Teaching at University

Teaching at Webster University: COSC 3410 Computer security (since 2003)

This course is designed for bachelor of science students with major in computer science.  Although level 3000 course this is an introduction to the computer security topic. Prior to registering for this course students should have already acquired basic knowledge in operating systems, networking concepts, computer programming and feel comfortable with college level algebra.


The course description from Webster University undergraduate catalog:

Students in this course will study the techniques for protecting data within a computer and protecting data as it moves through a network. Data and system security and reliability will be considered in a distributed environment. Topics will include encryption, authentication and digital signatures, threats to the computer system, and system reliability. Prerequisites: COSC 1560 Computer programming II and junior standing.

The course contents (updated in 2017):

Week 1

Introduction and the course overview. Define Information Security. Introduce principles for protecting Confidentiality, Integrity and Availability of information. Define Personally Identifiable Information (PII). Introduce concepts of assuring data privacy.

Describe the threat environment: Attackers and their Attacks.

Introduce importance of having organizational Security Policy and Risk Management business process.

Introduce Information security Governance Framework and Regulatory Compliance requirements.

Week 2

Introduction to cryptography: The Elements of Cryptography. Symmetric – private key cryptography, asymmetric – public key cryptography, cryptographically-secure pseudo-random number generator, secure one-way hash function (hands-on activity: Using encryption to preserve confidentiality and integrity of documents exchanged via e-mail) Public Key Infrastructure (PKI) and key management – Digital certificates, Digital Signatures (Practical demo: Using encryption to preserve integrity of a document),  Cryptography Standards

Week 3

Securing computer networks: Protection of wired and wireless computer networks (Hands-on activity: Setting up and protecting a wireless network) (Practical demo: Using a wireless network traffic analyzer/sniffer). Verifying security controls. Network segregation.

Week 4

Access control: Identification (Practical demo: Using cryptographic functions for identification),  Authentication, Authorization, Accountability (AAA), Identity Management, Directory Services for managing information security, Importance of logging and log management

Week 5

Network security technologies: Introduction to network firewalls and host-based firewalls (Hands-on activity: Configuring a network firewall and segregating network segments). Virtual Private Networks (VPN) – site-to-site and client-to-site VPN, IPSec and SSL VPN. (Hands-on activity: Setting up and using a VPN gateway). Network and host-based Intrusion Detection (IDS) and Intrusion Prevention Systems (IPS).

Week 6

Host and Data Security: Malicious code (malware). Viruses, Trojans, Worms – definitions, classification, detection, propagation, corrective measures, preventive measures. Security hardening of operating systems, security baselines, vulnerability management, patch management (Practical demo: Securing a standalone computer and testing for vulnerabilities). Introduction to anti-malware systems and end-point security. The Internet and computer malware, drive-by infection, mobile malicious code, unsolicited messaging – spam, phishing.

Week 7

Internet security: Security Infrastructure for Internet Access (Practical demo: What is a proxy server? What is a reverse proxy server?) E-Commerce Security Requirements, Internet browser security, security of messaging application security, XSS (Cross-site scripting) (Practical demo: Web site vulnerable to an XSS attack – risk to Internet users) Security assessment of Web applications. Open Web Applications Security Project (OWASP) and security assessment tools for Web applications.

Week 8

Data security: Data backup, retention, and redundancy. Database security. Detecting and preventing SQL injection attacks. Business continuity and Disaster recovery planning. Cloud computing risks and security measures.