Soran University Faculty of Science and Engineering Computer

advertisement
Soran University
Faculty of Science and Engineering
Computer Science Department
Information Security
Module Specification
1. Module Title – Information Security
2. Module Code: CS403INS
3. Module Level - Forth Stage
4. Module Leader – Safwan M.
5. Teaching Semester – 7 and 8
6. Credit Rating for the module - 4 Credits
7. Prerequisites and co-requisites
Information Security
8. Module Summary
This course will cover many aspects of computer security including
cryptography, network security, application security, and web security.
Traditional topics such as buffer overflows, intrusion detection, packet
analysis, and malware will be discussed. We will also delve into unorthodox
topics including privacy, incident handling, forensics and anti-forensics, legal
issues, and security in emerging technologies. This is largely a hands-on
course where students will play both offense and defense.
9. Module Aims
This course unit is aimed at introducing the technologies and practices that
can be used to secure information, computer systems and networks. The
course will cover security threats and vulnerabilities, principles of
cryptography, and practical topics in network and Internet security.
10. Learning Outcomes
By the end of this course, students will be able to:
a. State the basic concepts in information security, including security
policies, security models, and security mechanisms.
b. Explain concepts related to applied cryptography, including plain-text,
cipher-text, the four techniques for crypto-analysis, symmetric
cryptography, asymmetric cryptography, digital signature, message
authentication code, hash functions, and modes of encryption
operations.
c. Explain the concepts of malicious code, including virus, Trojan horse,
and worms.
d. Explain common vulnerabilities in computer programs, including buffer
overflow vulnerabilities, time-of-check to time-of-use flaws, incomplete
mediation. Outline the requirements and mechanisms for identification
and authentication.
e. Explain issues about password authentication, including dictionary
attacks (password guessing attacks), password management policies,
and one-time password mechanisms.
f. Discuss network fundamentals and security, including: network
topologies, protocols, address conservation, naming, network
services, and network threats and countermeasures.
Explain the requirements for trusted operating systems, and describe
the independent evaluation, including evaluation criteria and
evaluation process.
g. Describe security requirements for database security, and describe
techniques for ensuring database reliability and integrity, secrecy,
inference control, and multi-level databases.
h. Describe threats to networks, and explain techniques for ensuring
network security, including encryption, authentication, firewalls, and
intrusion detection.
i. Explain the requirements and techniques for security management,
including security policies, risk analysis, and physical threats and
controls.
11. Syllabus
Week 1- Introduction (1 lecture)
Basic concepts: threats, vulnerabilities, controls; risk; confidentiality,
integrity, availability; security policies, security mechanisms;
assurance; prevention, detection, deterrence
Week 2- Basic cryptography (1 lecture)
Introduction to cryptography, Secret key cryptosystems, Basic
cryptographic terms, historical background, symmetric crypto
primitives, modes of operation,
Week 3-4 Cryptography Techniques/Systems (2 lectures)
Encryption systems, transposition systems, substitution systems
Week 5 First Exam
Week 6 -8 Cryptography Algorithms (3 lectures)
Symmetric Encryption, Data Encryption Standards (DES), Advanced
Encryption Standards (AES), Public Key Encryption, Hash Functions,
Key exchange, Digital Signatures
Week 9 Network Security (1 lecture)
Network Security Definition, Network threats, Eavesdropping,
Modification
Week 10-11 Network Security II (2 lectures)
Firewalls, Intrusion Detection, Secure e-mail
Week12 Second Exam
Week 13-14 Network Tool analyzer (2 lectures)
Week 15 – Authentication (1 lecture)
Identification and authentication, Passwords, Biometrics
Week 16 - One-time passwords and challenge response schemes,
Kerberos
Week 17 Third Exam
Week 18 - Kerberos, SSL, SSH (1 lecture)
Week 19-20 Security in conventional operating systems (2 lectures)
Memory, time, file, object protection requirements and techniques
Protection in contemporary operating systems
Week 21-22 Database management systems security (2 lectures)
Database integrity, Database secrecy, Inference control, Multilevel
databases
Week 23 Forth Exam
Week 24-25 Management of security (2 lectures)
Security policies, Risk analysis, Physical threats and controls
Week 26 Miscellaneous (1 lecture)
Legal aspects of security, Privacy and ethics
Week 27-28 Ethical Hacking (1 lecture)
Ethical hacking process, Hacking Methodology , Scanning Systems
Week 29 Fifth Exam
Week 30 Web Applications security (1 lecture)
Web applications Vulnerabilities , Choosing tools , Insecure Login
Mechanisms , Input Filtering , URL filter Bypassing
Week 31 Presentation of Project/Report
Week 32 Review
12. Assessment Strategy
For this course, the instructor will utilize a variety of evaluation tools to
measure how well the students are achieving the learning objectives. The
table below contains a summary of the components of the final grade. Each
element is described in more detail.
Item
Quizzes
Labs
Report/Projects
Exam Theory
Final Exam Practical
Theoretical
Percentage
5
5
10
20
20
40
Quizzes/Labs
Quizzes will be given throughout the semester, at a rate of approximately One
per chapter. Quizzes will always cover the material covered since the last
Quiz or Exam. The quizzes will be combinations of objective and short-answer
questions.
Report/Project
An 8-10 page (2500-3000 words) paper covering a topic chosen by the
student will be due on April 23rd. One paragraph describing the topic will be
due to the instructors the week of March 5. The paper should examine a topic
in a unique and analytic way, rather than provide a summary of the particular
field of study. The paper will be graded on both the quality of writing and
analysis.
Exams:
There will be five (5) non-cumulative examinations and a final exam. The
content will come from the text and other material presented in lecture
sessions as well as labs. Note that material presented in class and in lab will
supplement the assigned reading. Therefore, class attendance and good note
taking are essential tactics for success
13. Learning Session Structure
Every week we have a 1 hour lecture followed by 30 minute tutorial, and 1 ½
hour practical workshop in a computer lab.
15. Learning and Teaching Methods
16. Text Books
Required:
“Applied Cryptography and Network Security”, By JaydipSen, InTech,2012
Optional:



Hacking Exposed6:NetworkSecurity Secrets&Solutions, Styart Mc Clure,Joel
Scambray, andGeorge Kurtz, McGraw-Hill,2009
Hacking: The Art of Exploitation, 2nd Edition, Jon Erickson, 2008
Introduction to Computer Security, By Matt Bishop, Prentice Hall PTR,2005
17. Validated and Verified by
Download