FORMAN CHRISTIAN COLLEGE

(A Chartered University)

Fall 2015

CSIT 421 – Information Security (3 Credits Hrs)

Course Outline and Lesson Plan

 

Instructor Information:

Name

Dr Saad Bin Saleem

Email

saadsaleem@fccollege.edu.pk

Office

S-214

Office Hours

  • 02:00pm to 03:00pm on Monday.
  • 10:00am to 11:00am on Tuesday and Thursday.

Teaching Assistant

  • Gadhaun Aslam

16-10848@formanite.fccollege.edu.pk

 

Course Information:

Code

CSIT 421

Credits

3

Title

Information Security

Course Description

The purpose of this course is to help students to gain understanding of basic and advance concepts of information security. The students will learn about assets in the system to be protected against the malicious attacks at the various levels such as application, database and network. Additionally, the cryptography protection mechanism will be discussed in detail and a practical session on network and / or web level security will be conducted.

Category

 

Pre- Requisite

COMP 311

Course web page

http://saadbinsaleem.com/courses/infosec/CSIT421.htm

Learning Objectives

·         Introducing the basic concepts relevant to the information security.

·         To give awareness to students about assets in the system and the various types of threats to the assets.

·         Developing a familiarity about the various types of protection mechanisms and their usage at the different levels of system operation.

·         Introducing the attackers and the various types of attacks they can do to harm the system.

 

Text Book

·         Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, 5th edition, Prentice Hall, ISBN-13: 978-0132390774.

Pdf version of the 3rd edition

Reference Books

·         John Viega  and Gary McGraw   (2011), Building Secure Software: How to Avoid Security Problems the Right Way (Paperback) (Addison-Wesley Professional Computing Series), 1st edition, Addison-Wesley Professional.

·         Bruce Schneier, Secrets and Lies: Digital Security in a Networked World 1st edition, Wiley, ISBN-13: 978-0471453802.

 

Important to know

·         All assignments are due at the mentioned time with assignment statement before 5:00 p.m. on the due date. Students can be called to appear for viva at random as and when needed to determine their knowledge gained.

·         Late assignments will not be graded, unless previous accommodations have been made with the course instructor.

·         There will be no retake for the quiz, unless previous accommodations have been made with the course instructor.

·         Students are advised to attend all lectures but 85% attendance is compulsory. It is entirely the students' responsibility to recover any information or announcements presented in lectures from which they were absent.

·         All work that you submit in this course must be your own.

·         Unauthorized group efforts are considered academic dishonesty.

·         You may discuss homework in a general way with others, but you may not consult anyone else's written work. You are guilty of academic dishonesty if:

o   You examine another's solution to an assignment/Quiz/Project/exam.

o   You allow another student to examine your solution to a assignment/Quiz/Project/ Lab Work or any exam.

o   You fail to take reasonable care to prevent another student from examining your solution and that student does examine your solution.

Course Policy:

In case of unauthorized group efforts, academic dishonesty/fraud, cheating and plagiarism following policy is applicable (All cases of breach of Academic Integrity will be reported to Vice Rectors office/AIC)

This course has ZERO TOLERANCE POLICY on any academic Integrity breach

·         For Mid Term, Final Term, Assignments, Quizzes and project.

o    Cheating or violation of academic integrity in any exam/project will cause F grade in course.

Assessment Criteria

Quizzes and Assignments

35%

Midterm exam

25%

Final exam

40%

Total

100.00%

Lesson Plan

Week no

Contents

Activities and Deadlines

1

 

Course Introduction:

  • The objectives of course.
  • Why students need to study this course.
  • How this course will help students in shaping their careers.
  • The teaching strategy I am adopting.
  • The course assessment criteria.

 

Introduction to Security in Computing

  • What is mean by the security?
  • What is Computer security
  • What is Information Security? 
  • Why we need to study Information Security?
  • Assets in Computer and Values of assets.
  • Threats, vulnerabilities and controls.
  • Confidentiality, Integrity and availability (CIA) and another “A” for Accountability.  
  • Types of threats.
  • Types of attackers.

Class Room Activity: Please write down your rational of choosing the information security course. 

 

Quiz 1 (What is the difference between Computer security and Information security? Please explain with examples).

 

Quiz1

2 and 3

Toolbox for Securing Software Systems

  • Authentication.

o   What is Authentication?

o   Identification versus Authentication.

o   Authentication based on what you know.

o Authentication based on what you have.

  • Access control.

o   The basic access control model.

o   Elementary access operations.

o   Access Control List (ACL).

o   Access Control Capabilities (C-List).

  • Cryptography (Secure communication between the systems).

o   Why study Cryptography.

o   Explanation.

o   Terminologies.

Quiz 2 (What is CIA in information security? Please explain the concepts relevant to each word of the term CIA with examples).

 

It is a descriptive quiz.

 

Submission Deadline: 17:00

6th October, 2015

 

Quiz2 

4, 5 and 6

Cryptography in Detail 

  • Terminology and Background

o  Basic communication

o   Threats to messages

o   Basic terminology and notations

o   Requirements for crypto protocols

o   Representing characters

  • Basic types of Ciphers
  • Symmetric encryption
  • Asymmetric encryption
  • Substitution ciphers

o  The Caesar cipher

o   Vigenere tableaux cipher

o  On-Time pad ciphers

1.      Vernam cipher

2.      Book cipher

  • Transposition cipher
  • Product ciphers

o  Stream cipher

o  Block cipher

 Assignment 1 (Please write a JAVA program to implement Caesar cipher). The program should take a message .e.g. “HELLOWORLD” and also ask about the “Key” for substitution from the user and output the encrypted message “Khoorzruog” according to the key.

Note: You have to show the running program and explain the logic if you are using any other language than JAVA.

Submission Deadline: 17:00

20th October, 2015

 

Assignment1

7

Revision Midterm Exam

Your Midterm exam will be held on Thursday 22nd October, 2015.

 

Midterm exam  Plagiarism detected

8, 9 and 10

Program Security

  • Introduction to program security.
  • Taxonomy of programming flaws.
  • Unintentional (no malicious programming flaws).

o  Buffer overflow.

o  Buffer overflows example code in C/C++.

  • Introduction to malicious code.

(Viruses, Worms, Trojan horses, Time bomb, Logic bomb, Rabbit, Bacterium)   

Assignments 2 (Please write down a buffer overflow attack vulnerable program in JAVA and also write down another version of the same corrected program to avoid the buffer overflow attack.)

 

Submission Deadline: 17:00

24th November, 2015

 

Please submit your code in a notepad++ file at “Fcc.Submissions@gmail.com”.

 

Assignment2

11, 12 and 13

Security in Networks

  • Introduction to Networks.

o   ISO OSI reference model.

  • Network security.

o   Network Vulnerabilities

o   Who Attacks Networks

o   Introduction to threat procedures (Port Scan, Social Engineering, Reconnaissance, OS and application finger printing, Using bulletin boards/ chats, Getting available documentation)

o   Denial of service (Web failure, Flooding attacks).

o   Distributed denial of service (Scripted denial of service attacks).  

Assignments 3 (Please perform a DDOS flooding attack using LOIC open source software and also write down a script to perform the same attack.

 

Submission Deadline: 17:00

3rd December, 2015

 

Please submit the screen-shot of LOIC with all the filled fields to perform the attack and also a screen-shot of the website before and after the attack. Submit the attack script in notepad++ file. 

 

Both files should be submitted at “Fcc.Submissions@gmail.com”.

 

 

Any submission after the deadline will be graded with “0”.

14

Final Exam

 

 

Your final exam will be on Thursday 10th December from 08:00 to 10:00.