Syllabus
|
|||||||||
Special Topics TM 653/IS 631 – Information Security |
|||||||||
|
Spring, 2005 |
|||||||||
|
Tuesday GC 136 |
|||||||||
Course Description:
|
An introduction to the various technical and
administrative aspects of Information Security and Assurance. This course provides the foundation for
understanding the key issues associated with protecting information assets,
determining the levels of protection and response to security incidents, and
designing a consistent, reasonable information security system, with
appropriate intrusion detection and reporting features. The
purpose of the course is to provide the student with an overview of the field
of Information Security and Assurance.
Students will be exposed to the spectrum of security activities, methods,
tools, and procedures. Coverage will
include inspection and protection of information assets, detection of and
reaction to threats to information assets, and examination of pre- and
post-incident procedures, technical and managerial responses and an overview
of the Information Security Planning and Staffing functions. |
||||||||
Prerequisites:
|
·
Permission of
instructor. Students will need familiarity with desktops, operating systems,
DOS, networks, software. |
||||||||
Textbook and
Resources:
|
(Course
Technology, 2003). -
NSTISSI No.
4014 – National Training Standard for Information Systems Security Officers
(ISSO).
http://www.nstissc.gov/Assets/pdf/4014.pdf -
NSTISSI No.
4015 – National Training Standard for System Certifiers. http://www.nstissc.gov/Assets/pdf/nstissi_4015.pdf ·
Subscribe to
the daily security bulletins from dailyreport@ists.dartmouth.edu ·
Access to a
PC/Laptop for software evaluation |
||||||||
Instructor:
|
Patricia Logan, Ph.D. |
||||||||
|
Office: |
|
||||||||
|
Email Address: |
|||||||||
|
Phone: |
304-746-1951 |
||||||||
|
Office Hours: |
Tuesdays before class Friday mornings On-line each morning at 9 am Available by appointment |
||||||||
Course Objectives:
|
After completing the course, students will be able to: q
Identify and
prioritize information assets. q
Identify and
prioritize threats to information assets. q
Define an
information security strategy and architecture. q
Plan for and
respond to intruders accessing computing resources. q
Describe legal
and public relations implications of security and privacy issues. q
Perform a basic
computer security review q
Use forensic
tools to discover evidence and manage security. q
Define current
issues in computer security. q
Provide
experience in research in Information Security. q
Possess an
ethical framework to implement investigation procedures. |
||||||||
|
COURSE
Policies |
|||||||||
Attendance:
The Instructor expects
your attendance at each and every class; however, actual attendance is up to
the student. The course will be conducted as a lecture/seminar and all
students will be invited to take a leadership role in the course. Business meetings/out-of-towns
trips that require a substantial loss of class time should be discussed with
the instructor. Late arrival that
causes disruption, early departure that causes disruption, excessive
conversation among students (a disruption in its own right), inappropriate
use of electronic devices that cause disruptions,
and other actions that disrupt the classroom are unacceptable. |
|||||||||
Assessment:
|
|
||||||||
|
Tool review (team) |
20 |
||||||||
|
Blogs/discussion |
15 |
||||||||
|
Case Study Collaborative project |
15 15 (in 3 parts) |
||||||||
|
Research Project |
35 (in 4 parts) |
||||||||
|
|
100 points total |
||||||||
|
|
|
||||||||
|
Grade
Evaluation: |
|
||||||||
|
A |
90% - 100% |
||||||||
|
B |
89% - 80% |
||||||||
|
C |
79% - 70% |
||||||||
|
D |
69% - 60% |
||||||||
|
F |
59% or below |
||||||||
|
An incomplete will not be given unless a documented
emergency exists at the end of the semester that prevents the completion of
the class. An Incomplete will be given
only when all assignments have been turned in and received a passing grade up
to the point of the request for the incomplete. The work not completed must have an
agreed-upon due date for completion. Evaluation
criteria explained:
|
|||||||||
|
Guidelines
for submitting work: Work should be
submitted to the instructor electronically.
All email submissions must be received prior to the
stated deadline (beginning of class meeting time). The following format must be used when
submitting assignments via email. Subject: IS631 yourname
LAB#. Late assignments will be
accepted at the discretion of the instructor and may result in a point
penalty. Copying content from web
resources without proper attribution is the same as plagiarism and will be
penalized. Electronic Devices:
In order to minimize the level of distraction, all
watches, beepers and cellular phones must be on quiet mode during class
meeting times. Students who wish to use a computer/PDA for note taking need
prior approval of the instructor since key clicks and other noises can
distract other students. Recording of lectures by any method requires prior
approval of the instructor.
Class
Participation: Students will be asked to provide case
study analysis and lead the class discussion of questions about the case
circumstances. Case studies are
included at the beginning of each chapter in the book and occasionally, from
outside sources. Case studies
represent sample situations and students are encouraged to offer contrary
and/or opposing views. A case study will
be assigned prior to class and students will take turns presenting the case
and leading discussion. Students
should use the discussion questions from the book, as well as their own
questions in discussing the case.
Students selected to lead the discussion should make sure that they
have emailed the class and instructor the questions before class. Assignments Software Tool Evaluation Students will be given links to a variety of
security and forensic tool sets for trial and review. Your review of the tools will be based on
student-identified criteria. Your team
will be using your own computer(s) for this exercise as MU does not allow
downloads to campus machines. Do not
use your employer’s network for tool evaluations. Make sure you use a computer that you have
a back-up image for and be prepared to re-image. The sites with forensic/security tools will
also download some nasty Trojans, worms, and viruses. Freeware/shareware has
no support so be careful to read all documentation before installing and make
sure you know how to uninstall.
Anti-virus software may choke on some tools (keyloggers,
for example) and may need to be disabled.
Be prepared. Read about the tool category before you jump into
downloading and installing. Sample
evaluations from NIST are located at http://niap.nist.gov/cc-scheme/in_evaluation.html.
There will be categories assigned for the tool set reviews and your team will
create a matrix of criteria that include at a minimum: usability factors,
installation/uninstall ease, performance (describe what events you tested),
suitability for purpose, skill required, documentation, bugs, technical
support). The team should add any additional criteria, as appropriate. A rating/score should be developed and applied
to at least 3 software tools that you are comparing within the matrix. A one page executive summary will be due
for each tool reviewed and include a brief description of the tool type and
their intended use, the matrix, and a recommendation. Tool sources include (but are not limited
to): http://www.southbaypc.com/NoAds/ http://www.petitcolas.net/fabien/steganography/mp3stego/ http://www.dekart.com/products/file&disk_encryption/private_disk_light/ http://www.softwaretrials.com/cookiescache/ http://www.outguess.org/detection.php/ http://steghide.sourceforge.net/ http://www.cablehead.com/Blackbox.htm http://www.e-evidence.info/other.html http://www.cix.co.uk/~net-services/library/ http://www.winsite.com/win3/fonts/truetype/ http://download.visualware.com/ http://www.download.com/3150-2092-0-1-1.html?legacy=cnet http://www.tucofs.com/tucofs/tucofs.asp?mode=mainmenu http://www.finaldownload.com/products/g1.html http://ftimes.sourceforge.net/FTimes/HashDig.shtml http://www.walhello.info/top/computers/hacking/exploits http://www.thenetworkadministrator.com/top2004hackertools.htm http://net-security.org/software_main.php?cat=1 The summary should be turned in by email. Use the Tool blog
to post your matrix and comments about your testing –could be a warning to
others! Research Project:
A research project will be assigned and due at the
end of the semester. Students should be prepared to define their project
early in the semester and receive topic approval. Reviewing the following web sites may be
useful in developing your ideas and paper: http://www.umuc.edu/prog/ugp/ewp_writingcenter/writinggde/chapter4/chapter4-04.shtml http://www.xu.edu/library/xututor/defining/formulating.cfm http://elibrary.unm.edu/tutorials/General/Defining/creating.htm http://ed-web3.educ.msu.edu/digitaladvisor/ResearchFiles/ResearchQuestions.htm http://www.theresearchassistant.com/tutorial/2-1.asp http://www.libs.uga.edu/researchcentral/defining/ http://web.jjay.cuny.edu/~pzapf/classes/CRJ70000/Formulating%20the%20research%20question.htm Due dates for the project are on the schedule. A
separate hand-out will describe the project in full. Collaborative Research Project Students will
participate in a collaborative research project with their instructor. Student teams will perform research on a
topic defined by the instructor working in teams. Students may select their own teams. The students
and instructor will collaborate in designing the research question, gathering
the data, and writing the final report.
The outcome will be a paper submitted for publication with the
students listed as co-authors (you’ll be published)! A separate hand-out will describe the scope
and requirements for this assignment. Blogs Blogs are free-form areas for “brain dumps” of
experiences that you can share with others and post comments about other
postings. You can also generate your own topic blog. The course will have 3 blogs
set up that students will be invited to join.
Do not wait to join after you receive your invitation as the “invite”
expires. The instructor has set up 3 blogs for comments on: Darmouth
daily security bulletins; evaluation of tool sets; collaborative research
project. Ethics Students are expected to exhibit the highest ethical
standards in the field of Information Systems. Students should not attempt to download
software tools or apply hacking techniques to any network. There are no assignments that require you
to perform any hacking or intrusions techniques. The MU policies on appropriate network and
computer use are to be followed.
Violations may make you subject to dismissal from the class. Disability Statement: Any student with a
documented disability needing academic adjustments is requested to notify the
instructor as early in the semester as possible, and must do so before the
mid-term exam. Verification from MU disabled Student Support Services is
required. All discussions will remain confidential. |
|||||||||
Weekly Schedule
Tentative Course Schedule -
Subject To Change With Notice
|
|
||||||||
|
Week |
Date |
Textbook/Reading Assignment |
Other Assignments, What’s Due and Notes |
|
||||
|
1 |
1/11 |
Research:
http://www.umuc.edu/prog/ugp/ewp_writingcenter/writinggde/chapter4/chapter4-04.shtml Netlingo http://www.denverpost.com/Stories/0,1413,36~33~2618928,00.html Security
and technology http://news.com.com/2009-1009_3-5395361.html |
·
Email
addresses, access blogs, sign up for ISTS list serv, discuss security research goals, select team members ·
Proposed
collaborative research |
|
||||
|
2 |
1/18 |
Chapter
1: Learning the Basics Advisories http://netsecurity.org/advi_main.php Security
library http://www.secinf.net/ NIST
pubs http://csrc.nist.gov/publications/drafts.html Comprehensive
list of resources http://www.garykessler.net/library/forensicsurl.html Computer
survey http://www.ey.com/global/download.nsf/International/Global_Information_Security_Survey_2002/$file/FF0210.pdf 2004
crime survey http://www.csoonline.com/releases/ecrimewatch04.pdf Call
to action http://www.theiia.org/eSAC/pdf/BLG0331.pdf |
·
Case
study #1 ·
Due:
Research Questions Collaborative ·
Select
possible topics ·
Lecture
Chapter 1 ·
Tool:
Pop-up Stoppers due 1/25 |
|
||||
|
3 |
1/25 |
Chapter
2: Threats Virus bulletins
http://www.virusbtn.com/ Frontline
on hackers http://www.pbs.org/wgbh/pages/frontline/shows/hackers/etc/video.html Threat
generator database: http://www.hideaway.net/home/public_html/server/vulnerabilities.php Dshield.org http://isc.sans.org//index.php Advisories http://net-security.org/advi_main.php Vulnerabilities http://net-security.org/vuln_main.php Maps http://isc.sans.org//index.php Insider
threat http://www.cert.org/archive/pdf/bankfin040820.pdf Insider
threat http://archives.cnn.com/2001/TECH/industry/07/11/insider.threat.idg/ Security
predictions 2004 http://www.computerworld.com.au/index.php?id=2057465071&fp=16&fpid=0 Hacking
banks http://news.com.com/2009-1017-891346.html Hacking
scenarios http://www-106.ibm.com/developerworks/security/library/s-hack/ How
virus tools work http://www.net-security.org/dl/articles/sav-overview.pdf Exploit
watch http://exploitwatch.org/modules/evennews/ Advisories
http://www.cerias.purdue.edu/ Hacked
http://www.bleepingcomputer.com/forums/index.php?showtutorial=24 |
·
Case
Study #2 ·
Tool:
Pop-up Stoppers due ·
Tool:
Cookie cleanups due 2/01 ·
Create
your own research question for your paper due 2/01 ·
Lecture
2 |
|
||||
|
4 |
2/01 |
Chapter
3: Legal issues Discovery
documents http://www.forensics.com/html/trng_edu_sampledocs.html Sample
search warrant http://all.net/books/forensics/warrant.html Discovery
http://californiadiscovery.findlaw.com/e Evidence
center http://www.e-evidence.info/ Video
files on cases http://www.e-evidence.info/audvid.html Federal
codes http://www.cybercrime.gov/fedcode.htm Cybercrime reporting orgs http://www.vaonline.org/internet_reporting.html CCIPS
cases http://www.usdoj.gov/criminal/cybercrime/cccases.html Intellectual
property http://www.cybercrime.gov/index.html Cooperating
with LEOs http://www.apectelwg.org/apecdata/telwg/29tel/irf/irf_05.pdf Orrin
Kerr law cases http://hermes.circ.gwu.edu/archives/cybercrime.html Police
web sites http://www.officer.com/special_ops/c_crimes.htm Cops
and security http://www.technosecurity.com/html/LawEnforcementLinks.html#Computer_Crime Legal
liability http://infosecuritymag.techtarget.com/2002/ciso/aug/ciso-infosecliability.shtml |
·
Case
Study #3 ·
Deliverable
#1: Research topic due for paper (yours) ·
Tool:
Cookie Cleanup due ·
Tool:
Password recovery due 2/08 ·
Deliverable
#2 Collaborative Paper: Literature
review ·
Lecture
3 |
|
||||
|
5 |
2/08 |
Chapter
4: Risk Assessment Data
at risk http://net-security.org/article.php?id=753 Risk
assessment http://www.sv-issa.org/Parker%20Due%20Diligence%20Review%20Method%20Winnipeg%2010-2001.doc Terms
on risk assessment http://www.cccure.org/Documents/HISM/230-232.html IA
assessment http://philby.ucsd.edu/~cse291_IDVA/papers/rating-position/Bodeau.pdf Threat
assessment ratings http://www.sans.org/rr/whitepapers/auditing/76.php GAO
security assessment http://www.gao.gov/special.pubs/ai00033.pdf Quantitative
risk assessment http://www.sans.org/rr/whitepapers/auditing/1209.php Risk
assessment http://www.eon-commerce.com/riskanalysis/ Security
metrics http://www.sans.org/rr/whitepapers/auditing/55.php Benchmark
tools http://www.cisecurity.org/benchmarks.html Security
designs http://www.securityfocus.com/guest/9793 |
·
Case
Study #4 ·
Begin
work on research if topic is approved (otherwise do another iteration) ·
Deliverable
#2 Collaborative Research: Preliminary
literature search on selected questions ·
Tool:
Password Recovery due ·
Tool:
Secure deletion tool due 2/15 ·
Lecture
4 |
|
||||
|
6 |
2/15 |
Chapter
5: Risk Management Metrics
http://www.terec.gatech.edu/graphics/IABriefings/schildcrout.pdf Security
metrics NIST http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf ISO 17799 http://www.bulltek.com/Advance_Technology_Portal/ISO17799_Security_Site/iso17799_security_site.html Risk
metrics http://www.networknewz.com/networknewz-10-20030805RiskMetricsNeededforITSecurity.html Collecting
security metrics http://www.csoonline.com/analyst/report2412.html Audit
software http://www.isecom.org/securitymetrics.shtml ROI http://www.cio.com/archive/enterprise/061598_checks.html Defense
http://www.securityfocus.com/infocus/1758 |
·
Case
Study #5 ·
Tool:
Secure deletion tool due ·
Tool:
Keylogger Tool due 2/22 ·
Class
activity: Choose a collaborative project & propose a design ·
Lecture
5 |
|
||||
|
7 |
2/22 |
Chapter
6: Policies and Models ROI
and email http://www.net-security.org/dl/articles/PureMessage_WhitePaper_ROI.pdf http://www.yourwindow.to/security%2Dpolicies No
compete agreements http://www.gigalaw.com/articles/2000-all/towns-2000-08-all.html Email
monitoring http://www.gigalaw.com/articles/2000-all/gall-2000-01-all.html Security
policy resources http://www.netsys.com/cgi-bin/display_article.cgi?956 Model AUP http://www.efa.org.au/Publish/aup.html Email
behavior http://www.vault.com/surveys/email_behavior/email_behavior.jsp Email
disclosures http://www.policypatrol.com/docs/Emaildisclaimerswp.pdf AUP http://www.surfcontrol.com/general/assets/whitepapers/aupus_0212.pdf Email
http://www.info-law.com/guide.html Looking
at logs http://www.computerworld.com/securitytopics/security/story/0,10801,96587,00.html Email
shredding http://www.pcmag.com/article2/0,1759,1159624,00.asp Venema article on hacking own site http://www.deter.com/unix/papers/improve_by_breakin.html List
of policy sources http://www.secinf.net/policy_and_standards/ Pen
tests http://www.sans.org/rr/whitepapers/auditing/67.php http://www.crazytrain.com/penetration.html Systems
security model http://www.sse-cmm.org/lib/lib.asp |
·
Case
Study #6 ·
Tool:
Keylogger Tool due ·
Tool:
Bootable CDs due 3/01 ·
Lecture
6 |
|
||||
|
8 |
3/01 |
Chapter
7: Continuity, Incident Response, & Disaster Recovery Data Remanence http://www.cerberussystems.com/INFOSEC/stds/ncsctg25.htm Continuity
planning http://www.cio.executiveboard.com/Images/CIO/PDF/CIO73765.pdf Recovery
http://www.nohack.net/recovery.htm |
·
Case
Study #7 ·
Tool:
Bootable CD due ·
Tool:
Data Recovery due 3/08 ·
Lecture
7 |
|
||||
|
9 |
3/08 |
Chapter
8: Technology and Tools Hashes
http://www.e-evidence.info/projects.html http://www.hideaway.net/home/public_html/server/software.php
WinPcap http://winpcap.polito.it/ http://winpcap.polito.it/ WinPcap Spychecker finds if spyware
is bundled Cookie
clean-up http://www.ecleanersoftware.com/ Pop-up
stopper http://www.popupstopper.net/ Cookie
Wall http://www.analogx.com/contents/download/network/cookie.htm All
around cleaner http://www.softwaretrials.com/cookiescache/ Popup
stopper http://www.southbaypc.com/NoAds/ File eraser http://www.heidi.ie/eraser/ Anonymous
web surfing http://www.hideaway.net/home/public_html/privacy/anonymous.php Anonymous
tools http://www.anonymizer.com/ http://www.the-cloak.com/anonymous-surfing-home.html http://www.idzap.com/ http://www.mywebproxy.com/ http://www.siegesoft.com/ http://www.stayinvisible.com/index.pl Monitoring
tools http://www.cablehead.com/Blackbox.htm http://www.bysoft.se/sureshot/surfspy/ Hacker
Whacker service http://nu.hackerwhacker.com/nmapsample.php Portal http://www.infosyssec.com/ Network
attack signatures http://www.whitehats.com/ids/ Port list http://www.neohapsis.com/neolabs/neo-ports/neo-ports.html VPN info http://www.vpnlabs.org/ PDA
forensic tools http://csrc.nist.gov/publications/nistir/nistir-7100-PDAForensics.pdf IP
address calculator http://www.tucows.com/preview/267218.html Port
numbers http://www.iana.org/assignments/port-numbers DOS survival guide http://courses.wccnet.edu/computer/mod/q02cd.htm DOS http://www.easydos.com/dosindex.html Windows
system process list http://www.liutilities.com/products/wintaskspro/processlibrary/system/ Tool
testing http://www.cftt.nist.gov/ Wireless
problems http://www.net-security.org/article.php?id=755 Tools
for security http://net-security.org/software_main.php?cat=1 Packet
storm tools http://packetstormsecurity.nl/defense/ Free
Tools http://www.webattack.com/freeware/ PW
finder http://www.lostpassword.com/ Cracker
Tools http://www.outpost9.com/files/crackers.html Systems
utility http://esca.atomki.hu/paradise/winsite/winnt/sysutil.html |
·
Case
Study #8 ·
Deliverable
#3 Research project due: Draft of your paper ·
Lecture
8 |
|
||||
|
10 |
3/15 |
Appendix
A: Cryptography Steg detect
http://www.outguess.org/detection.php/ PGP
Freeware cryptography http://www.pgpi.org/download/ Virtual
encrypted disk http://www.dekart.com/products/file&disk_encryption/private_disk_light/ Stego
hide files in MP3 http://www.petitcolas.net/fabien/steganography/mp3stego/ |
·
Tool:
Cryptography tools due 4/05 ·
Lecture
9 ·
Deliverable
#2 Your research paper: paper outline and 1 page exec summary of paper |
|
||||
|
11 |
3/22 |
Spring break |
Work on papers |
|
||||
|
12 |
3/29 |
No class |
Work on papers |
|
||||
|
13 |
4/05 |
Chapter
9: Physical Security Biometrics
http://software.silicon.com/security/0,39024655,39125819,00.htm Biometrics
authentication http://www.iosoftware.com/pages/Support/Authentication%20Basics/Selection%20Process/index.asp Graphical
passwords http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1000783,00.html Protecting
biometrics http://www.linuxinsider.com/story/39149.html |
·
Case
Study #9 ·
Tool:
Cryptography due ·
Tool:
Steganography & anti-steg
Tool due 4/12 ·
Deliverable
#3: Collaborative paper draft ·
Lecture
10 |
|
||||
|
14 |
4/12 |
Chapter
10 & 11: Implementing the security Plan and Personnel IT
hiring http://www.vnunet.com/news/1159247 User
training http://www.securitypipeline.com/51200348 Employees
and behavior http://www.csoonline.com/alarmed/07312002.html Training
in security http://www.csoonline.com/metrics/viewmetric.cfm?id=683 Social
engineering http://itmanagement.earthweb.com/secu/article.php/1040881 Security
roadmap http://www.optimizemag.com/article/showArticle.jhtml;jsessionid=K44BCNFPZ1JMUQSNDBCSKH0CJUMEKJVN?articleId=17701038&pgno=3 |
·
Case
Study #10 & 11 ·
Tool:
Steganography & anti-steg
Tool due ·
Lecture
11 |
|
||||
|
15 |
4/19 |
Chapter 12: Maintenance Security
in orgs http://www.computerworld.com/securitytopics/security/story/0,10801,96876,00.html Security
trends 2005 http://www.esj.com/security/article.aspx?EditorialsID=1222 Outsourced
security case http://www.esj.com/security/article.aspx?EditorialsID=1216 Securing
a network http://www.enterprisenetworkingplanet.com/netsecur/article.php/10952_2213801_1 Linux
security http://www.linuxsecurity.com/articles/government_article-5966.html Tools
and resources Hi Tech network http://www.htcn.org/ CISO/organizational
issues http://infosecuritymag.techtarget.com/ciso.shtml Security
spending http://www.csoonline.com/csoresearch/report6.html Life
cycle http://infosecuritymag.techtarget.com/2003/jun/risklifecycle.shtml |
·
Case
Study #12 ·
Professor
draft for your review ·
Lecture
12 |
|
||||
|
16 |
4/26 |
Wrap
up |
·
Deliverable
#3: Final research paper due ·
Comments
on collaborative draft due (5 pt extra credit) |
|
||||