Introduction to Computer Security – S’21

CSCI 2246/6646 Introduction to Computer Security (Remote Synchronous)
Spring 2021
Meeting Times and Location(s): Wednesdays 7:05 – 9:55PM on Zoom
Credit Hours: 3
Faculty Contact Information:
Dr. Vahid Behzadan, Assistant Professor
Email: vbehzadan@newhaven.edu
Phone: 203-479-4723

COURSE SYLLABUS

This syllabus is informational in nature and is not an express or implied contract. It is subject to change due to unforeseen circumstances, as a result of any circumstance outside the University’s control, or as other needs arise. If, in the University’s sole discretion, public health conditions or any other matter affecting the health, safety, upkeep or wellbeing of our campus community or operations requires the University to make any syllabus or course changes or move to remote teaching, alternative assignments may be provided so that the learning objectives for the course, as determined by the University, can still be met. The University does not guarantee that this syllabus will not change, nor does it guarantee specific in-person, on-campus classes, activities, opportunities, or services or any other particular format, timing, or location of education, classes, activities, or services.

Modality:

This class is Remote Synchronous. This means that the class will meet online via Zoom and there are no in-person sessions. The class does not require the webcams to be turned on during the class, but it is encouraged.

Course Description:

This course provides students with the core foundations and principles of computer security. A survey of computer and network security issues, including types of network attacks, viruses, intrusion detection and tracking, firewalls, trust relationships and authentication, secure connections, cryptography, and recent security policy and legislation.

Prerequisite:

  • CSCI 2246: CSCI2210 or CSCI2212 or permission of the instructor
  • CSCI 6646: CSCI 6604 or permission of the instructor

Required Text(s):

Principles of Computer Security: CompTIA Security+ and Beyond, 5th Edition (Official CompTIA Guide). Arthur Conklin (Author), Gregory White (Author), ISBN: 978-1260026016

This is the most recent edition of the book. You might be able to get by with the 4th edition, but exams are based on topics in the textbook. It is best to be current.

Other: As required for homework, download of free or trial software.

Other Materials/Supplies:

Class will make extensive use of Canvas for class communications and assignments.

Course Structure/Course Format/Course Objectives:

While in the Remote Synchronous modality, students are expected to read the weekly materials to be discussed prior to the weekly class session (either attending in-person or online). For example, Chapter 1 will be discussed in class meeting 1 and corresponds to Module 1 on Canvas. Students should be ready to discuss that material. There will be additional activities: discussion forums, individual and group during class activities, and homework, that supplement the material.

Course Objectives & Student Learning Outcomes:

  • To define the basic terms in the security field and explain general security concepts.
  • To explain the responsibilities of a security officer in an organization.
  • Explain basic concepts of cryptography: symmetric, asymmetric, and public key encryption.
  • To become familiar with physical and infrastructure security.
  • To become familiar with a variety of computer attack types and malicious software.
  • To know the basics steps to secure computer systems.
  • To know the basics about network security.
  • To know the basics about computer forensics.

Professional Standards Addressed:

CompTIA Security+

Course Requirements & Assessment:

Please see official University of New Haven Academic Policies located in the links below:

Grading:

Grades earned are based on your performance on homework, projects, the midterm and the final exam. The weight of each component is outlined below:

Attendance (Participation)5%
Activities10%
Discussions10%
Homework15%
Project15%
Midterm20%
Final Exam25%
Total**100%
**Final Grades are assigned with the following scale:
Choose the scale applicable for your course. You may change the scale to the needs of the course/program.
Typical Undergraduate Scale    Typical Graduate Scale
Grades Scored Between & it’s Letter EquivalentGrades Scored Between & it’s Letter Equivalent
97 to 100 — A+97 to 100 — A+
94 to Less than 97 — A94 to Less than 97 — A
90 to Less than 94 — A-90 to Less than 94 — A-
87 to Less than 90 — B+87 to Less than 90 — B+
84 to Less than 87 — B84 to Less than 87 — B
80 to Less than 84 — B- 80 to Less than 84 — B-
77 to Less than 80 — C+77 to Less than 80 — C+
74 to Less than 77 — C 74 to Less than 77 — C
70 to Less than 74 — C-70 to Less than 74 — C-
67 to Less than 70 — D+Less than 70 — F
63 to Less than 67 — D
60 to Less than 63 — D-
Less than 60 — F

Expectations:

Deadlines and late submission:

Deadlines will be announced in the lecture and/or on Canvas. Note: Deadlines are fixed and specific to the Connecticut time zone, e.g., “submit by 11:59pm on February 10th”. If you miss a deadline, you will have up to 1 day to complete it, but you will have 50% of the points deducted per day. After one day, the assignment will be graded with 0 points. In other words, you should complete the assignments on time.

If you face any technical issue (e.g., Canvas stops working for electronic submissions), make a screenshot and write me an email immediately.

Midterm & Final Exams:

The midterm and final exams will most likely consist of multiple choice, fill-in-the-blank, and short essay questions that will be delivered via Canvas.

Exams must be taken at the time assigned (in all modalities). Exams are open PDF slides that are provided (no notes, Internet searching, etc.). During the exams, you must be working on a computer that has a working video camera* and microphone.

Note: This policy can change to closed book exams at any time.

Team Project:

Students must complete a team project with team of 3-4 students. In “all online” mode, some students may feel it is easier to do a Project solo. Please try to form a GROUP PROJECT.

Groups will choose a current or not so current topic in Computer Security, research the topic, generate a demonstration or example documentation, summarize the issues, and present the results to the class.

Groups are responsible for finding their own topic.

Note: The Project topic must be okayed by me before work starts.

The Project deliverable is a PowerPoint presentation and demonstration that includes the appropriate sections: introduction, analysis, problem solved/created, impact on Computer Security, and conclusions.

Note: The presentation must be at the level that an Introduction to Computer Security student can understand.

Note: Interactive demonstrations, real examples, supporting software, etc., is highly encouraged.

Dates for submissions are announced in the Schedule below, late submission results in loss of points. The final project for each student will be evaluated as follows:

CategoryPts
Presentation Quality5 pts
Research Output (Product/Software etc.)10 pts
Technical depth10 pts

Homework Assignments:

Homework assignments will be required. Each student must work on her/his own and submit proof that these assignments were completed. For example, if the assignment is “set up a firewall and only open port 80,” students need to describe how they configured the firewall, including screenshots for better understanding.

In total, there are 8-10 assignments which will be announced in class and posted throughout the semester on Canvas. The assignment will contain the submission information, e.g., please submit by the due date to avoid penalty.

Assignments overview (subject to change):

  1. Security Tools research
  2. Port Scanning
  3. Password Cracking
  4. Digital Signature / encrypted emails (assignment is complex and you have 2 weeks)
  5. Check your firewall
  6. Secure Internet Connection
  7. Sniff instant messenger
  8. SQL injection
  9. System recovery / backup
  10. List techniques you’ve done to harden your system. In other words, you are the Security Officer of your company, what are the top 5 policies or advice would you give your employees to make a more secure workplace

Assignments must state your name and the title of the assignment. They must be submitted online in PDF according to the deadline. They should not be longer than 1-2 pages (single-spaced), except if you need a lot of screenshots. The purpose of submitting the assignments/labs in this course is to illustrate that the work has been done and to reflect back on what has been done. If you feel there is a need to include more figures/tables, then please include them in an Appendix Note: the reader must be able to understand the work without reading the Appendix. If students need to cite any information, APA style should be used.

All assignments will be graded by the Instructor or TA.

If I see any plagiarism (see academic integrity below) you will receive 0 out of 10!

Submitted assignments will be graded as follows (note: 6 is good, a 10 is exceptional):

10 – clearly exceptional; went far beyond expectations in amount and/or quality of work
8 – very good; exceeded some requirements of the assignment
6 – good; met all expectations for assignment
4 – fair; missed some requirements
2 – poor; missed most or all requirements
0 – fail; work was unacceptable or not submitted in time

Security Article Presentation:

Each student is required to present to the class a current security article, event, or happening. Topics are obtained from searching the Internet or from a security newsletter, blog, or website. Presentations are no longer than 5 minutes and are to inform the class only. The presentation is worth one homework assignment. All attempts will be done to assign the presentation with about one class notice.

Missed Work:

If a student misses a class, it is their responsibility to obtain class notes, read the appropriate material, and make up any missed work. (Not all material discussed in class will be posted on Canvas.)

If you must miss a class, please notify me by email BEFORE the class session.

Missing a class effectively means getting a 0 on any in class quiz or activity. Beware, this can dramatically affect your grade.

Course Outline/Schedule:

 Lecture materialOther notes
Week 0

General introductions
“Anatomy of an Attack” as a template
 
Week 1

General Introductions
Chap 01: Intro and Security Trends
Chap 02: General Security Concepts, Part 1
 
Week 2

Chap 02: General Security Concepts, Part 2
Class Exercises: Worksheets: Security Principles Scenarios, Security Principles Violations, and Security Models (Bell-Lapadula/Biba)

Chap 04: The Role of People in Security

Class Exercise: Think, Pair/Group, Share

Optional: YouTube videos: Shoulder Surfing
Week 3

Chap 03: Operational and Organizational Security
Group work (pair and share)
Class Exercise: Think, Pair/Group, Share
Week 4
 
Chap 05: Cryptography

Chap 06: Applied Cryptography
Demonstrate Hashing tools and certificates
Week 5

Chap 07: Public Key InfrastructureEmail Security
Week 6Midterm 
Week 7Chapter 8: Physical SecurityDemos: key cards, secureID, etc.
Week 8Chap 10: Infrastructure Security Chap 11: Authentication and Remote AccessVideo: Mantrap, CCTV hack
Week 9
 
Chap 12: Wireless Security Chap 13: IDS and Network Security Video: WiFi password cracking
Week 10

Chap 15: Types of Attacks and Malicious Software 
Week 11

Chap 18: Secure Software Development 
Week 12

Team Report Presentations 
Week 13Additional Topic: Hardening, Disaster Recovery, Computer Forensics 
Week 14/15

  Additional Topic, Presentations 
FinalFinal Exam Week: Wednesday, Dec. 16, 8:00AM-10:00AM 
Schedule: Subject to Change

Reporting Bias Incidents:

At the University of New Haven, there is an expectation that all community members are committed to creating and supporting a climate which promotes civility, mutual respect, and open-mindedness. There also exists an understanding that with the freedom of expression comes the responsibility to support community members’ right to live and work in an environment free from harassment and fear. It is expected that all members of the University community will engage in anti-bias behavior and refrain from actions that intimidate, humiliate, or demean persons or groups or that undermine their security or self-esteem. (Reporting Options).

University-wide Academic Policies:

A continually-updated list of University-wide academic policies and descriptions of key university student resources, can be found on Canvas.  You can access them by simply clicking on the (?) help button.

The University-wide academic policies include (but are not limited to) the University’s attendance policy, procedures for both adding / dropping a course and course withdrawals, an explanation for the sorts of circumstances where incomplete (INC) grades could be considered by the faculty, and the academic integrity policy (among others).  Also in this location you will find information regarding the process for reporting bias and topics related to our maintaining a positive learning environment (including, but not limited to, discrimination and sexual misconduct). 

The list of key university student resources to enable learning include (but are not limited to) the University’s Center for Student Success, Writing Center, Center for Learning Resources, and the Accessibility Resource Center.