Computer Engineering Department Islamic University of Gaza ECOM 5347 Network Security Undergraduate/Elective Course Fall 2018-2019 Prof. Dr. Eng. Mohammad A. Mikki Computer Engineering Department Chair College of Engineering Islamic University of Gaza, Gaza, Palestine Email: mmikki@iugaza.edu.ps Homepage: http://site.iugaza.edu.ps/mmikki Tel.: +970-08-2644400 Ext. 2883
Syllabus & Course Overview Lecture 1 Syllabus & Course Overview
Instructor’s Info. Prof. Dr. Eng. Mohammad A. Mikki Computer Engineering Department Chair College of Engineering Islamic Universoity of Gaza, Gaza, Palestine Email: mmikki@iugaza.edu.ps Homepage: http://site.iugaza.edu.ps/mmikki Tel.: +970-08-2644400 Ext. 2883
Instructor’s Office Admin. Building Room B323
Instructor’s Office Hours TBA and by Appointment
Teaching Assistants Section 101: TBA Section 201: TBA
Course Information Course Code: ECOM 5347 Course Name: Network Security (Undergraduate/Elective Course) Number of credits: 3
Course Description This course provides an introduction to a variety of topics in computer security for juniors and seniors majoring in computer science and engineering. This includes basic concepts and techniques in information security and management such as risks and vulnerabilities, applied cryptography, program security, malicious software, authentication, access control, operating systems security, multilevel security, trusted operating systems, database security, inference control, physical security, and system assurance and evaluation. Coverage of high-level concepts such as confidentiality, integrity, and availability applied to hardware, software, and data. The course covers three parts: computer security technology and principles (cryptography, authentication, access Control, database Security, DoS, malicious software, intrusion detection, firewall, etc.) software security and trusted systems (buffer overflow, software security, operating system security, etc.) network security (internet security protocols, authentication app, etc.).
Tentative List of Topics Networking Secret Key Cryptography Hashes and Message Digests Public Key Cryptography Authentication and Authorization Systems Database Security Malicious Software Denial-of-Service Attacks Intrusion Detection Firewalls and Intrusion Prevention Systems Buffer Overflow Software Security Operating System Security Security Auditing Forensics Legal and Ethical Aspects Internet Security Protocols and Standards Internet Authentication Applications Wireless Network Security Mobile Security
Course Objectives The objective of this course is to cover principles of computer and network security along with some relevant background in basic cryptography. We will discuss various attack techniques and how to defend against them. After completing this course, students will be able to analyze, design, and build secure systems of moderate complexity.
ABET Criteria ABET Accreditation Criterion 3 Program Outcomes that are relevant to this course are: (1) An ability to apply knowledge of computing, mathematics, science, and engineering. (3) An ability to design, implement, and evaluate a computer-based system, process, component, or program to meet desired needs, within realistic constraints specific to the field. (6) An understanding of professional, ethical, legal, security and social issues and responsibilities. (7) An ability to communicate effectively with a range of audiences. (8) The broad education necessary to analyze the local and global impact of computing and engineering solutions on individuals, organizations, and society. (10) A knowledge of contemporary issues. (11) An ability to use current techniques, skills, and tools necessary for computing and engineering practice.
Course Learning Outcomes Upon completion you should have gained the following conceptual skills: How to monitor computer systems and networks for malicious activities Learn how to use a wide array of security and networking tools Understand hacker activities, methodologies, and tools used Learn system and security administration tools, configurations, and best practices Learn vulnerability and penetration testing tools, techniques, trends Understand the fundamental security objectives like Confidentiality, Integrity, and Availability Understand type of security threats and attacks that must be dealt with Understanding of various computer networking protocols, standards, and tools Understanding of symmetric and asymmetric cryptography including message authentication Understand means of authenticating a user's identity through identification and verification How to implement security policies to ensure proper access to appropriate resources
Course Learning Outcomes (Cont.) Upon completion you should have gained the following conceptual skills: How to securely setup, configure, and manage database management systems Understand different types of malicious software, propagation methods, and payload actions Understand the different Denial of Service attacks that compromise availability of resources Be able to distinguish among various types of intruders and their behavior patterns Explain the roles of firewalls as part of a computer and network security strategy Understand the poor programming practices that cause many security vulnerabilities Understand the planning and process steps for securing operating systems and applications Understand formal models of computer security and its relevance to trusted computing Understand the various management aspects of information and computer security Understand the key elements and process for security auditing and forensics Understand the ethical and legal aspects of security including computer crime, IP, and privacy Understanding of the security protocols and standards uses for Internet communications
Prerequisites Operating Systems Computer Networks
Course Website The common syllabus is posted on the course webpage at http://moodle.iugaza.edu.ps and My homepage http://site.iugaza.edu.ps/mmikki/ Please check this webpage at least once a week for: lecture notes Assignments and solutions Exams and solutions Quizzes and solutions Useful links Supplementary material, and Announcements Your instructor will provide and/or post a revised version of the course syllabus with additional information stating his policies for the course, such as attendance policy, labs and assignments submission policy, quizzes policy, and others.
Class Information 201 101 Section Sun, Tue. Days 14:30-15:30 12:30-14:00 Time I418 Location
Required Textbook and Material Computer Security: Principles and Practice, Third Edition Author: William Stallings and Lawrie Brown ISBN: 978-0133773927, Pearson Prentice Hall Publication Date: July 18, 2014
Recommended Books Charles P. Pfleeger, Shari Lawrence Pfleeger, "Security in Computing", Prentice Hall, 4th edition. Charlie Kaufman, Radia Perlman, Mike Speciner, "Network Security: Private Communication in a Public World", Prentice Hall, 2nd edition. Matt Bishop, "Computer Security: Art and Science", Addison-Wesleyl. Richard E. Smith, "Elementary Information Security", Jones&Bartlet Learning.
Class Expectations Class attendance Text reading in advance Class participation Working hard
Class Schedule Week Topic Textbook/Reading Material Assignment 1 Sat. 15.Sep. Introduction, Syllabus, Course Overview Chapter 0 Computer Security Overview Chapter 1 2 Sat. 22.Sep. Computer Security Overview (Cont.) Part One- Computer Security Technology and Principles Cryptographic Tools Chapter 2 3 Sat. 29.Sep. Cryptographic Tools (Cont.) Lab exp.1 handout
Class Schedule (Cont.) Week Topic Textbook/Reading Material Assignment 4 Sat. 15.Sep. User Authentication Chapter 3 Quiz1 on Ch2 . User Authentication(Cont.) 5 Sat. 06.Oct Access Control Chapter 4 Lab exp.2 handout Lab exp.1 report submission Access Control (Cont.) 6 Sat. 13.Oct. Database and Cloud Security Chapter 5 Quiz2 on Ch3 and 4 Database and Cloud Security (Cont.)
Class Schedule (Cont.) Week Topic Textbook/Reading Material Assignment 7 Sat. 20.Oct. Malicious Software Chapter 6 Lab exp.3 handout Lab exp.2 report submission Malicious Software (Cont.) 8 Sat. 27.Oct. Denial-of-Service Attacks Chapter 7 Quiz3 on Ch5 and 6 Denial-of-Service Attacks (Cont.) 9 Sat. 03.Nov. Intrusion Detection Chapter 8 Lab exp.4 handout Lab exp.3 report submission Intrusion Detection (Cont.) 10 Sat. 10.Nov. Midterm exams- No classes
Class Schedule (Cont.) Week Topic Textbook/Reading Material Assignment 11 Sat. 17.Nov. Firewalls and Intrusion Prevention Systems Chapter 9 Lab exp.5 handout Lab exp.4 report submission Firewalls and Intrusion Prevention Systems (Cont.) 12 Sat. 24.Nov. Part Two- Software Security and Trusted Systems Buffer Overflow Chapter 10 Quiz4 on Ch9 Buffer Overflow (Cont.) 13 Sat. 01.Dec. Software Security Chapter 11 Lab exp.6 handout Lab exp.5 report submission Software Security (Cont.) 14 Sat. 08.Dec. Operating Systems Security Chapter 12 Quiz5 on Ch10 and 11 Operating Systems Security (Cont.)
Class Schedule (Cont.) Week Topic Textbook/Reading Material Assignment 15 Sat.15.Dec. Part Four- Cryptographic Algorithms Symmetric Encryption and Message Confidentiality, Chapter 20 Lab exp.7 handout Lab exp.6 report submission Quiz6 on Ch12 Public-Key Cryptography and Message Authentication Chapter 21 16 Sat. 22.Dec. Part Five- Network Security Internet Security Protocols and Standards Chapter 22 Lab exp.8 handout Lab exp.7 report submission Quiz7 on Ch20 and 21 Internet Authentication Applications Chapter 23 17 Sat. 29.Dec. Wireless Network Security Chapter 24 Lab exp.8 report submission Quiz8 on Ch22 and 23 Review 18 Sat. 05.Jan. First day of final exams
THE UNIVERSITY OF NEVADA-Fall2014- use same text Date Lectures Assignments & Notes Tue, Aug 26 Lecture #1: Security Overview Chapter 1 Thu, Aug 28 Lecture #2: Security Overview (cont) Chapter 1 Tue, Sep 2 Lecture #3: Cryptographic Tools Chapter 2 Thu, Sep 4 Lecture #4: Cryptographic Tools (cont) Tue, Sep 9 Lecture #5: User Authentication Chapter 3 - Homework 1 due Thu, Sep 11 Lecture #6: User Authentication (cont) Chapter 3 Tue, Sep 16 Lecture #7: Access Control Chapter 4 Thu, Sep 18 Lecture #8: Access Control (cont) Chapter 4 - Lab 1 due Tue, Sep 23 Lecture #9: Database Security Chapter 5 Thu, Sep 25 Lecture #10: Cloud Security Chapter 5 - Homework 2 due Tue, Sep 28 Lecture #11: Malicious Software Chapter 6 Thu, Oct 2 Lecture #12: Malicious Software (cont) Chapter 7 Tue, Oct 7 Lecture #13: Denial of Service Attacks Chapter 8 - Lab 2 due Thu, Oct 9 Lecture #14: Intrusion Detection Chapter 8 Tue, Oct 14 Lecture #15: Firewalls Chapter 9 - Homework 3 due Thu, Oct 16 Midterm Exam Tue, Oct 21 Lecture #16: Buffer Overflow Chapter 10 Thu, Oct 23 Lecture #17: Software Security Chapter 11 Tue, Oct 28 Lecture #18: Software Security (cont) Chapter 11 - Lab 3 due Thu, Oct 30 Lecture #19: Operating System Security Chapter 12 Tue, Nov 4 Lecture #20: Trusted Computing and Multilevel Security Chapter 13 - Homework 4 due Thu, Nov 6 Lecture #21: Trusted Computing and Multilevel Security (cont) Chapter 13 Tue, Nov 11 Veteran's day (no class) Thu, Nov 13 Lecture #22: Legal and Ethical Aspects Chapter 19 Tue, Nov 18 Lecture #23: Symmetric Encryption Chapter 20 - Lab 4 due Thu, Nov 20 Lecture #24: Public-Key Cryptography Chapter 21 Tue, Nov 25 Lecture #25: Internet Security Protocols and Standards Chapter 22 - Homework 5 due Thu, Nov 27 Thanksgiving (no class) Tue, Dec 2 Lecture #26: Internet Authentication Applications - Anonymity Chapter 23 Thu, Dec 4 Lecture #27: Network Security - Wireless Network Security Chapter 24 Tue, Dec 9 Lecture #28: Digital Currencies Lab 5 due on Thursday Tue, Dec 16 Final Exam @ 5:00pm (Exam covers post-midterm material. However, you are expected to remember important pre-midterm concepts.) Homework 6 due
NCSU (North Carolina State University)-use same text 1/2 CSC405- Introduction to Computer Security- Schedule-Fall2015 # Date Topic Speaker Textbook 1 Thu 8/20 Introduction, Syllabus, Course Overview Carter Chapter 0 2 Tue 8/25 Computer Security Overview, Standards and Standard-Setting Organizations Chapter 1 Appendix C 3 Thu 8/27 Computer Networking Overview: TCP/IP Protocol Architecture and the Domain Name System Appendix F Appendix I 4 Tue 9/1 Cryptographic Tools: Symmetric Encryption and Message Confidentiality Chapter 2 Chapter 20 DES DES Calculator 5 Thu 9/3 Chapter 2 Chapter 20 6 Tue 9/8 Cryptographic Tools: Public-Key Cryptography and Message Authentication, SHA-3 Chapter 2 Chapter 21 Appendix K 7 Thu 9/10 Cryptographic Tools: Public-Key Cryptography and Message Authentication Chapter 2 Chapter 21 8 Tue 9/15 9 Thu 9/17 User Authentication Chapter 3 10 Tue 9/22 Exam #1 11 Thu 9/24 Access Control Bletsch Chapter 4 12 Tue 9/29 Database and Cloud Security Chapter 5 13 Thu 10/1 Malicious Software Chapter 6 14 Tue 10/6 Malicious Software II: Stuxnet, Malicious hardware, Rootkits, Windows tracing tools demo Chapter 6 Stuxnet analysis Adore-ng rootkit demo jellyfish: A gpu rootkit! Thu 10/8 Fall break
NCSU (North Carolina State University) 2/2 CSC405- Introduction to Computer Security- Schedule-Fall2015 # Date Topic Speaker Textbook 15 Tue 10/13 Denial-of-Service Attacks Bletsch Chapter 7 16 Thu 10/15 Intrusion Detection Chapter 8 Appendix J 17 Tue 10/20 Firewalls and Intrusion Prevention Systems Chapter 9 18 Thu 10/22 Buffer Overflows Chapter 10 19 Tue 10/27 Software Security Chapter 11 20 Thu 10/29 Exam #2 21 Tue 11/3 Operating Systems Security Chapter 12 22 Thu 11/5 Internet Security Protocols and Standards, Internet Authentication Applications Carter Chapter 22 Chapter 23 23 Tue 11/10 Wireless Network Security Chapter 24 24 Thu 11/12 Legal and Ethical Aspects, Security Auditing and Forensics Tim Gurganus Chapter 19 Chapter 18 25 Tue 11/17 Mobile Security - 26 Thu 11/19 Reverse engineering 27 Tue 11/24 Course Review / Final Exam Review Bletsch/Carter Thu 11/26 Thanksgiving holiday 28 Tue 12/1 Human factors and social engineering Poorly-spelled 1990s textfiles: social.txt, soceng.txt
Assessment (Grading) Criteria Attendance and participation 10% Quizzes Midterm exam 20% Lab experiments Final exam 40%
Attendance Class attendance is required and very important for successful completion of the course. Students are expected to attend and participate in every class which is interpreted as the entire class period and lab period. Excused absences must be planned for, when possible, and justified with documentation. The student is responsible for making up missed class/lab sessions. Late arrival that causes disruption, early departure that causes disruption, excessive conversation among students, and other actions that disrupt the classroom are unacceptable.
Use of Laptops/Mobile Phones Use of laptops/Mobile phones during the class is not allowed. In order to minimize the level of distraction, all mobile phones must be on mute mode during class meeting times.
Questions ?