UB University of Baltimore
Merrick School of Business


INSS 453 - Internet and Network Security
Fall 2017

Thursdays 5:30 - 8:00 PM - BC 025, MIS Lab  and on the Web (every other week)

Professor Al Bento

office BC 468 v-mail (410) 837-5272
e-mail abento@ubalt.edu URL http://home.ubalt.edu/abento

Office hours: Thursdays 3:30 - 5:00 PM every other week, and TBA.


[review project][projects][exams][outline] [SAKAI]

COURSE DESCRIPTION

The objectives of this course are to familiarize students with:
  1. basic security threats on netwoks connected to the Internet
  2. basic tools to provide user and system security, and
  3. security resources available on the Internet.

Topics include security framework overview, footprinting, scanning, enumeration, hacking framework, backdoor servers and Trojans, rootkits, Windows (7, 8, 10) and Linux vulnerabilities, dialup, VPN and network devices vulnerabilities, firewalls, Intrusion Detection System (IDS), Denial of Service (DoS) and DDoS, buffer overflows, spyware, phishing, social engineering and protecting the Web end-user. This is a project-oriented course using a restricted access UB Lab to practice the use of hacking and security tools.

Class meetings:  we will meet in class or in the MIS Lab every other week , and on the Web in the other weeks.

All software used in the course is free so that students can install the software in their PCs. Students will also have accounts in the MIS Lab and will be able to install the software in the Lab machines and use the Windows 10  and Linux versions of the software when available.

Special note: Do not use the tools discussed in class outside of the MIS Lab, unless I specifically say so.

The course pre-requisite is INSS300 basic knowledge of Information Technology and Networking.


ASSIGNMENTS AND GRADING

Review project
 5%
Projects (7) 40%
Mid-term exam 25%
Final exam 30%

Review Project

The review project objective is to make each group familiar with the MIS Lab machine they will use during the semester and  review basic network commands  seen in chapter 2 of the textbook and prior courses  as INSS427, e.g. ipconfig, ping, tracert, nslookup, arp, net commands,   etc.

Projects

The projects are hands-on exercises in a given security aspect. Your grade in the projects will depend upon the content and structure of the final written report. The projects are to be made in groups of  three to four students. Each group will be assigned to work in a MIS Lab machine throughout the semester, and will have administrative privileges in their respective machine. Each group will create a report with screen capture of what you did  and  post the report in  the Assignments area of SAKAI. If the files become too large, please zip them before posting.


  1. fix SAM and SMB vulnerabilities
  2. footprinting, scanning and enumeration.
  3. testing Windows security.
  4. testing UNIX/Linux security.
  5. testing network and wireless devices.
  6. setup of firewalls and IDS
  7. scanning for remote control, Trojans and rootkits.

Exams

Mid-term Exam

The mid-term exam is an in-class, online, multiple-choice, open book exam on October 12covering class materials and textbook chapters 1,2,5,6,8,11 and 13. The exam  will be comprised of forty or fifty questions. The grades will be posted immediately in SAKAI, but the comments will only be available the next day.  There will be a sign up page in class and be sure that you sign it. 

Final Exam

The final exam is an in-class, online, multiple-choice, open book exam on  December 14 covering class materials and textbook chapters 3,4,7,9,10,12 and 14. The exam  will be comprised of forty or fifty questions. The grades will be posted immediately in SAKAI, but the comments will only be available the next day.  There will be a sign up page in class and be sure that you sign it. 


TEXTBOOK

Easttom, Chuck  Computer Security Fundamentals, 3rd ed, Pearson Education, Inc, 2016. ISBN 9780789757463

Suplemental reading (on reserve in the Library)  Content not included in course exams, will help in the group projects.

Scambray,J., McClure,S., and Kurtz, G. Hacking Exposed, 7th ed, McGraw-Hill Professional Publishing, 2012. ISBN 0071780289. 




OUTLINE
Day 5:30 - 6:50 7:00 - 8:00 Assignments
08/31 Course overview, Security overview  [1], Encryption.[8]
face-to-face meeting.
Windows security mechanisms. SAM vulnerabilities Introduce yourself and select group in SAKAI
09/07 Basic Communications Model and Ethernet LANs,  Other Ethernet Technologies. [2]
Meet in MIS Lab
Microsoft Enterprise Concepts, TCP/IP in Windows and Netbios resolution  [2]
Review project:  MIS Lab acquaintance, basic network tools  due 09/13
09/14 Malware [5:1-17] Windows Defender role change. Windows Defender vulnerability and Microsoft fix. Ransomware overview and as a business.   Microsoft OneDrive and Dropbox  Ransomware recovery. Ransomware and SMB  SMB levels and SMB Vulnerability severity. Disable SMBv1Hackers Playbook: Ransomware special edition. Project 1: Fix SAM and SMB vulnerabilities due 09/20
09/21 Hacking Framework ,  Footprinting and Scanning.   EnumerationTools for footprinting and scanning,  and tools for enumeration   (1,2,3)   Meet in MIS Lab Techniques Used by Hackers [6:1-14] ,  Google Hacking  , Cyber Detective [13] Project 2 - footprinting, scanning and enumeration. due 10/04
09/28 Checking and hacking Windows (4).   Network and Vulnerability Scanning  [11] using MSBA and Nessus.
Readings on security in Windows    Pwned Passwords Finish working on Project 2
10/05 Overview of Linux, and    SSH in Linux and Windows.   Installing Ubuntu bash shell  in Windows 10.
Meet in MIS Lab
Information in Linux , Handy Commands and   Networking in Linux.  More in bash in Windows.  Project  3 - testing Windows security due 10/18
10/12
Midterm Exam
face-to-face meeting.
Midterm Exam Finish working on Project 3
10/19
Hacking UNIX/Linux  (5)
face-to-face meeting.
More in Linux security Project  4 - testing UNIX/Linux security due  11/01
10/26 Wireless hacking  (8) Readings in wireless security Remote Connectivity, VPN and Network devices  (7) and Readings in VPN and Network devices security Finish working on Project 4 

11/02
DoS attacks [4] Other articles in DoS.
face-to-face meeting.
 Firewalls  and  Intrusion Detection Systems [9] Project  5 - testing network and wireless devices due  11/18
11/09
Hacking Hardware (9) and Web hacking and the Internet user (10)  Mobile Hacking  (11) Finish working on Project 5
11/16
Remote Control and Advanced Techniques and More in Advanced Techniques.  [5:18-34]  Other resources on hacking code: packetstorm and bugtraq
face-to-face meeting.
Techniques Used by Hackers  [6:15-22],  Exploitation: Buffer Overflow,SQL injection, Adobe files and Kali Linux DB testing tools.
 Project  6 -  Setup of firewalls and IDS due 12/2
11/23
Thanksgiving

Thanksgiving
Finish working on Project 6 
11/30
Security Policies [10]  Introduction to Forensics [14] and Kali Linux tools for forensics.  
face-to-face meeting.
Cyber terrorism and Information warfare [12]  and    Final Exam review Project 7 - Scanning for remote control, Trojans and rootkits due 12/14
12/07
Cyber Stalking and Crime [3], Tech Support Scams Industrial Espionage in Cyberspace [7]  Finish working on Project 7
12/14

Final Exam
face-to-face meeting.
Final Exam last day to re-submit projects.

Note: [ ] chapters in Easttom Book and ( ) chapters in McClure Book


This page is maintained by Al Bento who can be reached at abento@ubalt.edu. This page was last updated on August 13, 2017. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.