CS 439/539: Applied Security Concepts
Catalog Description: Hands-on approach to computer security with emphasis on developing practical knowledge of how cyber attacks work and how to defend against them. Detailed exploration of attacks such as buffer overruns, string attacks, worms, trojan horses, and denial-of-service attacks, and development of defenses against them.
Type: CS 439 is a Technical Elective course for all Computer Science majors. Required course for Computer Science with Information Assurance emphasis majors. CS 539 is available for graduate credit.
Total Credits: 3
Contact Hours: 1 hour of lecture and 4 hours of applied laboratory per week.
Course Coordinator: Daniel Conte de Leon
URL: Course site is on Blackboard (http://bblearn.uidaho.edu/).
Prerequisites: All CS 100 and 200 level courses with a C or better, plus CS-336: Introduction to Information Assurance, OR demonstrated knowledge of Information Assurance and Cybersecurity concepts and issues, mitigation techniques, programming in C and Assembly, Networking, and Cryptography equivalent to a CISSP.
Textbook: Varies by Semester.
Course Goals: The goal of this course is to give the students hands-on, applied knowledge of cyber-attacks, specifically, how they function and how they can be prevented. The course begins with an introduction to the class, followed by labs in which the students present varying malware threats (including viruses, worms, Denial of Service (DoS), man-in-the-middle, and buffer overruns and format string attacks and defenses). For each topic we discuss and demonstrate the defenses against those exploits. Each attack-defend scenario is covered in roughly 2 weeks duration, including student presentations.
Major Topics Covered
- Host and application hardening: essential and non-essential system services, patching, logging, auditing, security information and event management (SIEM), host-based and application firewalls, file system permissions.
- Network and system-wide hardening: network firewalls, intrusion detection and response systems, policies and procedures, and physical security.
- Practical uses, vulnerabilities, and mitigations of cryptographic techniques and their implementations for encryption and authentication; Password hashing and salts.
- Virtualization: applied uses of virtualized environments and implications to information assurance.
- Systems administration with focus on secure systems: system and application installation patching and upgrading, authentication and password policies, user accounts and access control; Practical implementation of user and file permissions in both Linux and Windows systems.
- Practical use of scanning, enumeration, and attack tools, such as: netstat, Wireshark, nmap, OpenVAS, Metasploit, john, and rainbow tables.
- Practical use of defense host, network, and application tools, such as iptables and its command line and GUI interfaces, Windows Firewall (command line and GUI). Microsoft EMET, AppArmor, bastille, PFSense, Snort, Nagios, OpenVAS, and ModSecurity.
- Analysis of security and hardening in mobile devices, i.e.: Android, using tailored tools.
- Presentation and analysis of some case studies of real attacks and system and application vulnerabilities, their adversary model, and potential mitigation strategies.
Course Learning Outcomes
- Understand how the current U.S. legal framework, and personal, group, and organizational ethical decisions affect the Cybersecurity profession. (ABET CSAB Student Outcome(s): e, g).
- Analyze sample computer systems and networks with the goal of designing and implementing defense in depth approaches, mechanisms, and policies. (ABET CSAB Student Outcome(s): a, b, c).
- Identify and describe uses of cryptographic techniques, potential vulnerabilities, and mitigation approaches and tools. (ABET CSAB Student Outcome(s): a, i).
- Configure sample systems and networks with a focus on the implementation and maintenance of security including: patching, updating, user management, service management, firewalls and IDSs backups, and security policies and procedures. (ABET CSAB Student Outcome(s): i, j).
- Practically analyze and harden Windows, Linux-based hosts, Networks, and Mobile Devices using current processes and tools. (ABET CSAB Student Outcome(s): i).
- Adequately use scanning, enumeration, and attack tools, both command line and GUI-based, such as: netstat, Wireshark, nmap, OpenVAS, Metasploit, john, and Ophcrack, in order to analyze systems and networks for vulnerabilities in order to design and implement adequate mitigations. (ABET CSAB Student Outcome(s): i).
- Adequately use defense host, network, and application tools, both command line and GUI-based, such as: iptables and its command line and firewall GUI interfaces, Windows Firewall, Microsoft EMET, AppArmor, bastille, PFSense, Snort, Nagios, OpenVAS, and ModSecurity, in order to implement security in sample systems. (ABET CSAB Student Outcome(s): k).
- Be able to develop clear and well-written technical reports and develop and present well-designed technical presentations. (ABET CSAB Student Outcome(s): f).
- Be able to respectfully and successfully collaborate with the instructor and colleague students in order to coordinate schedules, and create and present coursework materials. (ABET CSAB Student Outcome(s): d).