Franske CNT-2820 FA10 Schedule: Difference between revisions

Information Technology & Careers

Information Systems Security Fundamentals CNT-2820 - 3 credits Instructor: Dr. Ben Franske Term: Fall 2010 (8/23/2010-12/15/2010) Meetings: M W 3:00pm-4:40pm Location: B143

This schedule provides an outline of the topics expected to be covered in this course as well as the readings and assignments due each week. Topics and readings may change in which case you will be notified in class or by e-mail and the latest version of this document is always available from the course wiki. Please have all readings completed prior to the start of each class and be prepared to take part in the discussion. Unless otherwise noted online quizzes and exams are due at 11:59pm on the date indicated.

Session 1: August 23

Topics:

• CNT CLASS Server Account Setup
• Course Overview
• Introduction to Computer Security

Readings:

Due:

Session 2: August 25

Topics:

• Challenges of Securing Information
• What Is Information Security?
• Who Are the Attackers?
• Attacks and Defenses
• Information Security Careers and Certifications

Readings:

• Chapter 1: Introduction to Security

Due:

• Chapter 1 Online Assessment
• Chapter 1 Homework Assignment

Session 3: August 30

Topics:

• Software-Based Attacks
• Hardware-Based Attacks
• Attacks on Virtualized Systems

Readings:

• Chapter 2: Systems Threats and Risks

Due:

• Chapter 2 Online Assessment
• Chapter 2 Homework Assignment

Session 4: September 1

Topics:

• Course Project Overview
• Wiki page creation and editing

Readings:

Due:

NO CLASS: September 6

• Labor Day - NO CLASS

Session 5: September 8

Topics:

• Hardening the Operating System
• Preventing Attacks that Target the Web Browser
• Hardening Web Servers

Readings:

• Chapter 3: Protecting Systems (through Hardening Web Servers)

Due:

Session 6: September 13

Topics:

• Protecting Systems from Communications-Based Attacks
• Applying Software Security Applications

Readings:

• Chapter 3: Protecting Systems (the remainder of the chapter)

Due:

• Chapter 3 Online Assessment
• Chapter 3 Homework Assignment

Session 7: September 15

Topics:

• Network Vulnerabilities
• Categories of Attacks

Readings:

• Chapter 4: Network Vulnerabilities and Attacks (through Categories of Attacks)

Due:

• Course project ideas submitted for approval

Session 8: September 20

Topics:

• Methods of Network Attacks

Readings:

• Chapter 4: Network Vulnerabilities and Attacks (the remainder of the chapter)

Due:

• Chapter 4 Online Assessment
• Chapter 4 Homework Assignment

NO CLASS: September 22

• Student Success Day - Make sure to attend at least two sessions for homework credit!

Session 9: September 27

Topics:

• Crafting a Secure Network

Readings:

• Chapter 5: Network Defenses (through Crafting a Secure Network)

Due:

Session 10: September 29

Topics:

• Applying Network Security Devices
• Host and Network Intrusion Protection Systems (HIPS/NIPS)
• Protocol Analyzers
• Internet Content Filters
• Integrated Network Security Hardware

Readings:

• Chapter 5: Network Defenses (the remainder of the chapter)

Due:

• Chapter 5 Online Assessment
• Chapter 5 Homework Assignment

Session 11: October 4

Topics:

• IEEE 802.11 Wireless Security Protections
• Vulnerabilities of IEEE 802.11 Security

Readings:

• Chapter 6: Wireless Network Security (through Vulnerabilities of IEEE 802.11 Security)

Due:

Session 12: October 6

Topics:

• Personal Wireless Security
• Enterprise Wireless Security

Readings:

• Chapter 6: Wireless Network Security (the remainder of the chapter)

Due:

• Chapter 6 Online Assessment
• Chapter 6 Homework Assignment

Session 13: October 11

Topics:

• What is Access Control
• Logical Access Control Methods

Readings:

• Chapter 7: Access Control Fundamentals (through Logical Access Control Methods)

Due:

Session 14: October 13

Topics:

• Physical Access Control

Readings:

• Chapter 7: Access Control Fundamentals (the remainder of the chapter)

Due:

• Chapter 7 Homework Assignment

Session 15: October 18

Topics:

• Definition of Authentication
• Authentication Credentials

Readings:

• Chapter 8: Authentication (through Authentication Credentials)

Due:

Session 16: October 20

Topics:

• Extended Authentication Protocols
• Remote Authentication and Security

Readings:

• Chapter 8: Authentication (the remainder of the chapter)

Due:

• Chapter 8 Homework Assignment
• Chapter 7 Online Assessment

Session 17: October 25

Topics:

• Risk Management, Assessment, and Mitigation
• Identifying Vulnerabilities

Readings:

• Chapter 9: Performing Vulnerability Assessments (the entire chapter)

Due:

• Chapter 8 Online Assessment
• Chapter 9 Homework
• Midterm Assessment

Session 18: October 27

Topics:

• Privilege Auditing
• Usage Auditing
• Monitoring Methodologies and Tools

Readings:

• Chapter 10: Conducting Security Audits (the entire chapter)

Due:

• Chapter 9 Online Assessment
• Chapter 10 Homework

Session 19: November 1

Topics:

• Defining Cryptography
• Cryptographic Alorithms
  • Hashing Algorithms
    • Message Digest (MD)
    • Secure Hash Algorithm (SHA)
    • Whirlpool
  • Password Hashes

Readings:

• Chapter 11: Basic Cryptography (through Password Hashes)

Due:

• Chapter 10 Online Assessment

Session 20: November 3

Topics:

• Cryptographic Alorithms
  • Symmetric Cryptographic Algorithms
  • Other Algorithms
  • Asymmetric Cryptographic Algorithms
  • RSA
  • Diffie-Hellman
  • Elliptic Curve Cryptography
• Using Cryptography on Files and Disks

Readings:

• Chapter 11: Basic Cryptography (the remainder of the chapter)

Due:

• Chapter 11 Homework

Session 21: November 8

Topics:

• Digital Certificates
• Public Key Infrastructure

Readings:

• Chapter 12: Applying Cryptography (through Public Key Infrastructure)

Due:

• Chapter 11 Online Assessment

Session 22: November 10

Topics:

• Key Management
• Cryptographic Transport Protocols

Readings:

• Chapter 12: Applying Cryptography (the remainder of the chapter)

Due:

• Chapter 12 Homework

Session 23: November 15

Topics:

• Environmental Controls
• Redundancy Planning

Readings:

• Chapter 13: Business Continuity (through Redundancy Planning)

Due:

• Chapter 12 Online Assessment

Session 24: November 17

Topics:

• Disaster Recovery Procedures
• Incident Response Procedures

Readings:

• Chapter 13: Business Continuity (the remainder of the chapter)

Due:

• Chapter 13 Homework

Session 25: November 22

Topics:

• Organizational Security Policies
• Types of Security Policies
• Education and Training

Readings:

• Chapter 14: Security Policies and Training

Due:

• Chapter 13 Online Assessment
• Chapter 14 Homework

Session 26: November 24

Topics:

• Lab / Project Time

Readings:

Due:

• Chapter 14 Online Assessment

Session 27: November 29

Topics:

• A very special multimedia presentation

Readings:

Due:

Session 28: December 1

Topics:

• A very special multimedia presentation

Readings:

Due:

• Online Final Exam

Session 29: December 6

Topics:

• Security+ Study Session

Readings:

Due:

Session 30: December 8

Topics:

• Security+ Study Session

Readings:

Due:

Session 31: THURSDAY December 16

Please not that class meets 2:00-3:50pm on THURSDAY due to finals week. Topics:

• Security+ Study Session

Readings:

Due:

• CNT Projects
• Online Final Exam

---

The instructor reserves the right to modify and adjust the schedule and assignments as needed during the course of this class. The most up to date version will always be available on the course website or from the instructor.