Please see the midterm guide for a list of topics.
Please see the final exam guide for a list of topics.
Each student will be reqiured to give a presentation in the last regular week of class. These presentations should be done in groups of 2-3 students. Each group will have approximately 15 minutes to present on a security topic of their choice (the exact amount of time will be specified once groups are established). As specified in the syllabus, this presentation is worth 10% of your course grade.
Your presentation may be on any topic related to the class, but must not be a duplication of material covered in lecture or lab. Examples of good topics are specific types of attacks not discussed in lecture, specific recent attacks that have taken place, and sepcific security technologies not covered in lab. Topics and groups must be emailed to the instructor, with a subject line including "CIS458", by Nov 10.
Each student must contribute to the development of your presentation and speak during the presentation. 20% of the presentation grade will be based on your visuals aids. This does not mean you need a powerpoint slide show, but you may use one if you would like. If your presentation consists of you reading the text off of your visual aid, you will lose some points in this category. 30% of your grade will be based on presentation skills. This will be evenly divided between organization, timing (do not go over your group's time) and communication skills. 50% of the grade will be based on on depth and accuracy of technical content. Your audience is students who have taken this class. Therefore, do not spend more than a minute or two on material already covered in class. However, also do not assume security knowledge beyond what has been covered in class. Each group member will be graded individually on visuals and presentation skills, and as a group on technical content.
|9/1/2016||Security overview (ch 1)||No Lab Assignment||N/A|
|9/8/2016||Cryptography Tools||Encryption with OpenSSL||9/15/2016|
|9/15/2016||Programming Cryptography||Encryption with the Java Cryptography API||9/22/2016|
|9/22/2016||Passwords||Password Cracking Lab||9/29/2016|
|9/29/2016||Access Control||Linux Capability Assignment||10/6/2016|
|10/6/2016||Database/Web Security||SQL Injection Lab||10/20/2016|
|10/20/2016||Intrusion Detection||Tripwire Lab||11/3/2016|
|11/3/2016||Firewalls||iptables firewall lab||11/10/2016|
|11/17/2016||Buffer overflow||Buffer Overflow Attack||12/1/2016|
Note: This schedule is approximate and subject to change depending on speed of coverage or other circumstances.
|Tue, Aug 30||Course Intro||N/A|
|Thu, Sep 1||Cryptography basics||2.1, 2.5|
|Tue, Sep 6||Labor day break||N/A|
|Thu, Sep 8||Stream ciphers and block cipher modes||20.4 - 20.5|
|Tue, Sep 13||Asymmetric Cryptograpy Algorithms||2.3, 21.3 - 21.4|
|Thu, Sep 15||Digital Signatures and Message Authentication||2.2, 2.4, 21.1 - 21.2|
|Tue, Sep 20||Password based authentication||3.1 - 3.2|
|Thu, Sep 22||Other authentication methods||3.3 - 3.8|
|Tue, Sep 27||Discretionary Access Conrol||4.1 - 4.4|
|Thu, Sep 29||Role Based Access Control||4.5 - 4.8|
|Tue, Oct 4||Database Security||Chapter 5|
|Thu, Oct 6||Malware Propagation||6.1 - 6.5|
|Tue, Oct 11||Malware Payload||6.6 - 6.10|
|Thu, Oct 13||Midterm||N/A|
|Tue, Oct 18||Denial of Service||Chapter 7|
|Thu, Oct 20||Intrusion Detection||Chapter 8|
|Tue, Oct 25||Firewall Types and Configuration||9 - 9.3|
|Thu, Oct 27||Firewall Location||9.4 - 9.6|
|Tue, Nov 1||Email Security||22.1 - 22.2|
|Thu, Nov 3||SSL/TLS||22.3 - 22.4|
|Tue, Nov 8||Network Authentication||Chapter 23|
|Thu, Nov 10||Wireless Network Security||Chapter 24|
|Tue, Nov 15||Buffer Overflow||Chapter 10|
|Thu, Nov 17||Software Security||Chapter 11|
|Tue, Nov 22||Operating System Security||Chapter 12|
|Thu, Nov 24||Thanksgiving break||N/A|
|Tue, Nov 29||Formal Security Models||13.1 - 13.2|
|Thu, Dec 1||Trusted Systems and TPM||13.3, 13.5|
|Tue, Dec 6||Presentations||N/A|
|Thu, Dec 8||Presentations||N/A|