Skip to Content - Skip to Navigation

Department of Computer Science

COSC 316 Cybersecurity Basics

Loading...

Course Description

Prerequisites: COSC 110 or equivalent course, as approved by instructor

Provides an introduction to the theory and concepts of host computer security. Topics include security and policy guidelines, attack strategies and attacker profiles, users and groups security, file systems and security, integrity management, cryptography basics, back-up utilities, auditing and logging, and strategies for defending user accounts. Designed as a practical hands-on course.

Course Outcomes

Upon successful completion of this course, the students will:

  1. Write a suitable set of security policies for different scenarios.
  2. Apply various access control techniques.
  3. Compare the basic tools and techniques used to attack systems.
  4. Explain the different types of attacks.
  5. Specify procedures for password/username management.
  6. Explore the use of security tools in defending user/group accounts.
  7. Explore techniques for integrity management.
  8. Demonstrate the use of logging, auditing, and backup techniques for security.
  9. Explain the basic cryptography concepts.

Course Outline

Topic Academic Hours
  1. Overview of computer security
    1. Definition and discussion of computer security
    2. Security problems in computing
 3
  1. Attacks to Host Computer Systems
    1. Attacker profiles (hackers, crackers, script kiddies, spies, employees)
    2. Attacking strategies (social engineering, spyware, software vulnerabilities, malware)
 3
  1. Introduction to an operating system
    1. The operating system overview and functionality
    2. Operating system utilities
    3. Operating system user and administrative commands
 3
  1. Identification and Authentication
    1. Managing username and passwords.
    2. Password management utilities
    3. Authentication techniques (biometrics, RFID devices, Smart cards, one-time passwords)
    4. Use of password cracking tools.
 3
  1. File systems and access control
    1. File ownership and user groups.
    2. Strategies for defending group accounts
    3. Working with Files/directories
    4. Using File Manager
 6
  1. Integrity Management
    1. Immutable and append only files
    2. Read only files
    3. Checksum and signatures
    4. Use of integrity checking tools
 3
  1. File System and security
    1. Access control through file permissions
    2. Setting up access control lists
    3. Other file protection schemes
    4. Basic computer forensics methods
    5. Electronic records management
    6. Electronic evidence
 3
  1. Auditing, logging, backup
    1. Log file utilities
    2. Rotating and tracking log files
    3. Protecting and viewing log files
    4. Operating system specific tools for auditing and logging
    5. Backing up file systems
    6. Linux tools for backup
 4
  1. Encryption for Host System
    1. Symmetric encryption
      1. Cryptography and cryptanalysis
    2. Asymmetric encryption
      1. Public vs. private key encryption
      2. Digital certificates
      3. Encryption utilities
 4
  1. Policies and guidelines
    1. Policy development
    2. Planning for security needs
    3. Outsourcing policy development
 3
  1. Overview of physical security
    1. Physical controls vs. technical controls
    2. Coping with natural and artificial disasters
 3
  1. Student presentation on security tools
 2
  1. Two in-class exams
 2
Total 42

Final exam (during final exam week)

Evaluation Methods

  1. Lab exercises (25%): Each student is expected to do the following hands on in-class exercises: user account security, user group account management, defending accounts, file security management, auditing and logging, cryptography, backup and recovery and integrity management. All exercises use free downloadable security tools.
  2. Tool Research project (15%): The objective of the project is to expose students to the array of other security tools available, not covered in the course. Students research on the tool, develop a tutorial for the tool, do a class presentation which includes a demonstration of how the tool works, and finally comment on their experience of using the tool.
  3. Assignments (15%): Students will have three assignments to complete, which are non-lab based.
  4. Exams (45%): Students will be evaluated on their understanding of the concepts presented using short essay questions on the readings and class material. There will be three exams: first exam (15%), a mid-term exam (15%), and a final exam (15%).

Grading Scale

The standard grading scale will be used. 90%+ =A; 80-89%=B; 70-79%=C; 60-69%=D; <60%=F.

Textbook

Garfinkel, S., Spafford, G., and Schwartz, A., Practical Unix and Internet Security, Third Edition, 2003, ISBN “0596-003234”

Attendance Policy

The policy will follow the guidelines as in the IUP Handbook.

Special Resource Requirements

None

Loading...
  • Computer Science Department
  • Stright Hall, Room 319
    210 South Tenth Street
    Indiana, PA 15705
  • Phone: 724-357-2524
  • Fax: 724-357-2724
Loading...
  • Office Hours
  • Monday through Friday
  • 7:30 a.m. – 12:00 p.m.
  • 1:00 p.m. – 4:00 p.m.