CS4420 Spring 2005 Syllabus

CS4420 - Computer Security

GENERAL INFORMATION

Instructor: Cathie LeBlanc

Office: Memorial 214

Phone: 535-2629

Office Hours: MW 10am-11am, M 12:15pm-1:15pm, R 11am-12noon and by appointment

Electronic Mail:

Text Books: Secrets and Lies: Digital Security in a Networked World by Bruce Schneier (ISBN: 0-471-45380-3) and Hacking Exposed: Windows Server 2003 by Joel Scambray and Stuart McClure (ISBN: 0-07-223061-4)
Meeting Time: TR 2pm-3:15pm
Meeting Place: Rounds 207 (or 3rd floor security lab in Memorial as suggested on the semester schedule)
Class Home Page: oz.plymouth.edu/~cleblanc/Spring05/cs4420.html

Course Description:

Provides an introduction to the theory and practice of computer security and information warfare. In particular, examines issues in physical security, network security, database security, intrusion detection, dectection of Trojan horses, viruses, worms and coordinated network attacks, access control, cryptography, legal and ethical issues including privacy and copyright, as well as various computer security policy issues.

Course Goals and Objectives:

Understand the ideas, principles and tools of information security.
Be able to evaluate an information system for a variety of vulnerabilities.
Understand and be able to use the tools and techniques used by attackers to penetrate computer systems.
Be able to read and evaluate information security policies.
Be able to investigate, apply and use patches and other defense mechanisms (such as virus detection, cryptography and packet filtering software).
Understand the ethical implications of using attack tools on computer systems.
Understand the ethical implications of various security and privacy policies.

Tentative Schedule:

We will try to follow this schedule but some adjustments may have to be made. This schedule is provided simply to help you in planning your semester.

Evaluation:

15% - Labs
10% - Explorations
15% - Research Paper
10% - Chapter Presentations
10% - MidTerm Exam
20% - Final Project and Presentation
20% - Final Exam

Grade Scale:

Grades will be assigned according to the following scale:
- 93-100 - A
- 90-92 - A-
- 88-89 - B+
- 83-87 - B
- 80-82 - B-
- 78-79 - C+
- 73-77 - C
- 70-72 - C-
- 68-69 - D+
- 63-67 - D
- 60-62 - D-
- below 60 - F

Evaluation Items:

Labs: There will be 10 lab sessions. During the lab session, we will meet in the security lab on the third floor of Memorial Hall. During these lab periods, students will be expected to complete an exercise, although the completion of the exercise will often require more time than that alloted during the lab period. These lab exercises will comprise 15% of the semester grade, with the lowest lab grade being dropped. NO late labs will be accepted. If for some reason a student misses a lab, that lab will be his or her dropped lab. See the tentative schedule for the lab schedule.
Explorations: To really learn about computer security, students must tinker and explore. To encourage such exploration, 10% of the semester grade will be comprised by an exploration grade. Each student must participate in at least 2 exploration exercises which will be announced regularly throughout the semester. Each exercise is worth a maximum of 5 points and a minimum of 1 point. The number of points assigned for each exercise will be determined by the number of students who complete the exercise. For example, if only 1 student completes the exercise, it will be worth 5 points for that student. If 2 students complete an exercise, it will be worth 4 points for each student. If 3 students complete an exercise, it will be worth 3 points for each student. If 4 students complete an exercise, it will be worth 2 points for each student. If 5 or more students complete an exercise, it will be worth 1 point for each student. Each student must earn 10 points throughout the semester to receive full credit for this part of the grade.
Research Paper: Each student will write a research paper on a topic of his/her choosing. To find a topic, the student should search the archives of Crypto-Gram, CSO Online or a favorite security web site. The choice of paper topic is due Thursday, March 3. An annotated bibliography for the paper is due Thursday, March 31. The first draft of the paper is due Thursday, April 14. The final draft of the paper is due Thursday, April 28. Additional details about this research paper will be provided in a separate handout.
Chapter Presentations: Every student will be responsible for presenting two chapters of the Schneier text to the rest of the class. These presentations will be done in groups of two. In the week before a group's chapter is due, the group will meet with me to explain their plan for the presentation. In addition, the group must prepare a summary/study guide for the chapter to hand out to the other students in the class. The grades for these two chapter presentations comprise 10% of the semester grade.
MidTerm Exam: There will a midterm examination on Thursday, March 17. This exam will comprise 10% of the semester grade. No makeup exams will be given.
Final Project: Every student will be expected to complete a semester project. The project will be presented to the rest of the class during the last two weeks of classes. The details of the project will be distributed early in the semester. The final project and presentation will comprise 20% of the semester grade.
Final Exam: The final exam will comprise 20% of the semester grade and will be split into two parts. The take-home portion of the exam will be handed out on Thursday, May 12 and will be due during the scheduled final exam period (Thursday, May 19, 2:30-5pm). The in-class portion of the final exam will be given during the scheduled final exam period (Thursday, May 19, 2:30pm-5pm). Do not plan to leave Plymouth before this date. NO early exams will be given.

Class Philosophy:

Think!: Do not blindly follow instructions. Think about what you are doing and why you are doing it. If you do not understand something, be sure to ask questions.
The only stupid question is the one that is left unasked: If you don't understand something, ASK! If you don't feel comfortable asking in class, come by my office, see me after class, send me email. I will answer questions in whatever forum you feel comfortable.

Attendance Policy:

Attendance will not be taken. However, every student is responsible for everything covered in class even if it is not in the readings.

Academic Honesty:

From the Plymouth State University Academic Catalog: "Violation of academic integrity includes any act which portrays a member of the academic community as having acquired knowledge through legitimate study or research which, in fact, has been stolen. Violation of academic integrity includes also any act which gains one member of the academic community an unfair advantage over another. This includes any act hindering the academic accomplishment of another." I will pursue violations of academic integrity to the fullest extent possible. Any student who has questions about what constitutes such violations is encouraged to consult the Academic Catalog and/or discuss the issue with me.

Back to Cathie's Home Page

CS4420 - Computer Security

CONTENTS

GENERAL INFORMATION

Updated January 10, 2005 by Cathie LeBlanc