CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

Similar documents
MORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015

The University of Jordan. Accreditation & Quality Assurance Center. COURSE Syllabus

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Instructor: Eric Rettke Phone: (every few days)

DIS10.1 Ethical Hacking and Countermeasures

Curso: Ethical Hacking and Countermeasures

Networks and Communications MS216 - Course Outline -

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

CompTIA Security+ Study Guide (SY0-501)

ITSY Information Technology Security Course Syllabus Spring 2018

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

DIS10.1:Ethical Hacking and Countermeasures

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Security+ SY0-501 Study Guide Table of Contents

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

.NET Secure Coding for Client-Server Applications 4-Day hands on Course. Course Syllabus

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Faculty of Science & Information Technology

Ethical Hacking and Prevention

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

Certified Ethical Hacker (CEH)

Cyber Criminal Methods & Prevention Techniques. By

Secure Design Guidelines. John Slankas CSC 515

Certified Cyber Security Analyst VS-1160

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

KALASALINGAM UNIVERSITY

Cybersecurity Test and Evaluation Achievable and Defensible Architectures

COMPUTER NETWORK SECURITY

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

Understanding Cisco Cybersecurity Fundamentals

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

EEL DATA NETWORKS, SYSTEMS, AND SECURITY Fall 2016

Advanced Security Tester Course Outline

CEH: CERTIFIED ETHICAL HACKER v9

Chapter 4. Network Security. Part I

Security and Authentication

Information Security Training Needs Assessment Study. Dr. Melissa Dark CERIAS Assistant Professor Continuing Education Director

Course Intended Learning Outcomes (CILOs): Upon successful completion of this course, students should be able to:

Securing Information Systems

CSWAE Certified Secure Web Application Engineer

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.

Strategic Infrastructure Security

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Advanced Diploma on Information Security

Syllabus: The syllabus is broadly structured as follows:

Home Computer and Internet User Security

EC-Council C EH. Certified Ethical Hacker. Program Brochure

Course 831 Certified Ethical Hacker v9

Certified Secure Web Application Engineer

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

CompTIA Security+ (Exam SY0-401)

Lecture 1 Applied Cryptography (Part 1)

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Securing Information Systems

MLR Institute of Technology

Implementing Cisco Cybersecurity Operations

Understanding the Changing Cybersecurity Problem

Syllabus CS 430 Introduction to Computer Security Winter 2016

CHCSS. Certified Hands-on Cyber Security Specialist (510)

Required Textbook and Materials. Course Objectives. Course Outline

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

CPSC 4600 Biometrics and Cryptography Fall 2013, Section 0

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 12 May 2018

Systems and Network Security (NETW-1002)

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

V8 - CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 03 Feb 2018

Cybersecurity Auditing in an Unsecure World

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Network Security and Cryptography. December Sample Exam Marking Scheme

EC-Council - EC-Council Certified Security Analyst (ECSA) v8

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

IoT & SCADA Cyber Security Services

Question: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break.

CHAPTER 8 SECURING INFORMATION SYSTEMS

ITSY 2330 Intrusion Detection Course Syllabus

HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Guide to Network Security First Edition. Chapter One Introduction to Information Security

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

AIT 682: Network and Systems Security. Instructor: Dr. Kun Sun

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

CompTIA Security+ Certification

POST GRADUATE DIPLOMA IN CYBER SECURITY (PGDCS)

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Introduction. Ahmet Burak Can Hacettepe University. Information Security

Transcription:

Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE CSCI 411 Computer Security and Forensics Credits: 3 Hybrid (face to face and online) COURSE SYLLABUS NIST Special Publications SP 800-12r1, 800-53r4, 800-61r2, 800-86 References Schneier, Bruce. Applied Cryptography, Second Edition, John Wiley & Sons, 1996. Other reference material as provided via the Blackboard Pfleeger, C.P., Security in Computing 5 th Edition, Prentice Hall, Copyright 2010ISBN 0-13- 239077-9 CATALOG DESCRIPTION This course concerns host-based security and forensics. The first part of the course explains how security is achieved by most modern operating systems, including authentication and access control at the level of processes, memory, and file systems. The second half of the course will cover methods for monitoring an operating system to detect when security has been breached, and for collecting forensic evidence from computers and other digital devices. Course Outcomes The student will be able to CO1. Describe the various concepts in network defense. CO2. Describe cyber defense tools, methods and components

CO3. Describe appropriate measures to be taken should a system compromise occur CO4. List the first principles of security CO5. Describe why each principle is important to security and how it enables the development of security mechanisms that can implement desired security policies CO6. Analyze common security failures and identify specific design principles that have been violated CO7. Identify the needed design principle when given a specific scenario CO8. Identify the bad actors in cyberspace and compare and contrast their resources, capabilities/techniques, motivations, aversion to risk CO9. Describe different types of attacks and their characteristics MODULE TOPICS Assessment Module 1 (CO1, CO8) Computer security, where do we stand? Best practices Threats and Adversaries Adversaries and targets Motivations and Techniques The Adversary Model (resources, capabilities, intent, motivation, risk aversion, access) Password policies Authentications Methods Updates and patches Access Controls Logging and Auditing (for performance and security) Backup and Restoring Data Vulnerabilities and Risks Basic Risk Assessment Assignment 1 Blackboard Discussion 1 Assignment 2 Blackboard Discussion 2 Module 2 Security Life-Cycle Assignment 3

(CO4, CO5) Module 3 (CO2, CO7) Module 4 (CO1, CO4, CO9) Security Models Access Control Models (MAC, DAC, RBAC) Confidentiality, Integrity, Availability, Access, Authentication, Authorization, Non-Repudiation, Privacy Security Mechanisms (e.g., Identification/Authentication, Audit) NIST SP 800-53r4 Two-factor authentication Identity theft in a social engineering scenario Notes by instructor Hashing and Signatures SHA-1, SHA-2, MD-5 and their strengths & weaknesses Digital Signatures and Message Authentication Code (MAC) Minimizing Exposure (Attack Surface and Vectors) Mission Assurance Confidentiality via encryption Secret key and two-key algorithms Advanced Encryption Algorithms (AES) and its principles Tools for Hash, Secure Hash, Digital Signature and Certificates of Authority Notes by instructor Mobile Devices and attacks on them Social Engineering Events that indicate an attack is/has happened Attack surfaces / vectors Attack trees Insider problem Threat Information Sources (e.g., CERT) Separation (of domains) Isolation Encapsulation Least Privilege Real-life scenario discussion on failure of authentication Assignment 4 Discuss tools for message authentication code and digital signatures Assignment 5

Simplicity (of design) Minimization (of implementation) Fail Safe Defaults / Fail Secure Modularity Layering Least Astonishment Open Design Usability Module 5 Module 6 (CO3, CO5, CO9) Module 7 (CO2, CO3, CO9) Revision and Midterm Examination NIST SP 800-61r2 Preparation *Patching OS and Application Updates Vulnerability Scanning Vulnerability Windows (0-day to patch availability)00 NIST SP 800-61r2 Detection and Examination Malicious activity detection / forms of attack Appropriate Countermeasures NIST SP 800-86 Forensics Process Chain of Custody (Instructor s notes) Memory forensics and Volatility Framework Instructor s Notes / Reference Types of Attacks Password guessing / cracking Backdoors / trojans / viruses / wireless attacks Midterm Examination Assignment 6 Watch a video on Volatility Framework and Memory dump Assignment 7 Discussion on attack tools, why we need them?

Sniffing / spoofing / session hijacking Denial of service / distributed DOS / BOTs MAC spoofing / web app attacks / 0-day exploits Vulnerabilities that enable them Attack Timing (within x minutes of being attached to the net) Attack tools Port scanning NMAP and Nessus tables Password breaking tools Cain & Abel, Rainbow Module 8 (CO3, CO6) Module 9 Packet sniffers and capture tools PCAP and TCPDump NIST Special Publication SP 800-86 Attack detection and evidence collection Detection tools Evidence presentation Attack reporting Risk assessment FINAL EXAMINATION Assignment 8 Discussion on the balance between risk and security budget FINAL EXAMINATION

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback