Information Assurance
Clay Shields, Department of Computer Science, Georgetown University
"Trusting every aspect of our lives to a giant computer was the smartest thing we ever did!"Homer Simpson
Assignments, Exams, and Readings
| Assignment | Due Date |
|---|---|
| Homework 1: Familiarization with Unix | September 20, 2010 |
| Homework 2: Password Programming | October 4th, 2010 |
| Homework 3: Password Security | October 13th, 2010 |
| Homework 4: Password Programming - Code review | October 15th and |
| Midterm Exam | October 25th, 2010 |
| Homework 5: Password Programming Redux | November 8th, 2010 |
| Homework 6: Breaking Software Security | November 17th, 2010 |
| Bugtraq Presentations | |
| Homework 7: Cross Site Scripting Tutorial | November 29th, 2010 |
| Homework 8: Attack Familiarization | December 8th, 2010 |
| Final Exam | 9:00 - 11:00 December 17th, 2010 |
Resources
Additional Readings
Additional readings are posted here.Textbook
This semester we will be using:
Practical Unix and Internet Security, 3rd Edition, by Garfinkel, Schwartz, and Spafford. Please notice that it is available online through the Safari Books Online from any campus IP address, but only 10 people can access this service at any time.
The second book is a recommended text titled Secure Programming Cookbook for C and C++ by Viega and Messier. You do not have to purchase it, but it is a valuable programming reference. It is available online.Accounts
Later in the semester you will be given an account on a server named ia-class.cs.georgetown.edu. This will be the official machine for programming assignments. You can work on your own computer, but your code must work on and be readable on ia-class. The official class system is a linux system. You might want to sit in on COSC-317 Unix for Non-believers, particularly if you are a CS major. This is a 1 credit hour, pass/fail course.Mailing Lists
Students will also be expected to subscribe to the following mailing lists for the semester:
Bugtraq: This is a list that carries discussion of security problems of exisiting systems. It is relatively high volume, so I suggest that you subscribe to the digest version. The easiest way to do this is to send a blank e-mail
message to:bugtraq-digest-subscribe@securityfocus.com
RISKS Digest: This is a relatively low-volume mailing lists that carries discussions of the risks of computer error, misuse, and malfunction to humans and society. You may receive this any number of ways, through the web, through the newsgroup comp.risks, or by e-mail.
http://catless.ncl.ac.uk/Risks
Infosec News This is a daily digest that presents about 5-10 news stories that are relevant to information security. To subscribe, visit:
Instructor, TA, and Course Information
Instructor
Clay Shields
Office: 323 St Mary's Hall
Office Hours: Tuesday 2-4PM
Contact information hereCourse Information
This course is intended to introduce students to means of assuring the confidentiality, integrity, and availability of information through mechanisms of technology, policy, and education. Topics will include: access control; authentication; security policies and enforcement; security design principles; malicious logic; vulnerability analysis; intrusion detection and response; audit; risk assessment; personnel and physical security; and legal, ethical, and social issues. Prerequisites: COSC 173.
Policies
All my courses are run under the same set of policies which are available here. Students are expected to read and understand these policies. You can also read the Honor Council site.
In addition, in this class you will be learning how computer attackers probe and attack computers and networks. I will be providing a test network for you to experiment with these techniques. You ARE NOT to use these techniques on any other machine or network that you do not have specific written permission to do so. If you do so and are caught, I will not allow the excuse that what you were doing was for class, and instead will tell them that you were warned not to do it.