CSUS, COLLEGE OF ENGINEERING AND COMPUTER SCIENCE

Department of Computer Science

CSC 154 - Computer System Attacks and Countermeasures, Fall 2007, MW 4-515, SQU 452

Instructors: / Isaac Ghansah & Dick Smith
Office: / RVR 4004 & RVR 3006
Phone: / (916) 278-7659 & (916) 278-7328
Email / ,
WWW /
Office Hours: / MW 515-545; TR 4-5; or by appointment
Texts: / McClure, Scambray & Kurtz, Hacking Exposed (Network Security Secrets & Solutions) , Osborne McGraw Hill ,5thEdition, 2005.
R. Panko, Corporate Computer and Network Security, Prentice Hall, 2004 (Recommended)
References /
  • Security in Computing, Charles P. Pfleeger, Third Edition, Prentice Hall, 2003
  • The Art of Deception, Kevin D. Mitnick, William L. Simon, Wiley, John & Sons, 2002

Course Objectives:

Main objective of this course is to introduce the computer science student to the career path in Computer and Network Security. Provide experience in performing security assessment of computers and networks. Expose the student to the 10 domains that comprise what the Information Systems Security Professional skills and knowledge required.

Catalog Description: An introduction to network and computer security with a focus on how intruders gain access to systems, how they escalate privileges, and what steps can be taken to secure a system against such attacks. Topics include: perimeter defenses, intrusion detection systems, social engineering, distributed denial of service attacks, buffer overflows, race conditions, trojans and viruses.

Prerequisite: CSC/CPE 138.

Prerequisite Proof:

The department now has a policy requiring every student in every course to provide transcripts showing proof that they have appropriate prerequisites. Every student must provide this documentation in order to be permitted to enroll in this course. It is the responsibility of the student to provide such documentation by providing a transcript with the said prerequisites highlighted. To do this you must submit to the instructor a copy of the CasperWeb Academic Information report entitled “Transfer and CSUS Credit Summary”. This must be done within the first two weeks of classes. Any student who does not provide such verification will be dropped from the class. Any student who has completed one or more prerequisites at another school must provide similar verification to the instructor. NOTE: be sure to provide the report specifically titled “Transfer and CSUS Credit Summary”. Other CasperWeb forms (such as the “Academic Record” form) will not be accepted.

Repeat Policy:

The department has a policy specifying that students may not repeat a Computer Science course more than once. Any student who wishes to repeat a course more than once (that is, take a course for a third time) must submit a petition requesting permission to do so. Student records will be reviewed to determine whether a student is taking this course for three or more times. Any such student must return an approvedpetition to the instructor within the first two weeks of class. Any student who does not submit an approved petition will be dropped from the class. Petitions are available in the Department office (RVR 3018) and require the signature of both the Instructor and the Dept. Chair.

Course Goals:

  • To provide experience in analyzing, identifying, and addressing vulnerabilities in systems or networks.
  • To introduce the computer science student to career paths in Computer and Network Security.
  • To provide experience in performing a security audit of computers and networks.
  • To expose the student to the domains of knowledge and skills required for information systems security.

Prerequisites by Topic

Thorough understanding of:

  1. TCP/IP suite of protocols and WAN/LAN Technologies.
  2. Distributed computing with client/server programming

Basic understanding of:

  1. Domain Name System (DNS) and addressing schemes used in internetworking
  2. Host and Network Configuration Protocols (ARP, RARP, BOOTP, DHCP)
  3. Unix and Windows operating system common services, ports, and sockets.
  4. How to compile and run programs in Linux and Windows.

Exposure to:

  1. IPv6 and IPSec
Course Content:

This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows, Race Conditions, Trojans and Viruses.

Summary of Outcomes

In this course, we will study computer and network security and look at the different requirements for information assurance from the National Security Agency (NSA), the National Institute of Standards and Technology (NIST), the Defense Information Systems Agency and the DOD. You will gain experience with the role of defending hosts and networks from attack as well as learning how the hacker uses tools to attack and penetrate networks. Students will be able to use several open software tools that will analyze host and networks for vulnerabilities and be exposed to the hacker technique of "thinking outside the box".

Grading Policy

Midterm20%

Final35%

Assignments35%

Independent Project10%

Grading Breakdown (%):

A = 93-100C = 73-76

A- = 90-92C- = 70-72

B+ = 87-89D+ = 67-69

B = 83-86D = 63-66

B- = 80-82D- = 60-62

C+ = 77-79F = 59 or below

You must pass both the assignments/project and the exams in order to obtain a passing grade for the course. Students are required to keep backup (machine-readable) copies of all submitted work, and also to keep all returned (graded) work, until after final grades are posted.

COMPUTER ACCOUNTS AND ELECTRONIC COMMUNICATION:

a) gaia account

You must have a UNIX account on the ECS system "gaia" for this class. If you don't have a UNIX account on gaia,
a. Use your favorite Browser and Go to
b.Click on Computing Services -> Network Accounts -> Get a new Account.
c. Fill out all required fields

You can also obtain an account by getting one from the College IT staff in room 2011. For both security reasons and convenience all email to me must be sent from that account. The College has a web-based email system on gaia ( gaia.ecs.csus.edu/mail ) that you can use for email. You must also use your gaia account for subscribing to the class mailing list which is described below.

b) Mailing List

I have established a Mailing List for this course with a web-based maillist interface called Mailman. It is MANDATORY for every student accepted into the course to subscribe to the Mailing List within the first two weeks of classes. The list will be used to facilitate electronic communication for the course. Failure to subscribe to the list in a timely manner could result in your missing important assignments, clarifications, announcements, etc that are sent by email. You must check email on a regular basis and I will assume that you have received and read all messages I send to the list. The instructor will not be held responsible for your failures. To subscribe to the list go to the following website and fill out appropriate forms there.

This will add your email address (the one from which you send the message, hopefully gaia) to the csc154 mailing list. Subsequently you can send questions or discussion items regarding topics in csc154 to everyone on the list. To do this, just send an email message to the address “csc154@ecs.csus.edu”. This is a good way to send messages to other students in the class regarding clarifications about assignments, lecture, etc. Note that these email messages are sent to everyone on the csc154 list (including the instructors). If you need to communicate privately with the Instructor, use the instructor’s individual email address as given above.Note: Do not send HTML e-mail to the list. Some mail reader programs do not understand HTML Tags.

To make sure that your gaia account is used for subscription to the mailing list you must send the email from gaia. I will check the list from time to time to determine who is registered. If I notice any email address other than one from gaia, I will delete it.

c) Assignment/Homework Submission

You must submit all homework/assignments/project reports electronically as an email attachment. I will not accept a hardcopy. The attached file should be a Word document and must have a name according to one of the following formats (depending on the type of assignment). Your email should be sent to grader/lab instructor (if one is assigned) with copy to me. If no grader/lab instructor is assigned for the course email your submission to me.

Your-name_course#_hmwk _hmwk#, your-name_course#_lab_lab#, your-name_course_project_project#

For example if a student named John Doe is submitting homework#1 the file name of the email attachment should be doe-john_154_hmwk_1

Please note: If the attachment is not according to proper format as stated above, it will not be accepted.

COURSE POLICIES:

1. This syllabus is subject to change with notice.

2.Late assignment/project will be penalized by 20% if one lecture late.

Nothing will be accepted if more than one lecture late.

3.Make-up exams will not be given unless there exists extreme documented circumstances that warrant it. The instructor reserves the right to reject make-up requests.

4.Attendance will not be taken after first week of classes. However, you are responsible for material presented and announcements made in class.

5.Be aware of the department, college, and university policies on drops and incomplete.

Ethics/Academic Honesty

Any work submitted is a contractual obligation that the work is the student’s and for which he/she could be quizzed in detail. Discussion among students in assignments and projects is part of the educational process and is encouraged. No discussion among students is allowed in any exams/quizzes. However, each student must make an effort to do his/her own work in all assignments and exams. No type of plagiarism will be tolerated except in the case of group work. In that case each student should indicate the part of the work, which was their major responsibility in their final joint submission. Nevertheless, I emphasize any work submitted is a contractual obligation that the work is the student’s and for which he/she could be quizzed in detail. The minimum penalty for even a single incident of cheating brought to the attention of the instructor in this course is automaticfailure of the course; additional more severe penalties may also be applied. Note that cheating is grounds for dismissal from the University.

Please refer to the Computer Science Dept. document entitled “Policy on Academic Integrity” (available online via the Computer Science department, home page) and to the University Policy Manual section on Academic Honesty (all available online via the instructor’s home page) for additional information. IT IS THE RESPONSIBILITY OF EACH STUDENT TO BE FAMILIAR WITH, AND TO COMPLY WITH, THE POLICIES STATED IN THESE DOCUMENTS In addition, unless otherwise stated, the use of the following devices during exams/quizzes is prohibited: cell phones, pagers, laptops, and PDAs.

Legal Policy:
Every student that enrolls in this course will be required to sign a "Legal Policy" that reads:
Computer and Network Security course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify California State University, Sacramento and College of Engineering and Computer Science with respect to the use or misuse of these tools, regardless of intent.

Major Topics Covered in the Course

  1. Introduction, Attacker’s Process, Ethics, and law (3 hours)
  2. Footprinting, scanning, enumeration. (3 hours)
  3. Introduction to cryptography and Principles of computer Security. (3 hours)
  4. System Hacking (6 hours)
  5. Password Attacks and Defenses
  6. Password Hacking tools
  7. Privilege escalation, Rootkits, and Defenses
  8. Keystroke loggers
  9. Covering tracks, hiding files
  10. Steganography
  11. Buffer overflow attacks and defenses
  12. Trojans and backdoors. (3 hours)
  13. Sniffers, intrusion detection systems, firewalls and honeypots. (3 hours)
  14. Virtual Private Networks
  15. Denial of service. (3 hours)
  16. Attack Methods
  17. Tools
  18. DDoS Countermeasures
  19. Social engineering. (3 hours)
  20. Session hijacking, Covert Channels. (3 hours)
  21. Access Control, biometrics, separation of duties; (3 hours)
  22. Attacks on Web servers, Web applications vulnerabilities, SQL Injection. (3 hours)
  23. Web based password cracking techniques. (3 hours)
  24. Viruses and worms. (3 hours)
  25. Physical Security, TEMPEST Security, Security Policies
  26. Penetration Testing: Introduction, Risks, benefits, methodology (3 hours)

Outcomes:

1. Thorough understanding of:

  1. The fundamental steps that a hacker performs.
  2. Major software security design flaws such as buffer overflow and race conditions.
  3. Common tools hackers use in conducting attacks and how they work.
  4. Best practices for defending against attacks.

2. Basic understanding of:

  1. Host and network intrusion detection systems.
  2. Tools and methods of protecting computers and networks against hacker attacks.
  3. Major types of malicious code such as Trojans, viruses, and worms.
  4. Legal and ethical practices in security.

3. Exposure to:

  1. Acceptable methods of security incident investigation.
IMPORTANT DATES:

Thanksgiving Break:Nov 22-23; FINAL EXAM: M 12/17/07 3-5 pm