ECE 49500 - Introduction to Computer Security (Now runs as ECE 40400)

Lecture Hours: 3 Credits: 3

Counts as:

Experimental Course Offered: Spring 2003, 2005, 2006, 2007, Spring 2008, Fall 2008, Spring 2009

Catalog Description:
This course will introduce the student to a systems perspective on host- based and network-based computer security. The student will be introduced to current vulnerabilities and measures for protecting hosts and networks. The course material will be supplemented with regular written and programming assignments.

Supplementary Information:
Spring 2009 CRN 17257

Required Text(s):
  1. Cryptography and Network Security: Principles and Practice, 4th Edition, William Stallings, Prentice Hall, 2003, ISBN No. 0130914290.
Recommended Text(s):
  1. Computer Networking: A Top Down Approach Featuring the Internet, Third Edition, J. Kurose and Keith Ross, Addison-Wesley, 2004, ISBN No. 0-321-22735-2.
  2. Network Security: Private Communication in a Public World, Second Edition, Charlie Kaufman, Radia Penman, Mike Speciner, Prentice Hall, 2002, ISBN No. 0-13-046019-2.
  3. Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley Computer Publishing, 2001, ISBN No. 0-471-38922-6.
  4. Security in Computing, Third Edition, Charles P. Pfieeger, Prentice Hall, 2002, ISBN No. 0-13-035548-8, 2002.

Learning Outcomes:

  1. sufficient understanding of TCP/IP to understand vulnerabilities of and defenses for TCP/IP. [a,b,e,j]
  2. an introductory level of knowledge on secure protocols, their use and their limitations.. [a,f,j]
  3. knowledge of how to access and understand CERT, IETF and SANS advisories. [f,h,j]
  4. an ability to implement and design basic rule-based firewall/intrusion detection systems. [b,c,e,j ,k]

Lecture Outline:

1 Overview of security, history, legal issues
2 Review/introduction to TCP/IP
1 Reconnaissance and scanning
1 Sniffing and spoofing
1 Secure protocols, eg., SSL, IPSec
1 Authentication protocols
1 Brief introduction to cryptography
1 Man-in-the-middle attacks and session hijacking
3 Attacks: buffer overflows, password cracking, race conditions trojans, rootkits, denial of service
1 Firewalls and intrusion detection (signature and anomaly)
1 Viruses and worms
1 DNS vulnerabilities and DNSSec