MPCS56515 – Computer and Network Security

Autumn Quarter 2015

Preliminary Syllabus


Course Objective

The objective of this course is to provide a basic understanding of Information Technology security – and to build an understanding of the elements that should be in place for an IT environment to achieve an adequate security level.  We will begin with a general overview of IT security and introduce a framework for addressing security needs across an enterprise.  Major security objectives and mechanisms for attaining these objectives will be discussed, including cryptography, authentication systems, Public Key Infrastructure, and platform and network security mechanisms.  This course will give an overview of the technical details involved in the platform and network levels of security.  We will look at common TCP/IP applications and discuss their security vulnerabilities.  The course material will be presented in a framework of understanding business risks and how to address them.


Students in this course will use the Unix operating system as a basis of learning host security mechanisms and should have a basic familiarity with Unix as a prerequisite.  Students should also be familiar with TCP/IP networks.  Students will be installing, configuring and running security tools obtained from the Internet as a part of their classwork.


There will be a great deal of reading in this course.  Students should have the ability to read and write in clear prose.  Students in this course will be writing an in-depth paper or a project and should have the ability to write a substantial paper.


Required Text:        Computer Security: Principles and Practice, 3rd Edition, William Stallings, Lawrence Brown ISBN-10: 0133773922, ISBN-13:  978-0133773927, Publisher:  Prentice Hall, Copyright:  2014




Some of the course reading material will be assigned from selected web sites.



Stallings 3E


Week 1

Instructor(s) Introduction

Course Objectives


Information Security Overview

  • Objectives of Information Security – confidentiality, integrity, availability

Information Security Framework

  • Control elements and layers
  • Describe above elements in terms of the ISF
  • Describe as "road map" to understanding security and this course

Risk – definition, Control - definition

Security Goals and Mechanisms

-          Authentication – Authorization

-          User IDs, passwords, groups, privileges, access rules


Chapter 1

Verizon – 2015 Data Breach Investigations Report



Mandiant M-Trends 2015:  A View from the Front Lines


Cisco 2015 Annual Security Report


Merritt paper on Risk Management


Security Breaches


Pfleeger book – Security in Computing – Chapter 1 – Is There a Security Problem in Computing?



"A "KiA “Kill Chain" Analysis of the 2013 Target Data Breach.



Week  2


*         Symmetric, Asymmetric

*         DES, 3-DES, RSA, AES

Uses of encryption – PGP





Chapters 2 (skip 2.5), 20, 21

Anderson – Security Engineering


Schneier – Security Pitfalls in  Crypto


Anderson – Why Cryptosystems Fail


Ron was wrong, Whit is right




 Week 3


Authentication Mechanisms

*         NIS, NIS+,

*         Kerberos

Single Sign-on products




Access Control


Chapters 3, 4, 23

Windows Authentication = wce –


Protecting Privileged Domain Accounts


Security Engineering – Ross Anderson -  v2 Chapter 3 – Protocols




Week  4

Review – security mechanisms


Host Security – Linux

Authentication - /etc/passwd

Authorization - file permissions rwx


Groups - /etc/groups

Shadow passwords

File permissions - s, S, t

suid risks

Path variable risks

Critical files - /etc/hosts, /.rhosts, etc.

Change control – Tripwire




Chapters 12, 25

Stack overflows explained


Analysis of Buffer Overflow Attacks


Improving the Security of Your Unix System





Week 5

Security Program Development

            security policies

            security awareness programs




Chapaters 14, 15, 17

Information Security Essential Body of Knowledge – on Chalk or

NIST - Generally Accepted Principles and  Practices for Securing Information Technology Systems - review for areas of content, overview of security program development.  Do not read each area in-depth – understand headings.


Security and Privacy Controls for Federal Information Systems and Organizations

Site Security Policy Development

Site Security Handbook - review for areas of content

Social engineering

Week 6


Network Security introduction – attacks, security services and mechanisms

Viruses and other Malware

Denial of Service Attacks,

Network assessment tools



Chapters 6, 7, 8


Firewalls and Internet Security 1st Edition – Chapter 9 Classes of Attacks


Week 7 – Application Security

IP Security

Risks – sniffing, spoofing,

Security over Internet protocols

            /etc/services, /etc/inetd.conf, /etc/rc.d

*         telnet – rlogin – ssh - nfs

*         ftp – tftp

*         web

*         ssl

Chapters 10, 11, 22


Week 8  -


Wrappers and Proxies


Secure Communication over Insecure Networks – VPNs






Chapter 9

Firewalls and Internet Security 1st Edition – Chapter 3 – Firewall Gateways


Week 9


Audit and Compliance

Regulatory Environment




Chapters, 18, 19


Week 10



Week 11 - Final





Grading Policy

Homeworks                            30%

Final                                        25%

Final Project                           25%

Quizzes/Discussion               20%



Homework will mainly consist of configuring, running and reporting on security tools, solving security implementation problems in writing plus one final project.  There will not be in-depth programming assignments – unless the student chooses a final project involving programming.