Professional Documents
Culture Documents
CS 5950/6030 Network Security Class 1 (W, 8/31/05)
CS 5950/6030 Network Security Class 1 (W, 8/31/05)
CS 5950/6030 Network Security Class 1 (W, 8/31/05)
2
1.1. Course Overview (1)
CS 5950/6030: Network Security - Fall 2005
Department of Computer Science
Western Michigan University
Description: Survey of topics in the area of computer and network security with
a thorough basis in the fundamentals of computer/network security.
5
Course Overview (4)
Grading:
Grading components:
– Quizzes 10%
– Midterm Exam 25%
– Final Exam 30%
– Group Project (incl. final project presentation) 35%
Fixed standard grading scale (A: 90, BA: 85, B: 80, CB: 75, C: 70, DC: 65, D: 60)
– I may curve a “bad” exam to improve the letter grades.
Inquiries about graded quizzes/exams must be made within one week after they are handed
back. In case of a grading disagreement, written arguments for your claims are required.
In my book, there is the “AA” grade—known to the outside world as the “A+” grade
—for extraordinary performance (best in class, etc.). Each student who receives it can get
a written statement from me upon request (in case the student needs a strong evidence for
a recommendation letter). Of course, WMU transcript will show an “A” only.
I might offer an extra credit for an optional coursework—such as presenting in class
a software security tool or a research paper.
6
Course Overview (5)
Course Policies:
1. Lecture
Lecture notes may or may not be on-line so taking notes during class is highly
encouraged. Especially, you should write down anything that is written down using the
board or the document projector. You are encouraged to slow me down if you need
more time to take notes.
Attendance at lectures is required. If you must miss a lecture, please contact the
instructor in advance.
Lectures will be driven by student interaction, in addition to the standard lecture
material.
2. Quizzes
2-4 quizzes are planned.
Quizzes will be announced no later than at the preceding lecture.
Quiz solutions will be posted, most probably online.
7
Course Overview (6)
3. Exams
There will be two exams for the class.
The midterm exam will be announced at least a week in advance (it should be expected
around October 15). The midterm exam will be held during normal class time.
The final exam will be held during the finals week, as scheduled (Th, Dec. 8, 2:45 PM –
4:45 PM).
4. Project(s)
Small projects:
– 1-2 small projects will be individual and self-guided (using guidelines provided
by me). They will not be graded but lessons learned may be checked by my quiz
questions.
The final project:
– The final project will be done in teams consisting normally of 3-4 students.
– I will propose a set of topics for the final project to help students in final project
selection. The groups are free to propose their own topics for the final project but
must obtain my buy-in before starting their work.
– The results obtained in the final project will be presented by the students in class
at the end of the semester.
8
Course Overview (7)
Project presentation requirements:
– For all projects, both technical contents and quality of (written and/or oral)
presentation will be evaluated for the total project credit.
– No handwritten project reports will be accepted. All text and figures must be
prepared using a word processor (and a drawing program, if necessary).
– The project reports must be submitted both as hard copies and in an electronic
format.
• Required electronic format: PDF.
• The message including project files must include information on anti-
viral software used (cf. above).
– Late project reports will lose 33% per day beyond the due date.
Other Notes:
The topics for the course will be quite flexible. If there is a technology related to
security that you would like to know more about, please let me know. I will try to
accommodate your wishes, depending on the availability of time.
This class will be a class where many of the topics build upon one another. Therefore,
please ask questions in class if you do not understand the material.
9
Course Overview(8)
Since email and telephone limit interaction, please see me during my office hours in
case of any course difficulties. (In justified cases, a special appointment can be made.)
No questions will be answered on the date of a quiz/exam.
A make-up quiz/exam can be given only when the student presents a valid reason with
documented evidence for missing the test/exam. Without such a reason, the student
will loose all quiz/exam points.
11
Survey of Students’ Background and Experience (2)
1-2) Please list (by number and name) all classes in operating systems, networks,
databases, and security taken at WMU:
OS: ________________________________________________________________
Networks: ___________________________________________________________
Databases: __________________________________________________________
Security: ___________________________________________________________
1-3) Please list (by name) classes in operating systems, networks, databases, and
security taken at institutions other than WMU (name the institutions):
OS: ________________________________________________________________
Networks: ___________________________________________________________
Databases: __________________________________________________________
Security: ___________________________________________________________
1-4) Please list up to 3 programming languages, which you know, and rate your skill
level in each (1-5).
Language 1: ______________________________ Rating: _______________
Language 2: ______________________________ Rating: _______________
Language 3: ______________________________ Rating: _______________
12
Survey of Students’ Background and Experience (3)
1-5) Please list any other notable/important background or experience in OS, networks,
databases, and security (incl. work, internships, projects, etc.).
___________________________________________________________________
___________________________________________________________________
___________________________________________________________________
1-6) Operating system you feel most comfortable with (circle one or more):
Windows Linux Solaris Other: ___________
13
Survey of Students’ Background and Experience (4)
2-3) If there were 2-3 topics related to security that you would like to know
more about, what would those be (in your preference order)?
Topic 1: ____________________________________________________________
Topic 2: ____________________________________________________________
Topic 3: ____________________________________________________________
Thank you!
14
1.3. Introduction to Security (1)
1.3.1. Examples – Security in Practice
From CSI/FBI Report 2002
90% detected computer security breaches within the last year
The most serious financial losses occurred through theft of proprietary information and financial
fraud:
26 respondents: $170M
25 respondents: $115M
For the fifth year in a row, more respondents (74%) cited their Internet connection as a frequent
point of attack than cited their internal systems as a frequent point of attack (33%).
34% reported the intrusions to law enforcement. (In 1996, only 16% acknowledged reporting
intrusions to law enforcement.)
[Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington] 15
More from CSI/FBI 2002
40% detected external penetration
Denial
Cyberterrorism of Modified
Service Databases
Virus
Espionage
Identity
Theft
Equipment
Theft Stolen
Customer
Data
Confidentiality Integrity
S
Availability
S = Secure
[cf. Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington] 25
Balancing
CIA
Biographical Payroll Health
Data Data Data
Confidentiality Integrity
Sensitive
Data
Availability
27