CSE 3482, Winter 2014

CSE 3482 Introduction to Computer Security Winter, 2014
Lecture Schedule: Mon and Wed 17:30 - 19:00, ACE 005 Instructor: Natalija Vlajic (vlajic @ cse.yorku.ca) Office Hours: Mon and Wed 14:00 - 15:00 (LAS 2047) TA: Dusan Stevanovic (dusan @ cse.yorku.ca)

Course News

May 6: Final exam and preliminary final grades are now available through ePost. Final exam solutions can be found here.
Apr 17: Final exam reminder: The final examination will take place on Wednesday, April 23, TEL 0010 (14:00 - 17:00 pm). The exam is closed book and closed notes. Basic calculators allowed (in fact, required)! 40% of questions will be related to the material covered before and 60% to the material covered after the midterm examination.
Mar 25: LAB 5 will be held on Wednesday, March 26 (Group 1) and Wednesday, April 2 (Group 2) in LAS 1004, from 13:00 - 15:00.
Feb 25: Lab 3 and 4 grades are now available through ePost.
Mar 10: LAB 4 will be held on Wednesday, March 12 (Group 1) and Wednesday, February 19 (Group 2) in LAS 1004, from 13:00 - 15:00.
Feb 10: Teaching evaluations will be held on March 17.
Feb 27: Lab 2 grades are now available through ePost.
Feb 26: LAB 3 will be held on Wednesday, February 26 (Group 1) and Wednesday, March 5 (Group 2) in LAS 1004, from 13:00 - 15:00.
Feb 24: Midterm and Lab 1 grades are now available through ePost. Midterm solutions can be found here.
Feb 5: University has declared Weather Emergency - classes cancelled.
Feb 4: Midterm exam will be held on Monday, February 10, in class. The exam will be closed book and closed notes, and will cover all the material discussed in class up to and including the lecture of February 5.
Feb 4: LAB 2 will be held on Wednesday, February 5 (Group 1) and Wednesday, February 12 (Group 2) in LAS 1004, from 13:00 - 15:00.
Feb 3: Sample problems, as discussed in class.
Jan 29: Today's, and all subsequent labs, will be held in LAS 1004. Use one of the following machines: pt101 - pt124.
Jan 20: LAB 1 will be held on Wednesday, January 22 (Group 1) and Wednesday, January 29 (Group 2) in LAS 1002, from 13:00 - 15:00. Use one of the following machines: miss01 - miss33. The Lab 1 manual can be downloaded from here: CSE3482_Lab1.pdf, and the necessary files form here: Lab1.zip.
Jan 13: Animations of basic networking concepts can be found at: http://www.net-seal.net/animations.php?aid=17.
Jan 10: ROOM CHANGE - as of January 10, the class will be held at ACE 005.
Jan 6: Classes begin. Location: PSE 321.

Course Information:

Textbook and Recommended Reading Material
Grading Scheme
Course Description
Prerequisite

Course Material:

Course Schedule & Notes

Course Policies:

Late Assignments and Missed Midterm
Academic Honesty

Course Schedule & Notes:

Week	Date	Topic	Required Reading	Important Dates
1	M, Jan 6	Introduction: Security CIA	Chapter 1
	W, Jan 8	Introduction: Security Threats	Chapter 6
2	M, Jan 13	Introduction: Security Threats (cont.)	Chapter 6
	W, Jan 15	Steganography - part 1	...
3	M, Jan 20	Steganography - part 2	...
	W, Jan 22	Encryption - part 1	Chapter 2	LAB 1 - Group 1 (Lab manual, Files)
4	M, Jan 27	Encryption - part 2	Sections 20.2, 20.3, 21.3, 21.4
	W, Jan 29	Security Management & Policy - part 1	Chapter 15	LAB 1 - Group 2 (Lab manual, Files)
5	M, Feb 3	Security Management & Policy - part 2	...
	W, Feb 5	weather emergency - no lecture		LAB 2 - Group 1 (Lab manual)
6	M, Feb 10	Midterm Exam
	W, Feb 12	no lecture		LAB 2 - Group 2 (Lab manual)
Reading Week
7	M, Feb 24	Human Resources Security	Chapter 17
	W, Feb 26	Physical and Infrastructure Security	Chapter 16	LAB 3 - Group 1 (Lab manual)
8	M, Mar 3	Access Control	Chapters 3 and 4
	W, Mar 5	Password Cracking		LAB 3 - Group 2 (Lab manual)
9	M, Mar 10	Security Risk Management - part 1	Chapter 14
	W, Mar 12	weather emergency - no lecture		LAB 4 - Group 1 (Lab manual)
10	M, Mar 17	Security Risk Management - part 2	...
	W, Mar 19	* ***Security Auditing * Edward Ng Associate Vice President IT Infrastructure Audit, TD Bank Group		LAB 4 - Group 2 (Lab manual)
11	M, Mar 24	DDoS Attacks / Puppetnets	Chapter 7
	W, Mar 26	Legal and Ethical Aspects	Chapter 19	LAB 5 - Group 1 (Lab manual)
	M, Mar 31	Intellectual Property	Section 19.2
	W, Apr 2	Security Training		LAB 5 - Group 2 (Lab manual)

Final Examination: Wednesday, April 23, 14:00, TEL 0010

Textbooks:

"Computer Security: Principles and Practice", W. Stallings, L. Brown, Pearson Education, 2012, 2nd Edition.

Recommended Reading Material:

"Management of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2011, 3rd Edition.
"Elements of Information Security", R. E. Smith, Jones & Bartlett Learning, 2013.
"Cryptography and Network Security", B. A. Forouzan, McGraw Hill, 2008.
"Information Security: The Complete Reference", M. Rhodes-Ousley, Mc Graw Hill, 2013, 2nd Edition.
"Principles of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2012, 4th Edition.
"Hacker Techniques, Tools, and Incident Handling", S. P. Oriyano, Jones & Bartlett Learning, 2014, 2nd Edition.
"Build Your Own Security Lab: A field guide for network testing", M. Gregg, Wiley, 2008.
"Applied Information Security: A Hands-On Guide to Information Security Software", R. Boyle, Prentice Hall, 2010.
"Laboratory Manual to Accompany Hacker Techniques, Tools and Incident Handling", Jones & Bartlett Learning, 2013.
"Security Risk Management", E. Wheeler, Elsevier, 2011.
"Guide to Network Defense and Countermeasures", R. Weaver, Nelson Education / CENGAGE Learning, 2014, 3rd Edition.
"Security+ Guide to Network Security Fundamentals", M. Ciampa, Nelson Education / CENGAGE Learning, 2012, 4th Edition.
"CISSP: Certified Information Systems Security Professional: Study Guide", J. M. Stewart, M. Chapple, C. Gibson, Wiley, 2012, 6th Edition.
"Corporate Computer and Network Security", R. Panko, Prantice Hall, 2009, 2nd Edition.

Grading Scheme:

5 Labs - 20% (4% each)
Midterm - 40%
Final - 40%

Course Description:

This course introduces students to the basic concepts, goals and terminology of computer security. It provides a general overview of the computer security body of knowledge with an emphasis on the risk-based mindset that a computer security professional needs to have. Students will be exposed to both the theoretical and the practical aspects of computer security (the lab sessions will include security case studies as well as exercises using modern security tools).

Prerequisite:

Any 12 university credits at the 2000-level in any discipline.

Late Assignments and Missed Midterm:

Late assignments will not be accepted, unless a prior arrangement is made with the instructor.
Makeups of missed midterm exams are only possible in extremely exceptional situations (such as verifiable medical emergencies) or by arrangement well prior to the exam, provided there is an extremely compelling reason.

Academic Honesty:

"The Department takes the matter of academic honesty very seriously. Academic honesty is essentially giving credit where credit is due. And not misrepresenting what you have done and what work you have produced. When a piece of work is submitted by a student it is expected that all unquoted and uncited ideas and text are original to the student. Uncited and unquoted text, diagrams, etc., which are not original to the student, and which the student presents as their own work is considered academically dishonest." For more see: Department of Computer Science Academic Honesty Guidelines.