Search


CS 225 Syllabus



Computer and Network Security



Fall 2006



CIS Department



Saint Vincent College



General Information

  • 3 credits
  • Prerequisites:
    • Prerequisite or concurrent: CS 111 (or permission of the instructor).
    • Exceptions to the CS 111 requirement can sometimes be made. See the instructor on this.
  • Instructor: Brother David Carlson
  • Office: Physics 201
  • Office hours:
    • Mon Wed 9:30 - 11:15 am
    • Mon Wed 1:30 - 3:00 pm
    • Tue Thurs 2:00 - 3:00 pm
    • and by appointment
  • Phone: 724-805-2416 or extension 2416 on campus
  • Email: carlsond@stvincent.edu
  • The CIS lab on the ground floor of the Physics building will be available according to a schedule that will be posted outside of the lab and under the CIS Department Web Page. The lab will usually be staffed by tutors who can assist you with this course.
  • Text: Counter Hack Reloaded, 2nd. ed., by Ed Skoudis with Tom Liston, Prentice Hall/Pearson (2006).
  • Supplemental reading (not required): Malware: Fighting Malicious Code, by Ed Skoudis with Lenny Zeltser, Prentice Hall PTR (2004).

Description


This course examines both the theory and practice of computer and network security. Topics include cryptography, the Internet, viruses, crackers, sniffers, backdoors, network attacks, trojan horses, intrusion detection, and firewalls. Examples of attacks and how to protect against them will be drawn from both the Windows and Unix/Linux worlds. Hands on lab exercises are included.

Why Take This Course?


This course is an elective for CIS majors and a possible course for CIS minors. In a time of increasing network attacks, this topic is particularly timely. The course aims to demystify common attack techniques and to provide knowledge about appropriate defenses.

The Prerequisite


Although no programming is likely to be done in this course, some programming ability is helpful in understanding how some of the attacks and defenses work.

The Text


Be sure to get the second edition, not the original Counter Hack book as there have been considerable revisions in several sections. There have been a lot of developments in the malware/security world in the last few years! The text starts with an introduction to topics needed to understand the rest of the book: the essentials of networking, Windows, and Unix. The book is not an encyclopedia of hundreds of attacks. Rather, it concentrates on typical ones and proceeds in a logical manner, following the order that many attackers use: reconnaissance, scanning, various types of attacks, maintaining access, and covering up. This is a very readable book and presents its topics quite clearly.

Core Goals


This course contributes especially toward the following core curriculum goals, listed in order of emphasis:
  1. To form habits of ordered inquiry, logical thinking, and critical analysis
  2. To develop mathematical skills and quantitative literacy
  3. To develop effective communication skills

CIS Department Goals


This course contributes to the following departmental goals, listed in order of emphasis. Although this course does not involve software engineering skills, it does heavily involve the other skills listed in the first point below.
  1. The CIS graduate should demonstrate the ability to manage the complexity of a technical problem through the use of good problem solving skills and software engineering skills, as well as ethical and decision-making skills.
  2. The CIS graduate should have a broad knowledge of the field of computing.

Course Goals and Means of Assessment

  1. By the end of the course, the student should be able to explain how the main types of attacks and defenses work.
  2. By the end of the course, the student be able to carry out examples of the above on both Windows and Unix/Linux systems.
These goals will be assessed through exams and hands-on labs. The labs are especially used to assess the second goal. Informal student comments are also considered.

Ethics


In taking this course, the student agrees to use the tools appropriately. In particular, the student promises to only use attack tools against the systems explicitly labeled as targets in the course labs. No attacks of any type are to be launched against other systems or networks, unless clear permission has been obtained from the administrators of those systems and networks. Many of these tools can be dangerous or cause alarm if used inappropriately. In this course, all activity that is worrisome will be conducted on a test LAN that is isolated from all other networks. Students who want to test their own computers for security flaws should exercise similar caution.

Students who fail to follow this promise risk disciplinary action by the college, law enforcement, etc. See the CIS Department Policies page for general guidelines on computer ethics.

Grading and Course Policies

  • 35% Midterm Exam
  • 35% Final Exam: Tuesday, Dec 12, 6:30 - 8:30 pm
  • 30% Homework, Labs, and Quizzes
The work to turn in will usually be lab reports, but there may be some homework problems to solve and turn in as well. Some of the labs (the safer ones) will be held in the CIS lab. The labs using the test LAN will be held in small sessions in Br. David's office. For each lab, students must sign up for one of the sessions. Note that the labs are a key course requirement (and perhaps the most fun part of the course). By taking the course you are committing yourself to carrying out a 1 to 2 hour lab most weeks.

Letter grades will be given according to the scheme found in the College Bulletin. Exams will be announced in advance and will be closed-book in nature unless otherwise specified. On closed-book exams, only the test paper, calculators, pens, pencils, and erasers may be used. Cell phones and pagers should be turned off and put away. Calculators may be used on exams but are not to be shared among students.

Tests and quizzes will ask critical thinking questions that require one paragraph of analysis, explanation, and conclusions. A few multiple choice and true/false questions are also included. Labs involve a lot of hands-on activity to try out a certain security situation, investigate what occurs, gather data, etc. Besides reporting the raw data, students will usually be required to write one to two pages of explanation and conclusions based on that data. There will be approximately 12 labs.

Both the instructor and students are expected to do their best to produce a good class and to treat each other with respect. This includes many factors, such as listening when someone else is speaking, trying to understand what others are saying, being of assistance to others, etc. It definitely does NOT include making fun of others. On a practical level, do your best to improve your grade: read the text, attend class, do the homework and labs, ask questions, and try to answer questions in class! Computer science requires active participation and repeated practice. If you begin to feel lost, consult one of the tutors, see the instructor, or work through the difficulties with the help of another student in the course. Do not let yourself get behind. Note in particular that attendance is expected. Student performance is bound to deteriorate when classes are missed. In order to emphasize the importance of attendance, the policies outlined right after this paragraph will be used.
  • If the student does not attain a passing combined test/quiz average, a failing grade will be received for the course.
  • Each unexcused class absence after the first 2 results in 3 percentage points being deducted from the final course grade.
  • Arriving late for class or leaving early (without a proper excuse) is counted as 1/2 of an absence.
  • Missing a lab (without an acceptable excuse) is counted as 1/2 of an absence.
  • An unexcused absence from an exam results in the failure of the course.
  • Unexcused absence from more than one-third of the semester's classes.
    • or one-half of the semester's labs results in the failure of the course.
  • Attendance is used to decide borderline grades at the end of the semester.
  • Unexcused absence from class results in a grade of zero for any quiz or other activity done in that class.
  • Late lab work or homework is not accepted unless resulting from an excused absence.
  • Written documentation (such as a note from a doctor's office or coach of one's sports team) is normally required for an absence to be excused. Bring a copy of such a note to give to your instructor when class or lab must be missed. In special circumstances, check with your instructor.
  • At the end of the semester, the lowest grade in the homework/quiz/lab category will be dropped. This is primarily to help students who have been ill and had to miss some class time.
Make-up exams are strongly discouraged. If possible, take the regularly scheduled exam. For an excused absence for a significant reason, the instructor may agree to give a make-up exam. Whenever possible, see your instructor ahead of time if you know you must miss an exam. Normally some type of written documentation is required (such as a note from the coach or doctor). Students participating in sports teams are required to provide the instructor at the start of the semester with a schedule of games that might conflict with class. If the documentation or reason for missing an exam is poor, the student can count on receiving a more difficult exam, if one is given at all! Do ask about a makeup exam if you have a good reason to miss an exam, as it is understood that illnesses and other complications do happen.

Intellectual honesty is important at Saint Vincent College. Attempts to pass off the work of another as one's own, or group work as one's individual work, will result in action appropriate to the seriousness of the situation. All cases of apparent intellectual dishonesty are referred to the college administration. In this course, students are expected to do entirely their own work on the exams and quizzes. Homework and labs can be worked on together unless stated otherwise. In fact, the labs are typically done in small groups, though one group should not be using the results created by another group.

Be sure to read and follow the CIS Department Policies, available under the CIS Department Web Page. (This statement covers especially the proper use of departmental computing facilities, policies concerning your Web pages, etc.) In addition, read the Regulations section of the College Bulletin, which covers such things as grading, academic honesty, etc.

Students with disabilities who require academic accomodations and support services should please consult Mrs. Sandy Quinlivan. You may contact her by telephone (724-805-2371), SVC email, or by scheduling an appointment in Academic Affairs (located directly above the Post Office). Reasonable accomodations do not alter the essential elements of any courses, programs, or activities.

If the instructor needs to cancel class, every effort will be made to post a note to this effect on the course web page and on the door to the classroom. If this cannot be done, as a last resort the instructor's phone greeting will be changed to indicate that class is cancelled.



Maintained by: Br. David Carlson
Last updated: August 20, 2008
Disclaimer