| Course Code |
CSC374 |
| Course Title |
Information Security |
| Credit Hours |
3 |
| Prerequisites by Course(s) and Topics |
NA |
| Assessment Instruments with Weights (homework, quizzes, midterms, final, programming assignments, lab work, etc.) |
SESSIONAL (Quizzes, Assignments, Presentations) =25 %
Midterm Exam =25 %
Final Exam = 50%
|
| Course Coordinator |
Dr. Ishtiaque Mahmood |
| URL (if any) |
|
| Current Catalog Description |
|
| Textbook (or Laboratory Manual for Laboratory Courses) |
• Principle of Information Security – Second Edition – Michael E. Whitman and Herbert J. Mattord – Thomson Course Technology. |
| Reference Material |
• Linux Network Security – Peter G. Smith – Charles River Media • Information Security – Principles and Practices: M. Merkow & J. Breithaupt • Applied Cryptography, Bruce Schneier, 2nd Edition, Wiley, 1996 • Cryptography and Network Security, 4th edition or later, William Stallings, Prentice Hall.( |
| Course Goals |
• Familiarity with different types of algorithms to cipher data: symmetric and asymmetric encryption. • Develop skills in the use of protocols implementing these algorithms and understanding of the kinds of protection they offer. • Introduce understanding of the complexity associated with them, and issues related to weaknesses of some algorithms. • Develop ability to implement some of the algorithms by using Java security packages |
| Course Learning Outcomes (CLOs): |
| At the end of the course the students will be able to: | Domain | BT Level* |
|---|
| • Explain what is meant by Network Security and how it works. |
|
|
| • Explain what is meant by content security, and how theoretical and practical Knowledge provides support. |
|
|
| • Define some of the standard technologies to prevent attacks on networks environments. |
|
|
| • Explain what is meant by infrastructure security, and how theoretical and practical knowledge provide support. |
|
|
| • Apply the theoretical and practical knowledge to solve some selected real-world problems |
|
|
| • Define obstacles facing securing wireless infrastructure, and how this can be an open research area. |
|
|
| * BT= Bloom’s Taxonomy, C=Cognitive domain, P=Psychomotor domain, A= Affective domain |
|
|
|
| Topics Covered in the Course, with Number of Lectures on Each Topic (assume 15-week instruction and one-hour lectures) |
| Week | Lecture | Topics Covered |
|---|
| Week 1 |
1 |
Introduction to Symmetric and Asymmetric Ciphers. |
|
2 |
Block and Stream Ciphers |
| Week 2 |
3 |
SSL and TSL |
|
4 |
Digital signature, CAs, CAs hierarchy |
| Week 3 |
5 |
Secure Shell, SSH algorithms, client server authentication |
|
6 |
SSH scenarios |
| Week 4 |
7 |
Foot printing |
|
8 |
DNS queries Network enumeration Network queries Operating system identification |
| Week 5 |
9 |
Introduction to scanning, scanning types |
|
10 |
External Vulnerability Scans. Internal Vulnerability Scans. Host-Based Agents. Penetration Testing Tools |
| Week 6 |
11 |
IDS, IPS |
|
12 |
Virtual Private Networks |
| Week 7 |
13 |
Kerberos and its architecture |
|
14 |
Kerberos drawbacks and limitations |
| Week 8 |
1 hours |
Mid Term |
| Week 9 |
15 |
Common Intrusion and attaks |
|
16 |
Detection of common intrusion attacks |
| Week 10 |
17 |
Packet analyzer and capabilites |
|
18 |
Network monitoring tools and uses |
| Week 11 |
19 |
Firewalls and their applications |
|
20 |
Deep packet inspection |
| Week 12 |
21 |
Securing wireless netowrks |
|
22 |
Fixed and Mobile networks security issues, Mobile device security |
| Week 13 |
23 |
Network access control |
|
24 |
Cloud security |
| Week 14 |
25 |
Electronic mail security |
|
26 |
S/MIME, Pretty Good Privacy |
| Week 15 |
27 |
DNS based attacks |
|
28 |
DNS based authentication of named entities |
| Week 16 |
29 |
IP security |
|
30 |
IP security policy |
| Week 17 |
2 hours |
Final Term |
|
| Laboratory Projects/Experiments Done in the Course |
|
| Programming Assignments Done in the Course |
|
