CIS Logo SVC Logo

   Computing & Information Systems
   Department

 

Schoology Facebook        Search CIS Site      Tutorials

CS 225 Syllabus



Computer and Network Security



Fall 2010



CIS Department



Saint Vincent College



General Information

  • 3 credits
  • Prerequisites: CS 110
  • Instructor: Brother David Carlson
  • Office: Physics 201
  • Office hours:
    • Mon, Tue, Wed, Fri 9:30 - 11:15 am
    • Tue, Thurs 12:30 - 2:30 pm
    • and by appointment
  • Phone: 724-805-2416 or extension 2416 on campus
  • Email: david.carlson@email.stvincent.edu
  • The CIS lab on the ground floor of the Physics building will be available according to a schedule that will be posted outside of the lab and under the CIS Department Web Page. Beware of getting a different edition or an international edition as these are likely to vary.
  • Text: Counter Hack Reloaded, 2nd. ed., by Ed Skoudis with Tom Liston, Prentice Hall/Pearson (2006), ISBN 978-0-13-148104-6.
  • Supplemental reading (not required): Malware: Fighting Malicious Code, by Ed Skoudis with Lenny Zeltser, Prentice Hall PTR (2004), 978-0-13-101405-3.

Description


This course examines both the theory and practice of computer and network security. Topics include cryptography, the Internet, viruses, crackers, sniffers, backdoors, network attacks (such as drive-by downloads), trojan horses, intrusion detection, and firewalls. Examples of attacks and how to protect against them will be drawn from both the Windows and Unix/Linux worlds. Hands on lab exercises are included.

Why Take This Course?


This course is an elective for most CIS majors (but required for those in the computer security concentration) and a possible course for CIS minors and others interested in this timely topic. In a time when attacks are increasing, both in number and in sophistication, the study of computer security is of considerable importance. Computer security professionals are also in demand, both by the government and industry, as there are too few such professionals to go around. The course aims to demystify common attack techniques and to provide knowledge about appropriate defenses.

The Prerequisite


Although no programming is likely to be done in this course, some programming ability is helpful in understanding how some of the attacks and defenses work.

The Text


Be sure to get the second edition, not the original Counter Hack book as there have been considerable revisions in several sections. The text starts with an introduction to topics needed to understand the rest of the book: the essentials of networking, Windows, and Unix. The book is not an encyclopedia of hundreds of attacks. Rather, it concentrates on typical ones and proceeds in a logical manner, following the order that many attackers use: reconnaissance, scanning, various types of attacks, maintaining access, and covering up. This is a very readable book and presents its topics quite clearly.

Core Goals


This course contributes especially toward the following core curriculum goals, listed in order of emphasis:
  1. To form habits of ordered inquiry, logical thinking, and critical analysis
  2. To develop mathematical skills and quantitative literacy
  3. To develop effective communication skills

CIS Department Goals


This course contributes to the following departmental goals, listed in order of emphasis. Although this course does not involve software engineering skills, it does heavily involve the other skills listed in the first point below.
  1. The CIS graduate should demonstrate the ability to manage the complexity of a technical problem through the use of good problem solving skills and software engineering skills, as well as ethical and decision-making skills.
  2. The CIS graduate should have a broad knowledge of the field of computing.

Course Goals and Means of Assessment

  1. By the end of the course, the student should be able to explain how the main types of attacks and defenses work.
  2. By the end of the course, the student be able to carry out examples of the above on both Windows and Unix/Linux systems.
These goals will be assessed through exams and hands-on labs. The hands-on labs are especially used to assess the second goal, as these have students perform the desired attacks and defenses. Informal student comments are also considered.

Ethics


In taking this course, the student agrees to use the tools appropriately. In particular, the student promises to only use attack tools against the systems explicitly labeled as targets in the course labs. No attacks of any type are to be launched against other systems or networks, unless clear permission has been obtained from the administrators of those systems and networks. Many of these tools can be dangerous or cause alarm if used inappropriately. In this course, all activity that is worrisome will be conducted on a test LAN that is isolated from all other networks. Students who want to test their own computers for security flaws should exercise similar caution.

Students who fail to follow this promise risk disciplinary action by the college, law enforcement, etc. Any apparent breaches of this ethics promise will be reported to the administration for appropriate action. See the CIS Department Policies page for general guidelines on computer ethics.

Grading and Course Policies

  • 25% Exam 1
  • 25% Exam 2
  • 30% Final Exam: Thursday, Dec 16, 11:00 am - 1:00 pm
  • 20% Labs, Homework, and Quizzes
The work to turn in will usually be lab reports, but there may be some homework problems to solve and turn in as well. Some of the labs (the safer ones) will be held in the CIS lab. The labs using the test LAN will be held in small sessions in Br. David's office. For each lab, students must sign up for one of the sessions. Note that the labs are a key course requirement (and perhaps the most fun part of the course). By taking this course you are committing yourself to carrying out a 1 to 2 hour lab several times during the semester. Homework, quiz, and test answers are expected to be written using good English. These items will be graded not just on the correctness of their answers, but also on the clarity of their presentation. This is intended to help the student to develop good written communications skills. A student may at times be asked to explain a homework problem or other topic to the class. The purpose is both to help others with the solution of the problem and to assist the student in developing good communications skills.

Letter grades will be assigned according to the scheme found in the current College Bulletin. Exams will be announced in advance and will be closed-book in nature. Quizzes could be given at any time. Calculators may be used on the exams and quizzes. Cell phones and pagers should be turned off and put away during exams. On a test, students may only use the test itself, calculators, pens, pencils, and erasers. Calculators may not be passed between students. No laptops or other computers may be used on an exam or quiz.

Tests and quizzes will ask critical thinking questions that often require a paragraph of analysis, explanation, and conclusions. A few multiple choice, true/false, and other short answer questions are also included. Labs involve a lot of hands-on activity to try out a certain security situation, investigate what occurs, gather data, etc. Besides reporting the raw data, students will usually be required to write several paragraphs of explanation and conclusions based on that data. There will be several such labs.

Both the instructor and students are expected to do their best to produce a good class and to treat each other with respect. This includes many factors, such as listening when someone else is speaking, trying to understand what others are saying, being of assistance to others, etc. It definitely does NOT include making fun of others. On a practical level, do your best to improve your grade: read the text, attend class, do the homework and labs, ask questions, and try to answer questions in class! CS courses requires active participation and repeated practice. If you begin to feel lost, see the instructor or work through the difficulties with the help of another student in the course. Do not let yourself get behind. Note in particular that attendance is expected. Student performance is bound to deteriorate when classes are missed. In order to emphasize the importance of attendance, the policies outlined right after this paragraph will be used.
  • If the student does not attain a passing average in the test category, a failing grade will be received for the course.
  • Each unexcused class absence after the first 3 results in 1.5 percentage points being deducted from the final course grade.
  • Arriving late for class or leaving early (without a proper excuse) is counted as 1/2 of an absence.
  • Missing a lab (without an acceptable excuse) is counted as 1/2 of an absence.
  • An unexcused absence from an exam results in the failure of the course.
  • Unexcused absence from more than one-third of the semester's classes or one-half of the semester's labs results in the failure of the course.
  • Attendance is used to decide borderline grades at the end of the semester.
  • Unexcused absence from class results in a grade of zero for any quiz or other activity done in that class.
  • Late lab work or homework is not accepted unless resulting from an excused absence.
  • Written documentation (such as a note from a doctor's office or coach of one's sports team) is normally required for an absence to be excused. Always bring a copy of such a note to give to your instructor when class must be missed. In special circumstances, check with your instructor.
  • At the end of the semester, the lowest grade in the homework/quiz/lab category will be dropped. This is intended to cover absences due to minor illnesses, sports, and the like.
Make-up quizzes will not normally be given. For an excused absence, the student will simply be excused from the quiz. Make-up exams are strongly discouraged. If possible, take the regularly scheduled exam. For an excused absence for a significant reason, the instructor may agree to give a make-up exam. Whenever possible, see your instructor ahead of time if you know you must miss an exam (e.g. due to sports). Normally some type of written documentation is required (such as a note from the coach, doctor, etc.). If the documentation or reason for missing an exam is poor, the student can count on receiving a significantly more difficult exam, if one is given at all! Do ask about a makeup exam if you have a good reason to miss an exam, as it is understood that illnesses and other complications do happen.

Intellectual honesty is important at Saint Vincent College. Attempts to pass off the work of another as one's own, or group work as one's individual work, will result in action appropriate to the seriousness of the situation. All cases of apparent intellectual dishonesty are referred to the college administration. In this course, students are expected especially to do entirely their own work on the exams and quizzes. Homework and labs can be done together unless explicitly stated otherwise. In fact, the labs are typically done in small groups, though one group should not be using the results created by another group. Some students learn better when working mostly alone. Others do better when working together. However, never simply copy someone else's work as that does little to help you to learn the material. Remember that you are responsible for knowing how to solve the homework problems and that you will have to face the test questions on your own.

Be sure to read and follow the CIS Department Policies, available under the main CIS Department Web Page. This statement covers especially the proper use of departmental computing facilities, policies concerning web pages, etc.) In addition, read the Regulations section of the College Bulletin (which covers such things as grading, academic honesty, etc.) and the Student Handbook (which covers academic honesty, classroom etiquette, etc.).

Students with disabilities who may be eligible for academic accommodations and support services should please contact the Associate Dean of Studies, Mrs. Sandy Quinlivan, by phone (724-805-2371), email (sandy.quinlivan@email.stvincent.edu) or by appointment (Academic Affairs-Headmaster Hall). Reasonable accommodations do not alter the essential elements of any course, program or activity.

If the instructor needs to cancel class, every effort will be made to send an email message to students' Saint Vincent email accounts and to post the class cancellation on the college website as well as the course webpage.

Maintained by: Br. David Carlson
Last updated: December 05, 2010
Disclaimer