BE 201: Biophysics

spongehousesSecurity

Nov 3, 2013 (3 years and 8 months ago)

73 views

CS
188

Introduction to
Information Security

SPRING
,
Every Year



Catalog Description:


This course will introduce the basic concepts of information security necessary for students to
understand risks and mitigations associated with protection of systems a
nd data. Topics include
a) security models and architectures, b) security threats and risk analysis, c) access control and
authentication/authorization, d) cryptography, e) network security, f) secure application design,
and g) ethics and the law.







I
nst
ructor in Charge:


Arthur Lessard


Objectives:


To provide an introduction to a broad spectrum of information security topics, readying
undergraduate students to focus on specific areas of interest later in their coursework, The
course will emphasize r
eal
-
world security issues su
ch as risk assessment and e
thics/law,
as well as theoretical topics such as encryption theory and security models. Students
completing this course will be familiar with a wide range of information security topics.





Prerequis
ites:

Fundamental understanding of computer networks, basic coding, and the TCP/IP protocol
suite is strongly recommended.




TOPICS


I.

Introduction to Information Security



C
-
I
-
A



Goals of information security



Basic security models/defen
se in depth



Basic Security Threats

o

Information warfare

o

Security trends

o

Risk analysis


II.

Fundamental

Security
Building Blocks



Cryptography (A
sym
m
etric, symmetric)



Basic Key Management



Hashing and message integrity



Identificat
ion/authentication/authorization


III.

Network Security



TCP/IP

security gaps,

and add
-
on security



Network devices
/tools

and security


i.

Firewalls, load balancers, nIDS, nIPS

ii.

802.1x



Network services and security

i.

DNS/DNSSec

ii.

Tu
nne
ling/IPSec

iii.

Wireless (WEP, WPA, EAP/PEAP)


IV.

OS Security



Operating Syste
m
Process/execution exploits



Memory flaws



System call f
laws

i.

hIPS and system call interception



File/Storage system protection



Secure Authentication

i.

Kerberos

ii.

Two
-
factor auth

iii.

SSO

iv.

Passport and Liberty Alliance


V.

Application Security



Configuration issues



Input c
hecking



Buffer overflows/Stack flaws



Hacking vs. cracking



Malware

i.

Worms, viruses, Trojans

ii.

Spyware

iii.

Bots



Recent pandemics

i.

Blaster

ii.

Slammer

iii.

Windows Metafile



Patch More vs. Patch Less



Secure coding methodology
/OWASP


VI.

Web Security



The web browser, basic operatio
n



Digital certificates/X.509

i.

Operation

ii.

Flaws



XSS



SQL injection



Browser configuration for safe surfing



Web resources for security

i.

CERT

ii.

SANS

iii.

XForce



DOS and DDOS



Tools for securing an environment

i.

Basic TCP/IP tools (ICMP, Traceroute)

ii.

Nmap

iii.

Other tools (satan
,
etc.)


VII.

Cyberlaw, ethics and forensics



C
yberlaw
/legislation

i.

Privacy issues

ii.

Financial information



Hacking vs. cracking



C
omputer crimes



Crime investigation
/forensics