CSC 439 Computer Security

Spring 2018-2019

T 5:45pm - 9:00pm in Lewis 1005

Karen Heart, MS, Instructor
kheart@depaul.edu
(312)362-1469

Syllabus

Last revised: 4-2-19

Summary of the course

This course covers core principles of computer security. Topics include : user authentication; access control (discretionary, mandatory, role-based); security auditing; database security; software security, common vulnerabilities, and secure coding practices; malicious software; and operating system security.

Textbooks and printed resources

Computer Security: Principles and Practice (3rd edition), W. Stallings and L.Brown. Pearson, 2015, ISBN 978-0-13-377392-7

Prerequisites

CSC 407

Office Hours

During classes, I will be in my office, CDM 838, as follows:

M 11:00pm - 12:00pm
M 1:30pm - 3:00pm
T 2:00pm - 3:00pm
Th 2:00pm - 3:00pm

During Finals week, I will be in my office as follows:

M 11:00pm - 12:00pm
M 1:30pm - 3:00pm
T 1:30pm - 2:30pm
T 3:00pm - 4:00pm

Assignments and Grading

Overview

There will be two (2) homework assignments, weekly class participation assignments, a Midterm Exam, and a Final Exam.

Sec. 1. Homework Assignments

The homework exercises are designed to reinforce learning the concepts covered in class. The exercises involve coding and scripting.
You should complete these exercises individually in order to maximize your benefit; however, you may discuss the problems with your classmates.
We will review the assignments during the following class; therefore, homework exercises are due by the beginning of the next class.
Each homework is worth ten (10) points. Moreover, I will devise some of the questions for the exams from these assignments.
The official platform for this course is LXLE Eclectica 16.04.4, which is based on Ubuntu 16.04 LTS (Xenial Xerus). Moreover, the programming languages that you may use for assignments are limited to the following:
1. the Python version that comes with LXLE, which is Python 3.5.2; and
2. OpenJDK version 1.8.0_131 of Java
Your exercise submissions will be graded only on this platform. You are responsible for securing a working LXLE environment in order to test your work; however, I will supply specific instructions for downloading and installing it as a Virtual Machine (VM) using the Virtualbox hypervisor.

Sec. 2. Weekly Participation Assignments

Each week, a student will present on a selected cybersecurity issue. In addition to presenting background information and research on the issue, the student will also advocate a policy position on the issue. The position must follow one of three lines of thought:
1. the issue is important and current efforts are adequate to address it
2. the issue is important but current efforts are inadequate, other efforts may be proposed but need not be
3. the issue is unimportant and current efforts are a waste of time, money, and effort
The student must submit the issue and proposed position to me for approval in advance. The student must submit this information on a designated Discussion page on D2L.
Another student will present counterarguments. This exercise is, therefore, known as Point/Counterpoint.
Students must sign up for a presentation date by enrolling in one of the Point/Counterpoint groups on D2L.
Process for In-class Students:
- The 'Point' student must submit a paper or slide presentation using a group Submissions folder on D2L.
- The Point presentation must be submitted no later than one week before the presentation date, thereby giving the 'Counterpoint' student one week to prepare a counterargument presentation.
- Both students will present in class on the presentation date.
Process for Online Students:
- The 'Point' student must present using the Panopto video functionality on D2L.
- The Point presentation must be submitted no later than one week before the presentation date, thereby giving the 'Counterpoint' student one week to complete a counterargument Panopto video.
The Point student and the Counterpoint student may each present for up to fifteen (15) minutes.
All students not involved in the Point/Counterpoint serve as jurors for their section. Within one week of the presentation, student jurors must complete a verdict form, which is formatted as a quiz on D2L. The form includes four questions:
1. Did the Point student adequately prepare?
2. Did the Counterpoint student adequately prepare?
3. Who won the debate, Point or Counterpoint? You must select one.
4. Give your reasons for deciding who won.
Each Point/Counterpoint student who, according to a majority of the jury, has adequately prepared receives eight (8) points. You receive no additional points for winning (sorry!).
Each juror receives two (2) points for each completed form.

Sec. 3. Midterm Exam

The Midterm Exam will test your knowledge of the material covered by the lectures, readings, and homework assignments up to the date of the exam.
The exam is worth thirty (30) points.

Sec. 4. Final Exam

The Final Exam is comprehensive and, therefore, will test your knowledge of all of the material covered by the lectures, readings, and homework assignments.
The exam is worth thirty (30) points.

Sec. 5. How Your Grade for the Course Is Calculated

Your final grade for the course is simply the addition of points from the homework assignments, weekly participation assignments, and the exams.

I will not curve the course grades; therefore, you must earn at least seventy (70) points in order to pass the course.

Alternative grade procedure for exams: If you have a documented disability, such as a history of extreme test taking anxiety, please see me for accommodation.

Policy on Working Together

Each student is expected to turn in original work for the assignments. Copying code or other documents from another person is considered a serious violation of the university's academic integrity policy (see below).

Course Schedule

Week	Date	Topics	Reading Assignment	Due
1	Apr. 2	Overview of CIA; framework for addressing CIA- protection of systems & protection of data; access to system by password; access control lists; role based access control; attribute based access control	Ch. 1, Ch. 4
2	Apr. 9	Cryptography concepts; cryptographic hash functions; password cracking; Rainbow Tables; other password attacks, including phishing; alternatives to passwords. Apr. 12 is the last day to drop without penalty!
3	Apr. 16	Review solution to Assignment 1; symmetric key encryption; asymmetric key encryption; Message Authentication Code; digital signatures; Public Key Infrastructure (PKI); TLS/SSL; HTTPS		Assignment 1
4	Apr. 23	IPSec; physical deployment; firewalls, iptables; network intrusion detection
5	Apr. 30	Review solution to Assignment 2; LDAP; Kerberos; Heartbleed bug; shell attacks	Ch. 3	Assignment 2
6	May 7	DoS over networks: amplification attacks, SYN flooding, SYN cookies; port scanners; DDoS attacks. Midterm must be taken online during this week!
7	May 14	Review of midterm answers; SQL Injection; XSS; CSRF May 17 is the last day to withdraw without receiving a grade.
8	May 21	Protocol vulnerabilities; buffer overflows; threat modeling
9	May 28	botnets; rootkits; Metasploit and Kali Linux; privilege escalation; social engineering; Linux containers; capability based systems
10	Jun. 4	risk assessment; software lifecycle development; legal principles and ethical issues
Final Exam	Jun. 11	From 6:00pm - 8:15pm

Attendance

Because students in the In-Class section must judge, as well as present, Point/Counterpoint during class, attendance for those students is mandatory. Students in the Online section fulfill their attendance requirement by participating similarly using Panopto. Attendance points are awarded so that one unexecused absence will not adversely affect your final grade.

Academic Integrity and Plagiarism

This course will be subject to the university's academic integrity policy. More information can be found at http://academicintegrity.depaul.edu/. If you have any questions be sure to consult with your professor.

Academic Policies

All students are required to manage their class schedules each term in accordance with the deadlines for enrolling and withdrawing as indicated in the University Academic Calendar. Information on enrollment, withdrawal, grading and incompletes can be found at: http://cdm.depaul.edu/enrollment.

Students with Disabilities

Students who feel they may need an accommodation based on the impact of a disability should contact the instructor privately to discuss their specific needs. All discussions will remain confidential. To ensure that you receive the most appropriate accommodation based on your needs, contact the instructor as early as possible in the quarter (preferably within the first week of class), and make sure that you have contacted the Center for Students with Disabilities (CSD) at: csd@depaul.edu.
Lewis Center 1420, 25 East Jackson Blvd.
Phone number: (312)362-8002
Fax: (312)362-6544
TTY: (773)325.7296

Online Course Evaluations

Evaluations are a way for students to provide valuable feedback regarding their instructor and the course. Detailed feedback will enable the instructor to continuously tailor teaching methods and course content to meet the learning goals of the course and the academic needs of the students. They are a requirement of the course and are key to continue to provide you with the highest quality of teaching. The evaluations are anonymous; the instructor and administration do not track who entered what responses. A program is used to check if the student completed the evaluations, but the evaluation is completely separate from the student’s identity. Since 100% participation is our goal, students are sent periodic reminders over three weeks. Students do not receive reminders once they complete the evaluation. Students complete the evaluation online in CampusConnect.

Changes to Syllabus

This syllabus is subject to change as necessary during the quarter. If a change occurs, it will be thoroughly addressed during class, posted under Announcements in D2L and sent via email.

School Policies

Policies of the school are explained on the webpage for this course on my.cdm.depaul.edu.