Section Menu

IA Course

CPSC 4620/5620 Computer Network Security

Course Description

A study of key security issues and procedures in computer and mobile communication networks. Among the issues to be discussed are: the security of LANs, WANs, databases, and network operating systems; threats to computer networks through exploitation of network infrastructure design weaknesses; security flaws in the network infrastructure protocols; security of content in computer network services; risk assessment and security policies; and security in mobile communication networks. Procedures will include: network intrusion detection and forensics technologies, cryptographic and authentication systems, capability and access control mechanisms, and new developments in Internet routing and transport protocols, secure mail, directory, and multimedia multicast services. Current trends and research in security policies and technologies will also be discussed.

Prerequisite: CPSC 4550 or 5550 or approval of department head.

Course Outcomes

  • Provide students with a high‐level understanding of how information security functions in an organization.  
  • To master understanding external and internal threats to an organization,
  • To be familiar with information security awareness and a clear understanding of its importance,
  • To be familiar with how threats to an organization are discovered, analyzed, and dealt with,
  • To master fundamentals of secret and public cryptography,
  • To master protocols for security services,   
  • To be familiar with  network security threats and countermeasures,
  • To be familiar with network security designs using available secure solutions (such as PGP, SSL, IPSec, etc),
  • To be familiar with advanced security issues and   technologies (such as DDoS attack detection and containment, and anonymous communications,),
  • To be exposed to original research in network security,
  • To be exposed to the importance of integrating people, processes and technology

Textbooks:

  • Michael T. Goodrich & Roberto Tamassia, Introduction to Computer Security, ISBN-13: 978-0-321-51294-9, ISBN-10: 0-321-51294-4, Pearson, 2011.
  • Vincent Nestler, Gregory White, wm. Arthur Conklin, Principles of Computer Security: CompTIA Security+ and Beyond – Lab Manual, ISBN: 978-0-07-174856-8, MHID: 0-07-174856-3, McGraw Hill, 2011.

CPSC 4620 Syllabus               CPSC 5620 Syllabus 

Course Outline

Topic 1:                 Introduction

CIA, Security goals, Assurance, Authenticity, Trust management, Anonymity, Threats and attacks (Eavesdropping, Alteration, Denial-of-service, Masquerading, Repudiation, Correlation and traceback), Security principles, Economy of mechanism, Fail-safe defaults, Complete mediation, Open design, Separation of privilege, Least privilege, Least common mechanism, Psychological acceptability, Work factor, Compromise recording, Access Control, Role-based access control, Symmetric cryptosystems, Symmetric key distribution, Public-key cryptography, Digital signatures, Hash functions, Message authentication codes, Digital certificates, Passwords, Password complexity, Social Engineering

Topic 2:                 Physical Security: Authentication, TEMPEST, RFID, Biometrics

Topic 3:                 Operating System Concepts and Buffer-over-flow

Topic 4:                 Operating System Security Application Program Security

Topic 5:                 Malware: Insider Attacks, Malware, Privacy-Invasive Software, Countermeasures

Topic 6:                 Network Security: ARP, ICMP, Sniffing, IP Spoofing

Topic 7:                 Network Security: TCP, UDP, NAT, TCP Session Hijacking, DoS

Topic 8:                 Network Security: DNS, SSH, VPN

Topic 9:                 Network Security: IPSec, SSL, Firewall, Wireless security

Topic 10:              Web Security

Topic 11:              Cryptography

Topic 12:              Security Models and Practice

Topic 13:              Digital Right Management

Topic 14:              Spam and Cybercrime  

 Hands-on Labs

1. Buffer Overflow Vulnerability Lab

2. Race Condition Vulnerability Lab

3. Cross-Site Scripting (XSS) Attack Lab

4. DNS Pharming Attack Lab

5. Linux Firewall Lab

6. Attack Lab: Attacks on TCP/IP Protocols

References

Journal

  • IEEE Signal Processing Society., & Institute of Electrical and Electronics Engineers. (2006). IEEE transactions on information forensics and security. New York, NY: IEEE Signal Processing Society.
  • Network security. (1900). New York, NY: Elsevier Science Pub. Co.
  • Association for Computing Machinery., & National Institute of Standards and Technology (U.S.). (n.d.). ACM conference proceedings. New York: Association for Computing Machinery.
  • Association for Computing Machinery. (2005). ACM transactions on storage. New York, N.Y: ACM.
  • International journal of electrical power & energy systems. (1979). Guilford, Eng.: IPC Business Press.

Article

  • Aydin, M. A., Zaim, A. H., & Ceylan, K. G. (May 01, 2009). A hybrid intrusion detection system design for computer network security. Computers and Electrical Engineering, 35, 3, 517-526.
  • Network security. (January 01, 2006). Broadcast Engineering, 48, 7.)
  • Bradbury, D. (January 01, 2006). Modeling network security. Computers & Security, 25, 3.)
  • Network Security Appliance Adds Compliance Reports; Network Intelligence enhances network security appliance to report on Sarbanes-Oxley compliance.(enhancement of Network Intelligence Engine)(Brief Article). (January 01, 2005). Informationweek.
  • Wilson, J. (January 01, 2005). The Two Sides Of Network-Security Devices; Today's IT security buyers have a wide variety of network-security products to choose from, which can be broken into two primary categories: network-integrated security and standalone security. Informationweek.
  • Langley, N. (January 01, 2005). hot skills Firewalls and VPNs are the mainstays of network security; Network security can be lucrative but be prepared for costly training.(virtual private networks). Computer Weekly, 40.
  • Periolat, J. (January 01, 2005). A new network perimeter.(network security). Communications News, 42, 3.)
  • Roberts, G. (January 01, 2006). Network Security Is Manageable. Computers in Libraries, 26, 1, 28-30.

Book

  • Kizza, J. M. (2013). Guide to computer network security. London: Springer.
  • Kizza, J. M. (2006). Computer network security and cyber ethics. Jefferson, N.C: McFarland.
  • McClure, S., Scambray, J., & Kurtz, G. (2009). Hacking exposed 6: Network security secrets & solutions. New York: McGraw-Hill.
  • Wang, Y. (2009). Statistical techniques for network security: Modern statistically-based intrusion detection and protection. Hershey: Information Science Reference.
  • Bishop, M. (2003). Computer security: Art and science. Boston: Addison-Wesley.

Newspaper

  • Investor's business daily. (2002). Los Angeles, Calif: Investor's Business Daily, Inc.

Resources

Secure Use

General Security Policy: Cyber Ethics

Cyber Ethics 

General Security Policy: Information Technology Security Evaluation Criteria (ITSEC)

ITSEC Definition 

General Procedures: Inference

Inference Definition 

General Procedures: Rainbow Series

Rainbow Series 

General Procedures: NSTISSAM COMPUSEC/1-99 Insider Threat to Government Computer Systems

NSTISS Glossary 
TEMPEST 

General Countermeasures and Safeguards: Computer Law

Computer Law 

General Countermeasures and Safeguards: Computer Media

Computer Media 
Remanence 

General Countermeasures and Safeguards: Evaluate Security Testing Tools

Security Testing Tools 

Administrative Countermeasures/Safeguards: Control Management

Change Control 
Control Management 

Administrative Countermeasures/Safeguards: Privacy Act

Privacy Act of 1974 

Operations Policies/Procedures: Keystroke Monitoring

Keystroke Monitoring 

Operations Policies/Procedures: Disaster Recovery Planning

Disaster Recovery 

Incidents

Policy and Procedures: Incident Response

Incident Response 

Policy and Procedures: Witness Interrogation

Witness Interrogation 

Operations Countermeasures/Safeguard: Computer Attacks

Computer Attacks 
Computer Virus Timeline 

Operations Countermeasures/Safeguard: Computer Emergency Readiness Teams

CERT 

Configuration

Administrative Policies/Procedures: Approval to Operate

Approval to Operate 

Administrative Policies/Procedures: Configuration/Change Control

Change Control 

Administrative Policies/Procedures: Copyright Protection

Copyright Protection 

Administrative Policies/Procedures: Patch Management

Patch Management 

Administrative Policies/Procedures: Records Management

Records Management 

Administrative Policies/Procedures: Wireless Use Policies

Wireless Use Policy 

Anomolies and Integrity

General Risk Management: Computer System Risk Management

Risk Management 

Access Control Safeguards: Computer System Access Control

Access Control 

Access Control Safeguards: Protected Distribution Systems

Protected Distribution System 

Access Control Safeguards: Information Systems Access Restrictions

Access Restrictions 

Administration

Access Control Mechanisms: KMI Applications

Key Management 

Access Control Mechanisms: Single Sign-on

Single Sign On 

 

IA Sites

©