Note: You can view the full content of our pages on any browser or Internet device. However, our pages look best in browsers that support Web Standards.

Security in Computing, 3/e

Syllabus Network Security Course

This course is similar to the computer science course. The focus of the course is networks and network security, because that is very appealing to students. A network orientation still leads to many of the same topics–cryptography, program failures, identification and authentication, assurance–but the order is different because the motivation is different. Chapter 7 on networks is the driver for this course, but a small section of Chapter 7 will lead to a larger section from an earlier chapter. In this way, the book is more like a hypertext document, in which reading about a key concept in Chapter 7 will point to other concepts.

Note: outside readings are the same as for the first course outline.

Week Topic, subtopics Reading in Security in Computing, 3/e
1 Introduction
  • Threats, vulnerabilities, controls; risk; method, opportunity, motive; technical, administrative, physical controls; prevention, detection, deterrence
  • Terminology, concepts
 Chapter 1
2 Network concepts (as needed) pp. 364–386
3 Network attacks—I: malicious code
  • Trojan horses, viruses, worms
  • Buffer overflow attacks
  • Web bugs
  • Malformed URLs
 Chapter 7
4 Network attacks—II: denial of service
  • protocol failures
  • distributed denial of service
 Chapter 7
5 Firewalls
  • Reference monitor principles
  • Types of firewalls: filtering router, proxy, host-based
  • Firewall policies, policy principles (default deny, default permit), what to screen, what to admit
 pp. 457–468
(Possible exam)
6 Authentication
  • User-to-local host authentication
  • User-to-remote host authentication
  • Host-to-host authentication
 Chapters 3, 4
7 Wiretapping, eavesdropping
  • Techniques: sniffers, wiretaps, emanations interception
  • Protection: cryptography, virtual private network
 Chapter 2
8 Cryptography as a basic protection tool
  • symmetric and asymmetric encryption
  • key distribution and management, asymmetric key distribution
 Chapter 2
9 Web site defacements and modifications
  • Access control to protected objects
  • Support from operating systems
 Chapter 4, especially pp. 204–228
10 Trustworthy code
  • Mobile code, ActiveX, Java script
  • Code source authentication, code signing, digital signatures
  • Program development standards
 Trusted systems: pp. 230–297
(Possible exam)
11 Intrusion detection
  • Intrusion detection systems: products, design types, action
  • Event correlation
 pp. 468–473
12 Network integrity
  • Object protection
  • Digital signatures
  • Error correcting and hash codes
  • Routing, traffic flow security
 Chapter 7
13 Hacking
  • Legal, ethical dimension
  • Psychological dimension
  • Motivation
  • Risk, loss
 pp. 585–595, 619–622, 541–545
14 Legal and ethical aspects of network security:
  • Laws and networks: protecting networks, crimes involving networks
  • Network privacy
  • Ethics: network use and abuse, sharing
 Chapter 9
Final exam

Review Another Syllabus