CSC 290A – Network Security
Hofstra University – Spring 2006
Instructor: Vinnie Costa
E-Mail: vcosta@optonline.net (preferred)
vincent.costa@hofstra.edu
Class Meets: Monday, 8:15-10:05PM, Adams, Rm: 200
Office hours: Mondays, 7:15-8:15PM, Admas 211
January 30, 2006
Survey of current issues, techniques, software, hardware and architectures related to network security. Examination of the protocols used for Internet services, their vulnerabilities and how they can be secured. Analysis of firewall design, cryptographic techniques, intrusion detection, port scanning, viruses, trojan horses and denial of services attacks. Basic principles of secure networking and application design will be studied and discussed.
William Stallings, Network Security Essentials: Applications and Standards – 2/e, Prentice-Hall, 2003, 432 pp., ISBN 0-13-035128-8
William Stallings, Business Data Communications, 5/e, Prentice-Hall, 2005, 608 pp., ISBN 0-13-144257-0
Cheswick, W. and Bellovin, S., Firewalls and Network Security: Repelling the Wiley Hacker, Addison Wesley, 2003, 464 pp., ISBN 0-201-63466-4
William Stallings, Cryptography and Network Security: Principles and Practice, 4/e, Prentice Hall, 2006, 608 pp., ISBN 0-13-187316-4
Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2/e, Wiley, 1996, 784 pp., ISBN 0-47-111709-9
There will be several assignments during the class, three of these will count towards your grade (you’ll get advanced notice). There will also be a mid-term and an end-term exam. These will be take home exams assigned a week before the due date.
Class participation and involvement counts. This should be an interactive experience. Please feel free to share information and ideas. Be willing to assist others.
The will be a final project or paper due toward the end of the semester. The purpose of this is to encourage extensive research in the network security field.
There will be no makeup tests (mid-term and end-term exams) or extended deadlines. Submitting the test on an alternative date is at the discretion of the instructor, but prior arrangements should be made (unless, in case of emergencies, in which case, proper documents should be provided).
Assignments 1-3: 5% each
Final Project: 30%
Mid-Term: 25%
End-Term: 25%
Participation: 5%
Attendance will be taken at each class but it is not mandatory. However, if you do not attend class regularly, you will have a high probability of failing. Participation is important to fully appreciate the subject. If you cannot make a class for some reason (travel, business commitments, etc.) try to let me know.
is a rough outline of the course. This schedule may change depending on the pace of the class and threads of discussion. Assignment dates are not shown here. These will be provided at a later date.
WEEK |
| Tuesday |
1 | 1/30 | Introduction |
2 | 2/06 | Cryptography |
3 | 2/13 | Cryptography |
4 | 2/27 | Authentication Applications |
5 | 3/6 | E-Mail Security |
6 | 3/13 | IP Security, Networking, Tools |
7 | 3/20 | IP Security, Networking, Tools - Mid-Term Exam Due |
8 | 3/27 | Firewalls |
9 | 4/3 | Web Security |
10 | 4/19 | Electronic Commerce |
11 | 4/24 | Intruder, Viruses and Denial of Service |
12 | 5/1 | Network Management Security - Final Project/Paper Due |
13 | 5/8 | Intrusion Detection / Special Topics/Review |
14 | 5/15 | End-Term Exam Due |
|
| (the schedule is subject to change) |
Table 1: Course Outline
There may be some programming assignments but these will involve examining and modifiying public domain code. The programs will be graded 80% on correctness and 20% on style (general structure, comments, etc.)
I will try to have the slides for each class available on a web site at:
http://www.cs.hofstra.edu/~cscvjc/Spring06
These will be available in HTML and PowerPoint formats. There will also be helpful and interesting links along with news items.
Unless specifically stated otherwise, assignments are to be completed individually. You are encouraged to discuss the understanding of a particular issue or class material with fellow students, but code and solutions have to be your own effort.
Academic honesty is to be taken very seriously. If you submit work that references another person’s efforts, then you must properly attribute it to that person, otherwise it is plagiarism and you will receive zero credits.
This is not a course in how to crack systems, it is practically impossible for us to avoid discussing concrete security weaknesses in existing systems. Any attempt to use such information to gain unauthorized access to any system will be dealt with harshly.