Catalog description:

Fundamentals of network, operating system and application security. Students will study and implement a variety of security techniques including defense, response and forensics. Extensive analysis, reading and writing will be integral to this course.

Prerequisites: 

CSE 383

Required Topics:

• Security Policies and Practices
  • Security Policies and their uses
  • Incident responses
  • Common Policies and Top Attacks
  • Vulnerability Analysis
• Application Security
  • Writing secure programs
  • Security at the requirements gathering
  • Security testing
  • Buffer Overflow
  • Data Input parsing and checking
  • Error handling/logging
• Cryptography
  • Public and Private Key systems
  • File encryption
    • Email encryption
    • Network Encryption
    • Digital Signatures
    • Key Infrastructures
    • SSl & certificates
• Network Security
  • Secure Sockets
  • Terminal Security (SSH)
  • Levels of Protection
    • Protecting machines
    • Protecting websites
    • Protecting local networks
  • Firewalls
  • IPTables and IPFW
• Operating System Security
  • Physical security
  • Backup and recovery
  • Authentication
    • Tokens
    • Passwords
    • One Time Passwords
    • Password generating devices
    • Synchronized password devices
  • Boot Security
  • File Security

Learning Outcomes:

1. Students shall be able to describe Security Policies and Practices
   • Students shall be able to describe common Security Policies and their uses
   • Students shall be able to describe the role of people in Security
   • Students shall be able to craft appropriate security policies for common applications
2. Students shall be able to describe the role of security and security policies in the development of software systems
   • Students shall demonstrate knowledge of the basics of writing secure programs
   • Students shall be able to write appropriate and perform appropriate security tests to programs at the unit and program level
   • Students shall demonstrate understanding of the concepts and methods of preventing Buffer Overflow Attacks
   • Students shall demonstrate understanding of the concepts and methods for performing Data Input parsing and checking
   • Students shall demonstrate understanding of the concepts and methods for performing Error handling/logging
   • Students shall demonstrate understanding of the concepts and methods for performing Authentication
3. Students shall be able to describe the role of security and security policies in operating systems
   • Students shall demonstrate understanding the needs relating to Physical security
   • Students shall demonstrate understanding of the needs, concepts and methods for performing Backup and recovery
   • Students shall demonstrate understanding of the needs, concepts and methods for performing user Authentication
   • Students shall demonstrate understanding of the needs, concepts and methods for performing file security
4. Students shall be able to describe the role of security and security policies in networks
   • Students shall demonstrate an understanding of the use of secure sockets (SSL)
   • Students shall demonstrate an understanding of the use of Terminal Security (SSH)
   • Students shall demonstrate an understanding tools and techniques to protecting computers
   • Students shall demonstrate an understanding of tools and techniques to protect web applications
   • Students shall demonstrate an understanding of tools and techniques to protect local networks
   • Students shall demonstrate an understanding of the use of Firewalls
   • Students shall demonstrate an understanding of the use of Virtual Private Networks
5. Students shall be able to describe and implement methods for protecting information and systems using encryption
   • Students shall demonstrate an understanding of the use of Public and Private Key systems
   • Students shall demonstrate an understanding of the use of File encryption
   • Students shall demonstrate an understanding of the use of Email encryption
   • Students shall demonstrate an understanding of the use of Digital Signatures
   • Students shall demonstrate an understanding of the use of Key Infrastructures
   • Students shall demonstrate an understanding of the use of SSl & certificates
6. Students shall implement security best practices
   • Students shall be able to implement Vulnerability Analysis
   • Students shall be able to describe and develop appropriate Incident response

Graduate students:

Students taking the course for graduate credit will have additional or more in-depth problems in the lab/programming assignments.