Course Title: PETROCELLI COLLEGE OF CONTINUING STUDIES Term/ Computer Security Administration Summer 2, 2014 Semester/Year: Course Catalog MADS 6638 Number: Instructor: Dr. Eamon P. Doherty Course Description: This course will introduce the basics of computer (confidentiality, message integrity, etc..) and investigate ways to prevent hackers from accessing websites. Encryption processes and firewall protection may not be enough for someone who wants to access data on your computer system. This course will analyze formal criteria and properties of hardware, software, and database security systems and will determine ways to improve overall site and system security. Additional topics to be reviewed include: formal specifications, verification of security properties, security policies that includes hardening a site and preventing intrusion, detection of an intrusion and how to react to such an intrusion, safeguards for systems organizational training and protocols, and other methods for providing data security in this technical age will be reviewed and assessed. Prerequisites (If any): Goals and Objectives: None The course has the following goals and objectives 1. The student will know enough of the basics about information assurance / network security to be able to speak to federal govt. authorities, technicians, and colleagues about threats, vulnerabilities, security policies, and the CIA Triangle - confidentiality, integrity, and availability of data 2. The student will also be able to discuss the basics of measuring security, protection profiles, evaluating assurance levels, and applying various methodologies and then re-evaluating the assurance level. 3. Students should be able to discuss the Bell LaPadula Model, Access controls, and have enough background to prepare their studies for the SSCP security certification examination 4. Students will also learn the basics of Windows Security which include some knowledge of the registry, user accounts, audits, and policies 5. Students should also be able to converse with others about the various type of hackers that exist as well as some countermeasures such as firewalls, stateful packet inspection, honeypots, intrustion detection systems, and application level proxies. 6. The student will also be aware of many of the newer attacks carried out on business such as: The Dan Kaminsky Attack, Cache Poisoning Attack, and the DNS Rebinding Attack. Course Topics: The following topics will be included in this class: Computer Security, Biometrics, Defcon Black Hat Hacker White Hat Hacker Audits SOHO Firewall Incident Response MAC Address, MAC Address Filtering, SSID Broadcasting, Network Security Certifications War Driving, Routers, 802.11, Physical Security, Incident Response Security Plan, Steganography, VPN, Backups, Risk Assessment, Network Mapping Leak and Penetration Tests Texts and Readings: Required: Computer Security by Dieter Golmann, 3rd Edition, Wiley Publishing, ISBN 978-0-470-74115-3 (See FDU online Journals and Magazines if link is not given) Chenoweth, T., Minch, R., & Tabor, S. (Feb 2010). Wireless insecurity: Examining user security behavior on public networks. Communications of the ACM, 53(2), pp. 134-138. Khansa, L. & Liginlal, D. Quantifying the benefits of investing in information security. Communications of the ACM, 52(11), pp. 113-117. Lendino, J. (June 26, 2007). Share media safely. PC Magazine, 26(13), p. 108. Metz, C. (Oct 1, 2003). Data protection: Steganography. PC Magazine, 22(17), p. 84. Ten steps to a Successful Security Policy (2003) http://www.computerworld.com/s/article/85583/10_steps_to_a_successfu l_security_policy Examples of Internet Usage Policy, Incident Response Policy, Computer Usage Policy, Audit Policy, Antivirus Policy, Awareness and Training Policy, Email Policy, Disaster Recovery Policy, Backup Policy (2011) http://www.dmoz.org/Computers/Security/Policy/Sample_Policies/ Hot Site Backups (2011) http://www.ibackup.com/hot-sites/ Hospital successfully installs back up/recovery hot site with zero downtime (2004) http://articles.techrepublic.com.com/5100-10878_11-5211388.html Supplemental Readings The following list of suggested reading materials is not an exhaustive source of published works that focus on this topic. Some of these appear to be vintage sources, but they are considered seminal materials that are appropriate for this topic. They are not required but just give more information on the topics. Berghe, H. & Uecher, J. (Dec 2004). Wireless infidelity II: Airjacking. Communications of the ACM, 47(12), pp. 15-20. Villasenor, J. (Aug 2010). The hacker in your hardware. Scientific American, 303(2), pp. 82 – 87. The Complete Guide To E-Security, Protect Your Privacy On the Internet By Michael Chesbro, Citadel Press, ISBN 0-8065-2279-8 The book "Incident Response" by Douglas Schweitzer (ISBN 0-7645-2636-7) Entrance Competences The student should be familiar with using a personal computer with a word processor to write a paper, able to use email, and basic Internet usage. Exit Competencies The student will have learned enough to: 1. The student will understand what a network is, the components of a network, and how to evaluate security. 2. The student will learn what a security audit is and what people in the organization perform them and what permissions are needed. 3. The student will understand how the configuration of a computer makes it vulnerable to local users as well as others on a network. 4. The student will understand the processes and mechanisms to help block unauthorized access as well as examine logs to see intrusion attempts 5. The student will understand the types of hackers that are on the Internet, the types of attacks they use, and the dangers that they pose to networks. 6. The student will know enough to write about security topics which may include a basic plan to secure a small network. Grading Policy Grade Scale: A = 95 - 100 B- = 80 - 82 A- = 90 - 94 B+ = 87 - 89 B = 83 - 86 Activity C+ = 75 - 79 C = 70 - 74 F = Below 70 Value 1. Discussion Board 20% There are discussion sections at the end of each unit. The discussion grade is based on relevancy of answer, amount of material written, frequency of responses to each unit discussion. Learning Outcomes Assessment 2. Assignments 20% There are a series of weekly assignments to complete 3. Security Plan / Paper 20% See Paper requirements later in syllabus 4. Midterm 20% There is a midterm 5. Final Exam – 20 % Each college program has identified outcome measures that indicate whether students are successful in meeting the specific outcomes for the program. The following are the four outcome measures that will be assessed for the MAS program: 1. Strategic Orientation – An MAS graduate will demonstrate the ability to develop, implement, coordinate, and/or manage a strategic plan through a collaborative process. 2. Communication – An MAS graduate will demonstrate the ability to prepare and deliver effective oral presentations and or write documents that present and evaluate information and opinion in a logical and analytical manner, incorporating research and documentation, and using style, grammar, mechanics, and format appropriate to an educated audience. 3. Information Literacy – An MAS graduate will demonstrate the ability to carry out thorough and effective information search strategies using traditional print, digital, and internet sources, evaluate information accessed, and use this information along with existing knowledge to create something new. 4. Critical Thinking – A MAS graduate will demonstrate competency in critical thinking that encompasses dimensions of informal logic and ethical analysis. In this class, we will be addressing the outcomes of communications, information literacy, and critical thinking. Assessment of Learning Class Participation Exams Students are expected to bring their personal concepts and experiences to assist the learning process. Participation in Discussion Boards is absolutely necessary so that student colleagues can share these ideas. Moreover, students must complete the assigned readings and assigned Questions and Exercises and other assignments (case studies, simulations, etc.). Students who are unable to keep pace due to illness or unforeseen professional conflicts should advise the instructor immediately and provide a timeline for catching up with assigned work. Non-participation, without good cause (illness, work assignment conflicts, etc.) is unacceptable and will adversely impact the grade earned for the course. Examinations will involve short answer and comprehensive essays. The mid-term exam will be returned the following week. The final exam will be graded and returned by mail. The exams will contain no surprises. All questions will be specifically derived from class presentations/readings. There will be no questions derived from materials not discussed in class. For the essay section of the exams, students will be given a series of questions and will be asked to respond to a specific number of items. Exams are to be taken on the date assigned. Exams given on a date other than the scheduled date without prior authorization will contain questions from any aspect of the class presentations and readings, and there will be no choice of questions to which to respond. Examinations will involve short answer and comprehensive essays. The midterm exam will be returned the following week. The final exam will be graded and returned within one week. The exams will contain no surprises. All questions will be specifically derived from class presentations/readings. There will be no questions derived from materials not discussed in class. For the essay section of the exams, students will be given a series of questions and will be asked to respond to a specific number of items. Exams are to be taken during the period assigned. Exams given on during a time other than that without prior authorization will contain questions from any aspect of the class presentations and readings, and there will be no choice of questions to which to respond. Project All class participants are expected to prepare a written term paper on a topic from the course. The paper should be on something related to computer security or the administration of computer security. Topics must be approved by the instructor. Papers are expected to be 10 pages, double-spaced in APA format. The paper should include the following: a) b) b) c) d) e) g) Cover Table of Contents Introduction Equipment, Policies The Main Topic Summary or Conclusion or Closing Remarks References There should be at least six references from journal articles, textbooks, or government publications, websites, and possibly the textbooks from this course. These can be from various sources, but should include internet or online library resources. As a student of FDU, you have access to the online library resources. There are thousands of full text articles available through the library. To access the library, click on the library button on either FDU’s homepage or on the webcampus homepage. You use your FDU email username and password for access. Since there are numerous sources for any topic, you must search through the different materials and select those materials that support your position. The paper is due by the date provided in the class announcements. Papers should be transmitted electronically. If a student needs to submit a hard copy, two copies should be submitted without covers and with a single staple in the upper left hand corner. Papers late without good cause will be reduced one letter grade for each day late. Presentation There will be a five to ten minute presentation of the paper on the last day of class. The presentation should provide a summary of the term paper. The presentation will provide an opportunity for other class participants to suggest other aspects to consider. There will be a specific Discussion Board set up for your presentation. This can be either a PowerPoint presentation or an Executive Summary of your paper. The presentation should provide a summary of the term paper. The presentation will provide an opportunity for other class participants to suggest other aspects to consider. General Class Procedures Attendance Classes will follow the University calendar and will start and end at stated times. For classes offered in a Saturday format, students must attend all five sessions. If there are extenuating circumstances that prevent a student from attending a scheduled class, that class must be made up in the next term. Classes will not be canceled unless ordered by the Provost or the Program Director. Online courses follow a 10-week format. It is important that students respond to discussion questions during the week in which they are posted. Students can respond to the instructor’s question or to responses of other students. The quality and quantity of the student’s response will impact the class participation part of the grade. Late Work Extra Credit Students are expected to take the exams when they are scheduled. In the event that the student cannot take the scheduled exam due to illness or employment-related obligations, a make-up may be offered; however, only one such exam will be scheduled for each exam. Assignments received after the scheduled due date will be reduced one full grade for each class session that the material is late. Emergency situations that adversely impact the participant’s ability to meet the requirements must be discussed with the professor to determine if there could be a waiver of this policy. There will be no extra credit work or extra credit assignments accepted at any time during this course. Grade Notification Grades will only be provided to the participants through the normal reporting process. No grades will be provided to a participant through any electronic medium. Work Format Students are expected to submit their work in Office 2003 format. This may require students to convert their files from a more current version to the 2003 version. The School of Administrative Science is concerned with sustainability and conservation of resources. Students are encouraged to email exams and term papers to the instructor rather than printing out copies and using resources. Reference Sources As a FDU student, you have access to the online library that has thousands of full text articles available. To access this site, click on the library button on the FDU homepage and use your user name and password from your email account to search the various journals. Plagiarism The School of Administrative Science is concerned with Academic Integrity and follows the University’s policy on this topic. All work in this course is expected to be that of the individual student and/or the work of others that is appropriately cited. Any term paper or examination that misrepresents the work of others as that of the student will receive a grade of “0” for that assignment. Work in this course is also expected to be prepared specifically to fulfill assignments in this course. Any duplication of material submitted for course credit in this course and another course without appropriate disclosure and approval of that duplication is also subject to a grade of ‘0’ and will be duly reported to the University. (Example: Submitting the same, or essentially the same, term paper to two different classes for course credit.) Plagiarism is taken seriously at the University and may lead to disciplinary actions. The complete University policy can be found on the University’s website. Course Outline Week 1 - July 6 – 12, 2014 – Introduction Discussion Board – Introduction Week 2 - July 13-19, 2014 – Unit 1 – The History of Computer Security and Managing It Readings - Chapters 1,2 Unit 1 Homework 1 Discussion Board – Topic on Computer Security History Week 3 - July 20-26, 2014 – Unit 2- Foundations of Computer Security & Access Control Readings – Chapters 3,4 Unit 2 Homework 2 Discussion Board – Topic on Access Control of Computer Week 4 – July 27-August 2, 2014 – Unit 3 - Access Control and Windows Security Readings – Chapters 5,8 Unit 3 Homework 3 Discussion Board – Topic on Windows Security Week 5 – August 3-9, 2014 – Midterm Week 6 – August 10-16, 2014 – Unit 4 - Software Security the Bell-LaPadula Model Readings – Chapters 10,11 Unit 4 Homework 4 Discussion Board – Topic on Software Security Week 7 – August 17-23, 2014 – Unit 5 - Security Evaluation and Cryptography Readings – Chapters 13,14 Unit 5 Homework 5 Discussion Board – Topic on Security Evaluation Week 8 – August 24-30, 2014 – Unit 6 –Communication & Network Security Readings – Chapters 16,17 Unit 6 Discussion Board – Topic on VPNs Week 9 – August 31 – September 6, 2014 Paper Due Discussion Board – Post 5 slides about your paper Week 10 -September -13, 2014 Final Exam The instructor reserves the right to alter the syllabus where warranted.