ITM 416: Communications Networking & Security

Spring 2008 Syllabus

Instructor Information

Sanjay Goel picture Sanjay Goel
Office: BA 310b
Hours: M 11:30AM-1PM & by appt.
PH: (518) 442-4925
FX (518) 442-2568
Email: [email protected]
Peter Duchessi Picture Peter Duchessi
Office: BA 312
Hours: See WebCT
PH: (518) 442-4945
FX (518) 442-2568
Email: [email protected]

CLASS INFORMATION

Time:MW 9:00am-10:20pm
Room:BA 233
Dates:January 23 - May 5
Credit(s):3
Call #:6543

Available Lab(s)

2nd Floor Business School Computer Lab

Text & Reference Books

Text (Networking): Data Communications & Computer Networks: A Business Users' Approach, Fourth Edition by Curt M. White, ISBN: 0619160357
Text (Security): Secrets and Lies: Digital Security in a Networked World (paperback) by Bruce Schneier, ISBN: 0471453803

COURSE OVERVIEW

The class covers communications networking and security. Communications and networks drive business and industry and have helped in achieving unforeseen efficiencies. There has been a tremendous growth in related careers in these fields. This class is a capstone class that builds on your previous knowledge from the Business School and provides you with the skills that you need to enter into these fields.

In the first part of the class, you will cover different media types including: fiber optics, twisted pair, and co-axial cables. You will also get an understanding of mobile communication devices including cell phones, satellites, and other handheld devices. In addition, how data is modulated as it goes through different media will be covered.

In the second part of the class, we will discuss network topologies, the OSI/Internet models, and the TCP/IP protocol suite. This module also covers the various architectures used on the Internet, including client-server, P2P, and n-tier architectures. Also covered is network switching and schemes for routing data on the network. Students will have the opportunity to use network simulation tools.

In the third module of the class, vulnerabilities of computer networks and techniques for protecting networks and data are discussed. Basic elements of symmetric and asymmetric cryptography, secure e-commerce, involving secure transmission, authentication, digital signatures, digital certificates and Public Key Infrastructure (PKI) is presented. Issues in privacy, ethics and policies are also discussed where students study and debate controversial topics such as government monitoring technologies. Students go through the process of information security risk analysis through a case study, which consolidates their learning in the modules and hones their critical thinking and analytic skills.

Learning Objectives

Students will learn:
  1. Basic concepts of communications & computer networks
  2. Basic concepts of cryptography and Public Key Infrastructure
  3. How to analyze security threats to computer networks and how to protect them
  4. How to research in the focused area of computer networks & network security
  5. Critical thinking skills via debates on the ethics and legal issues related to information technology

ASSESSMENT & GRADING

All students are expected to follow University at Albany guidelines on academic integrity (see the Academic Integrity section for more detail). If any assignment or project submission contains any material (text, diagrams, code, etc.) generated by others (not on your project team), your submission must clearly cite the source of such material. Failure to cite source material appropriately will be treated as plagiarism. Individuals must work on their own on assignments unless otherwise specified by the professor.

Assignments (Goel) - 20% : Assignments can be in-class or take-home and will be designated as individual or group assignments depending on the specific assignments. The assignments will be provided in class. Examples of assignment could be performing a risk analysis based on a simulated case using the risk analysis methodology presented in class or writing a small security policy

Exam I (Duchessi) - 30% : This exam will be an objective type exam that will cover the communications part of the class.

Exam II (Goel) - 25%: This exam will consist of multiple sections (essay-style) and will cover all material taught from 2/27 to 4/2.

Exam III (Goel) - 25%: This exam will consist of multiple sections (essay-style) and will cover all material taught from 4/9 to 4/30, however, you will need a background from the previous portion to effectively answer questions in this exam.

Notes

  1. Students may use the recommended texts, class notes, and PowerPoint presentations for exams unless otherwise specified. No use of electronic devices (laptops, cellphones, PDA's, etc.) is allowed during testing.
  2. Please contact the Disabled Student Services Center and the relevant professor at the beginning of the semester and before each exam if you require additional assistance during test-taking.
  3. Students who do not show up to take an exam and do not have an excuse approved by the Dean of Undergraduate Studies office will be given a grade of zero for that exam.

Course Schedule

DateTopicsReadingsInstructor
1/23 - 2/20TelecommunicationsWhite 1-6Duchessi
2/25Introduction / NetworkingWhite 7Goel
2/27Networking
3/3Introduction to Security / Application SecuritySchneier 1-5, 13
3/5
3/10Network & Wireless Security / Hacking LabSchneier 10-11
3/12
3/13Attend DCJS Seminar + Lunch
3/17Network Defense / Configuring a FirewallSchneier 12
3/19
3/31Symmetric CryptographySchneier 6-7
4/2Asymmetric CryptographySchneier 15
4/7Exam II 
4/9Password Security & Hacking LabSchneier 9 & 14
4/14No Class - in lieu of 3/13 Seminar 
4/16Risk AnalysisSchneier 17-19, 24
4/21Classes Suspended 4/21 ONLY 
4/23Security PoliciesSchneier 20
4/28Information EthicsNotes
4/30Computer ForensicsSchneier 16
5/5Exam III 

COURSE DETAILS

January 23, 28, & 30; February 4, 6, 11, 13, & 20
Title: Communications
Details: In this part of the course, Prof. Duchessi will cover different media types, modulation, and data transmission.

February 25 & 27, 2008
Title: Network Architecture (Wired and Wireless)
Details: This class will discuss the layers of the network (Application, Transport, Network, Link, and Physical) based on the Internet model. Important protocols of each layer are discussed as well along with the addressing scheme of the Internet. The second half the class will focus on wireless networking and students will break into teams and create their own �gumpdrop networks�
Laboratory: �Marty�s Gumdrop Network� lab and assignment

March 3 & 5, 2008
Title: Introduction to Security
Topics: This class will cover the primary requirements for information security, including, confidentiality, integrity, and availability. It also covers the threats, attacks, and adversaries. In-depth coverage of application security will also be done, including, malicious code, buffer overflows and web security. The class discusses some of the modern malicious codes including, spyware, adware, and Trojans.
Laboratory: The laboratory exercises will include tools and resources to detect malicious code on the computer. In addition spyware such as keyloggers will be covered.

March 10 & 12, 2008
Title: Network and Wireless Security
Topics: This class focuses on network-based attacks such as spoofing, session hijacking, denial-of-service, and botnets as well as the mechanisms for protection against these attacks.
Laboratory: Students will conduct a network monitoring/hacking lab using open-source tools.

March 13
Title: DCJS Lecture followed by lunch (Joel Ryba)

March 17 & March 19, 2008
Title: Network Defense/ Configuring a Firewall
Topics: This class will discuss different security mechanisms such as firewalls and intrusion detection systems. It will also discuss honeynets, virtual private networks and demilitarized zones. In addition, a brief introduction to cryptography will be provided in the class.
Laboratory: The laboratory exercises will include installing and deploying a firewall and intrusion detection system on a computer and configuring it.

March 31 & April 2, 2008
Title: Cryptography
Topics: This first part of the class will focus on use cryptography for security implementation. It will also include message digests, message authentication codes and one-way has functions. In addition, the public key infrastructure will be discussed which will include digital signatures, digital certificates, and key exchanges.
Laboratory: Decryption in-class assignment

April 7, 2008
Title: Exam II

April 9, 2008
Title: Password Security & Hacking Lab
Topics: This class will include authentication based on passwords. It will cover different algorithms to make passwords secure as well as ways to store and retrieve passwords.
Laboratory: In this lab, students will use tools to analyze and crack passwords on Windows machines. The students will learn to access the file system using Linux-based utilities without having the passwords for the machine.

April 14, 2008
Title: No Class (In lieu of the 3/13 DCJS Seminar)

April 16 & 23, 2008
Title: Risk Analysis & Security Policies
Topics: This class covers the basic elements of risk analysis including assets, threats, controls, and vulnerabilities. A methodology to conduct risk analysis will be discussed in class and several small cases will be done in the class. The students will then break into groups and work on a risk analysis case using the methodology discussed in the class.
This class will discuss the role of security policies in an organization as well as the structure and syntax of the policies. In addition structure of a security policy as well as the components will be discussed for a specific policy (e.g. Data Classification). The class will cover some of the key government legislation that impacts the security policies in an organization (e.g. HIPAA, Sarbanes-Oxley, FERPA etc.). In the second half of the class students will work on developing a security policy based on a given scenario or analyzing a case related to security policy.
Laboratory: Case Analysis

April 28, 2008
Title: Information Ethics. This class will primarily deal with ethical issues in information including information security.
Laboratory: Cyber Ethics Discussion

April 30, 2008
Title: Incident Handling and Computer Forensics
Topics: This class discusses handling computer incidents and analyzing computer crime. This will cover both legal as well as technical aspects of forensics. The class will cover collection of evidence, tracing of email and Internet as well as file system analysis.
Laboratory: Forensics lab using an open source tool.

May 5, 2008
Title: Conclusion
Topics: This is the final class of the semester that will wrap up the course and will also include Exam III.

Download syllabus: itm416syllabus.pdf