UB University of Baltimore
Merrick School of Business


INSS 753 - Internet and Network Security
Spring 2012

Wednesdays 5:30 - 8:00 PM - BC 305

Professor Al Bento

officeBC 473v-mail837-5272
e-mailabento@ubalt.eduURLhttp://home.ubalt.edu/abento

Office hours: Wednesdays 3:30 - 5:00 PM and TBA


[assignments][projects][exams][outline] [SAKAI]

COURSE DESCRIPTION

The objectives of this course are to familiarize students with:

  1. basic security threats on netwoks connected to the Internet
  2. basic tools to provide user and system security, and
  3. security resources available on the Internet.

Topics include security framework overview, footprinting, scanning, enumeration, hacking framework, backdoor servers and Trojans, rootkits, Windows (XP, 7) and Linux vulnerabilities, dialup, VPN and network devices vulnerabilities, firewalls, Intrusion Detection System (IDS), Denial of Service (DoS) and DDoS, buffer overflows, spyware, phishing, social engineering and protecting the Web end-user. This is a project-oriented course using a restricted access UB Lab to practice the use of hacking and security tools.

Class meetings: In the first part of the class we will discuss the content of the book chapter(s) assigned for that day, and I will try to show live examples of software tools using my Laptop. The second part of the class will be dedicated to additional tools, topics, reviews,etc.

All software used in the course is free so that students can install the software in their PCs. Students will also have accounts in the MIS Lab and will be able to install the software in the Lab machines and use the Windows 7 and Linux versions of the software when available.

Special note: Do not use the tools discussed in class outside of the MIS Lab, unless I specifically say so.

The pre-requisites for this course are a working knowledge of Telecommunications (see INSS650) and Operating Systems.


ASSIGNMENTS AND GRADING

Assignments (4) 20%
Mini-projects (6)30%
Mid-term exam20%
Final exam30%

Assignments

The assignments are technical reports discussing recent security incidents and potential remedial actions. The reports should be prepared in a word processor and ONE file in RTF format should be posted on the corresponding Assignments area of SAKAI.

Projects

The projects are hands-on exercises in a given security aspect. Your grade in the mini-projects will depend upon the content and structure of the final written report. The mini-projects are to be made in groups of  three to four students. Each group will be assigned to work in a machine throughout the semester, and will have administrative privileges in their respective machine. Each group will create a report with screen capture of what you did (download free software for screen capture from Nonags) and  post in  the Assignments area of SAKAI. If the files become too large, please zip them before posting (again download free software from Nonags, if you do not have it).

  1. footprinting, scanning and enumeration.
  2. testing Windows security.
  3. testing UNIX/Linux security.
  4. testing network and wireless devices.
  5. scanning for remote control, Trojans and rootkits.
  6. testing Internet users and setup of a firewall.

Exams

Mid-term Exam

An on-line, multiple-choice exam due on March 11, covering class materials up to February 22nd. The exam will open March 8, and will be comprised of twenty randomized questions. The grades will be posted immediately in SAKAI, but the comments will only be available the day after the due date.

Final Exam

The final exam is a multiple-choice in-class,  on-line, open book exam, covering the applied materials from February 29 on.


TEXTBOOK

Scambray,J., McClure,S., and Kurtz, G. Hacking Exposed, 6th ed, McGraw-Hill Professional Publishing, 2009. ISBN 0071613749. Book Web site

On reserve:

Web references:

to be added throughout the semester, in addition to the ones available in the book Web site.



OUTLINE
Day 5:30 - 6:50 7:00 - 8:00 Assignments
01/25 Course overview, Security overview Windows 7 review Introduce yourself and select group in SAKAI
02/01 Footprinting and Scanning and Google hacking. [1,2] tools for footprinting and scanning Assignment 1 due 02/07
02/08 Enumeration [3] Enumeration Tools Project 1 - footprinting, scanning and enumeration. due 02/21
02/15 Windows security mechanisms [4] Review of Ethernet LANs and TCP/IP in Windows. Finish working on Project 1
Assignment 2 due 02/28
02/22 Hacking Windows [4] Readings on security in Windows Project  2 - testing Windows security due 03/06
02/29 Overview of Linux, and Hacking UNIX/Linux [5]. SSH in Linux and Windows. Meets in the MIS Lab More on Linux and review of Networking in Linux.  Finish working on Project 2
Assignment 3 due 03/17

03/07
Dialup, VPN and Network devices [6,7]. Readings in VPN and Network devices security Mid-Term exam due 03/12
Project  3 - testing UNIX/Linux security due  03/27
03/14 Wireless hacking [8] and Hacking Hardware [9]
Readings in wireless security  Continue working on Project 3
03/21
Spring Break
Spring Break
no assignments
03/28 Firewalls Intrusion Detection Systems Project  4 - testing network and wireless devices due  04/15
04/04 Threat infrastructure: proxies, botnets, fast-flux Exploitation: Buffer Overflow,SQL injection, Adobe files Finish working on Project 4
04/11 DoS attacks [C] Other articles in DoS.  Assignment 4 due 04/21
04/18
Hacking Code [10] Other resources on hacking code: packetstorm and bugtraq  Project  5 - scanning for remote control, Trojans,rootkits. Setup of firewalls and IDS. due 05/01
04/25 Web hacking and the Internet user [11, 12] Readings on security of the Internet user Project  6 -  testing Internet users due 05/08
05/02 Hacking mobile devices Final Exam review  Finish working on Project 6
05/09 Final Exam
Final Exam last day to re-submit projects.


This page is maintained by Al Bento who can be reached at abento@ubalt.edu. This page was last updated on January 5, 2012. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.