THE UNIVERSITY OF LAHORE
Syllabus Designed By: Ms. Shehla Saeed
1-Course Description
This course provides an introduction to the field of network security. Specific topics to be examined include threats and vulnerabilities to information systems, E-mail security, IP security, Web security, network attack propagation modeling (traffic analysis, trace back mechanisms), and Network security management techniques such as Firewalls and IDS.
2-Objectives
The goal of this course is to:
1. Understand security concepts, Ethics in information Security.
2. Understand security threats, and the security services and mechanisms to counter them.
3. Identify widely used authentication factors.
4. Recognise the important role of access control in Information Systems. 5. Recognise the importance of Physical Security Domain.
6. Comprehend types of Controls needed for Secure Operations of a data centre.
7. Describe the operating principles of most popular cryptographic techniques and tools. Course Outline
CS3542 Information Security
SCU 3 Credit(s)
Co-requisite (s) None
Pre-requisite(s)
-- Data Communication and Computer Networks -- Operating System Concepts.
-- Programming Concepts.
Weekly tuition pattern 2 session lectures (90 min each)
3-Outcomes
Upon completion of this course, the student should:
1. Get knowledge of basic security concepts and various technical security terms.
2. Understand and explain the concepts of CIA (confidentiality, integrity and availability) and how to maintain these security objectives to protect an information system. 3. Understand how to protect against the security attacks to its authorized users. 4. Get awareness to security implementations for an Information system i.e. how to
prevent, detect, response and recover from a security compromise. 5. Develop an understanding of different security levels in the applications.
6. Know how the organizations build a security policy and how adhere to those particular policies to control or manage security compromises.
7. Knowledge in basic cryptography concepts and various algorithms of encryption and authentication protocols.
4-Course Structure
1. Presentation and use of white Board for lecturer 2. Class Activities and homework assignment 3. Group project
4. Quiz
5- Course Duration
This course will be held twice a week of 90min. class duration.
6- Course style
The course will be delivered in a classroom environment. This course does not
allow for “re-dos,” extra credit, or curved grades.
7- Additional Course Requirement
In addition to the objectives of this course, students are expected to gain skills which would be needed in the professional work environment. These skills include but not limited to: analysis skills, Writing code, active class participation, Presentation, and Teamwork.
8- Reference material
1. Principles of Information Security 3 rd E by Michael E. Whitman and Herbert J. Mattord
2. Computer Security: Art and Science, Matthew Bishop
3. Cryptography and Network Security by William Stalling 6th Edition, 2012 4. Security in Computing by Charles P. Pfleeger
5. Information Security: Principles and Practices by Mark S. Merkow, Jim Breithaupt
9- Course Outline
The lecturers are supposed to complete the following topics/sub-topics before the mid/final term examination as prescribed in the course outline below:
Weeks Lectures Topic/Sub Topic
1 1 Introduction
Introduction to course contents
Course goals and syllabus
Course organization and administration
Key security terms, basic objectives of security 2 OSI Security architecture
• Attacks, services and mechanisms • Security policy
• Security implementations 2 1 Identifying Risks to IT
Accessing risk
Security policy
Categories of Security controls
Security processes
2 Security Processes
Education
Vulnerability management
Issue management
Risk management
Incident management
3 1 Cryptography
Basics concepts of cryptography
Cipher Methods
o Substitution, transposition and product cipher
o Symmetric and Asymmetric cipher
o Stream cipher and block cipher
Ceasar cipher/additive cipher
Mono-alphabetic and poly-alphabetic substitution cipher
2 Symmetric cipher model/secret key encryption
Asymmetric or public key encryption
Polygraphic cipher :Playfair cipher
o principles
4 1 Cipher Methods
Vigener cipher
One time pad
Transposition cipher
Steganography
Quiz 1
2 Cryptographic Algorithms
Block cipher and Stream cipher
DES encryption Algorithm 5 1 Cryptographic Algorithms
Public key cryptography
RSA Algortihm 2 Cryptographic tools
Key management
Public Key Infrastructure
Message Authentication and Hash functions
Digital Signatures
Digital Certificate 6 1 User authentication
Means of authentication
Password Based Authentication
Token Based Authentication 2 Biometric Authentication
Physical characteristics used in Biometric Authentication
Operation of a Biometric Authentication
Biometric accuracy
7 1 Access Control
Mandatory Access Control
Discretionary Access Control Access Control Mechanism
Access control lists 2 Access Control Mechanism
Capabilities
Locks and keys
Ring Based Access Control
Propagated Access Control lists 8 1 Security Auditing
Definitions
Anatomy of an Auditing System
2 Auditing Mechanisms
Secure systems
Non Secure systems
Examples
Audit Browsing
MID TERM EXAM
9 1 Trusted Computing and Multilevel Security • Bell LaPadulla model
• Other formal models for Computer Security • Concept of trusted system
2 • Application of multilevel security
• Trusted computing and trusted platform module • Common Criteria for IT Security Evaluation
10 1 Database Security
DBMS & Relational databases
Database Access Control
Inference
2 Database Security
• Statistical databases • Database Encryption
11 1 Intrusion detection
Intruders
Host based intrusion detection
Distributed Host based Intrusion Detection
Honeypots
Example: Snort
2 Firewalls and Intrusion prevention system Firewall
Firewall Characteristics
Firewall types
Firewall Basing, location and configuration
Intrusion Prevention System
Host-Based IPS
Network-Based IPS
12 1 Malicious Software
Types of Malicious Software
2 Security Attacks and Countermeasures
13 1 Physical Security Control
Understating Physical Security Domain
Physical Security Threats
Providing Physical Security
2 Operations Security
Operations Security Principles
Operations Security Process Control
14 1 Software Security
Buffer Overflow
Defending against Buffer Overflow
Other forms of Overflow Attacks
2 Software Security Issues
Handling Program Input
Writing safe Program Code
Interacting with OS and other Programs
15 1 Legal And Ethical Aspects
Cyber Crimes and Computer Crimes
Intellectual property
Privacy
Ethical Issues
2 Presentations
16 1 Presentations
2 Final Term Exam
10- Assessment Criteria
No. Assessment Percentage
1. Mid Exam 30%
2. Final Exam 45%
3. Quiz 10%
4. Assignments/Presentation/Project 10%
5. Attitude and Participation 05%
11- Attendance Requirements
You are expected to attend all lectures, seminars, tutorials, or any other classroom activity. Where you fail to attend classes, you cannot expect the lecturer to brief you on what you have missed. You are responsible for your attendance, and failure to attend the class will be taken into account.
12- Submission and Collection of Assignment
All assignments should be handed in at the beginning of the class sessions when they are due. All assignments may be handed back during scheduled classes.
13- General Information
Students are required to be familiar with the university code Conduct, and to abide by its terms and conditions.
13.1 Copying of Copyright Material by Student
A condition of acceptance as a student is the obligation to abide by the University’s policy on the copying of copyright material. This obligation covers photocopying of any material using the University’s photocopying machines, and the recording off air, and making subsequent copies, of radio or television broadcasts, and photocopying textbooks. Students who flagrantly disregard University policy and copyright requirements will be liable to disciplinary action under the Code of Conduct.
13.2 Academic Misconduct
13.3 Guidelines to Avoid Plagiarism
Whenever you copy more than a few words from any source, you must acknowledge that source by putting the quote in quotation marks and providing the name of the author. Full details must be provided in your bibliography. If you copy a diagram, statistical table, map, etc., you must acknowledge the source. The recommended way is to show this under the diagram. If you quote any statistics in your text, the source should be acknowledged. Again full details must be provided in your bibliography. Whenever you use the ideas of any other author you should acknowledge those, using the APA (American Psychological Association) style of referencing.
Students are encouraged to co-operate, but collusion is a form of cheating. Students may use any sources (acknowledged of course) other than the assignments of fellow students. Unless your Subject Leader informs you otherwise, the following guideline should be used: Students may work together in obtaining references, discussing the content of the references and discussing the assignment, but when they write, they must write alone
13.4 Referencing For Written Work
Referencing is necessary to acknowledge others' ideas, avoid plagiarism, and allow readers to access those others’ ideas. Referencing should:
1. Acknowledge others' ideas 2. Allow readers to find the source 3. be consistent in format and
4. Acknowledge the source of the referencing format
To attain these qualities, the school recommends use of either the Harvard or American Psychological Association style of referencing, both of which use the author/date.
13.5 Referencing Standards APA style referencing
Approval
Checked by, Approved by,
