CIT 30300
Communications Security and Network Controls
Course Instructional Objectives
Communications Security and Network Controls
Course Instructional Objectives
General Security Concepts
- Understand general types of threats
- Understand how the goals of security apply to protecting assets
- Identify the sources of security threats and the types of impact they can have
- Understand the types of security countermeasures available and how they should be applied
- Appreciate why policies based on security through obscurity eventually fail
Cryptography
- Encrypt, decrypt, and break classical cryptography substitution and transposition messages
- Understand how random numbers can be generated and used in cryptography
- Understand the benefits and problems involved with block and stream cryptography systems
- Understand what the characteristics common in good ciphers
- Understand the mathematical components used by modern symmetric cryptography systems
- Evaluate the strengths and weaknesses of modern symmetric cryptography systems
- Appreciate the key distribution issues in modern symmetric and asymmetric cryptography systems
- Understand the mathematical components used by modern asymmetric cryptography systems
- Utilize asymmetric cryptography to exchange messages
- Understand the benefits of digital signatures
- Understand trust models and benefits of using Certificate Authorities
Authentication in General Purpose Operating Systems
- Understand the purpose of identity and passwords
- Identify the types of Social Engineering attacks used and how to minimize their effects
- Understand how passwords are stored and broken in UNIX and Microsoft NT systems
- Understand the strengths and weaknesses of biometric authentication
- Understand the strengths and weaknesses of two factor authentication models
Access Control in General Purpose Operating Systems
- Understand the purpose of the Reference Monitor
- Apply file/directory attributes to protect data
- Understand the relationship between object ownership and access control
- Share resources via group membership
- Compare the benefits and problems associated with Access Control Matrices and Individual Object Access Control Lists
Security Kernel, Process, and Accounting Security
- Identify and define the purpose of each component in the Trusted Computer Base model
- Understand the relationship between multimode operation and resource protection
- Describe techniques used to protect system hardware components
- Understand the relationship between ownership and process access to resources
- Minimize the effects of buffer overflows during program development
- Discuss the benefits and dangers of full disclosure bug lists
- Audit resource access and usage
Rogue Programs
- Identify type of malicious code that can be inserted by program developers
- Describe how software engineering techniques can be used to find program code flaws and malicious code
- Identify computer virus types and how they differ from each other
- Describe methods used to detect and prevent virus and worm infections
- Describe methods used to deploy and detect covert channels
Steganography
- Understand historical methods used to hide messages
- Identify modern techniques used to hide messages in electronic image formats
- Describe how Water Marks provide copyright protection
Network Attacks
- Capture information via passive attacks
- Detect and prevent Denial of Service Attacks
- Protect network services from vulnerabilities and trust-based exploits
- Protect systems against TCP/IP protocol-based attacks
- Understand purpose of firewall components
- Develop firewall policies
- Identify and discuss benefits and weaknesses of various firewall models
- Identify methods to deploy intrusion detection systems
- Discuss the purposes honeypots serve
Email and World Wide Web Issues
- Detect forged email messages
- Discuss issues concerning unsolicited commercial email
- Describe the differences between email privacy and anonymity
- Identify web browser security and privacy issues
- Describe the benefits and problems with mobile code languages
- Describe issues related to dynamic content web page deployment systems
- Describe how the Secure Socket Layer protocol minimizes web communication vulnerabilities
Physical Security
- Identify the environmental hazards that threaten computer systems and how they can be minimized
- Describe how accidents can be minimized
- Describe physical access control measures that can minimize the threats of vandalism and theft
- Develop backup strategies to help recover from data loss
- Protect unattended workstations from unauthorized use.
Policy Development, Audit, and Incident Response
- Conduct a risk assessment and cost benefit analysis
- Develop security policies and implementation plans
- Conduct system and network audits
- Respond to computer/network related security incidents
