Course Description
Basic concepts and techniques in information security and management such as risks and vulnerabilities, applied cryptography, program security, malicious software, authentication, access control, operating systems security, multilevel security, trusted operating systems, database security, inference control, physical security, and system assurance and evaluation. Coverage of high-level concepts such as confidentiality, integrity, and availability applied to hardware, software, and data.
Course Textbook (Required)
Computer Security: Principles and Practice, Third Edition
Author: William Stallings and Lawrie Brown
ISBN: 978-0133773927, Pearson Prentice Hall
Publication Date: July 18, 2014
Textbook Errata
Course Objectives
Throughout this course you will learn a variety of topics within the Computer Security realm.
Upon completion you should have gained the following conceptual skills:
- Understand the fundamental security objectives like Confidentiality, Integrity, and Availability
- Understand type of security threats and attacks that must be dealt with
- Understanding of various computer networking protocols, standards, and tools
- Understanding of symmetric and asymmetric cryptography including message authentication
- Understand means of authenticating a user's identity through identification and verification
- How to implement security policies to ensure proper access to appropriate resources
- How to securely setup, configure, and manage database management systems
- Understand different types of malicious software, propagation methods, and payload actions
- Understand the different Denial of Service attacks that compromise availability of resources
- Be able to distinguish among various types of intruders and their behavior patterns
- Explain the roles of firewalls as part of a computer and network security strategy
- Understand the poor programming practices that cause many security vulnerabilities
- Understand the planning and process steps for securing operating systems and applications
- Understand formal models of computer security and its relevance to trusted computing
- Understand the various management aspects of information and computer security
- Understand the key elements and process for security auditing and forensics
- Understand the ethical and legal aspects of security including computer crime, IP, and privacy
- Understanding of the security protocols and standards uses for Internet communications
Upon completion you should have gained the following technical skills:
- How to monitor computer systems and networks for malicious activities
- Learn how to use a wide array of security and networking tools
- Understand hacker activities, methodologies, and tools used
- Learn system and security administration tools, configurations, and best practices
- Learn vulnerability and penetration testing tools, techniques, trends
Course Topics
- Networking
- Secret Key Cryptography
- Hashes and Message Digests
- Public Key Cryptography
- Authentication and Authorization Systems
- Database Security
- Malicious Software
- Denial-of-Service Attacks
- Intrusion Detection
- Firewalls and Intrusion Prevention Systems
- Buffer Overflow
- Software Security
- Operating System Security
- Security Auditing
- Forensics
- Legal and Ethical Aspects
- Internet Security Protocols and Standards
- Internet Authentication Applications
- Wireless Network Security
- Mobile Security
Course Prerequisites
This course requires CSC246 (Operating Systems) as a prerequisite.Grading
| Homeworks (6) | 60% (10% each) |
| Exam 1 | 10% |
| Exam 2 | 10% |
| Final Exam | 20% |
- All assignments count, nothing is dropped.
- Some homeworks and exams will have Extra Credit problems.
Homework
There will be 6 homework assignments. Each homework is worth 10% each, for a total of 60% of your final grade. The homework assignments are going to count for a significant portion of your grade because they will take the majority of your time in this class.
Homework assignments are roughly divided into 3 sections:
(1) General questions/problems, possibly from the book or
other media
(2) Questions that have nothing to do with current topic
but for general security knowledge
(3) Hands-on questions where students learn tools,
concepts, and practical applications
- All homework must be submitted via Wolfware by the due date.
- All homework must be submitted in PDF format.
- All homework must be submitted with the following naming convention:
<unityid>_homework<number>.pdf (e.g. swcarter_homework0.pdf)
Exams
There will be two interim exams and a final exam. All will be in-class and cumulative. You will have 75 minutes to complete the interim exams and 3 hours for the final exam. The interim and final exams are closed notes/closed book. No study guides allowed.
Collaboration Policy
You are allowed to collaborate on the all homework's with other students. This means that you can work together to solve the problems but you MUST submit your own individual work that shows you completed the problems yourself. Any collaboration or assistance you receive from other students or EXTERNAL resources should be properly cited on your assignments.
In other words, you must generate your own artifacts (write-ups, screenshots, written responses, etc.) that demonstration completion of the assignment.
Each assignment builds on the next, so a "divide and conquer" strategy where you work on one subset of an assigment while a peer works on another will become disasterous when it comes time to do the assignment that follows!
Late and Makeup Policy
All assignments are due at the given time and date. If there are technical issues with the class servers, we will adjust deadlines accordingly.
If you anticipate a problem meeting a deadline, contact the instructors well in advance of the deadline. The teaching staff may make exceptions and allowances in advance of a deadline, but there's usually little we can do once one has passed.
Attendance Policy
The instructor expects good attendance by the students. If you miss a class, it is your responsibility to make up. For anticipated absences, it is professional courtesy to notify the instructor. You should review the official university attendance regulations.
Attendance will be tracked using the form linked from the home page of this site.
Academic Integrity
The university, college, and department
policies against academic dishonesty will be strictly
enforced. You may obtain copies of the NCSU Code of
Student Conduct from the Office of Student
Conduct, or from the following URL:
http://studentconduct.ncsu.edu/
Any violation of the trust agreement below or
University Computing regulations will be considered a
violation of academic integrity.
http://oit.ncsu.edu/n/rules-regulations
Student Disability Policy
Please come see us during the first week of class and we will be happy to accommodate you with whatever is necessary.
Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with Disability Service for Students at 1900 Student Health Center, Campus Box 7509, 515-7653.
For more information on NC State's policy on working with students with disabilities, please see:
http://dso.dasa.ncsu.edu/roles-accommodation-process
Trust Agreement
Throughout this course you will be introduced to many topics in the field of computer security. There will be topics discussed and activities carried out in this course that will be sensitive in nature and must be treated as such. You will be given access to machines with various security tools that if used for malicious purposes could create a lot of damage on the network. Trust is very important in the computer security area because employers put a lot of responsibility in your hands and it is important that you do not abuse this trust. Also, some of these topics and exercises have never been taught in this class before, so having trust between everyone is important for us to continue teaching these topics.
If you find any security issues with the class servers, please report it to the instructors. DO NOT ATTEMPT to exploit the issue. Unauthorized attacked will be considered a violation of academic integrity. Any security issues you find may be rewarded with extra credit.
http://oit.ncsu.edu/n/rules-regulations-student-it-use
Class Servers and Computing Environment
Each of the homework assignments will include problems that require use of the class servers and computing environment. Details about the class infrastructure count be found on the resources page.