Three 50 minutes lectures per week (3-0-3)
Designation: Elective Course
Course Level: Undergraduate
Prerequisite(s) by Topic:
- Introduction to net-centric computing
- Communication and networking
- Security and Protection
Introduction to computer and network security; Security services: confidentiality, integrity, availability, accountability; Hacker techniques and attack types; Public and private key encryption; Authentication; Digital signature; User identification and access control; Computer viruses, Trojans and worms; Risk management and analysis; Information security process; Internet security: security protocols such as IPSec, SSL, TLS, email and web security; Security technologies and systems: Firewalls, VPN and IDS.
Note: ICS 444 is Equivalent to SWE 421. Students can take credit for only one of them.
Eric Maiwald, Fundamentals of Network Security, McGraw-Hill Technology Education, 2004.
Reference(s) and Other Material:
- S. McClure and George Kurtz, Hacking Exposed, 5th Edition, McGraw Hill. (OPTIONAL)
- William Stallings. Cryptography and Network Security, Third Edition, Prentice Hall, 2003.
- Matt Bishop, Computer Security: Art and Science, Addison Wesley, 2003.
After completion of this course, the student shall be able to:
- Describe computer and network security fundamental concepts and principles.
- Identify and assess different types of threats, malware, spyware, viruses, vulnerabilities, and today's attacks such as social engineering, rootkit, and botnets.
- Describe the inner-workings of today's remote exploitation and penetration techniques
- Describe the inner-workings of popular encryption algorithms, digital signatures, certificates, anti-cracking techniques, and copy-right protections
- Demonstrate the ability to select among available network security technology and protocols such as IDS, IPS, firewalls, honeynets, SSL, SSH, IPSec, TLS, VPNs, etc.
- Gain hands-on experience using popular security tools, auditing, vulnerability scanning, and pen-testing.
- Demonstrate the ability to use security lingo and terminology.
- Identify ethical, professional responsibilities, risks and liabilities in computer and network environment, and best practices to write a security policy.
- Digital signatures
- Social engineering
- Secure network protocols
- Malware and viruses
- Software cracking
- Remote exploitation and buffer overflow attacks
- Modern attacks such as Botnets and Rootkits
- Network Security
- Penetration testing, vulnerability scanning, and security auditing
- Firewalls and Intrusion Detection/Prevention
- Risk Assessment and Management
- Legal, Privacy, and Legal Issues