Transcription
ITSY 1342Information Technology SecuritySpring 2016Instructor:Email:Office Number:Course Name:Michael Slaughtermslaughter@southplainscollege.edu(806) 716-2242ITSY 1342.152Course DescriptionThis course provides instruction in security for network hardware, software, and data, includingphysical security; backup procedures; relevant tools; encryption; and protection from viruses.HybridThis is a hybrid format class. This means we will meet for class once a week, and the remainingpart of the course will be online. You must check Blackboard regularly for updates, otherwiseyou may miss an important announcement. Our in class meeting will be a mix between in classlabs and lectures. It is the student’s responsibility to contact the instructor if any questions, conflicts orissues arise.Textbook and Hardware RequirementsWe will be using TestOut LabSim for this course, as well as Security SY0-401 by DavidProwse. You will need to purchase an activation code from the SPC bookstore or online at thelink mentioned below. Once activated, you will need to enroll in the course mentioned below.Also below is a link to a video with instructions on how to enroll in the LabSim course. Thissoftware will provide you with a virtual environment that we will use for labs, homeworkassignments and exams. It will also provide you with a wealth of information, reading materials,and videos to aid in your learning experience.LabSim:Promo Code:14-232TACourse Product:TestOut Security Pro 5.0 ISBN: 978-1-935080-44-2School Name:South Plains CollegeInstructor Name:Michael SlaughterCourse Name:SP2016-ITSY 1342.001Purchase /student-purchasingInstructions /how-to-tutorials(View the “Getting Started - Student Accounts Not Activated by Teachers” PDF)Textbook:Title: CompTIA Security SY0-401 3rd Edition by David L. ProwseISBN: 978-0-7897-5333-5Assumed KnowledgeIt is assumed that you possess basic computer skills relating to using the internet, applicationsand other basic computing tasks. It is also assumed that you have taken or possess the neededknowledge equal to ITNW1325 Fundamentals of Networking and ITSC1325 PC Hardware. If
you have not taken those courses, or question your knowledge, please contact me ASAP abouthow to proceed. It is also assumed that if you run into content you do not understand; you willresearch that content on your own as well as ask the instructor for assistance.Software RequirementsBecause some of the assignments will be done and submitted outside of class, you will needaccess to the following programs outside of the classroom: Internet Connection and Web Browser (Chrome or IE) Adobe Reader Microsoft Office TestOut AccountCommunicationCommunication for this class will be conducted through SPC email. All students will be requiredto check their SPC student email accounts regularly for course updates and announcements.Please include your name, course name, and section number in all email communication. Otherimportant announcements may be given during in class meetings, so attendance is key forcomplete communication.Attendance PolicyYou will be dropped from the course with an “X” or an “F” after four absences, or if I feel theobjectives cannot be met due to excessive absence. If you are not sure how many absences youhave accumulated, please be sure to notify me so that I can provide you with an absentee count.If you are absent, you are still required to complete the assigned work by the indicated due date.You’ll want to be sure to ask a classmate what material you missed on the day you were absentso that you’ll be caught up when you return. I will not repeat the information you missed whenyou return. Frequent tardiness will result in an absence.Reading/Study AssignmentsMandatory, assigned reading is a requirement for this course. Reading assignments includes allmaterial in the LabSim course content that is assigned for a given week, chapters assigned in theSecurity SY0-401 textbook, and articles posted for online discussions. Study assignmentsinclude all lectures in LabSim, demonstrations in LabSim, notes taken from your in-classlectures, and other content presented throughout the course. Although reading/study assignmentsare not taken for a grade, they are required to be successful in this course.Online DiscussionsDiscussions will be posted weekly, and may require information from all of these sources. Indiscussions you are required to post one 300-word response to the article or question given(unless otherwise specified), and reply to at least two other students. Your replies should be indepth, analyzing what the other person has said, and expanding upon it. You as the student arealso responsible for what you type and how you act on the online discussion board. Anydiscussion that is degrading, off topic, or offensive will not be tolerated and could result in beingdropped with an X or F per the instructor’s discretion.
Assignments and Lab ProjectsProcrastination will not serve you well in this course. Most assignments will be available throughthe LabSim software. Each chapter will have several small assignments and labs that will counttoward your homework grade. For the TestOut LabSim section assigned, all labs and exams arepulled for homework grades.There will also small homework assignments and projects that will be assigned periodicallythroughout the semester. These assignments and/or projects will be announced in class andavailable in Blackboard. NO LATE WORK IS ACCEPTED! In-class labs will also becompleted throughout this course. It is expected that you take care of all equipment and checkthat equipment in/out with the instructor.QuizzesQuizzes will be given throughout the semester. You are required to be in class to take a quiz. Nomake-up quizzes will be given.ExamsThere will be two exams given in this class, a midterm and a final exam. Make-up exams willnot be given. If the midterm exam is missed, then the final exam grade will count as both thefinal and midterm grade. Also, if a student does better on the final than the midterm, I willsubstitute the final grade as the midterm grade.GradesGrades will be calculated as follows:Assignments/Lab ProjectsQuizzesMidtermFinal ExamPossible Points20%10%30%40%All assignments are mandatory. I reserve the right to drop or fail you if homeworkassignments are frequently missed or incomplete.Grades will be available through LabSim (Homework/Exam Grades) and Blackboard.Blackboard grades will show a running average of how you are performing throughout thesemester. Blackboard grades will be updated regularly throughout the semester.Instructional and Outside Course Time Estimation:In-Class Instructional/Lab/Quiz Time: 1hrs/wk x 16wks 16 hrsTestOut LabSim Time: 4.25hrs/wk x 16wks 68 hrsMidterm Exam Prep: 4 hrs/wk x 2 wks 8hrsFinal Exam Prep: 4hrs/wk x 3wks 12 hrsSecurity Pro Cert Exam: 2hrs x 1 2 hrsExam Time: 2hrs/exam x 2 4 hrsTotal Course Time 110 hrs
Total Time/Week 6.875 hrsIn-Class Computer, Cell Phone and iPod UseStudents will not be allowed to surf the web, check their personal e-mail or social mediaaccounts, or do work for any other course while class is in session.Students will not be allowed to use their cell phones during class. If the student is foundusing social media, surfing the web, or using their cell phone, they will be asked to leave theclass and they will be counted absent for that day. If the incident reoccurs, they will be reportedto the dean of students. In cases of emergency, the student is asked to leave the classroom to usetheir cell phone. If a student has a cell phone or other device out during an exam, they willbe asked to leave and will get a zero for that exam.Food and DrinksNo food or drinks are allowed in the Technology Center. Do not bring those to class. If you do,you will be asked to leave class and counted as absent. If this happens more than once you maybe dropped from the class.Drop PolicyYou may be dropped from this course for the following reasons: Attendanceo You have four or more absencesParticipation, completion of homework, exams, and team projecto You have missed 2-3 classes and several homework assignmentso You have missed several homework assignmentso You have missed two or more exams without rescheduling with the instructorAcademic Integrityo Cheating, plagiarism, or sharing your work with otherso Offensive, degrading, or off topic discussion postsAcademic IntegrityIt is the aim of the faculty at South Plains College to foster a spirit of complete honesty and ahigh standard of integrity. The attempt of any student to present as his or her own any workwhich he or she has not honestly performed is regarded by the faculty and administration as amost serious offense and renders the offender liable to serious consequences and possiblesuspension. Please refer to the SPC General Catalog regarding consequences for cheating andplagiarism. I reserve the right to administratively drop with an “F” any student whom Isuspect of academic dishonesty.**Do not, under any circumstances, turn in another student’s file as your own. Do not,under any circumstances, give your file to anyone else to turn in as their own. Bothsituations are representative of academic dishonesty and will be treated as such.**DisclaimerBecause we will use Blackboard to conduct a portion of this class, please note that the materialsyou may be accessing in chat rooms, bulletin boards or unofficial web pages are not officially
sponsored by South Plains College. The United States Constitution rights of free speech apply toall members of our community regardless of the medium used. We disclaim all liability for data,information or opinions expressed in these forums.Diversity StatementIn this course, the teacher will establish and support an environment that values and nurturesindividual and group differences and encourages engagement and interaction. Understanding andrespecting multiple experiences and perspectives will serve to challenge and stimulate all of us tolearn about others, about the larger world, and about ourselves. By promoting diversity andintellectual exchange, we will not only mirror society as it is, but also model society as it shouldbe and can be.Special Services4.1.1.2 Disabilities StatementStudents with disabilities, including but not limited to physical, psychiatric, or learningdisabilities, who wish to request accommodations in this class should notify the DisabilityServices Office early in the semester so that the appropriate arrangements may be made. Inaccordance with federal law, a student requesting accommodations must provide acceptabledocumentation of his/her disability to the Disability Services Office. For more information, callor visit the Disability Services Office through the Guidance and Counseling Centers at ReeseCenter (Building 8) 716-4606, or Levelland (Student Services Building) 716-2577.CounselingIf at any point in the semester you find yourself having trouble with stress or feel depressedplease stop in and see a counselor. Counseling services are available at all campuses. Thenumber for the counseling office is 806-716-2366. Below is a link to SPC’s personal current/personal-counseling.php
Course ScheduleWeekDateChapter1Jan 19-24TestOut 1.0-2.6Security Ch. 12Jan 25-31TestOut 2.7-2.15Security Ch. 103Feb 1-7TestOut 3.0-3.6Security Ch. 13 & 144Feb 8-14TestOut 4.0-4.5Security Ch. 165Feb 15-21TestOut 4.6-4.10Security Ch. 166Feb 22-28TestOut 5.0-5.6Security Ch. 9Midterm Review7Feb 29 – Mar 6TestOut 6.0-6.7Security Ch. 5 & 7Midterm Review8Mar 7-13TestOut 6.8-6.14Security Ch. 8MIDTERM EXAM9Mar 14-20SPRING BREAK10Mar 21-27TestOut 7.0-7.7Security Ch. 611Mar 28 – Apr 3TestOut 8.0-8.7Security Ch. 2 & 312Apr 4-10TestOut 9.0-9.6Security Ch. 413Apr 11-17TestOut 10.0-10.5Security Ch. 1514Apr 18-24TestOut 11.0-11.5Security Ch. 11 & 12Final Exam Review15Apr 25 – May 1TestOut Security Pro Practice Exam Domain 1-4Security Ch. 17Final Exam Review16May 2-8TestOut Security Pro Practice Exam Domain 5- Security Pro Practice Exam(SECURITY PRO CERT EXAM OPEN IF STANDARDS ARE MET)Final Exam Review17May 9-12FINALS Dates are subject to change. All homework is due Sunday night at 11:59 PM.
Approximate Time for the CourseThe total time for the LabSim Security Pro course is approximately 91 hours and 35 minutes.The time is calculated by adding the approximate time for each section which is calculated usingthe following elements: Video/demo timesApproximate time to read the text lesson (the length of each text lesson is taken intoconsideration)Simulations (5 minutes assigned per simulation)Questions (1 minute per question)The total amount of LabSim content we will be covering comes to about 69 hours, which breaks down toabout 4.5 hours of homework per week, plus time to read the content from the Pearson Security CertGuide and do the Blackboard Discussions. The reason for the intensity in this course, is because this iswhat the industry expects you to know coming out of school. Dedicate the time to LEARNING the contentand you will appreciate it when you graduate. –M. SlaughterThe breakdown for this course is as follows:ModuleSectionsTimeTotalHR:MM951:351.0 Introduction1.1 Security Overview701.2 Using the Simulator252.0 Access Control and Identity Management2.1 Access Control Models302.2 Authentication602.3 Authorization302.4 Access Control Best Practices302.5 Active Directory Overview302.6 Windows Domain Users and Groups50
2.7 Linux Users702.8 Linux Groups202.9 Linux User Security252.10 Group Policy Overview352.11 Hardening Authentication 1902.12 Hardening Authentication 2302.13 Remote Access352.14 Network Authentication702.15 Identity Management2062510:252504:103.0 Cryptography3.1 Cryptography453.2 Hashing353.3 Symmetric Encryption353.4 Asymmetric Encryption253.5 Public Key Infrastructure (PKI)703.6 Cryptography Implementations404.0 Policies, Procedures, and Awareness4.1 Security Policies804.2 Manageable Network Plan354.3 Business Continuity204.4 Risk Management304.5 Incident Response654.6 Social Engineering55
4.7 Certification and Accreditation404.8 Development354.9 Employee Management404.10 Third-Party Integration204207:002203:405.0 Physical Security5.1 Physical Security505.2 Hardware Security205.3 Environmental Controls455.4 Mobile Devices405.5 Mobile Device Security Enforcement405.6 Telephony256.0 Networking6.1 Networking Layer Protocol Review656.2 Transport Layer Protocol Review356.3 Perimeter Attacks 1506.4 Perimeter Attacks 2506.5 Security Appliances356.6 Demilitarized Zones (DMZ)306.7 Firewalls406.8 Network Address Translation (NAT)306.9 Virtual Private Networks (VPN)406.10 Web Threat Protection256.11 Network Access Control (NAC)45
6.12 Wireless Overview606.13 Wireless Attacks506.14 Wireless Defenses8063510:352303:503155:157.0 Network Defenses7.1 Network Devices157.2 Network Device Vulnerabilities207.3 Switch Attacks107.4 Router Security157.5 Switch Security907.6 Intrusion Detection and Prevention507.7 SAN Security308.0 Host Defenses8.1 Malware758.2 Password Attacks208.3 Windows System Hardening1058.4 Hardening Enforcement358.5 File Server Security508.6 Linux Host Security208.7 Static Environment Security109.0 Application Defenses9.1 Web Application Attacks759.2 Internet Browsers105
9.3 E-mail459.4 Network Applications259.5 Virtualization559.6 Application Development753806:203005:002253:4510.0 Data Defenses10.1 Redundancy6510.2 Backup and Restore5510.3 File Encryption7510.4 Secure Protocols7510.5 Cloud Computing3011.0 Assessments and Audits11.1 Vulnerability Assessment8511.2 Penetration Testing3011.3 Protocol Analyzers2011.4 Log Management5011.5 Audits40Security Pro Practice ExamsDomain 1: Access Control and IdentityManagement (22 sims)110Domain 2: Policies, Procedures, Awareness (1 sim)5Domain 3: Physical Security (2 sims)10Domain 4: Perimeter Defenses (10 sims)50
Domain 5: Network Defenses (7 sims)35Domain 6: Host Defenses (7 sims)35Domain 7: Application Defenses (10 sims)50Domain 8: Data Defenses (6 sims)30Domain 9: Audits and Assessments (5 sims)25Security Pro Certification Practice Exam (15 sims)904407:2083413:54Security Practice ExamsDomain 1: Network Security (172 questions)172Domain 2: Compliance and Operational Security(128 questions)128Domain 3: Threats and Vulnerabilities (178questions)178Domain 4: Application, Data and Host Security (70questions)70Domain 5: Access Control and IdentityManagement (98 questions)98Domain 6: Cryptography (92 questions)88Security Certification Practice Exam (100questions)100SSCP Practice ExamsDomain 1: Access Control (60 questions)60Domain 2: Security Operations & Administration(64 questions)64Domain 3: Monitoring and Analysis (21 questions)21Domain 4: Risk, Response, and Recovery (38questions)38
Domain 5: Cryptography (90 questions)90Domain 6: Networks and Communications (68questions)68Domain 7: Malicious Code and Attacks (85questions)85SSCP Certification Practice Exam (125 questions)1255519:11TotalTime549591:35
We will be using TestOut LabSim for this course, as well as Security SY0-401 by David Prowse. You will need to purchase an activation code from the SPC bookstore or online at the link mentioned below. Once activated, you will need to enroll in the course mentioned below. . Title: CompTIA Security SY0-401 3rd Edition by David L. Prowse ISBN .
