Catalog description:

Fundamentals of network, operating system and application security. Students will study and implement a variety of security techniques including defense, response and forensics. Extensive analysis, reading and writing will be integral to this course.

Prerequisites: CSA283 and CSA285 ,(or permission of instructor)

Objectives:

Upon completion of the course, students will be able to analyze and criticize the design of computer systems based upon the following security issues: Security policies and practices; Application security; Cryptography; Network security; and Operating system security.

Required Topics:

• Security Policies and Practices
  • Security Policies and their uses
  • Incident responses
  • Common Policies and Top Attacks
  • Vulnerability Analysis
• Application Security
  • Writing secure programs
  • Security at the requirements gathering
  • Security testing
  • Buffer Overflow
  • Data Input parsing and checking
  • Error handling/logging
• Cryptography
  • Public and Private Key systems
  • File encryption
    • Email encryption
    • Network Encryption
    • Digital Signatures
    • Key Infrastructures
    • SSl & certificates
• Network Security
  • Secure Sockets
  • Terminal Security (SSH)
  • Levels of Protection
    • Protecting machines
    • Protecting websites
    • Protecting local networks
  • Firewalls
  • IPTables and IPFW
• Operating System Security
  • Physical security
  • Backup and recovery
  • Authentication
    • Tokens
    • Passwords
    • One Time Passwords
    • Password generating devices
    • Synchronized password devices
  • Boot Security
  • File Security