IT662: Web and Internet Security


Instructor: Dr. Lixin Tao, ltao@pace.edu, http://csis.pace.edu/~lixin
  GC Office: GC416A, (914)422-4463
PLV Office: G320, (914)773-3449

Lectures: 100% online through Pace Blackboard at http://blackboard.pace.edu

Office Hours: Daily two hours online, Wednesdays 1PM - 6PM upon appointment at office GC416A

Syllabus: Web and Internet security overview; limitations of firewall and IDS; HTTP and Web technology overview; securing Web servers, application servers, database servers, input validation, session management and J2EE servers; preventing URL hacking, cyber graffiti, e-shoplifting, session hijacking, impersonation, buffer overflows and virus and worm attacks.

Learning Objectives

After taking this course, a student should be able to

  • Understand why firewall and IDS are not enough for securing e-commerce
  • Understand the general structure, technologies and security weak spots of Web computing
  • Set up and secure Windows and Linux systems, Web servers and Web services, and database servers as well as sample e-commerce applications
  • Use security tools including nmap and netcat to analyze and report on the security weaknesses of existing operating systems, Web servers, database servers, and e-commerce applications
  • Understand the impact of Web security on the coming server-side computing technologies
  • Conduct research in the related areas and apply the knowledge in securing specific IT environments

Textbooks

  • Web Hacking: Attacks and Defense, Stuart McClaure, Saumil, and Shreeraj Shah; Addison-Wesley 2003, ISBN 0-201-76176-9
  • Web Security for Network and System Administyrators , David Mackey, Thomson Course Technology 2003, ISBM 0-619-06495-1
  • Class notes and course material posted in Pace Blackboard  

Projects  

Students will be assigned into teams of around 10 people each. Each team will elect its team leader who will be responsible for coordinating the project activities and communicating with the instructor. Each team will install Windows Server 2003 and Linux at Pace Security Lab, install IIS and Tomcat Web servers and MySql database server, and deploy sample Web applications. Each team will secure its platform and applications, and each team will try to analyze and attack the software installations of next team (team x works on team (x+1)'s installations, and the last team works on team 1's installations). The project detail will be assigned in the bi-weakly course assignments. Most of the lab work can be completed remotely through VPN and remote desktops. At the end of the semester, each team needs to submit a comprehensive report on the security weaknesses of the software installations that it worked on.

For students' convenience, the instructor will distribute image files (around 5 GB) of VMware virtual PCs with Red Hat Fedora 6 and Windows Server 2003 pre-installed through the hard disks of the Security Lab. Students are responsible for copying the image files home with their own portable memory devices, or through VPN and remote desktops, which are slow and not reliable. Students can download the free VMware player at http://www.vmware.com/products/player/ to run the virtual PCs as normal applications on their Windows XP. Students can run multiple virtual PCs on their PCs concurrently (making sure each having its own name and assigned IP addresses) and simulate a server network. Please keep a fresh copy of the virtual PC images for redoing course work.

Bi-Weekly Course Assignments

Every two weeks, read file WhatToDoWeeksXand(X+1).pdf under Discussion Board|WeeksXand(X+1) (X will be replaced by a number) to see which tasks you need to finish for the two weeks. The bi-weekly assignments will cover reading assignments, discussion questions and project assignments. The bi-weekly course assignments will be posted on the Sunday of the first week of the period. Unless otherwise specified, all the tasks specified in a course assignment must be completed within the same two-week period and submitted by the Sunday of the second week of the period. A one-hour open-book online quiz will be conducted on the Friday of the second week of each period, from 8pm to 9pm , through the Blackboard to check your understanding of the fundamental concepts and practices covered by the assignments for the two-week period.

Assignments Submission

The submission deadline will be strictly enforced. Each working day after the submission deadline would incur a 10% penalty on the assignment's grade. All files for a period's assignments should be zipped into a single file and submitted by attaching the solution zip file in a public reply message to the proper assignment thread in the Discussion Board .

Participating in Course Discussions

Every two weeks the instructor may post one or more questions in Pace Blackboard Discussion Board ( Discussion Board|WeeksXand(X+1) ). Students will conduct discussion on the posted questions by replying to the questions in the Discussion Board within two weeks from the posting of the questions. You can also comment on other student's responses. You can get credit by asking questions and help answering questions. A grade will be assigned in each two-week period to each student based on the student's number and quality of participation in the Discussion Board . All postings must be formal with proper syntax and style, with citations to textbook pages or class notes to back up the arguments.

Grading Scheme

Project Assignments 30%
Discussion 30% (Item DGs in Blackboard grade records)
Quizzes 40%

Couse Calendar

Week
Topics
Readings
Tasks
1 (coming soon)  
2, 3      
4, 5      
6, 7      
8, 9      
10. 11      
12, 13, 14      

 

Selected Public Course Material

 

Current teaching schedule and course material are avaialble in Pace Blackboard.

 

Home Education Professional Experience Research Teaching Dissertation Supervision Selected Links

Copyright ©2006 Lixin Tao