ITM 604: Communications Networking & Security

Spring 2010 Syllabus

Instructor Information

Sanjay Goel picture Sanjay Goel
Office: BA 310b
Hours: W 4-5pm, TH 1:00 - 2:30pm (or by appt.)
PH: (518) 442-4925
FX (518) 442-2568
Email: [email protected]
Peter Duchessi Picture Peter Duchessi
Office: BA 312
Hours: By appt., usually after class, 11:35am - 1:30pm.
PH: (518) 442-4945
FX (518) 442-2568
Email: [email protected]

CLASS INFORMATION

Time:TH 8:45-11:35am
Room:BA 233 / BA 222
Dates:January 20 - April 29
Credit(s):3
Call #:6158

Available Lab(s)

HRIS and MIS Labs

Text & Reference Books

Text (Networking): Data Communications & Computer Networks: A Business Users' Approach, Fourth Edition by Curt M. White, ISBN: 0619160357
Text (Security): Secrets and Lies: Digital Security in a Networked World (paperback) by Bruce Schneier, ISBN: 0471453803

COURSE OVERVIEW

The class covers communications networking and security. Communications and networks drive business and industry and have helped in achieving unforeseen efficiencies. There has been a tremendous growth in related careers in these fields. This class is a capstone class that builds on your previous knowledge from the Business School and provides you with the skills that you need to enter into these fields.

In the first part of the class, you will cover different media types including: fiber optics, twisted pair, and co-axial cables. You will also get an understanding of mobile communication devices including cell phones, satellites, and other handheld devices. In addition, how data is modulated as it goes through different media will be covered.

In the second part of the class, we will discuss network topologies, the OSI/Internet models, and the TCP/IP protocol suite. This module also covers the various architectures used on the Internet, including client-server, P2P, and n-tier architectures. Also covered is network switching and schemes for routing data on the network. Students will have the opportunity to use network simulation tools.

In the third module of the class, vulnerabilities of computer networks and techniques for protecting networks and data are discussed. Basic elements of symmetric and asymmetric cryptography, secure e-commerce, involving secure transmission, authentication, digital signatures, digital certificates and Public Key Infrastructure (PKI) is presented. Issues in privacy, ethics and policies are also discussed where students study and debate controversial topics such as government monitoring technologies. Students go through the process of information security risk analysis through a case study, which consolidates their learning in the modules and hones their critical thinking and analytic skills.

Learning Objectives

Students will learn:
  1. Basic concepts of data communications and computer networks (OSI/Internet Model, Protocols, architectures, switching and routing schemes) and how to design a secure network including selection of communication media.
  2. Secure authentication topics (Asymmetric & Symmetric Cryptography, PKI, Digital Signatures & Certificates).
  3. How to use penetration testing and system utilities to test for / audit against information security threats and determination of relevant controls.
  4. How to perform a risk assessment/analysis to evaluate security exposure and write security policies.
  5. Critical thinking skills via debates on the ethics and legal issues related to information technology.
  6. How to do scholarly writing and research in the focused area of computer networks & information security.

ASSESSMENT AND GRADING

Academic Integrity Compliance: Students MUST comply with all University standards of academic integrity. As stated on the undergraduate and graduate bulletin, "Claims of ignorance, of unintentional error, or of academic or personal pressures are not sufficient reasons for violations of academic integrity." If a student is discovered to NOT comply with academic integrity standards, the student will be reported to the Office of Graduate Admissions or the Dean of Undergraduate Studies Office (whichever applies) AND receive either a warning, be told to rewrite the plagiarized material, receive a lowering of a paper or project grade of at least one full grade, receive a failing grade for a project containing plagiarized material or examination in which cheating occurred, receive a lowering of course grade by one full grade or more, a failing grade for the course, or any combination of these depending on the infraction.

Examples of violations include: Giving or receiving unauthorized help before, during, or after an examination; Collaborating on projects, papers, or other academic exercises which is regarded as inappropriate by the instructor(s), Submitting substantial portions of the same work for credit more than once, without the prior explicit consent of the instructor(s) to whom the material is being (and has in the past been) submitted; misrepresenting material or fabricating information in an academic exercise or assignment; Destroying, damaging, or stealing of another's work or working materials; and presenting as one's own work, the work of another person (for example, the words, ideas, information, code, data, evidence, organizing principles, or style of presentation of someone else). This includes paraphrasing or summarizing without acknowledgment, submission of another student's work as one's own, the purchase of prepared research, papers, or assignments, and the unacknowledged use of research sources gathered by someone else. Failure to indicate accurately the extent and precise nature of one's reliance on other sources is also a form of plagiarism. The student is responsible for understanding the legitimate use of sources, the appropriate ways of acknowledging academic, scholarly, or creative indebtedness, and the consequences for violating University regulations.

If you ever have any questions about whether you could be violating academic integrity standards - ASK!

Grading Rubric

Assignments & Projects - 20% Assignments can be in-class or take-home and will be designated as individual or group assignments depending on the specific assignment. The assignments will be provided in class and/or through the course website or Blackboard. Assignments include hands-on laboratory exercises, performing a risk analysis based on a simulated case using the risk analysis methodology presented in class, and/or writing a small security policy. Please see the Assignments section of the course website for more details.

Paper - 10%:The paper will cover a security-related topic. The point of writing a paper is so that you learn to do in-depth research on a topic, think carefully and deeply about the issues, and express your own ideas as clearly as possible. Please make sure that you see the Projects/Papers section of the course site for further details and guidelines prior to starting on your paper.

Exam I (Duchessi) - 30%: This exam will be an objective type exam that will cover the first third of the class.

Exam II (Goel) - 20%: This exam will consist of multiple sections (essay-style) which will cover material on 2/25, 3/4, 3/11, 3/18.

Exam III (Goel) - 20%: This exam will consist of multiple sections (essay-style) and will cover material on 3/25, 4/15, and 4/22.

"GREAT" EXPECTATIONS

Course Schedule

DateTopicsReadingsInstructor
1/21 - 2/18Data Communications & Networking, Exam 1White 1-6Duchessi
2/25Introduction and Network Architecture (Wired and Wireless)NotesGoel
3/4Introduction to Security / Application SecuritySchneier 1-5, 13
3/11Network & Wireless Security / Hacking LabSchneier 10-12
3/18CryptographySchneier 6-7, 15
3/25Risk Analysis & Security PoliciesSchneier 17-20, 24
4/8Exam II
4/15Password Security & Hacking LabSchneier 9 & 14
4/22Incident Handling & Computer ForensicsSchneier 16
4/29Exam III 

COURSE DETAILS

January 21 - February 18, 2010
Title: Data Communications & Networking, Exam I
Details: In this part of the course, Prof. Duchessi will cover different media types, modulation, and data transmission.

February 25, 2010
Title: Network Architecture (Wired and Wireless)
Details: This class will discuss the layers of the network (Application, Transport, Network, Link, and Physical) based on the Internet model. Important protocols of each layer are discussed as well along with the addressing scheme of the Internet. The second half the class will focus on wireless networking and students will break into teams and create their own �gumdrop networks�.
Laboratory: �Marty�s Gumdrop Network� lab and assignment.

March 4, 2010
Title: Introduction to Security
Topics: This class will cover the primary requirements for information security, including, confidentiality, integrity, and availability. It also covers the threats, attacks, and adversaries. In-depth coverage of application security will also be done, including, malicious code, buffer overflows and web security. The class discusses some of the modern malicious codes including, spyware, adware, and Trojans.
Laboratory: The laboratory exercises will include tools and resources to detect malicious code on the computer. In addition spyware such as keyloggers will be covered.

March 11, 2010
Title: Network and Wireless Security
Topics: This class focuses on network-based attacks such as spoofing, session hijacking, denial-of-service, and botnets as well as the mechanisms for protection against these attacks.
Laboratory: Students will conduct a network monitoring/hacking lab using open-source tools

March 18, 2010
Title: Cryptography
Topics: This first part of the class will focus on use cryptography for security implementation. It will also include message digests, message authentication codes and one-way has functions. In addition, the public key infrastructure will be discussed which will include digital signatures, digital certificates, and key exchanges.
Laboratory: Decryption in-class assignment

March 25, 2010

Title: Exam II

April 8, 2010
Title: Password Security & Hacking Lab
Topics: This class will include authentication based on passwords. It will cover different algorithms to make passwords secure as well as ways to store and retrieve passwords.
Laboratory: In this lab, students will use tools to analyze and crack passwords on Windows machines. The students will learn to access the file system using Linux-based utilities without having the passwords for the machine.

April 15, 2010
Title: Risk Analysis & Security Policies
Topics: This class covers the basic elements of risk analysis including assets, threats, controls, and vulnerabilities. A methodology to conduct risk analysis will be discussed in class and several small cases will be done in the class. The students will then break into groups and work on a risk analysis case using the methodology discussed in the class.
This class will discuss the role of security policies in an organization as well as the structure and syntax of the policies. In addition structure of a security policy as well as the components will be discussed for a specific policy (e.g. Data Classification). The class will cover some of the key government legislation that impacts the security policies in an organization (e.g. HIPAA, Sarbanes-Oxley, FERPA etc.). In the second half of the class students will work on developing a security policy based on a given scenario or analyzing a case related to security policy
Laboratory: Case Analysis

April 22, 2010
Title: Incident Handling and Computer Forensics
Topics: This class discusses handling computer incidents and analyzing computer crime. This will cover both legal as well as technical aspects of forensics. The class will cover collection of evidence, tracing of email and Internet as well as file system analysis.
Laboratory: Forensics lab using an open source tool.

April 29, 2010
Title: Exam III

Download syllabus: itm604syllabus.pdf