CS 439/539

From CS Wiki
Jump to: navigation, search

Applied Security Concepts

Catalog Description: Hands-on approach to computer security with emphasis on developing practical knowledge of how cyber attacks work and how to defend against them. Detailed exploration of attacks such as buffer overruns, string attacks, worms, trojan horses, and denial-of-service attacks, and development of defenses against them.

Type: Technical Elective course for all Computer Science majors. Required course for Computer Science with Information Assurance emphasis majors.

Total Credits: 3

Contact Hours: 1 hour of lecture and 4 hours of applied laboratory per week.

Course Coordinator: Daniel Conte de Leon

URL: Course site is on Blackboard (http://bblearn.uidaho.edu/).

Prerequisites: All CS 100 and 200 level courses with a C or better, plus CS-336: Introduction to Information Assurance, OR demonstrated knowledge of Information Assurance concepts and issues, programming, networking, and cryptography equivalent to a CISSP.

Textbook: Varies by Semester.

Prerequisites by Topic:

  • Fundamental concepts of operating systems
  • Hands on knowledge of Unix

Course Goals: The goal of this course is to give the students hands-on, applied knowledge of cyber-attacks, specifically, how they function and how they can be prevented. The course begins with an introduction to the class, followed by labs in which the students present varying malware threats (including viruses, worms, Denial of Service (DoS), man-in-the-middle, and buffer overruns and format string attacks and defenses). For each topic we discuss and demonstrate the defenses against those exploits. Each attack-defend scenario is covered in roughly 2 weeks duration, including student presentations.

Major Topics Covered

  1. Host and application hardening: essential and non-essential system services, patching, logging, auditing, security information and event management (SIEM), host-based and application firewalls, file system permissions.
  2. Network and system-wide hardening: network firewalls, intrusion detection and response systems, policies and procedures, and physical security.
  3. Practical uses, vulnerabilities, and mitigations of cryptographic techniques and their implementations for encryption and authentication; Password hashing and salts.
  4. Virtualization: applied uses of virtualized environments and implications to information assurance.
  5. Systems administration with focus on secure systems: system and application installation patching and upgrading, authentication and password policies, user accounts and access control; Practical implementation of user and file permissions in both Linux and Windows systems.
  6. Practical use of scanning, enumeration, and attack tools, such as: netstat, Wireshark, nmap, OpenVAS, Metasploit, john, and rainbow tables.
  7. Practical use of defense host, network, and application tools, such as iptables and its command line and GUI interfaces, Windows Firewall (command line and GUI). Microsoft EMET, AppArmor, bastille, PFSense, Snort, Nagios, OpenVAS, and ModSecurity.
  8. Analysis of security and hardening in mobile devices, i.e.: Android, using tailored tools.
  9. Presentation and analysis of some case studies of real attacks and system and application vulnerabilities, their adversary model, and potential mitigation strategies.

Course Outcomes

  1. Analyze sample computer systems and networks with the goal of designing and implementing defense in depth approaches, mechanisms, and tools.
  2. Identify and describe uses of cryptographic techniques, and potential vulnerabilities and mitigations.
  3. Configure sample systems and networks with a focus on the implementation and maintenance of security including: patching, updating, user management, service management, firewalls and IDSs backups, policies.
  4. Practically analyze and harden Windows, Linux-based hosts and networks, and mobile devices, using current tools.
  5. Adequately use scanning, enumeration, and attack tools, both command line and GUI-based, such as: netstat, Wireshark, nmap, OpenVAS, Metasploit, john, and Ophcrack, in order to analyze systems and networks for vulnerabilities in order to design and implement adequate mitigations.
  6. Adequately use defense host, network, and application tools, both command line and GUI-based, such as: iptables and its command line and firewall GUI interfaces, Windows Firewall, Microsoft EMET, AppArmor, bastille, PFSense, Snort, Nagios, OpenVAS, and ModSecurity, in order to implement security in sample systems.