RARITAN VALLEY COMMUNITY COLLEGE
COURSE OUTLINE
CISY 276 – Windows Security Management
I. Basic Course Information
A. Course Number & Title:
CISY-276 Windows Security Management
B. Date of Revision:
Spring 2004
C. Sponsoring Department:
Computer Science & Educational Technology
Department
D. Semester Credit Hours:
3
E. Weekly Contact Hours:
4 Lecture: 2
Laboratory: 2
F. Co-requisites:
CISY-229 Information Security Fundamentals
CISY-253 Advanced Computer Networking
G. Laboratory Fees: Yes, at current rate
II. Catalog Description
Co-requisites: CISY-229 Information Security Fundamentals, CISY-253 Advanced
Computer Networking This course provides the student with an understanding of the
security issues pertaining to the Windows operating system. Hands-on exercises
performing actual operating system management reinforce what is learned in the
classroom. Students learn how to implement a secure Windows environment and to
monitor and maintain the network to protect from internal and external threats.
III. Statement of Course Need
Due to the widespread acceptance of both networking and Internet integration into most
business models, and widespread personal use of high-speed internet access and
home networks, many computers are now vulnerable to a wide range of malicious
attacks. The widespread knowledge of this vulnerability, the low threshold of knowledge
needed to exploit many of the vulnerabilities, and the funding and/or use of such attacks
by many countries and special interest groups as “information warfare,” has caused a
need for comprehensive security measures to be administrated on all networks. This
need is being recognized by many small to medium sized businesses that until now
3/24/04
Page 1 of 5
have not had a security policy. The increase in companies of all sizes which now are
engaged in web based information transfers such as e-business, data mining, and
product information distribution has created a large market for security professionals. In
addition to the financial risks that security breaches cause, new federal and European
Union laws requiring stringent privacy requirements have created legal risks for
companies with poor data security. This course will prepare students for entry-level
positions in network security in the Windows environment.
IV.
Place of Course in College Curriculum
1. Required course for the Computer Networking Certificate Homeland Security
Emphasis
2. CIS Elective
3. Free Elective for other degrees
V. Outline of Course Content
1. Introduction to the networking and security aspects of Windows.
y Microsoft resources - included utilities, resource kits, on-line resources,
upgrades, security bulletins
2. Pre-planning Network Installation security issues
y Active Directory use in controlling & segregating access
y File system configuration, trade-off between fast access, data redundancy, and
securing data.
y RAID and backup processes
3. Windows server and client installation and security configuration
4. System Management
y management tools and consoles
y administrative procedures and monitoring
y SNMP security
y defensive hacking and system vulnerability assessments
5. Additional Security Software
y firewall configuration and monitoring
y anti-virus protection and monitoring
y encryption software configuration and use
6. System Changes
y risk analysis of upgrades and patch management basics
y effects of upgrades on security system settings
y adding and configuring applications including security settings
y interoperability problems
y change management documentation
3/24/04
Page 2 of 5
7. Account, group, and system management
y configuring rights
y configuring file and folder security
y resource sharing
8. Remote Access and VPN security
y remote access protocols and communication device configuration
y VPN server policies, properties, and configuration
y methods of authentication
9. Specialized server protection & access issues
y email
y database
y file
y IIS
10. Known vulnerabilities and hacking tools
11. Intrusion Detection and Remediation
y developing a corporate security violation policy
y legal requirements for documenting information disclosure
y incident response procedures
y thresholds and triggers for multiple level response procedures
VI. Educational Goals and Learning Outcomes
A. General Educational Goals– Students will
1. Prepare and communicate information security solutions the reflects critical and
creative thought (G.E. 1, 2)
2. Use the Internet for research, information analysis, problem solving, and decision
making regarding information security (G.E. 2, 3).
3. Develop the ability to make informed judgments concerning ethical issues
(G.E.5)
B. Student Learning Outcomes - Students will be able to:
1. Explain the comprehensive, multi-level security implementation necessary for
complete Windows Operating System Security
3/24/04
Page 3 of 5
2. Identify the types of vulnerabilities of Windows, and which system components
may be affected by them
3. Incorporate a Windows system security strategy into the corporate information
security policy.
4. Monitor and analyze data generated by Windows management tools and
consoles
5. Research appropriate resources regarding Operating System issues, software
upgrades and vulnerabilities
VII.
Modes of Teaching and Learning
y
y
y
y
y
y
lecture/discussion
small-group work
computer-assisted instruction
laboratory exercises
student oral presentations
simulation/role playing
VIII. Papers, Examinations, and other Assessment Instruments
y
y
y
y
y
y
y
laboratory products & reports
weekly assignments
research papers
oral presentations
exams and quizzes
mid-term and final exams
classroom participation
IX. Grade Determinants
1. Laboratory products & reports- the student will be able to:
y Implement practical applications of the materials presented in the classroom.
y work with others in defining, evaluating, and solving problems (G.E. 1,2)
2. Weekly assignments – the student will:
y develop the ability to think critically and communicate effectively (G.E. 1,2)
y demonstrate a working understanding of the materials presented the previous
week
3/24/04
Page 4 of 5
3. Research paper – the student will:
y collect, organize and evaluate information to address different kinds of security
related problems (G.E. 3)
y develop the ability to think critically (G.E. 1)
y analyze and synthesize information regarding an aspect of computer security,
and reach conclusions about the issue
4. Oral presentations – the student will
y demonstrate the ability to think critically and communicate effectively (G. E. 1,2)
5. Exams/quizzes – the student will demonstrate the ability to comprehend the
Knowledge imparted in the classroom (G.E. 7)
X. Texts and Materials
1. Suggested Textbooks
y Hacking Exposed by Joel Scambray, Stuart McClure and George Kurtz,
McGraw-Hill Professional Publishing; ISBN: 0072127481
y The CISSP Prep Guide: Mastering the Ten Domains of Computer Security by
Ronald L. Krutz, Russell Dean Vines, Edward M. Stroz (Foreword), John Wiley
& Sons; ISBN: 0471413569
2. On-line resources
y http://www.cissp.com/default.html, the web portal for the certified information
systems security professional
y http://www.microsoft.com
y other on-line materials as researched by students
3. Lab Tools
y PGP encryption software
y Zone Alarm firewall software
y War Dialer automated dialing software
y NMAP scanner network utility
y Kaspersky and NOD anti-virus software (evaluation versions)
y Windows system utilities
y other freeware and shareware utilities as researched by students
XI.
Resources
y library resources
y technology support
y network lab for classroom instruction
XII. Honors Courses
Not an honors course
3/24/04
Page 5 of 5