Course Description

Course Number / CSCI 4133
Course Title / Security Laboratory
Semester Hours / 3
Course Coordinator / Douglas C. Sicker
Course URL / http://www.cs.colorado.edu/courses/csci4133.html

Current Catalog Description

Allows students to gain practical experience with network security in a simulated network environment. Topics to be covered include System Hardening, Firewalls, Intrusion Detection, Vulnerability Assessment, and Investigation.

Textbook

None

References

This course makes use of online documents for a variety of security programs and applications.

Instructors (for the last 3 years: Fall 2006 — Spring 2009)

Sicker and Lahann (Spring 2009), Sicker (Spring 2008), Sicker (Spring 2007), Sicker (Spring 2006)

Meeting Times (Number and Duration of Sessions per Week)

The course involves one 2-hour lecture and one 2-hour laboratory each week.

Course Outcomes

Upon completion of this class, students possess:

1.  The ability to interact with the linux command line and be familiar with basic features and functions of the operating system.

2.  The ability to install, configure and operate a firewall in a manner that enhances the secure of a system while not compromising the performance or functionality of the system.

3.  Familiarization with basic hacking methods and an understanding of basic and advanced reconnaissance techniques

4.  Introduction to Nmap features and functionality, an understanding of categories and classes of vulnerabilities and an understanding of the tools and techniques of vulnerability assessment

5.  Understand the concept of organizational risk and have the ability to understand both behavioral analysis and static reverse engineering methodologies to analyze malicious software.

6.  The ability to understand risk analysis and how it applies to hardening systems. Understand how to harden both Windows and Linux systems 1) review TCP/IP behavior, 2) familiarize with network traffic analysis / packet analysis concepts, 3) apply network packet analysis using network sniffer technology, 4) familiarize with Intrusion Detection and Prevention functionality, 5) install, configure and use Snort and 6) create Snort IDS signatures

7.  Understanding of the industry 6 steps to incident response in theory and practice as well as basic incident response triage tactics and battlefield incident response forensics.

Relationship between Course Outcomes and Program Outcomes

Outcomes / A.
Apply Knowledge / B.
Computing Requirements / C.
Design System / D.
Team Work / E.
Professional Issues / F.
Communicate Effectively
Outcome 1 / ✓ / ✓ / ✓
Outcome 2 / ✓ / ✓ / ✓ / ✓ / ✓
Outcome 3 / ✓ / ✓ / ✓
Outcome 4 / ✓ / ✓ / ✓ / ✓
Outcome 5 / ✓ / ✓ / ✓
Outcome 6 / ✓ / ✓ / ✓ / ✓ / ✓
Outcome 7 / ✓ / ✓ / ✓ / ✓
Outcomes / G.
Analyze Impacts / H.
Professional Development / I.
Current Techniques / J.
Design Tradeoffs / K.
Design & Development
Outcome 1 / ✓ / ✓
Outcome 2 / ✓ / ✓ / ✓ / ✓
Outcome 3 / ✓ / ✓ / ✓ / ✓
Outcome 4 / ✓ / ✓ / ✓ / ✓
Outcome 5 / ✓ / ✓ / ✓ / ✓
Outcome 6 / ✓ / ✓ / ✓ / ✓ / ✓
Outcome 7 / ✓ / ✓ / ✓ / ✓ / ✓

Prerequisites by Topic

Network Systems: CSCI 4273.

Major Topics Covered in the Course

Introduction and background on Linux - firewalls

·  Assessment of computer systems - Vulnerability Scan

·  Overview of TCPdump – a data analysis tool

·  System Monitoring – Intrusion Detection System

·  Response - Incident Response & Forensic Investigation

·  Malware analysis

·  System Hardening

Assessment Plan for the Course

The students are assessed based on their laboratory write-ups. These are in depth assignments that explore basic and advanced concepts in network security. After grading, the instructor returns the reports and discusses the results of the lab reports with the students.

Lastly, students have short written assignments that are used to encourage timely reading of the text prior to the lab assignments. This also allows students to explore topics in depth that might not be covered in lecture. These assignments take the form of mini-research paper after each lecture on topics we don't have time to completely/don't cover due beginning of lab class.

How is Data from this Course used to Assess Program Outcomes?

The instructor retains copies of student homework assignments, midterms, and programming lab grading rubrics projects. These materials are then evaluated by the department’s external advisory board for examples that demonstrate fulfillment of the program outcomes.

Curriculum Category Content (Semester Hours)

Area / Core / Advanced
Algorithms
Data Structures
Computer Organization and Architecture / 3.0
Software Design
Concepts of Programming Languages