CS 456/556 - Computer Security - Foundations

pyknicassortedΑσφάλεια

3 Νοε 2013 (πριν από 3 χρόνια και 7 μήνες)

80 εμφανίσεις

CS 456/556
-

Computer Security
-

Foundations


Syllabus & Instructions for survival


Southern Oregon University

Fall 2011















Instructor:


Lynn Ackler

Office:


CSC

222

Office Hours:

9:00
-

10:00 Monday and Wednesday

By appointment

Phone:


552
-
6974

e
-
mail:


ackler@sou.edu


Texts:

LabSim Security+ SY0
-
301(REQUIRED)

Applied Cryptography Second Edition
,
Bruce Schneier, Wiley 1996, ISBN 0
-
471
-
12845
-
7 (weakly recommended)


http://books.google.com


Draft SP 800
-
68 Revision 1, Guide to Securing Microsoft Windows XP Systems for IT Professionals

NSTISSI No. 4011, National Training Standar
d for Information Systems Security Professionals,NSTISSC

The Information Assurance Technical Framework
, NSA

Trust Modeling for Security Architecture Development

Sun Microsystems

The Common Criteria
, NIST

Risk M
anagement Guide for Information Technology Systems
,
NIST


Syllabus:

http://webpages.sou.edu/~ackler/Computer_Security
-
I/CS_456.doc



Presentation Materials:

http://webpages.sou.edu/~ackler/Computer_Security
-
I/index.htm



Weekly Assignment:

Security Now Podcast by Steven Gibson and LaPorte

Sans News Bites

(requires signup)


Monthly Assignment:

Cryptogram


Prerequisites:

Upper division standing in Computer Science and Network I, CS 336


Course Description
:

Intro
duces the many facets of computer security and information assurance. Explores the security organization and
infrastructure within an organization along with policies, standards, and procedures.
Discusses the system engineering principles
to set system sec
urity requirements.
Covers cryptographic protocols, modes, and algorithms, including DES, AES, RSA, and
Kerberos
.



Objectives:

1.

Become sensitive to the many

privacy and legal issues associated with computer and local area network security

2.

Acquire an apprec
iation for the multifaceted aspects of “computer security” and information assurance

3.

Gain familiarity with cryptographic protocols

4.

Gain a working knowledge of cryptography and its role in security

5.

Knowledge of some of the fundamental cryptographic algorith
ms

6.

Understand the basic model for Information Systems Security

7.

Understand the basics of security system engineering, security requirements

8.

Requirements for a career in Security Testing, OSSETMM



Working Rules:

Attendance:

Attendance is not required. How
ever to learn something outside of class takes about 10 times the effort as in class.
Anything presented in class is your sole responsibility to know. If you miss a class, it is your responsibility to obtain th
e
material presented, either on your own or
from me.

Incomplete:

In general an incomplete will not be given. If 75% of the course
-
work has been successfully completed, an incomplete
grade may be given for special cases.

Exams:

Exams are given once. There are no scheduled makeup exams.


If you are

in need of support because of a documented disability (whether it be learning, mobility, psychiatric, health
-
related, or
sensory) you may be eligible for academic or other accommodations through

Disability Services for Students.

Contact Margaret Dibb, Di
rector, DSS, at
dibbm@sou.edu
; or by calling 541
-
552
-
6213; or schedule an appointment in person at the
ACCESS Center, Stevenson Union, lower
-
level.

For Detailed Information:
www.SOU.edu/Access/Dss


Grading:

Grades will be given using the usual scale, 90
-

80
-

70


60.

Grades will be based on the following:

Hour test


100 points

MMC Lab


100 Points

AES/DES Evaluati on Program

100 points

Security +


200 points

Comprehensive Fin
al

200 points


Special Requirements for the Entire Sequence:


Listen to SecurityNow every week. Questions on the current podcast will be fair game on any and every exam/quiz.


You will subscribe to SANS NewsBites and be responsible for all issues on the e
xams.


You will subscribe to Cryptogram and be responsible for all issues on the exams.


Tentative Schedule:


Topics

Recommended Readings

Security+


Week 1:

Introduction



Overview of Security, Policies, Organization


0.0
-

Introduction




Workstation Secu
rity, MMC

Look it up.

Week 2:

Defense in Depth





Access control, password management



Incident handling, Web Security, info warfare

Week 3:

Intro to Cryptography, Protocols

Chapters 1


5: Schneier

1.0


Access Control


Modes, Key Management

Chapters 7


11: Schneier

Week 4
-

5:

DES, AES,

Sections 12.1


12.3, 9.1, 9.3, 9.6, 9.8


Message Digests

Sections 18.1, 18.5, 22.1


Schneier


Statistical Study due Nov. 30, 2011

Week 5
-

6:

Public Key Encryption, Digital Signatures

Sections 19.1, 19.2, 19.3, 19.
6


Schneier

2.0
-

Cryptography


RSA & Diffie
-

Hellman

Sections 18.1, 18.5, 22.1
-

Schneier


Week 7:

Intro to Information Systems Security Model

Annex to NSTISSI No. 4011


3.0


Network Infrastructure


Information Security Systems Engineering

Chapter 4


IATF

Week 8:

Trust Models, Security Models

Trust Modeling for Security Architecture

4.0


Network Attacks

Week 9:

Common Criteria , Threat Profiles & Risk Assessment

SP 800
-
30 Rev A, CC 2.1

Week 10:

Open Source Security Testing Methodology

OSTMM 2.2

Week

11:

Final exam, Dec. 10 @ 1:00 P
M


Special Note:

If at any time you are having difficulty talk to me. I am here to instruct, help and teach.