. EC-Council. Page 1

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

CS Ethical Hacking Spring 2016

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

EC-Council C E. Hacking Technology. v8 Certified Ethical Hacker

Certified Ethical Hacker Exam Version Comparison. Version Comparison

EC-Council. Certified Ethical Hacker. Program Brochure

CEH Version8 Course Outline

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

CS 464/564 Networked Systems Security SYLLABUS

Applied Network Security Course Syllabus Spring 2015

Major prerequisites by topic: Basic concepts in operating systems, computer networks, and database systems. Intermediate programming.

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

Network Security ITP 457 (4 Units)

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Certified Ethical Hacker (CEH)

UVic Department of Electrical and Computer Engineering

CENTRAL TEXAS COLLEGE ITSY 2401 FIREWALLS AND NETWORK SECURITY. Semester Hours Credit: 4 INSTRUCTOR: OFFICE HOURS:

Computer Science 3CN3 Computer Networks and Security. Software Engineering 4C03 Computer Networks and Computer Security. Winter 2008 Course Outline

CYBERTRON NETWORK SOLUTIONS

Security + Certification (ITSY 1076) Syllabus

CSCI 4250/6250 Fall 2015 Computer and Network Security. Instructor: Prof. Roberto Perdisci

LINUX / INFORMATION SECURITY

Applied Information Technology Department

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

CS 340 Cyber Security Weisberg Division of Computer Science College of Information Technology & Engineering Marshall University

BBM 461: SECURE PROGRAMMING INTRODUCTION. Ahmet Burak Can

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

MS Information Security (MSIS)

CS 5490/6490: Network Security Fall 2015

CCA CYBER SECURITY TRACK

Boston University MET CS 690. Network Security

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY-274 Privacy, Ethics & Computer Forensics

HOWARD. UNIVERSITY School of Business

CS4320 Computer and Network Security. Fall 2015 Syllabus

CIS 250 NETWORK SECURITY JACKSON STATE COMMUNITY COLLEGE COURSE SYLLABUS

ITSY Security Assessment/Auditing Spring 2010 Professor: Zoltan Szabo D111 LEC TR 11:20AM 12:45PM D111 LAB TR 12:50PM 02:15PM

Information Systems Security Certificate Program

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

San José State University College of Engineering/Computer Engineering Department CMPE 206, Computer Network Design, Section 1, Fall 2015

167 th Air Wing Fast Track Cyber Program Blue Ridge Community and Technical College

San José State University CS160, Software Engineering, Sections 1, 2, and 4, Fall, 2015

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

CPSC 467: Cryptography and Computer Security

A Systems Engineering Approach to Developing Cyber Security Professionals

IT 101 Introduction to Information Technology

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

CS 458 / 658 Computer Security and Privacy. Course mechanics. Course website. Module 1 Introduction to Computer Security and Privacy.

Course Design Document. IS403: Advanced Information Security and Trust

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

NEOSHO COUNTY COMMUNITY COLLEGE MASTER COURSE SYLLABUS. Division: Applied Science (AS) Liberal Arts (LA) Workforce Development (WD)

Networked Systems Security

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

SONDRA SCHNEIDER JOHN NUNES

CS 425 Software Engineering. Course Syllabus

CSC574 - Computer and Network Security Module: Introduction

MIS 4336 Networks and Data Communication. Spring 2016

167 th Air Wing Fast Track Cyber Security Blue Ridge Community and Technical College

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD Course Outline

Lecture 1 - Overview

Common Syllabus Revised

Information Security. Training

Systems and Internet Marketing Syllabus Spring 2011 Department of Management, Marketing and International Business

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

CIT 217 Security + Network Security Fall 2015

INFORMATION TECHNOLOGY EDUCATION PROGRAMMING & ANALYSIS COURSE SYLLABUS. Instructor: Debbie Reid. Course Credits: Office Location:

Course Syllabus for Commercial Photography 1

Evaluation of Pace University's Master's Degree Program for BNY Mellon Employees

Principles of Information Assurance Syllabus

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Syllabus: IST451. Division of Business and Engineering. Penn State Altoona

CRYPTUS DIPLOMA IN IT SECURITY

Networking: EC Council Network Security Administrator NSA

Systems and Internet Marketing Syllabus Fall 2012 Department of Management, Marketing and International Business

MKTG 330 FLORENCE: MARKET RESEARCH Syllabus Spring 2011 (Tentative)

Detailed Description about course module wise:

CIS 213 PENETRATION TESTING 3 cr. (2-2)

Penetration testing & Ethical Hacking. Security Week 2014

e-code Academy Information Security Diploma Training Discerption

Transcription:

CSUS, COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science CSC 154 - Computer System Attacks and Countermeasures/ C Sc 254 Network Security (MW 7-8:15p; RVR 1008), Fall 2013 Instructor: Isaac Ghansah Office: RVR 4004 Phone: (916) 278-7659 Email: WWW Office Hours: ghansah@csus.edu, (Please insert "CSc154" or CSc254 somewhere in the subject line); No email via WebCT http://gaia.ecs.csus.edu/~ghansahi/ (DATED!!) MW 515-545, TU 1-3; and other times by appointment TA Joubin Jabbari, Mike McParland, Texts: McClure, Scambray & Kurtz, Hacking Exposed (Network Security Secrets & Solutions), Osborne McGraw Hill, 6 th Edition, 2009 (Required) References: R. Panko, Corporate Computer and Network Security, Prentice Hall, 2004 Security in Computing, Charles P. Pfleeger, 3Ed, Prentice Hall, 2003 The Art of Deception, Kevin D. Mitnick, William L. Simon, Wiley, 2002 William Stallings, Computer Security, Prentice Hall, 2009 C. Kaufman, R Perlman, M Speciner Network Security: Private Communication in a Public World, 2nd Ed. by, Prentice Hall, 2002 William Stallings, Cryptography and Network Security: Principles and Practice, 4 Ed., Prentice Hall, 2006 Recent articles from technical literatures and Internet Engineering Task Force (IETF) Request for Comments (RFC) 154 & 254 Differences: Even though the classroom lectures will be the same for both courses, the difference will be in some assignments and in some cases, exams. The instructor will use different methods including different projects proposals, homework assignments, examination questions, oral examinations, etc. Course Objectives: 1

Main objective of this course is to introduce the computer science student to the career path in Computer and Network Security. Provide experience in performing security assessment of computers and networks. Expose the student to the some of the domains that comprise what the Certified Information Systems Security Professional (CISSP) skills and knowledge require. Catalog Description (CSC 154): An introduction to network and computer security with a focus on how intruders gain access to systems, how they escalate privileges, and what steps can be taken to secure a system against such attacks. Topics include: perimeter defenses, intrusion detection systems, social engineering, distributed denial of service attacks, buffer overflows, race conditions, trojans and viruses. Prerequisite: CSC/CPE 138. Catalog Description (CSC 254): In-depth study of network security problems and discussion of potential solutions. Topics include: network vulnerabilities and attacks, secure communication, Internet security protocols and tools to defend against network attacks, network intrusion detection, and wireless network security. Survey and demonstration of software tools used for network security. Prerequisite: Fully Classified Graduate Status in CSC, SE, or CPE, or permission of instructor Prerequisite Proof: The Computer Science Department has a policy that each instructor will verify the student transcript and ascertain that the student has the prerequisites. You can log on to My Sac State go to "Student Center" and select "Unofficial Transcripts" to print. You also can select and print "Transfer Credit Report" if you have transferred from another institution. You must submit your transcript for verification. Any student who has completed one or more prerequisites at another school must provide similar verification to the instructor. Any student who has not submitted their transcript by the end of the second week will be dropped from the class. Repeat Policy: The department has a policy specifying that students may not repeat a Computer Science course more than once. Any student who wishes to repeat a course more than once (that is, take a course for a third time) must submit a petition requesting permission to do so. Student records will be reviewed to determine whether a student is taking this course for three or more times. Any such student must return an approved petition to the instructor within the first two weeks of class. Any student who does not submit an approved petition will be dropped from the class. Petitions are available in the Department office (RVR 3018) and require the signature of both the Instructor and the Dept. Chair. Course Goals: To provide experience in analyzing, identifying, and addressing vulnerabilities in systems or networks. To provide experience in performing a security audit of computers and networks. To expose the student to the domains of knowledge and skills required for information systems security. 2

To develop knowledge of contemporary risks in networks and attacks procedures To analyze Internet protocols in order to protect networks from attack To analyze security protocols which protect networks from attack To provide understanding of how cryptography is used in Internet protocols for secure communication To develop proficiency in use of various software tools for Internet security To develop breadth of knowledge of wireless network security To introduce the computer science student to career paths in Computer and Network Security. Prerequisites by Topic Thorough understanding of: 1. TCP/IP suite of protocols and WAN/LAN Technologies. 2. Distributed computing with client/server programming Basic understanding of: 1. Domain Name System (DNS) and addressing schemes used in internetworking 2. Host and Network Configuration Protocols (ARP, RARP, BOOTP, DHCP) 3. Unix and Windows operating system common services, ports, and sockets. 4. How to compile and run programs in Linux and Windows. Exposure to: 1. IPv6 and IPSec Course Content: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be led into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders attack systems and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, Trojans, Worms, and Viruses. Summary of Outcomes In this course, we will study computer and network security and look at the different requirements for information assurance. You will gain experience with the role of defending hosts and networks from attack as well as learning how the hacker uses tools to attack and penetrate networks. Students will be able to use several open software tools that will analyze host and networks for vulnerabilities and be exposed to the hacker technique of "thinking outside the box". TENTATIVE GRADING POLICY: The following allocation of points is tentative. These may change during the semester. 3

CSC 254 Students: Exams/Quizzes 25% Final 25% Assignments/Homework 30% Project/Oral-and-Written-Communication 15% Attendance to Oral Presentations 5% CSC 154 Students: Exams/Quizzes 25% Final 30% Assignments/Homework 40% Attendance to Oral Presentations 5% Grading Breakdown (%): A = 93-100 C = 73-76 A- = 90-92 C- = 70-72 B+ = 87-89 D+ = 67-69 B = 83-86 D = 63-66 B- = 80-82 D- = 60-62 C+ = 77-79 F = 59 or below You must pass both the assignments/project and the exams in order to obtain a passing grade for the course. Students are required to keep backup (machine-readable) copies of all submitted work, and also to keep all returned (graded) work, until after final grades are posted. INDEPENDENT PROJECTS Independent student projects involving programming (ie. simulation or implementation), or research paper. List of possible projects are provided by the instructor. Students may choose their own topics upon approval of instructor. Joint programming projects are encouraged. Oral and written communication skills are essential for any work environment you find yourself. Therefore, the deliverables for the Projects will include a detailed report and oral PPT presentation (for research papers) or demonstration (programming projects). The final written report should be professional and potentially publishable in a technical magazine/journal such as IEEE Communications, IEEE Network Magazine, IEEE Security and Privacy Magazine, etc. The grading will assess your written and oral communication skills. For details of the specific grading criteria see details of Independent Project call for proposals (to be given later in the semester). COMPUTER ACCOUNTS AND ELECTRONIC COMMUNICATION: a) gaia account You should obtain a UNIX account on the ECS system "gaia" for this class if you do not have one. Though not required you might find it useful for some assignments. These are the steps: a. Use your favorite Browser and Go to www.ecs.csus.edu b.click on Computing Services -> Network Accounts -> Get a new Account. c. Fill out all required fields You can also obtain an account by getting one from the College IT staff in room 2011. 4

b) Mailing List I have established a Mailing List for this course with a web-based maillist interface called Mailman. It is MANDATORY for every student accepted into the course to subscribe to the Mailing List within the first two weeks of classes. The list will be used to facilitate electronic communication for the course. Failure to subscribe to the list in a timely manner could result in your missing important assignments, clarifications, announcements, etc that are sent by email. You must check email on a regular basis and I will assume that you have received and read all messages I send to the list. The instructor will not be held responsible for your failures. To subscribe to the list go to the following website and fill out appropriate forms there. PLEASE MAKE SURE YOU FILL IN YOUR FULL NAME IN THE SECTION PROVIDED ON THE FORM. http://hera.ecs.csus.edu/mailman/listinfo/csc154new http://hera.ecs.csus.edu/mailman/listinfo/csc254 This will add your email address (the one from which you send the message, hopefully gaia) to the csc254/csc154new mailing list. Subsequently you can send questions or discussion items regarding topics in csc254 or csc154new to everyone on the list. To do this, just send an email message to the address csc154new@ecs.csus.edu or csc154new@ecs.csus.edu. This is a good way to send messages to other students in the class regarding clarifications about assignments, lecture, etc. Note that these email messages are sent to everyone on the csc254 or csc154new list (including the instructors). If you need to communicate privately with the Instructor, use the instructor s individual email address as given above. Note: Do not send HTML e-mail to the list. Some mail reader programs do not understand HTML Tags. c) Assignment/Homework Submission You must submit all homework/assignments/project reports electronically via WebCT, which can be reached from mysacstate ( my.csus.edu ). I will not accept a hardcopy. Any file which is placed in WebCT will be named according to one of the formats below (depending on the type of assignment). Please do NOT submit pdf files as I will not be able to make comments on them. Word format is preferable. Your-name_course#_hmwk _hmwk#, your-name_course#_lab_lab#, yourname_course_project_project# For example if a student named John Doe is submitting homework#1 the file name of the email attachment should be doe-john_154_hmwk_1, or doe-john_254_hmwk_1 Please note: If the attachment is not according to proper format as stated above, it will not be accepted. COURSE POLICIES: 1. Information in this syllabus is subject to change with notice. 2. Attendance to class and frequent check of email is expected. Class roll will not be checked after first week of classes unless the instructor deems it necessary. However, you are 5

responsible for material presented and announcements made in class or by email. This could include changes to the syllabus, exam dates, etc. 3. Late assignment/project will be penalized by 20% if one lecture late. Nothing will be accepted if more than one lecture late, or if solution has been posted. 4. Make-up exams will only be given under extreme circumstances. The instructor reserves the right to reject make-up requests. There will be no make-up for unannounced quizzes under any circumstances 5. Be aware of the institution policy on drops and incomplete. Drop Policy If you plan to drop this course, please make sure you understand the following information. There is no such thing as an "automatic drop". The instructor can drop you from the course, but this does not happen automatically. If you plan to drop the course, make sure to use MySacState. After the 2nd week, you cannot drop the course through MySacState. At this point, you must provide written verification of a compelling reason. Both the instructor and the Department Chair must approve. After the 4th week, you must fill out a "Petition to Drop after Deadline" form and collect all the necessary signatures. This must be turned into Admission and Records in Lassen Hall. Students with Disabilities If you have a disability and require accommodations, you need to provide disability documentation to SSWD (Services to Students with Disabilities), Lassen Hall 1008, (916) 278-6955. Please discuss your accommodation needs with me after class or in lab early in the semester. Ethics/Academic Honesty Any work submitted is a contractual obligation that the work is the student s and for which he/she could be quizzed in detail. Discussion among students in assignments and projects is part of the educational process and is encouraged. No discussion among students is allowed in any exams/quizzes. However, each student must make an effort to do his/her own work in all assignments and exams. No type of plagiarism will be tolerated except in the case of group work. In that case each student should indicate the part of the work, which was their major responsibility in their final joint submission. Nevertheless, I emphasize any work submitted is a contractual obligation that the work is the student s and for which he/she could be quizzed in detail. The minimum penalty for even a single incident of cheating brought to the attention of the instructor in this course is automatic failure of the course; additional more severe penalties may also be applied. Note that cheating is grounds for dismissal from the University. Please refer to the Computer Science Dept. document entitled Policy on Academic Integrity (available online via the Computer Science department, www.ecs.csus.edu/csc home page) and to the University Policy Manual section on Academic Honesty (all available online via the instructor s home page. Please visit http://www.csus.edu/admbus/umanual/uma00150.htm) for additional information. IT IS THE RESPONSIBILITY OF EACH STUDENT TO BE FAMILIAR WITH, AND TO COMPLY WITH, THE POLICIES STATED IN THESE DOCUMENTS In 6

addition, unless otherwise stated, the use of the following devices during exams/quizzes is prohibited: cell phones, pagers, laptops, and PDAs. Legal Policy: Every student that enrolls in this course will be required to sign a "Legal Policy" that reads: Computer and Network Security course mission is to educate, introduce and demonstrate hacking tools for penetration testing and education purposes only. I will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify California State University, Sacramento and College of Engineering and Computer Science with respect to the use or misuse of these tools, regardless of intent. Expected Learning Outcomes: At the end of the course you will be expected to acquire 1. Thorough understanding of: 1. The fundamental steps that a hacker performs. 2. Major software security design flaws such as buffer overflow and race conditions. 3. Common tools hackers use in conducting attacks and how they work. 4. Best practices for defending against attacks. 2. Basic understanding of: 1. Host and network intrusion detection systems. 2. Tools and methods of protecting computers and networks against hacker attacks. 3. Major types of malicious code such as Trojans, viruses, and worms. 4. Legal and ethical practices in security. 3. Exposure to: 1. Acceptable methods of security incident investigation. C SC 154/254 - TENTATIVE SCHEDULE SUBJECT TO CHANGE WEEK TOPICS READING 1 Introduction, Attacker s Process, Ethics, and law, Internet Security. Principles of computer Security. Security Goals: Confidentiality, Integrity, Availability. Secrecy, Authentication, Authorization, Accountability, Availability, Integrity, Trust (SAAAAINT) MSK Case Study:, Notes 2 Introduction to cryptography. Secure System Design Principles. Least Privilege, Separation of Privilege, Isolation, Usability, etc. Risk Assessment MSK Ch, Class Notes 3 Footprinting, scanning, enumeration. Tools. MSK 4-5 System Hacking: Password Attacks and Defenses. Password Hacking tools. Privilege escalation, Rootkits, and Defenses. Keystroke loggers. Covering tracks, hiding files. Steganography. Buffer overflow attacks and defenses. Social engineering MSK Ch, 6 Firewalls, intrusion detection systems, and honeypots Notes 7 Malware: Trojans, backdoors, viruses, worms. Conficker Worm MSK 8 Intro to Reverse Engineering: Malware Analysis, static and dynamic Notes analysis. Tools. 7

9 Secure Communication: IPSec, SSL/TLS, VPNs, etc Notes 10 Denial of service. Attack Methods. Tools. DDoS. MSK Ch,, Countermeasures. Session hijacking, Covert Channels Notes 10 Wireless and Mobile Network Security. 802.11 (Wifi) Security; GSM, Notes 2G/3G/4G Security; Bluetooth, RFID security. Attacks and Defenses 11 Sensor Networks and SCADA System Security. 802.15.4 and sensor Notes networks (eg. Zigbee) security; Attacks (eg. Stuxnet) and Defenses. 12 Access Control, biometrics, separation of duties, Physical Security, Notes TEMPEST Security. Security Policies. 13 Penetration Testing: Introduction, Risks, benefits, methodology Notes 14 Other Topics, 15 Independent Project Presentations IMPORTANT DATES: Veterans Holiday: Nov 11, 2013 Thanksgiving Break: Nov 28-29, 2013; Last Day of Instruction: Dec 13, 2013 FINAL EXAM: 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information