CSCI 415

Computer and Network Security

Coordinator: Nazli Hardy

Credits: 4.0

Description

This course is designed to introduce student to topics which include attacks, standards, data integrity, symmetric key encryption, public key encryption, authentication, electronic mail security, IP security, web security, database security, secure electronic transactions, network management security, malicious software, and firewalls. 

Prerequisites

CSCI 362

Sample Textbooks

William Stallings, Network Security Essentials: Applications and Standards, 3rd Edition, Pearson, 2007

Gildas Avoine et al,  Computer System Security:  Basic Concepts and Solved Exercises, EPFL Press, 2004

Jonathan Katz and Yehuda Lindell, Introduction to Modern Cryptography, Chapman & Hall/CRC Press, 2007

Douglas Jacobson, Introduction to Network Security, Chapman & Hall/CRC Computer & Information Science Series, 2008

Course Outcomes

 On successful completion of this course, the student should be able to:

  1. explain the nature of attacks, security mechanisms, types and motivation of attacks;
  2. describe and explain symmetric encryption and public key encryption, authentication, cryptography algorithms and application of public key infrastructure;
  3. describe the key aspects of several network security elements like secure sockets layer (SSL), transport layer security (TLS), secure electronic transaction (SET);
  4. demonstrate a solid understanding of current  network security vulnerabilities, for example, SQL injection, cross-site scripting, over flow.
  5. describe and design a secure network, complete with the physical components, equipped with appropriate bandwidth, protocols, and internetworking concepts that are covered as theory in class.  They also required to be able to identify and assess the efficiencies of a network
  6. demonstrate a practical insight on secure electronic transactions

Major Topics Covered

A. The Fundamentals

  1. Course Overview
  2. Common exploits and defense,  attacks and their attackers, security cornerstones, security baselines
  3. Buffer overflow
  4. Global offsets table with pointers for root shells
  5. Tools for writing application code for security
  6. Catch security holes
  7. Viruses, spyware, sysbots, malware, and other malicious and current security threats
  8. Tracking botnets
  9. Access control mechanisms, protecting the computer system, sandboxing
  10. Cryptography (1), symmetric key
  11. Cryptography (2), Digital envelopes and signatures, and the underlying math 

B. Web and Database Security

  1. Web exploits and their defense, cross-site scripting, SQL injections
  2. User authentication, password management, user interface exploits, phising and other current threats
  3. Protecting Browser State from Web Privacy Attacks

C. Network Security

  1. Security problems in network protocols: TCP, DNS, SMTP, and routing
  2. Network defense tools: firewalls, intrusion detection, and filter
  3. Distributed Denial of service attacks and worms
  4. Privacy and anonymous browsing
  5. The Voting Machines

D. Security Controls and Management

  1. Network Defense
  2. Counterterrorism
  3. Ethical Hacking
  4. Auditing
  5. Forensics & Investigations

Sample Laboratory Projects

Programming Projects

Building a Secure Distributed Bank using Public key cryptography for secrecy, integrity-protection, and authentication (group project)

Implement a strong password authentication protocol called SRP (Secure Remote Password), a proposed Internet Standard

Remote Buffer Overflow Attack

Encoding x.509 (Cryptography standard)

Programming Access control in client authentication

Simple secure e-mail service

Data encryption experiments

Lempel-Ziv-Welsh compression algorithm 

Security Testing Applications (group project)

 

Research Projects

Network Defense in Counterterrorism

Ethical Hacking

Auditing, Forensics & Investigations 

 

Other Relevant Labs

Wireshark and Traceroute Lab