Course Instructor Office
Office Hours Phone E-mail

UNIVERSITY OF NEW YORK TIRANA Komuna e Parisit,Tirana, Albania
Tel.: 00355-(0)4-273056-8 – Fax: 00355-(0)4-273059 Web Site Address: http://www.unyt.edu.al Security Engineering
Fall 2011

: Security Engineering (4 credit hours)
: Devid Pipa – Adjunct Instructor
: Facultybuilding 2nd floor, Computer Science Department : By appointment or by email or after class
: +355 67 2050616
: devidpipa@gmail.com

Course Location and Time

Room – Lab 4B Thursday 15:00 – 17:00 Friday 15:00 – 17:00

Catalog Description

This module will provide an introduction to information security and engineering of secure systems. What information security encompasses, how it is applied and the basic techniques for achieving secure systems, including technical and management concepts.

Course Purpose

The purpose of this class is to provide the students with an overall introduction to information security. The topic will be covered in all its aspects, technical and managerial. Students will acquire a general understanding of what information security is and its key concepts and techniques. A part of the class will be allocated to the management of security resources in industry, gaining an understanding of the importance of information in the context in which it is used and being able to allocate the appropriate resources to its security in terms of efficiency effectiveness and cost.

A focus will be given to Cryptography and Security Protocols.

At the end of the course students will be able to:

1. Understand the relevance of information and manage the resources at hand in order to provide the required security for it.

  1. Understand how security techniques and resources provide the security that is needed and how they work towards achieving the Information Security goals required.
  2. Understand the key concepts of cryptography and their application in real life applications and scenarios.
  3. Understand the key concepts of security protocols and their applications in industry.
  4. Understand the working of systems where information security resources and techniques are

    used and be able to appropriately place the right techniques in place and ménage resources.

Course Prerequisites

Networking.

Required Readings

  1. Fred Piper & Sean Murphy, Cryptography, A very short introduction, ISBN: 0-19- 2803515-9
  2. Eric Maiwald, Network Security, A beginner’s Guide – Second Edition, ISBN 0-07- 213324-4
  3. James F. Kurose & Keith W. Kurose Computer Networking, A top-down approach featuring the internet, ISBN 0-201-97699-4

Recommended Readings

  1. Andrew S. Tanenbaum & Albert S. Woodhull, Operating systems, Design and implementation, ISBN: 0-13-638677-6
  2. Chris McNab, Network security assessment, ISBN: 0-596-51030-6
  3. Dieter Gollman, Computer security, ISBN: 0-470-86293-9

Further Optional Reading

  1. Stuart McClure, Saumil Shah, Sheeraj Shah, Web hacking, Attacks and defense, ISBN: 0- 201-76176-9
  2. Brian Komar, SAMS Teach yourself TCP/IP Networking in 21 days, ISBN: 0-672-32353-2
  3. SAMS Maximum apache security, ISBN: 0-672-32380-X
  4. Stuart McClure, Joel Scrambray & George Kurtz, Hacking Exposed, ISBN: 0-07-226081-5
  5. Dayfudd Stuttard, Marcus Pinto, The web application hacker’s handbook, ISBN: 978-0- 470-17077-09
  6. Jon Erickson, Hacking, The art of exploitation, ISBN: 978-1-5932-144-2

Reading material will also be selected for some classes and will be provided in electronic or hard copy.

Content of the Course

The Class will be split into these main topics:

Introduction to InfoSec:

  1. Information security principles
  2. T erminology
  3. Main issues and goals
  4. Areas to be covered
  5. Introduction to security management
  6. Hacking, penetration testing and risk management introduction

Cryptography:

  1. Basic Principles
  2. Historical Algorithms
  3. Symmetric and Asymmetric Algorithms
  4. Digital Signatures
  5. Cryptographic protocols
  6. Key management
  7. PKI

Identity verification and access control Network security:

  1. Intro to a.
  2. Intro to a.

    b. c. d.

networking
OSI model
secure protocols
Entity authentication
Key establishment
Key distribution via third parties Kerberos

  1. Secure protocols – IP SEC
    1. Secure channel concept
    2. Security and network layers
    3. IP SEC
  2. Firewalls
    1. T opologies
    2. Classifications
    3. Packet filters
    4. Application level gateways
    5. Stateful packet filters
    6. Other types
    7. Intrusion detection and Intrusion prevention

Security management:
1. Identification for security and its management

  1. Risk management
  2. Security policies
  3. Disaster recovery

Computer Security:

  1. Introduction
    1. What is a computer
    2. What is the function of the Operating System
    3. OS design
    4. How do programs work
    5. Execution
  2. Hardware protection mechanisms
    1. Basics
    2. Protection features
    3. Memory protection
    4. Memory management

3. UNIX

  1. Security structure within the OS
  2. Password saving
  3. Permissions

Software security & Web Application security:

  1. Introduction
  2. Software Vulnerabilities
  3. Solutions

Smart cards:

  1. What is a smart card
  2. Where is it used
  3. How it works
  4. Contact and contactless
  5. SIM/USIM + 2g and 3g
  6. Broadcasting
  7. Banking & EMV online and offline
  8. Identity documents
  9. Attacks

Course Requirements

Students are required to attend lectures. Lecture material will be available after the class. Students are expected to participate in class discussions. In the event of illness or emergency, contact your instructor IN ADVANCE to determine whether special arrangements are possible.

Participation: Participation extends beyond mere attendance. You may miss up to two classes without penalty. Each absence beyond the first two will cost you points off of your grade. The only exceptions to this rule are severe illness (doctor’s note required) and UNYT approved

and WINDOWS basics

trips/activities. Appropriate documentation for absences beyond the first two is necessary and is to be provided on the class day directly before or after the one you miss. Students are expected to collect materials from the online course page, their classmates or see the instructor during consultation hours.

Exams: Two examinations will be taken one midterm and one final. No Student may miss a scheduled exam without receiving permission before the administration of the exam. Make-up exams might be significantly different from the regular tests, and will be administered at a time of instructor own convenience.

Reading assignments: You will be required to read all the handouts, slides, and other relevant materials. Each week, I will notify you in class what specific materials to read and/or assignments to prepare for the week. The reading assignments are selected to give you adequate understanding of the course material.

Project: I will announce projects usually based on the chapters/materials covered in class. Due dates will be specified accordingly. Projects must be submitted as specified to be considered on- time. Late assignments are accepted with the following penalties: -5 if submitted the next day it is due, and -1 for each day late after that with a maximum of a 5 day dealy.. I will accept e-mail submissions.

Make-up policy Midterm/Final exam: Only students who miss an exam for university- approved and verifiable reasons will be allowed to take a make-up exam. Even then, except in the most extreme circumstances, no student may miss a scheduled exam without receiving permission before the administration of the exam. Make-up exams might be significantly different in format from the regular tests, and will be administered at a time of my own convenience.

Cheating policy: Exams, assignments, projects and quizzes are subject to the STUDENT HONOUR CODE. The University’s rules on academic dishonesty (e.g. cheating, plagiarism, submitting false information) will be strictly enforced. Please familiarize yourself with the STUDENT HONOUR CODE, or ask me for clarification.

Grading Policy

Grading Scale (Standard UNYT grading scale)

Assignments

10%

Project

20%

Midterm

25%

Final

45%

Letter Grade

Percent (%)

Generally Accepted Meaning

A

96-100

Outstanding work

A-

90-95

B+

87-89

Good work, distinctly above average

B

83-86

B-

80-82

C+

77-79

Acceptable work

C

73-76

C-

70-72

D+

67-69

Work that is significantly below average

D

63-66

D-

60-62

F

0-59

Work that does not meet minimum standards for passing the course

Technology Expectations

  1. Internet use is necessary since students should regularly make research on the web. Please do remember – GOOGLE IS YOUR FRIEND.
  2. Continued and regular use of e-mail is expected – Please do not leave any issues behind and make contact with your instructor as soon as possible when anything arises.
  3. Students must keep copies of all assignments and projects sent by e-mail.

Friday, September the 16th, Devid Pipa