CSE 467/567 Computer and Network Security (3 credits)

Catalog description:

Fundamentals of network, operating system and application security. Students will study and implement a variety of security techniques including defense, response and forensics. Extensive analysis, reading and writing will be integral to this course.

Prerequisites: 

CSE 283 and CSE 383 , (or permission of instructor)

Required Topics:

  • Security Policies and Practices
    • Security Policies and their uses
    • Incident responses
    • Common Policies and Top Attacks
    • Vulnerability Analysis
  • Application Security
    • Writing secure programs
    • Security at the requirements gathering
    • Security testing
    • Buffer Overflow
    • Data Input parsing and checking
    • Error handling/logging
  • Cryptography
    • Public and Private Key systems
    • File encryption
      • Email encryption
      • Network Encryption
      • Digital Signatures
      • Key Infrastructures
      • SSl & certificates
  • Network Security
    • Secure Sockets
    • Terminal Security (SSH)
    • Levels of Protection
      • Protecting machines
      • Protecting websites
      • Protecting local networks
    • Firewalls
    • IPTables and IPFW
  • Operating System Security
    • Physical security
    • Backup and recovery
    • Authentication
      • Tokens
      • Passwords
      • One Time Passwords
      • Password generating devices
      • Synchronized password devices
    • Boot Security
    • File Security

Learning Outcomes:

1: Students shall be able to describe Security Policies and Practices

1.1: Students shall be able to describe common Security Policies and their uses

1.2: Students shall be able to describe the role of people in Security

1.3: Students shall be able to craft appropriate security policies for common applications

2: Students shall be able to describe the role of security and security policies in the development of software systems

2.1: Students shall demonstrate knowledge of the basics of writing secure programs

2.2: Students shall be able to write appropriate and perform appropriate security tests to programs at the unit and program level.

2.3: Students shall demonstrate understanding of the concepts and methods of preventing Buffer Overflow Attacks

2.4: Students shall demonstrate understanding of the concepts and methods for performing Data Input parsing and checking

2.5: Students shall demonstrate understanding of the concepts and methods for performing Error handling/logging

2.6: Students shall demonstrate understanding of the concepts and methods for performing Authentication

3: Students shall be able to describe the role of security and security policies in operating systems

3.1: Students shall demonstrate understanding the needs relating to Physical security

3.2: Students shall demonstrate understanding of the needs, concepts and methods for performing Backup and recovery

3.3: Students shall demonstrate understanding of the needs, concepts and methods for performing user Authentication

3.4: Students shall demonstrate understanding of the needs, concepts and methods for performing file security

4: Students shall be able to describe the role of security and security policies in networks

4.1: Students shall demonstrate an understanding of the use of secure sockets (SSL)

4.2: Students shall demonstrate an understanding of the use of Terminal Security (SSH)

4.3: Students shall demonstrate an understanding tools and techniques to protecting computers.

4.4: Students shall demonstrate an understanding of tools and techniques to protect web applications

4.5: Students shall demonstrate an understanding of tools and techniques to protect local networks

4.6: Students shall demonstrate an understanding of the use of Firewalls

4.7: Students shall demonstrate an understanding of the use of Virtual Private Networks

5: Students shall be able to describe and implement methods for protecting information and systems using encryption

5.1: Students shall demonstrate an understanding of the use of Public and Private Key systems.

5.2: Students shall demonstrate an understanding of the use of File encryption

5.3: Students shall demonstrate an understanding of the use of Email encryption

5.4: Students shall demonstrate an understanding of the use of Digital Signatures

5.5: Students shall demonstrate an understanding of the use of Key Infrastructures

5.6: Students shall demonstrate an understanding of the use of SSl & certificates

6: Students shall implement security best practices.

6.1: Students shall be able to implement Vulnerability Analysis

6.2: Students shall be able to describe and develop appropriate Incident response

Graduate students:

Students taking the course for graduate credit will have additional or more in-depth problems in the lab/programming assignments.