Bachelor of Science in Information Technology
Electrical Engineering and Computer Science
School of Engineering
IT340: Computer and Information Security
Rassul Saeedipour Professor of Practice
BEST 250E
Office Hours:
| Monday | 12:00 pm - 06:00 pm |
| Tuesday | 12:00 pm - 03:00 pm |
| Wednesday | 12:00 pm - 03:00 pm |
| Thursday | 12:00 pm - 06:00 pm |
| Friday | 12:00 pm - 02:00 pm |
You are encouraged to make an appointment to make
sure I am not in a meeting or with another student.
(913) 897-8624, rsaeedipour@ku.edu, Website
Spring 2017, Thursdays 7:10-10:00 pm, BEST 220
Course Catalog Description
Fundamentals of computer security, security mechanisms, information states, security attacks, threat analysis models, vulnerability analysis models, introduction to cryptography, authentication, intrusion detection, intrusion prevention (firewalls), operating systems security, database security, software security, host hardening, incident and disaster response. Prerequisite: Completion of all courses on the transfer list.
Prerequisites
Completion of all courses on the transfer list
Course Objectives/Goals
- Explain key security concepts related to networking and information systems so that a lay person in this field could easily understand.
- Use the jargon and acronyms correctly and be able to translate technical articles into plain old English.
- Keep current on security related issues by selecting and understanding relevant articles in selected current periodicals.
- Make intelligent, reasonable, thoughtful, and accurate decisions about IT security, vulnerabilities, and legal issues.
Course Outcomes
Students should be capable of:
- Explaining key security concepts such as integrity, confidentiality, availability, non-repudiation, and authentication.
- Discussing the relationship between threats, vulnerabilities, countermeasures, attacks, compromises, and remediation.
- Discussing protection systems (firewalls), intrusion detection systems.
- Explaining the key factors involved in authentication and how they are used to verify identity and grant access to a system; explaining the characteristics of strong passwords.
Course Topics
- Security: history and terminology
- Security services: availability, integrity, confidentiality, authentication, non-repudiation
- Security vulnerabilities: inside attacks, external attacks, black hat, white hat, carelessness, ignorance, hardware software, network, physical access
- Security lifecycle and de sign principles
- Information states
- Threat and vulnerability analysis models
- Security mechanisms: authentication, biometrics, cryptography, intrusion detection
- Security attacks: social engineering, denial of service, protocol attacks, active and passive attacks, buffer overflow attacks
- Intrusion detection and intrusion prevention systems
- Malware (viruses, Trojan horses, worms)
- Information states: storage, transmission, processing
- Operating systems, database, and software security
- Host hardening, Incident and disaster response
Course Resources
Randall J. Boyle and Raymond R. Panko, Corporate Computer Security, 4th Ed. Pearson, Copyright 2015, ISBN: 978-0-13-354519-7
PDF slides Due to copyright, the user id and password for the resources will be provided at the beginning of the semester.
Grading
| A | = | 90% | - | 100% |
| B | = | 80% | - | 89% |
| C | = | 70% | - | 79% |
| D | = | 60% | - | 69% |
| F | = | 0% | - | 59% |
Grade Distribution
| Exams: | 50% |
| Quizzes: | 20% |
| Home assignments: | 30% |
Students are evaluated on their exams, quizzes, and home assignments
- There will be three exams (including final exam).
There will be 4-8 unannounced (i.e. "POP") quizzes. Quizzes will be taken at the first 10-15 minutes of class. The quizzes will consist of combination of multiple choice, true/false, and short answer questions that are designed to assess your knowledge of the material related to the previous few lectures. The scores for each quiz range between 10 and 25 points.
Makeup quizzes will only be offered in situations of legitimate extenuating circumstances (i.e. serious illness, accidents, etc.). In those cases, you will be required to provide proof of the extenuating circumstance prior to making up the quiz. If you know that you will be missing a class period due to other conflicts, let me know prior to that class period. In situations where there is no proof of extenuating circumstances or you did not let me know prior to missing the class, you will not be permitted a makeup quiz.
If you were granted for a makeup quiz, it must be taken prior to the next class session. - All assignments must be submitted in the form of soft or hard copy (depending on the type of assignment) prior or at the beginning of the class. 10% will be deducted from a late home assignment (a late home assignment must be submitted before the next class session, otherwise it will not be accepted and you will earn zero for it).
Attendance
Attendance is important and required. If a student misses a class session, he/she will be responsible for learning the materials on his/her own. In addition, the student will be responsible for getting the class notes, assignments, etc. from a classmate.
Academic Dishonesty
Academic dishonesty refers to cheating: a serious ethical issue. You are encouraged to work cooperatively with other students in the class. However, each student is expected to do his/her own assignments. Copying assignments or quiz/test cheating will result for zero credit. For further information please refer to:
Section 6. Academic Misconduct
Commercial Note-Taking
Pursuant to the University of Kansas' Policy on Commercial Note-Taking Ventures, commercial note-taking is not permitted in IT340. Lecture notes and course materials may be taken for personal use, for the purpose of mastering the course material, and may not be sold to any person or entity in any form. Any student engaged in or contributing to the commercial exchange of notes or course materials will be subject to discipline, including academic misconduct charges, in accordance with University policy. Please note: note-taking provided by a student volunteer for a student with a disability, as a reasonable accommodation under the ADA, is not the same as commercial note-taking and is not covered under this policy.
Services for Students with Disabilities
Any student with special needs or circumstances shout feel free to meet with me, or go to: KU Disability or for KU Edwards campus.
Other Policies/Requirements
- During class, all phones must be turned off or set on silent/vibration mode
- No computer of any kind (laptop, tablet, etc.) unless otherwise is needed specifically for the class
- No lecture recording is allowed in the classroom
- No wearing headphones in the classroom
- No using the Internet for non-class related purposes
- No food or beverages in the classroom
Make sure that you check your campus e-mail regularly. The university uses only your campus e-mail for any official notifications. Your outside classroom communication is via KU e-mail. Your e-mail subject must start with your course number then followed by any optional notes, i.e. IT340, project one.
| Dates | Topics | Assignments* |
|---|---|---|
| Jan 19 | Module A, Introduction to Networking | |
| Jan 26 | Chapter 1-The Threat Environment | Thought Questions: #1, 5, 6 Hands-on Projects: #1, NMAP Project Thought Questions: #1, 2 |
| Feb 02 | Chapter 2: Planning and Policy | Thought Questions: #2 Hands-on Projects: #1, SANS Project Thought Questions: #1, 3 |
| Feb 09 | Chapter 3: Cryptography | Thought Questions: #2 Hands-on Projects: #1, AxCrypt Project Thought Questions: #1, 2 |
| Feb 16 | Chapter 3: Cryptography (continued) | Thought Questions: #4, 5, 7, 10 Hands-on Projects: Public/Private key, PGP PGP download PGP installation |
| Feb 23 | Test 1(Chapters 1-3), Security related videos | Read chapter 4 |
| Mar 02 | Chapter 4: Secure Networks | Thought Questions: #1, 4 Hands-on Projects: #2, Secure HTTP Project Thought Questions: #5, 6, 7, 8 |
| Mar 09 | Chapter 5: Access Control | Thought Questions: #1, 5, 6 Hands-on Projects: #1, John the Ripper Project Thought Questions: #1, 2, 3 |
| Mar 16 | Chapter 6: Firewalls | Thought Questions: #4, 5 Hands-on Projects: #1, Wireshark Project Thought Questions: #1, 2, 3, 6 |
| Mar 30 | Chapter 7: Host Hardening | Thought Questions: #1, 4 Hands-on Projects: #1, FileVerifier++ Project Thought Questions: #6, 7 |
| Apr 06 | Test 2 (Chapters 4-7), Security related videos | Read chapter 8 |
| Apr 13 | Chapter 8: Application Security | Thought Questions: #1, 2 Hands-on Projects: #2, OWASP's WebGoat Project Thought Questions: #5, 7, 8 |
| Apr 20 | Chapter 9: Data Protection | Hands-on Project: #2, File Shredders Project Thought Questions: #5, 6 |
| Apr 27 | Chapter 9: Data Protection (continued) | Thought Questions: #1, 5, 6 |
| May 04 | Chapter 10: Incident and Disaster Response | |
| May 11 | Comprehensive Final |
*All assignments are due the next class session unless otherwise different dates are announced.