Computer Science





IT 304/ Network and Internet Security





3 Hours per Week










IT 300





C. Pfleeger and S. Pfleeger, Security in Computing, 4th edition, Prentice Hall, 2007.


W. Cheswick and S. Bellovin, Firewalls and Internet Security, Addison-Wesley.






Computer Magazines and Journals





Spring 2007





Dr. A. Joseph



Course Description: This course provides a practical approach to network security applications and standards. The focus is to provide an in-depth understanding of the current network security principles, features, protocols, and implementations. The course includes a detailed discussion on design and maintaining a computer network from the security point of view. The emphasis is on applications that are widely used on the Internet and for corporate network, and on standards, especially Internet standards that have been widely deployed.










Dr. A. Joseph



163 Williams St., 2nd floor, Room 231



212 346 1492


Office Hours:


Monday (NYC)                 5:30pm – 8:00pm

Wednesday (NYC)           5:30pm -- 8:00pm






Grading Policy


Final examination:






Group/class participation:

Coordinator/Reporter/observer (document):


Group Activity/Performance (in class)










Project Presentation:




(A late project will be penalized 5 points per day for 5 days)

Group members’ average performance (bonus):

Above 85%:

72% -- 85%:

60% -- 71%:

Below 60%:



Extra credit assignment (Optional):

Note: Only for students who are otherwise fulfilling all of the other course requirements.


10% (Due by week 12)


Note: Non-team member students are assigned grades based on the policy outlined within parentheses.


Final grade Determination


Above 92%

90% -- 92%


83% -- 87%


83% -- 86%


80% -- 82%


77% -- 79%


70% -- 76%


67% -- 69%



60% -- 66%



Below 65%


Note: Grade is computed to the nearest whole number.

Learning Objectives and Outcomes


A student in the Network and Internet Security course will achieve the following learning objectives by attaining the corresponding learning outcomes:


Objective #1

Students will understand the risky aspects of computing in the context of threats and vulnerabilities, and controls used to eliminate or minimize the threats.


Outcomes #1

a.        Demonstrate the ability to distinguish and to relate threat, vulnerability, and control.

b.       Show clear understanding of the goals of computing – confidentiality, integrity, and availability and their tradeoff in producing a secured computing network.

c.        Can explain any relationship between the goals of computing -- confidentiality, integrity, and availability --and the types of threat – interception, interruption, modification, and fabrication.

d.       Convincingly discuss the general categories of computer criminals and the circumstances under which they attack they attack computing systems.

e.        Clearly explain four controls that are available to address threats and discuss how they can be used to reinforce each other.


Objective #2

Students must understand the basic concepts of encryption; differentiate between substitution and transposition; and compare and contrast different types of encryption algorithms with concrete examples and typical uses.


Outcomes #2

a.        Show the ability to analyze encryption through the decryption of ciphertext.

b.       Demonstrate clear understanding of substitution and transposition and the level of the security they provide.

c.        Show clear understanding of the significance of strong encryption and the time sensitivity of data.

d.       Know the significance of the exportability criterion in the selection of cryptographic standard.

e.        Able to distinguish ‘turn the handle’ algorithms from other encryption algorithms and highlight their advantages to users.


Objective #3

Students will develop thorough knowledge software vulnerabilities and trusted systems design including operating systems and other programs.


Outcomes #3

a.        Demonstrate clear understanding and the ability to differentiate between intentional and unintentional program flaws and their sources.

b.       Using appropriate illustrative examples, discuss the usefulness of developmental, operating system and administrative controls in finding and fixing security flaws in programs.

c.        Demonstrate firm knowledge in the design principles involved in the development of trusted operating systems and other programs.

d.       With clear understanding and appropriate examples, able to convincingly show that the model, design, and implementation of an operating system is correct.


Objective #4

Students acquire deep understanding and sound knowledge of networks including the Internet along with the types of threats they experience and the controls used to thwart or reduce attacks.


Outcomes #4

a.        Demonstrate the keen ability to compare and contrast different types of networks and communication media.

b.       Using proper illustrations compare and contrast the International Standard Organization (ISO) Open System Interconnection (OSI) model and transmission Control Protocol/Internet Protocol (TCP/IP) protocols.

c.        Be knowledgeable about sources of network vulnerabilities and the threats to confidentiality, integrity, or availability, as well as to hardware, software, and data by accidents, humans including malicious attackers, and nature.

d.       Know the type of defenses (e.g., firewall, intrusion detection systems, encrypted email, etc.) available to address network security issues.


Objective #5

Students will acquire the knowledge and understanding for developing business case for network security, know how to measure and quantify the cost cybersecurity incidents, and understand how to model the impact of security investment.


Outcomes #5

a.        Able to convincingly explain the economic good of computing systems security to an individual, organization, or nation.

b.       Using appropriate examples, demonstrate the relatedness of security to risk.

c.        Demonstrate clear understanding of the difficult task of estimating and quantifying cybersecurity threats and risks and some of the ways available to overcome this difficulty.

d.       Know the reasons why companies invest in cybersecurity as well as the influence of the human aspects of projects and teams in making these investment decisions more cost effective.


Objective #6

Students will understand the existence of and the issues of the privacy, and how it is impacted by computing and information technology.


Outcomes #6

a.        Demonstrate a clear understanding and knowledge of different ways in which personal privacy can be invaded or threatened through misuse of personal data.

b.       Demonstrate clear understanding of the principles and policies of privacy in the USA and other countries.

c.        Compare and contrast authentication and identification.

d.       Know the ways in which a user’s privacy is lost on the Internet and how data mining may or may not be used to undermine privacy.


Objective #7

Students will develop team-building, social, and organizational skills that they can further develop in other classes and in their professional careers.


Outcomes #7

a.        Demonstrate an ability to work effectively in teams.

b.       Demonstrate the ability for effective verbal and written communication.



Tentative Examination Schedule:


Course Section

Midterm Exam Dates

Project Submissions

Final Exam Date

IT 304/CRN 22228

March 13 2007

April 24 2007

April 17, 2007 (Draft)

May 1, 2007 (Presentation)

May 8, 2007


Class meeting Schedule


Course Section

Day, Time, and Location of Class Sessions

First and Last Day of Class

IT 304/ CRN:22228

Tuesday:      6:00pm – 8:45pm; Civic W618


First class: January 22, 2007

Last class: May 14, 2007



Note 1: To facilitate and promote learning, you are encouraged to download the lectures from Blackboard and study them along with the material in the textbook. All lessons will be posted on Blackboard at least a week in advance. Use the textbook to complement and perhaps, at times, expand and elucidate ideas presented in the lecture notes.


Note 2: Some lessons may be presented in a storytelling format while others will highlight inquiry-based lecture-discussion and problem based learning. However, the course will centrally focus on problem-solving in a collaborative learning setting where you will be a member of a team. The solutions to the homework problems will be provided to you in class as a means to explain the course concepts or through Blackboard postings. To get the most out of the course, you are encouraged to follow and keep up with the reading assignments and genuinely attempt each homework problem before coming to class. For those problems you cannot solve, determine the nature of your difficulty and bring it up in class. The idea is to come to class willing to learn and ready to ask questions about the course materials and problems. The mantra of this course is learning, learning, learning.


Note 3: In the interest of learning, it is very important that you foster an inquisitive mind – do all the required assignments. Failing to do so may diminish your ability to get the most out of each lesson and the class.




Note 5: It is very important you read and familiarize yourself with SCSIS Statement of Student Responsibilities (see Blackboard).











Security problem in computing: meaning of security and computer security; attacks; computer criminals; and methods of defense.

Read: Chapter 1.

Do problems: 1, 3, 7, 8, 9, 10, 11, 15, 16, 18, 20, & 21.








Elementary cryptography: substitution ciphers; transposition (permutations); good encryption algorithms; data encryption standard (DES); Advanced encryption algorithm (AES); public key encryption; and the uses of encryption.

Read: Chapter 2.

Do problems: 2, 3, 5, 7, 10, 13, 14, 15, 17, 18, 19, 20, 25, 26, & 31.








Program security: secure programs; non-malicious program errors; viruses and other malicious code; targeted malicious code; and controls against program threats.

Read: Chapter 3.

Do problems: 2, 3, 4, 5, 7, 8, 9, 10 & 14.








Designing trusted operating systems: trusted systems; security policies; models of security; trusted operating system design; and assurance in trusted operating systems.

Read: Chapter 5.

Do problems: 1, 2, 5, 6, 7, 9, 11, 14, & 18.








Security in networks: network concepts; threats in networks; network security controls; firewalls; intrusions detection systems, secure email; traps, lures, and honey pots; and the hacker’s workbench.


Exam #1 (week #8)

Read Chapter 7

Do problems: 3, 5, 8, 10, 14, 19, 29, 32, 33, 36, 54, 56, & 63








Economics of cybersecurity: making the business case; quantifying security; and modeling cybersecurity.

Read Chapter 9.

Do problems: 1-5








Privacy in computing: privacy concepts; privacy principles; and policies; authentication and privacy; data mining; privacy on the web; email security; and the impact of emerging technologies.


Exam #2 (week #12)

Read Chapter 10.

Do problems: 1-5










Project presentation and submission: projects presented to class in PowerPoint and submitted to the professor/instructor.









Final Examination.








Note 1: This course is structured around purposely formed diverse small collaborative groups in a cooperative learning environment. Students are encouraged to work together in their respective groups to form effective and productive teams that share the learning experience within the context of the course, help each other with learning difficulties, spend time to get to know each other, develop cultural awareness, diversity sensitivity, consensus building skills, and spend time each week to discuss and help one another with the course work (content and assignments). Each team member is responsible for the completion and submission of each assignment. Team members will be asked to sit in adjacent seats. Each team member will be individually graded. Each exam is an individual effort. All exams are closed book.


Team project: Students in teams of two to four will participate in a product development or research supported by a technical report. The project may involve the use of a low level and/or high-level programming language. In this project, students will satisfy a market niche and/or solve a technical problem, and then demonstrate their knowledge, understanding, and implications of the solution. Grade assignment to individual team members will be based upon the member’s personal involvement with his or her team’s project along but not limited to the following items: programming, codes testing and correction, documentation, report writing, proofreading, and any combination of the above.


Web support: This course will be supported with most or all of the following Blackboard postings: lesson questions, lessons (PowerPoint), instructions and guidelines pertaining to the course, computer architecture and related news, team and class discussions boards, email correspondence about the course, homework solutions, examination grades, and miscellaneous course related activities and information including computer organization related links to the Internet, teamwork and team-building skills.


Supplementary materials: Handouts in class or web postings of current events and issues affecting computer architecture.


Business Model: Each team may be viewed as a small business that is seeking creative and innovative ways to maximize its product, academic outcome or average group grade. A satisfactory product has a projected break-even team average grade of 75%. Teams getting average grades above 75% are profitable enterprises.


In class activity and participation: Students are recommended to bring to class current newsworthy events in computer organization/architecture and related news to share with the class. Students will inform the class of the news events and their significance to computing.  


Since most learning takes place outside of the classroom, teams are encouraged to function outside of the classroom. Team activities will be reinforced inside of the class during the lessons. Student teams are encouraged to function cohesively and to participate in all class activities.  


Each team member must note that your friendliness towards each other, the amount of activity each team member bring to bear within and on behalf of the team, and the intensity of the team interaction contribute to the team’s performance and the performance of team member.


Students are strongly encouraged to download the posted lessons from Blackboard, review them, and should ask pertinent questions about the material in these lessons.


Every effort will be made to present each lesson using the storytelling, problem solving, or problem based learning strategies supported with subsequent discussion on the central points of the lesson.


The key elements of a story are the following: casualty, conflict, complication, and character.


The following excerpts about collaborative learning are from research documents:


·         In the university environment, educational success and social adjustments  depend primarily on the availability and effectiveness of developmental academic support systems.


·         Most organized learning occurs in some kind of group  group characteristics and group processes significantly contribute to success or failure in the classroom and directly effect the quality and quantity of learning within the group.


·         Group work invariably produces tensions that are normally absent, unnoticed, or suppressed in traditional classes.  Students bring with them a variety of personality types, cognitive styles, expectations about their own role in the classroom and their relationship to the teacher, peers, and the subject matter of the course.


·         Collaborative learning involves both management and decision-making skills to choose among competing needs.  The problems encountered with collaboration have management, political, competence, and ethical dimensions


·         The two key underlying principles of the collaborative pedagogy are that active student involvement is a more powerful learning tool than the passive attendance and that students working in groups can make for more effective learning than students acting alone.   The Favorable outcomes of collaborative learning include greater conceptual understanding, a heightened ability to apply concepts, and improved attendance.  Moreover, students become responsible for their own learning is likely to increase their skills for coping with ambiguity, uncertainty, and continuous change, all of which are characteristics of contemporary organizations.


Who creates a new activity in the face of risk and uncertainty for the purpose of achieving success and growth by identifying opportunities and putting together the required resources to benefit from them?


Creativity is the ability to develop new ideas and to discover new ways to of looking at problems and opportunities.

Innovation is the ability to apply creative solutions to those problems and opportunities to enhance or to enrich people’s lives