DEPARTMENT:
|
|
Computer
Science
|
|
SUBJECT CODE/ COURSE TITLE: |
|
IT 304/ Network and Internet Security |
|
CLASS HOURS: |
|
3 Hours per Week |
|
CREDITS: |
|
3 |
|
PREREQUISTE: |
|
IT 300 |
|
TEXTBOOKS: |
|
C. Pfleeger and W. Cheswick and |
|
REFERENCE: |
|
Internet. Computer Magazines and Journals |
|
SEMESTER: |
|
Spring 2007 |
|
Preparer: |
|
Dr. A. Joseph |
Course
Description: This course provides a practical approach to network
security applications and standards. The focus is to provide an in-depth
understanding of the current network security principles, features, protocols,
and implementations. The course includes a detailed discussion on design and
maintaining a computer network from the security point of view. The emphasis is
on applications that are widely used on the Internet and for corporate network,
and on standards, especially Internet standards that have been widely deployed.
PROFESSOR’S PROFILE
Professor:
|
|
Dr. A. Joseph
|
Office:
|
|
|
|
Telephone: |
|
212 346 1492 |
|
Email: |
|
|
|
Office Hours: |
|
Monday (NYC) Wednesday (NYC) |
COURSE PROFILE
EVALUATION
AND ASSESSMENT
Grading Policy
Final examination:
|
|
35%
|
|
Midterm |
|
25% |
|
Group/class participation: Coordinator/Reporter/observer
(document): Journal: Group Activity/Performance (in class) |
|
10% 0% 0% 10% |
|
Homework: |
|
|
|
Project/Report: Project Presentation: |
|
20% 10% (A late project will be penalized 5 points per day
for 5 days) |
|
Group members’ average performance (bonus): Above 85%: 72% -- 85%: 60% -- 71%: Below 60%: |
|
|
|
Extra credit assignment (Optional): Note: Only for students who are otherwise
fulfilling all of the other course requirements. |
|
10% (Due by week 12) |
Note: Non-team member
students are assigned grades based on the policy outlined within parentheses.
Final grade Determination
Above 92%
|
|
|
|
90% -- 92% |
|
|
|
83% -- 87% |
|
|
|
83% -- 86% |
|
|
|
80% -- 82% |
|
|
|
77% -- 79% |
|
|
|
70% -- 76% |
|
|
|
67% -- 69% |
|
D+ |
|
60% -- 66% |
|
D |
|
Below 65% |
|
|
|
Note: Grade is
computed to the nearest whole number. |
||
Learning Objectives and Outcomes
A student in the Network and Internet Security course
will achieve the following learning objectives by attaining the corresponding learning
outcomes:
Objective #1
Students will understand the risky aspects of
computing in the context of threats and vulnerabilities, and controls used to
eliminate or minimize the threats.
Outcomes #1
a.
Demonstrate the
ability to distinguish and to relate threat, vulnerability, and control.
b. Show clear understanding of the goals of computing –
confidentiality, integrity, and availability and their tradeoff in producing a
secured computing network.
c.
Can explain any
relationship between the goals of computing -- confidentiality, integrity, and
availability --and the types of threat – interception, interruption,
modification, and fabrication.
d. Convincingly discuss the general categories of
computer criminals and the circumstances under which they attack they attack
computing systems.
e.
Clearly explain
four controls that are available to address threats and discuss how they can be
used to reinforce each other.
Objective #2
Students must understand the basic concepts of encryption;
differentiate between substitution and transposition; and compare and contrast
different types of encryption algorithms with concrete examples and typical
uses.
Outcomes #2
a.
Show the ability
to analyze encryption through the decryption of ciphertext.
b. Demonstrate clear understanding of substitution and
transposition and the level of the security they provide.
c.
Show clear
understanding of the significance of strong encryption and the time sensitivity
of data.
d. Know the significance of the exportability criterion in
the selection of cryptographic standard.
e.
Able to
distinguish ‘turn the handle’ algorithms from other encryption algorithms and
highlight their advantages to users.
Objective #3
Students will develop thorough knowledge software
vulnerabilities and trusted systems design including operating systems and
other programs.
Outcomes #3
a.
Demonstrate clear
understanding and the ability to differentiate between intentional and
unintentional program flaws and their sources.
b. Using appropriate illustrative examples, discuss the
usefulness of developmental, operating system and administrative controls in
finding and fixing security flaws in programs.
c.
Demonstrate firm
knowledge in the design principles involved in the development of trusted
operating systems and other programs.
d. With clear understanding and appropriate examples,
able to convincingly show that the model, design, and implementation of an
operating system is correct.
Objective #4
Students acquire deep understanding and sound
knowledge of networks including the Internet along with the types of threats
they experience and the controls used to thwart or reduce attacks.
Outcomes #4
a.
Demonstrate the
keen ability to compare and contrast different types of networks and
communication media.
b. Using proper illustrations compare and contrast the
International Standard Organization (ISO) Open System Interconnection (OSI)
model and transmission Control Protocol/Internet Protocol (TCP/IP) protocols.
c.
Be knowledgeable
about sources of network vulnerabilities and the threats to confidentiality,
integrity, or availability, as well as to hardware, software, and data by
accidents, humans including malicious attackers, and nature.
d. Know the type of defenses (e.g., firewall, intrusion
detection systems, encrypted email, etc.) available to address network security
issues.
Objective #5
Students will acquire the knowledge and understanding
for developing business case for network security, know how to measure and
quantify the cost cybersecurity incidents, and understand how to model the
impact of security investment.
Outcomes #5
a.
Able to
convincingly explain the economic good of computing systems security to an
individual, organization, or nation.
b. Using appropriate examples, demonstrate the
relatedness of security to risk.
c.
Demonstrate clear
understanding of the difficult task of estimating and quantifying cybersecurity
threats and risks and some of the ways available to overcome this difficulty.
d. Know the reasons why companies invest in cybersecurity
as well as the influence of the human aspects of projects and teams in making
these investment decisions more cost effective.
Objective #6
Students will understand the existence of and the
issues of the privacy, and how it is impacted by computing and information
technology.
Outcomes #6
a.
Demonstrate a
clear understanding and knowledge of different ways in which personal privacy
can be invaded or threatened through misuse of personal data.
b. Demonstrate clear understanding of the principles and
policies of privacy in the
c.
Compare and
contrast authentication and identification.
d. Know the ways in which a user’s privacy is lost on the
Internet and how data mining may or may not be used to undermine privacy.
Objective #7
Students will develop team-building, social, and
organizational skills that they can further develop in other classes and in
their professional careers.
Outcomes #7
a.
Demonstrate an
ability to work effectively in teams.
b. Demonstrate the ability for effective verbal and
written communication.
Tentative
Examination Schedule:
|
Course Section |
Midterm Exam Dates |
Project Submissions |
Final Exam Date |
|
IT 304/CRN 22228 |
|
|
|
Class
meeting Schedule
|
Course Section |
Day, Time, and Location of Class Sessions |
First and Last Day of Class |
|
IT 304/ CRN:22228 |
Tuesday: |
First class: Last class: |
Note 1: To facilitate
and promote learning, you are encouraged to download the lectures from
Blackboard and study them along with the material in the textbook. All lessons
will be posted on Blackboard at least a week in advance. Use the textbook to
complement and perhaps, at times, expand and elucidate ideas presented in the
lecture notes.
Note 2: Some lessons
may be presented in a storytelling format while others will highlight
inquiry-based lecture-discussion and problem based learning. However, the course
will centrally focus on problem-solving in a collaborative learning setting
where you will be a member of a team. The solutions to the homework problems
will be provided to you in class as a means to explain the course concepts or
through Blackboard postings. To get the most out of the course, you are encouraged
to follow and keep up with the reading assignments and genuinely attempt each
homework problem before coming to class. For those problems you cannot solve,
determine the nature of your difficulty and bring it up in class. The idea is
to come to class willing to learn and ready to ask questions about the course
materials and problems. The mantra of this course is learning, learning, learning.
Note 3: In the interest
of learning, it is very important that
you foster an inquisitive mind – do all the required assignments. Failing to do
so may diminish your ability to get the most out of each lesson and the class.
NOTE 4: LEARNING IS AN
ACTIVE PROCESS – IT IS MORE THAN PASSING EXAMS; IT’S ABOUT USING WHAT’S LEARNT
TO DO SOMETHING MEANINGFUL AND PRACTICAL. TO LEARN SOMETHING IS TO UNDERSTAND
IT AND TO BE ABLE TO USE IT. IT’S ABOUT KNOWLEDGE TRANSFER.
Note 5: It is very
important you read and familiarize yourself with SCSIS Statement of Student Responsibilities (see Blackboard).
TOPICS COVERED
|
Weeks |
Topics
|
Assignments
|
|
|
|
|
|
1 |
Security problem in computing: meaning of
security and computer security; attacks; computer criminals; and methods of
defense. |
Read: Chapter 1. Do problems: 1, 3, 7, 8, 9, 10, 11, 15, 16, 18, 20,
& 21. |
|
|
|
|
|
|
|
|
|
2-3 |
Elementary cryptography: substitution
ciphers; transposition (permutations); good encryption algorithms; data
encryption standard (DES); Advanced encryption algorithm (AES); public key
encryption; and the uses of encryption. |
Read: Chapter 2. Do problems: 2, 3, 5, 7, 10, 13, 14, 15, 17, 18, 19,
20, 25, 26, & 31. |
|
|
|
|
|
|
|
|
|
3-5 |
Program security: secure
programs; non-malicious program errors; viruses and other malicious code;
targeted malicious code; and controls against program threats. |
Read: Chapter 3. Do problems: 2, 3, 4, 5, 7, 8, 9, 10 & 14. |
|
|
|
|
|
|
|
|
|
5-7 |
Designing trusted operating systems: trusted
systems; security policies; models of security; trusted operating system
design; and assurance in trusted operating systems. |
Read: Chapter 5. Do problems: 1, 2, 5, 6, 7, 9, 11, 14, & 18. |
|
|
|
|
|
|
|
|
|
7-10 |
Security in networks: network
concepts; threats in networks; network security controls; firewalls; intrusions
detection systems, secure email; traps, lures, and honey pots; and the hacker’s
workbench. Exam #1 (week #8) |
Read Chapter 7 Do problems: 3, 5, 8, 10, 14, 19, 29, 32, 33, 36,
54, 56, & 63 |
|
|
|
|
|
|
|
|
|
11 |
Economics of cybersecurity: making the
business case; quantifying security; and modeling cybersecurity. |
Read Chapter 9. Do problems: 1-5 |
|
|
|
|
|
|
|
|
|
11-12 |
Privacy in computing: privacy
concepts; privacy principles; and policies; authentication and privacy; data
mining; privacy on the web; email security; and the impact of emerging
technologies. Exam #2 (week #12) |
Read Chapter 10. Do problems: 1-5 |
|
|
|
|
|
|
|
|
|
13 |
Project presentation and submission: projects
presented to class in PowerPoint and submitted to the professor/instructor. |
|
|
|
|
|
|
|
|
|
|
14 |
Final Examination. |
|
|
|
|
|
|
|
|
|
|
Note 1: This course
is structured around purposely formed diverse small collaborative groups in a
cooperative learning environment. Students are encouraged to work together in
their respective groups to form effective and productive teams that share the
learning experience within the context of the course, help each other with
learning difficulties, spend time to get to know each other, develop cultural
awareness, diversity sensitivity, consensus building skills, and spend time
each week to discuss and help one another with the course work (content and assignments).
Each team member is responsible for the completion and submission of each
assignment. Team members will be asked to sit in adjacent seats. Each team
member will be individually graded. Each exam is an individual effort. All
exams are closed book. |
||
|
|
||
|
Team project: Students in
teams of two to four will participate in a product development or research
supported by a technical report. The project may involve the use of a low
level and/or high-level programming language. In this project, students will
satisfy a market niche and/or solve a technical problem, and then demonstrate
their knowledge, understanding, and implications of the solution. Grade
assignment to individual team members will be based upon the member’s
personal involvement with his or her team’s project along but not limited to
the following items: programming, codes testing and correction,
documentation, report writing, proofreading, and any combination of the
above. |
||
|
|
||
|
Web support: This course
will be supported with most or all of the following Blackboard postings:
lesson questions, lessons (PowerPoint), instructions and guidelines
pertaining to the course, computer architecture and related news, team and
class discussions boards, email correspondence about the course, homework
solutions, examination grades, and miscellaneous course related activities
and information including computer organization related links to the
Internet, teamwork and team-building skills. |
||
|
|
||
|
Supplementary materials: Handouts in
class or web postings of current events and issues affecting computer
architecture. |
||
|
|
||
|
Business Model: Each team may
be viewed as a small business that is seeking creative and innovative ways to
maximize its product, academic outcome or average group grade. A satisfactory
product has a projected break-even team average grade of 75%. Teams getting
average grades above 75% are profitable enterprises. |
||
|
|
||
In
class activity and participation: Students are
recommended to bring to class current newsworthy events in computer
organization/architecture and related news to share with the class. Students
will inform the class of the news events and their significance to
computing.
Since most learning takes place outside of the
classroom, teams are encouraged to function outside of the classroom. Team
activities will be reinforced inside of the class during the lessons. Student
teams are encouraged to function cohesively and to participate in all class
activities. Each team member must note that your friendliness
towards each other, the amount of activity each team member bring to bear
within and on behalf of the team, and the intensity of the team interaction
contribute to the team’s performance and the performance of team member. |
||
|
Students are strongly encouraged to download the posted
lessons from Blackboard, review them, and should ask pertinent questions
about the material in these lessons. Every effort will be made to present each lesson
using the storytelling, problem solving, or problem based learning strategies
supported with subsequent discussion on the central points of the lesson. The key elements of a story are the following: casualty,
conflict, complication, and character. |
The following excerpts about collaborative learning
are from research documents:
·
In the university
environment, educational success and
social adjustments 
depend primarily on
the availability and effectiveness of developmental academic support systems.
·
Most organized learning occurs in some kind of group group characteristics
and group processes significantly contribute to success or failure in the
classroom and directly effect the quality and quantity of learning within the
group.
·
Group work invariably produces tensions that are
normally absent, unnoticed, or suppressed in traditional classes. Students bring with them a variety of
personality types, cognitive styles, expectations about their own role in the
classroom and their relationship to the teacher, peers, and the subject matter
of the course.
·
Collaborative
learning involves both management and decision-making skills to choose among
competing needs. The problems
encountered with collaboration have management, political, competence, and
ethical dimensions
·
The two key underlying principles of the collaborative
pedagogy are that active student involvement is a more powerful learning tool
than the passive attendance and that students working in groups can make for
more effective learning than students acting alone. The
Favorable outcomes of collaborative learning include greater conceptual
understanding, a heightened ability to apply concepts, and improved
attendance. Moreover, students become responsible for their own
learning is likely to increase their skills for coping with ambiguity,
uncertainty, and continuous change, all of which are characteristics of
contemporary organizations.
Who creates a new activity in the face of risk and
uncertainty for the purpose of achieving success and growth by identifying
opportunities and putting together the required resources to benefit from them?
Creativity is the ability to develop new ideas and to discover new ways to of looking at
problems and opportunities.
Innovation is the ability to apply creative solutions to those
problems and opportunities to enhance or to enrich people’s lives