|Topic||Material covered in class||Project/lab exercise ideas||Learning outcomes|
|We know what you did today morning and the past several years: Security and privacy on social network sites and smart phones||(1) Privacy threats; data
(2) Security exploits: from eavesdropping
are provided with a toy social networking site called: insecurebook and are
asked to enumerate security threats to it.
Tools: A full fledged toy social networking site; (optional) smartphone or smartphone environment.
|(.) Enumerate at a high level
security threats to social networking sites
(.) Describe privacy issues to security
|"Ethics is knowing the difference between what you have a right to do and what is right to do" - Wayne Dyer: Ethics and law||Ethics; Cyber laws;||Case studies and quizzes.||(.) Describe the
behavior of an ethical
(.) Enumerate the laws that protect intellectual
property and guard against illegal hacking.
|You are more important than you think you are: Motivation and actors of a Cyber crime||Cyber crime (Ted Talk) - motivations; who commits it and why?||(1) Case study on famous cyber criminals: Kevin Mitnick; Robert Morris; Anonymous.||(.) Explain why information is
(.) Enumerate the motivations of various
at the beginning and go on till you reach the end. Then stop" - Alice
Learning the basics of Linux.
|Linux tutorials on:
(1) Core programs
(2) LInux file structure
|Linux core commands; file structure.||(.) Demonstrate the use of Linux
command line to
accomplish basic tasks such as creating, removing and copying files,
traversing the file system
|"... if you know your enemies and know yourself, you will not be imperiled in a hundred battles"- Sun Tzu (Art of War): Anatomy of an attack||Steps that an attacker takes to find you and attack your computing infrastructure: Reconnaissance; Exploit; Maintaining Access and Wiping tracks||(.) WHOIS, Google Hacking, nmap,
(.) Metasploit (basics)
(.) Log files in Linux
|(.) Enumerate the steps that an
when conducting a cyber attack.
(.) Explain how a combination of poor
design; implementation and configuration can
lead to an attack.
life is full of care, There is no time to stand and stare" - William
What does it mean to secure our computing
||1. Goals of security:
, integrity and availability
2. Sub-goals of security: authentication; non-repudiation; privacy.
|(1) Vulnerability assessment of
insecurebook with respect to confidentiality, integrity, availability,
non-repudiation and privacy.
|(.) Enumerate the goals of
|Securing a network: What does it entail to secure computing infrastructure?||1. Different categories
and administrative) of vulnerabilities/threats and exploits.
2. Different categories of security mechanisms and examples: (1) Applied cryptography
(2) Application (software security)
(3) Hardening software installations
(4) Network security
|(a) Case study on attacks that
require all three security controls (physical, technological,
(b) Google it!: Search the web for different security mechanisms and classify them into each of the three categories
|(.) Enumerate an example for
each category of security
|All's fare in Love, War and Crypto - ERACE (Unknown): Applied cryptography||Symmetric; Asymmetric and secure hashes||(1) Designing a secret key
(2) Using public key cryptography to secure messages and create digital signatures using GPG to post messages on insecurebook
(3) Exploring weaknesses in modes of cryptographic operations used by insecurebook to exchange data over the internet.
(4) Using secure hashes to protect downloads and messages from insecurebook.
|(.) Explain the differences
between secret key,
public key and secure hash mechanisms.
(.) Describe a one-way function.
(.) Demonstrate the usage of basic boolean
operators: OR, AND, NOT and XOR
(.) Enumerate modes of application of cryptography.
(.) Demonstrate how to use secure hashes to
detect tampering of any internet downloads.
|Software (Web) security||Security exploits on social
XSS, XSRF, SQL Injection, Buffer overflows
|Projects on google guyere.||(.) Enumerate web based attacks.
(.) Describe the memory model of an OS.
|Networking and network security||(1) Introduction to
(2) Security issues at each network layer
(3) Securing networks using cryptography
|Network scanning (nmap); encrypting data in transit
(secure the data on insecurebook); case studies using
|(.) Explain the need for a
layered model of networks
(.) Enumerate common networking protocols: TCP, IP, DNS, HTTP, ARP, UDP
(.) Demonstrate the usage of network tools such as ping, traceroute, nmap, arp, ettercap and wireshark for troubleshooting and securing networks.
|You can run
but you cannot hide: Digital Forensics - finding a
|Using Hexadecimal code;
preservation and analysis.
|Finding traces (using find);
using ftk; Evidence collection using dd
and other tools.
|(.) Enumerate the steps in a
digital forensics process
(.) Demonstrate the usage of programs such as find, dd, and rsync in digital forensics process.