CSC-3940 System Security
||Congdon Hall 150
||TTh 7:50-9:30AM CSC-2410
||TTh 9:45-11:25AM CSC-2410
||TTh 3:30-5:10PM CSC-3910
||Web site: linus.highpoint.edu/~rshore
A practical course covering the basic concepts that are essential to security of operating systems, networks, software and various computing support systems. Focus will be on creating and exploring systems with a vulnerability, recreating how attacks on the system exposed the vulnerability, system administration tasks related to system hardening, penetration testing, and security monitoring. Topics will include user account and privilege management, software installation, web site configuration, workstation cloning, clustering, and backups in a variety of environments including Linus, Mac OS X and Microsoft Windows.
Course time expectation/week: This is a 4 four hour course. According to SACs, our accrediting body, we are required to meet 200 minutes per week for 15 weeks. In addition, you are expected to work on projects and assignments for at least 8 hours (480 minutes) outside of class per week. A portion of the 8 hours should be spent in the computer lab each week in relation to this course.
Course Objectives: After successfully completing this course, the you will have
- Computer Security – A Hands-on Approach 2nd Ed, Wenliang Du, CreateSpace 2019
- Security Education (SEED) Labs - https://seedsecuritylabs.org
- Students will be able to apply the knowledge gained to successfully install and securely configure software within an established commodity OS. The host machine providing the commodity OS can be local, virtual, or cloud based.
- Students will be able to demonstrate their proficiency in the use of scripting languages to write advanced scripts to automate system administration tasks.
- Summarize the features and limitations of an operating system used to provide protection and security.
- Articulate the need for protection and security in an OS. Access control, buffer overflow exploits, OS mechanisms for providing security and controlling access to resources
- Design and implement a backup and restore strategy for a system then confirm the accuracy and completeness of a backup.
- Perform system hardening and penetration testing on a variety of systems to discover entry points. Create disaster recovery plan and test the veracity of the plan for a small enterprise.
- Explain the mechanisms available in an OS to control access to resources.
- Recognize the ethical and professional issues relating to advanced system usage and privileged access to system resources.
Class Preparation: It is assumed that you will read the assigned chapters. Although the material may be summarized, lectures will be used mainly to further demonstrate other approaches to problem solving and to answer specific questions.
In addition to the major tests and exam, each student will establish a variety of virtual machines either locally or in the cloud such as Amazon Web Services (AWS). With an established server machine, students will participate in a series of labs to further develop their system administration skills, discover system vulnerabilities, perform system attacks, etc. Labs may consist of establishing a new service on their machine or writing scripts to automate processes. Successful completion of a lab will be demonstrating an increasing mastery the learning objectives. NOTE: Part of your grade on all labs will be documentation. If you submit a solution and the solution is lacking clear and concise documentation, your grade on the project will suffer. This includes excessive documentation.
Lab Evaluation:The plan is to complete 12 SEED labs. Each lab will have a due date. Any lab not received by the due date will be charged a late penalty. The penalty will be 1 point per day late with a maximum of 7 pts. Labs will not be accepted 7 days after the due date.
The department will provide all software necessary to complete the course. This will require the student to have an account on the departmental server. This account will give them access to the software and space to store solutions to assignments. Access to the server will be provided through a workstation in the departmental lab as well as from any remote location on and off campus.
- Attendance: Attendance will be taken daily at the beginning of class. You are expected to be present in every class meeting. If absent from class, you are responsible for all lectures, in-class exercises, assignments, and handouts. Caution: being absent from class does not change the due date of assignments.
- Grades: Your final grade will be determined as follows:
|| SEED Labs
|| 2 Major Tests
|| Cumulative Final Exam
|| Total |
|| 100% |
You must score at least the minimum of a category to be given the associated grade, i.e. an average of 80 is a b- not a C+.
|| 0-60 |
|| F |
- Make-Up test will not be given. No make-up test will be given unless arrangements have been made prior to the day of the test. If you miss a test your final grade will be used in place of the missed grade. This means the percentage of the final exam will increase. If you miss the final exam, you will receive an F for the course.
- In-class worksheets, quizzes, and non-programming assignments must be completed on the assigned date and cannot be made-up. If there are more than 10 of these, the lowest two will be dropped. If there are more than 16 of these, the lowest three will be dropped.
- Homework: This will be assigned frequently. Some assignments will take minutes to complete others will take days. Opportunity for homework questions is given at the beginning of each class. Homework may be collected and graded occasionally.
- Honor Code: All students are expected to follow the University Honor Code, full details can be found in the Student Handbook. All academic work should be completed with the highest level of honesty and integrity.
- Classroom etiquette:
- Cell phone usage during class is prohibited. Turn off cell phones (or place on vibrate). Please do not interrupt any aspect of the class due to your cell phone. This includes text messaging, picture messaging, etc.
- Do not listen to your ipod, cd player, etc. during class (even if we are in the computer lab).
- Profanity will not be tolerated. This includes lewd remarks printed on your clothing.
- Hats are not to be worn during class.
- Laptops are allowed in the class and can only be used for class related stuff. Since I cannot see you screen, you will be called out if I suspect otherwise.
- Lab/Classroom Lab etiquette:
- The lab was created with student input. Please help respect and maintain the lab.
- Do not eat while sitting at a workstation. If you must eat while in the lab, sit a the larger table where no equipment may be damaged except your own. Clean up the area after you finish eating.
- Clean up your area before you leave the lab. Unless you are planning to return in a few minutes, please take all books, paper, etc with you.
- DO NOT lock your workstation when you leave!
- Students with Disabilities: Students who require classroom accommodations due to a diagnosed disability must submit the appropriate documentation to Disability Support in the Office of Academic Development, 4th Floor Smith Library. Student’s need for accommodations must be made at the beginning of a course. Accommodations are not retroactive.
Tentative Schedule of Topic Coverage:
- Software Security
- Environment Variable and set-uid – Chapter 1-2
- Shellshock – Chapter 3
- Buffer Overflow – Chapter 4
- Dirty Cow – Chapter 8
- Web Security
- Cross site scripting – Chapter 11
- HTML/SQL injections – Chapter 12
- Test #1
- Network Security
- Packet Sniffing and Spoofing – Chapter 15
- TCP/IP Attack – Chapter 16
- Local DNS attack
- System Security
- Meltdown or Spectre Attack – Chapter 13 -14
- Test #2
- MD5 Collision Attack
- Secret Key Encryption – Chapter 21
- Pseudo Random Number Generator
- Public-key Infrastructor (PKI) – Chapter 24
- Mobile Security
- Cumulative Final Exam