Transcription
Course OutlineComputing Science DepartmentFaculty of ScienceCOMP 3260 – 3 CreditsComputer Network Security (3,1,0)Fall 2015Instructor:E-Mail:Phone/Voice Mail: Office:Office Hours:CALENDAR DESCRIPTIONStudents explore how information is exchanged on the Internet and the security issues that arisedue to information exchange between different technologies. Students learn concepts ofauthentication, authorization, access control in computer networks. Students gain knowledge aboutUse of cryptography for data and network security. Students are introduced to the topics such asfirewalls, public key infrastructure, security standards and protocols, virtual private networks, andwireless network security. Students also explore privacy, legal issues and ethics in context ofnetwork security.PREREQUISITES COMP 3270EDUCATIONAL OBJECTIVES/OUTCOMESUpon successful completion of the course, the student will demonstrate the ability to:1. Understand vulnerability in a computer system.2. Explain useful and common tools used by the attacker3. Understand basic concept of how to protect and design private network.4. Understand how to protect security of information.5. Use theoretical and practical knowledge in securing data transfer and authentication.TEXTS/MATERIALSThe course uses the following texts:B1. Network Security, Firewalls, and VPNS, by J. Michael Stewart, 2010, ISBN 10: 076379130XB2. Cryptography and Network Security: Principles and Practices by W.Stallings, Prentice Hall, 5thEdition, ISBN-10: 0136097049B3. Principles of Computer Security: CompTIA Security and Beyond by Wm.A. Conklin et al.,McGraw Hill, 3rd Edition, ISBN-10: 0071786198B4. CompTIA Security Guide to Network Security Fundamentals, Mark Ciampa, 5th Edition, ISBN10: 1305093917Ref5. Privacy Legislation in Canada, [online] https://www.priv.gc.ca
SYLLABUS - Lecture & Lab Topics:Course Topics1. Introduction2. Network Security3. Firewalls4. Cryptography5. Public KeyInfrastructure6. Security Standardsand Protocols1.1 Computer Security Concepts1.2 The OSI Security Architecture1.3 Security Attacks1.4 Security Services1.5 Security Mechanisms1.6 A Model for Network Security1.7 Recommended Reading and WebSites2.1 Security Through Network Devices2.2 Security Through NetworkTechnology2.3 Security Through Network DesignElements3.1 The Need for Firewalls3.2 Firewall Characteristics3.3 Types of Firewalls3.4 Firewall Basing3.5 Firewall Location and Configurations3.6 Recommended Reading and WebSites4.1 Algorithms4.2 Hashing Functions4.3 Symmetric Encryption4.4 Asymmetric Encryption4.5 Quantum Cryptography4.6 Steganography4.7 Cryptography Algorithm Use5.1 The Basics of Public KeyInfrastructures5.2 Certificate Authorities5.3 Registration Authorities5.4 Certificate Repositories5.5 Trust and Certificate Verification5.6 Digital Certificates5.7 Centralized and DecentralizedInfrastructures5.8 Public Certificate Authorities5.9 In-House Certificate Authorities5.10 Certificate-Based Threats6.1 PKIX and PKCS6.2 X.5096.3 SSL/TLS6.4 ISAKMP6.5 pter72
7. Authentication andRemote Access8. Virtual PrivateNetworks9. Wireless NetworkSecurity10. Privacy, Legal Issuesand Ethics6.6 XKMS6.7 S/MIME6.8 PGP6.9 HTTPS6.10 IPsec6.11 CEP6.12 FIPS6.13 Common Criteria for InformationTechnology Security (Common Criteriaor CC)6.14 WTLS6.15 PPTP6.16 WEP6.17 ISO/IEC 270027.1 The Remote Access Process7.2 IEEE 802.1X7.3 RADIUS7.4 TACACS 7.5 Authentication Protocols7.6 FTP/FTPS/SFTP7.7 VPNs7.8 IPsec7.9 Vulnerabilities of Remote AccessMethods8.1 VPN Fundamentals8.2 VPN Management8.3 VPN Technologies9.1 Introduction to Wireless Networking9.2 Mobile Phones9.3 Bluetooth9.4 802.11: Attacking, New SecurityProtocols, and Implementation10.1 Cybercrime10.2 Ethics10.3 Personally Identifiable Information(PII)10.4 U.S. Privacy Laws10.5 Privacy Legislation in CanadaLab TopicsExamining and Implementation of a Simple Block CypherFirewall Implementation and TestingImplementation of Public Key Crypto-SystemDemonstration of Security Protocols3B3- Chapter111B1-Chapter3&B1- Chapter11&B1- Chapter121.5B3-Chapter121B3-Chapter24 &B3-Chapter25&Ref 51Duration1212
Exercise on Authentication ProtocolsDemonstration and Setup VPNExperiments on Wireless Security122ACM / IEEE Knowledge Area CoverageIEEE Knowledge Areas that contain topics and learning outcomes covered in the courseKnowledge AreaIAS/Foundational Concepts in SecurityIAS/Threats and AttacksIAS/Network SecurityIAS/CryptographyTotal Hours of CoverageIEEE Body of Knowledge coverageKAKnowledge UnitTopics CoveredIAS/FoundationalConcepts inSecurityCIA (Confidentiality, Integrity, Availability) Concepts of risk, threats, vulnerabilities,and attack vectors (cros- referenceSE/Software ProjectManagement/Risk) Authentication and authorization, accesscontrol (mandatory vs. discretionary) Concept of trust and trustworthiness Ethics (responsible disclosure). (crossreference SP/ProfessionalEthics/Accountability, responsibility andliability)Attacker goals, capabilities, andmotivations (such as undergroundeconomy, digital espionage,cyberwarfare, insider threats, hacktivism,advanced persistent threats) Examples of malware (e.g., viruses,worms, spyware, botnets, Trojan horsesor rootkits) Denial of Service (DoS) and DistributedDenial of Service (DDoS) Social engineering (e.g., phishing)(cross-reference SP/SocialContext/Social implications of computingina networked world and HCI/DesigningInteraction/Handling human/systemfailure)IAS/Threats andAttacks4T1T2hours hours63Electivehours
IAS/NetworkSecurityIAS/CryptographyDescribe likely attacker types against aparticular system. [Familiarity]2. Discuss the limitations of malwarecountermeasures (e.g., signature-baseddetection, behavioral detection).[Familiarity]3. Identify instances of social engineeringattacks and Denial of Service attacks.[Familiarity]4. Discuss how Denial of Service attackscan be identified and mitigated.[Familiarity]Network specific threats and attack types(e.g., denial of service, spoofing, sniffingand traffic redirection,man-in-the-middle, message integrityattacks, routing attacks, and trafficanalysis) Use of cryptography for data andnetwork security Architectures for secure networks (e.g.,secure channels, secure routingprotocols, secure DNS, VPNs,anonymous communication protocols,isolation) Defense mechanisms andcountermeasures (e.g., networkmonitoring, intrusion detection, firewalls,spoofing and DoS protection, honeypots,tracebacks)Describe the different categories ofnetwork threats and attacks. [Familiarity]2. Describe the architecture for public andprivate key cryptography and how publickey infrastructure (PKI)supports network security. [Familiarity]3. Describe virtues and limitations ofsecurity technologies at each layer of thenetwork stack. [Familiarity]4. Identify the appropriate defensemechanism(s) and its limitations given anetwork threat. [Familiarity]Basic Cryptography Terminology coveringnotions pertaining to the different(communication) partners,secure/unsecure channel, attackers andtheir capabilities, encryption, decryption,keys and their5246
characteristics, signatures Cipher types (e.g., Caesar cipher, affinecipher) together with typical attackmethods such as frequencyanalysis Public Key Infrastructure support fordigital signature and encryption and itschallenges6
Cryptography and Network Security: Principles and Practices by W.Stallings, Prentice Hall, 5th Edition, ISBN-10: 0136097049 B3. Principles of Computer Security: CompTIA Security and Beyond by Wm.A. Conklin et al., McGraw Hill, 3rd Edition, ISBN-10: 0071786198 B4. CompTIA Security Guide to Network Security Fundamentals, Mark Ciampa, 5th .
