COLLEGE OF BUSINESS AND INFORMATION SYSTEMS
CIS-414-D02
Computer Security Fundamentals, Fall 2005
|
Instructor: |
Dr. Xinwen Fu |
|
Office: |
Room 6, East Hall |
|
Phone:
|
256-7341 |
|
E-Mail:
|
Xinwen.Fu@dsu.edu
|
|
Homepage: |
http://www.homepages.dsu.edu/fux/ |
|
Office Hours: |
Mon. Tue. Wed. Thu. |
|
Course: |
Computer Security Fundamentals |
|
Credits: |
3.00 |
|
Duration: |
08/30/2005-12/20/2005 |
|
Time: |
Tuesday, Thursday; |
|
Location: |
East Hall, Room 201 |
COURSE DESCRIPTION
Provides students with a fundamental knowledge of computer security essentials in critical and diverse security areas, including security terminology, viruses, popular operating system vulnerabilities, Web browser vulnerabilities, security standards, and computer fraud.
COURSE PREREQUISITES:
Prerequisites: CIS 385 Networking II
Technology Skills:
1. C and other programming languages
2. Linux operating systems (Redhat)
3. Linux software installation
4. Knowledge of networks
DESCRIPTION OF INSTRUCTIONAL METHODS:
, The course web site is located within WebCT (http://webct.dsu.edu/).
, Announcements, questions (and answers, etc. will be available through WebCT.
, Lecturing is based on the textbook with learning materials provided.
, Security techniques are practiced remotely or in lab.
, Discussions and questions/answers take place through WebCT, which should be checked approximately once every 48-hours.
, A Chat room is also likely to be used from time to time.
, You will be expected to be prepared for class, and you must complete the assignments by the dates due.
COURSE REQUIREMENTS:
Textbooks
Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd Edition, Prentice Hall, ISBN: 0-13-046019-2.
Textbooks
may be purchased at the bookstore or electronically through: http://www.amazon.com or some other booksellers.
Class Attendance Policy
Students are expected to attend and participate in class. Attendance may
be verified by quizzes delivered through WebCt or in
class. There will be no make-up opportunities for missed quizzes.
Cheating and Plagiarism Policy
All forms of academic dishonesty will result in an F for the course and notification of the Academic Dishonesty Committee. Academic dishonesty includes (but is not limited to) plagiarism, copying answers or work done by another student (either on an exam or assignment), allowing another student to copy from you, and using unauthorized materials during an exam.
Make-up
Exams (and Quizzes)
, Make-up exams will only be given in case of serious need and only when the instructor is notified prior to the exam time. If this is not done, the grade is automatically zero for that exam/quiz.
, Written verification for the student¨s inability to take an exam will be required.
, The make-up exams will be different from those given to the class.
,
There are no make-up quizzes.
University Deadlines
Add/Drop Deadline: September 8 is the last day to add a full semester class and last day to drop a full semester class and receive 100% refund
Withdraw Deadline: Nov 15 is last
day to withdraw from a full semester course or school and receive
a grade of ^W ̄.
COURSE GOALS:
By the end of this course, students will be able to:
1. State the basic concepts in information security, including security policies, security models, and various security mechanisms.
2. Explain the basic number theory required for cryptographic applications as well as various cryptographic systems.
3.
Manually compute using Fermat's theorem, Euler's
theorem,
4. Manually encrypt/decrypt and sign/verify signatures for small messages using RSA, Diffie-Hellman, and DSA algorithms.
5. State the requirements and mechanisms for identification and authentication.
6. Explain and compare the various access control policies and models as well as the assurance of these models.
7. State the characteristics of typical security architectures, including multi-level security systems.
8. State the criteria of evaluating secure information systems, including evaluation of secure operating systems and secure network systems.
9. List the database security issues and solutions, including models, architectures, and mechanisms for database security.
10. List network and distributed systems security issues and solutions, including authentication, key distribution, firewalls, and network security protocols.
11. Explain the network access control mechanisms, including the basic concepts of firewalls, packet filters, application gateways, and typical firewall configurations
12. Design firewall configurations and rules to protect a given network
13. Outline the protocols, i.e., AH and ESP protocols, for IP Security and the two modes for both protocols.
14. Explain in their own words the goals of IP Security protocols (AH and ESP)
15. Use combinations of IP security protocols to achieve a given security goal (e.g., source authentication, content authentication, traffic confidentiality, etc.)
16. Explain SSL and TLS protocols.
17. Apply the above protocols to protect transport-layer communication.
18. State program security issues, including virus, worm, and logical bombs
19. State the basic concepts and general techniques in security auditing and intrusion detection
20. State the issues related to administration security, physical security, and program security
21. Determine appropriate mechanisms for protecting information systems ranging from operating systems, to database management systems, and to applications
EVALUATION PROCEDURES
Components of Course Grade:
|
Quizzes (5~15) |
20% |
|
Assignments (5) |
20% |
|
Midterm |
20% |
|
Final Exam |
20% |
|
Project/Presentation |
20% |
Grade Scale
|
85 ~ 100% |
A |
|
70 ~ 84.5% |
B |
|
60 ~ 69.5% |
C |
|
50 ~ 59.5% |
D |
|
£ 49.5% |
F |
Homework Assignments
,
All
assignments are to be turned in on or before the due date and time. If you try
and cannot turn in an assignment electronically because the campus network is
down, you will not be penalized.
, An assignment turned in up to 24-hours late will be reduced by 10% of the assignment¨s worth, more than 24 hours late will be reduced 100%.
,
The due
date and time for each assignment will be specified on assignment postings.
,
All
assignments are expected to be individually and independently completed. Should
two or more students turn in substantially the same solution or program, in the
judgment of the instructor, the assignment will be given a grade of zero. A
second such incident will result in an F grade for the course.
,
All assignments are to be turned in
through WebCT.
Exams/Quizzes
, Exams and quizzes will be based on textbooks, web sites, and assignments.
, All exams are close book, but you can bring one page of cheat sheet (double sides, letter size).
, The tentative exam format will be true/false, multiple choice, fill-in-the-blanks, programs, and/or short essays.
EARLY ALERT STATEMENT
Academic Success Support
As your professor, I am personally committed to supporting YOUR academic success in this course. For that reason, if you demonstrate any academic performance or behavioral problems which may impede your success, I will personally discuss and attempt to resolve the issue with you. If the situation persists, I will forward my concern to the Student Development Office and your academic advisor to seek their support and assistance in the matter. My goal is to make your learning experience in this course as meaningful and successful as possible.
Americans with Disabilities
Act (
If you have a documented disability and/or anticipate needing
accommodations (e.g., non-standard note taking, test modifications) in this
course, please arrange to meet with the instructor. Also, please contact
WIRELESS
The tablet PC will be used as a supplementary instructional device. This technology will be valuable in the classroom and you are strongly encouraged to bring a wireless computing device to class to achieve the full educational benefit of in-class assignments.
LINKS TO OTHER SOURCES OF
INFORMATION:
Graduate
Catalog: http://www.departments.dsu.edu/registrar/catalog/
Library: http://www.departments.dsu.edu/library/
Computer Services Support: http://support.dsu.edu/
Student Handbook: http://www.departments.dsu.edu/student_services/handbook/
Semester Calendar: http://www.departments.dsu.edu/registrar/catalog/schedule/
DEWT Student Guide: http://www.departments.dsu.edu/disted/studentguide/guide.htm
TENTATIVE
CLASS SCHEDULE
The schedule may be adjusted based on the actual progress in the semester.
|
Date |
Content |
Reading Assignment |
Homework Assignment |
|
Aug. 30 |
Introduction |
|
|
|
Sep. 1 |
T1: Basic Security
Concepts, 1 lecture, |
Chapter 2 |
|
|
Sep. 6 |
T2. Cryptography and Its Applications, 7 lectures ,
Secret key cryptosystems, Chapters
2~4 ,
Hash function, Chapter 5 ,
Basic number theory, Chapter 7 ,
Public key cryptosystems, Chapter
6 ,
Key Management, Chapter 6 |
Chapter 3 (DES) |
HW1 due Sep. 13 |
|
Sep. 8 |
Chapter 4 |
|
|
|
Sep. 13 |
|
|
|
|
Sep. 15 |
|
|
|
|
Sep. 20 |
|
|
|
|
Sep. 22 |
|
|
|
|
Sep. 27 |
|
|
|
|
Sep. 29 |
T3. Identification
and Authentication, 4 lectures ,
Basic concepts of identification and authentication, ,
Password authentication, ,
Security Handshake Pitfalls, |
|
|
|
Oct. 4 |
|
|
|
|
Oct. 6 |
|
|
|
|
Oct. 11 |
|
|
|
|
Oct. 18 |
Review, T1~T2 |
|
|
|
Oct. 20 |
Midterm, T1~T2 |
|
|
|
Oct. 25 |
T4. Access Control, 4
lectures (Chapters 10, 12, 13, 16, 17, 18) ,
Basic concepts of access control ,
Discretionary access control and mandatory access control ,
Lattice-based Models ,
Covert Channels ,
Role based Access Control |
|
|
|
Oct. 27 |
|
|
|
|
Nov. 1 |
|
|
|
|
Nov. 3 |
|
|
|
|
Nov. 8 |
T5. Network and
Distributed Systems Security ,
Issues in network and distributed systems security, Chapters 16 & 18 ,
Kerberos, Chapter 13 ,
IPSEC, Chapter 17 ,
SSL, Chapter 19 ,
Firewalls and virtual private networks, Chapter 23 ,
Secure email, Chapters 20 , 21,
& 22 ,
Auditing and intrusion detection (handouts) |
|
|
|
Nov. 10 |
|
|
|
|
Nov. 15 |
|
|
|
|
Nov. 17 |
|
|
|
|
Nov. 22 |
|
|
|
|
|
|
|
|
|
Nov. 24 |
|
|
|
|
Nov. 29 |
Presentations/Review for
final |
|
|
|
Dec. 1 |
|
|
|
|
Dec. 6 |
|
|
|
|
Dec. 8 |
|
|
|
|
Dec. 15 |
Final exam ( |
|
|
This course includes materials from Dr. Peng
Ning (