Security Fundamentals

University at Albany, State University of New York

Center for Information Forensics and Assurance (CIFA)

Fall 2004

Instructor Information

Name: Sanjay Goel
Email: [email protected]
Phone: (518)442-4925
Office Location: 310b Business Administration
Office Hours:

Class Information

Time: 8:30-11:30 (tentative)
Location: CIFA Teaching Laboratory
Dates: August 2004 - December 2004
Credit(s): 1
Call #:
Available Lab(s): BA222

Course Overview

This course is intended to teach information security fundamentals to students in order to enable them to undertake more advanced classes. This course introduces information security threats and vulnerabilities that organizations face today. The course teaches hands-on exercises in security compliance verification, as well as security intrusion.

Course Prerequisites

It is assumed that students will come in with varied backgrounds in information systems so the class will start with a general background of computer security. It would be helpful if students have general knowledge of the following topics:

Computer Networks and Telecommunications
System Administration
Database Architecture
Multi-Tier Software Architecture

Although some level of competency with these topics is generally expected, it is not necessarily required. Please feel free to discuss your plan of study with the professor if you have any reservations.

Learning Objectives (Programming Concepts)

Students will learn:

Various vulnerabilities of computers & network systems as well as the different modes of attack
Techniques to prevent attacks

Students should be able to:

Simulate different attacks in a controlled environment
Identify different security threats to the organization
Take more advanced classes in IT Security & Risk Analysis

Class Structure

The first half of each class will be conducted in the classroom and the second half of the class will take place in the computer lab. The students will learn basic concepts in the first half of the class and go through an exercise applying these concepts in the second half. Please come prepared with the readings since the class will move at a brisk pace.

Assignments

There will be assignments after each class that need to be done to understand the subject material. Please work individually on all assignments. It is okay to discuss the concepts and questions with other colleagues, but it is improper to copy each other's work. Not all assignments will be graded, however, please make sure that you complete all your assignments. The assignments must be submitted in the class one week after the assignment with your name and the assignment number clearly marked on the assignment sheet.

Text & Reference Books

Two books are listed in the syllabus, however only the textbook is required. The other book is listed for students who would like additional material to increase their understanding. There is also a lot of material available on the web. Please check the NIST and CERT web sites for supplementary information.

Text: Security in Computing (Third Edition) by Charles P. Pfleeger & Shari Lawrence Pfleeger

Reference: Hackers Beware by Eric Cole

Grading

Homework: 50%

Exam: 50%

Course Schedule

No.	Topics	Readings
1	Introduction to Security Password-based Attacks	Pfleeger Chapter 1
1	Password Security Laboratory
2	Network-based Attracks & Controls I	Pleeger Chapter 7
2	Network Penetration Laboratory
3	Network Based Attacks & Controls II	Pfleeger Chapter 8
3	Network Penetration Laboratory II
4	Database Security	Pfleeger Chapter 8
4	Database Security Lab
5	Attack Simulations	Pleeger Chapter 1
5	Final Exam