ECE 40400 - Introduction to Computer Security

Lecture Hours: 3 Credits: 3

Counts as:
CMPE Selective
EE Elective

Normally Offered: Each Spring

Requisites:
ECE 36800

Catalog Description:
This course will introduce the student to a systems perspective on host- based and network-based computer security. The student will be introduced to current vulnerabilities and measures for protecting hosts and networks. The course material will be supplemented with regular written and programming assignments.

Required Text(s):
  1. Cryptography and Network Security: Principles and Practice, 6th Edition, William Stallings, Prentice Hall, 2013, ISBN No. 9780133354690.
Recommended Text(s):
  1. Computer Networking: A Top Down Approach Featuring the Internet, 3rd Edition, J. Kurose and Keith Ross, Addison-Wesley, 2004, ISBN No. 0-321-22735-2.
  2. Network Security: Private Communication in a Public World, 2nd Edition, Charlie Kaufman, Radia Penman, Mike Speciner, Prentice Hall, 2002, ISBN No. 0-13-046019-2.
  3. Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley Computer Publishing, 2001, ISBN No. 0-471-38922-6.
  4. Security in Computing, 3rd Edition, Charles P. Pfieeger, Prentice Hall, 2002, ISBN No. 0-13-035548-8.

Learning Outcomes:

A student who successfully fulfills the course requirements will have demonstrated:
  1. sufficient understanding of TCP/IP to understand vulnerabilities of and defenses for TCP/IP. [1,4,6]
  2. an introductory level of knowledge on secure protocols, their use and their limitations. [1,4]
  3. knowledge of how to access and understand CERT, IETF and SANS advisories. [4]
  4. an ability to implement and design basic rule-based firewall/intrusion detection systems. [1,2,4,6]

Lecture Outline:

Weeks Major Topics
1 Overview of security, history, legal issues
2 Review/introduction to TCP/IP
1 Reconnaissance and scanning
1 Sniffing and spoofing
1 Secure protocols, eg., SSL, IPSec
1 Authentication protocols
1 Brief introduction to cryptography
1 Man-in-the-middle attacks and session hijacking
3 Attacks: buffer overflows, password cracking, race conditions trojans, rootkits, denial of service
1 Firewalls and intrusion detection (signature and anomaly)
1 Viruses and worms
1 DNS vulnerabilities and DNSSec