Scribd
Upload
38 views

Computer Security Course Outline

Comp Security course

Uploaded by

shemse
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
38 views

Computer Security Course Outline

Comp Security course

Uploaded by

shemse
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Dilla University

College/Faculty: School of Computing and Informatics


Course title: Computer Security
Course code: CoSc4031
Credit hours: 3 ECTS: 5 Contact hrs: 2 Lab hrs: 3 Tutorial hrs: 1
Prerequisite: CoSc2032-Data Communications and Computer Networks
Course category: compulsory
Year: IV Semester: I
Instructor: Shemse S

Course Description: -
To familiarize students with the security issues and technologies involved in modern information
systems, including computer systems and networks and the various ways in which information
systems can be attacked and tradeoffs in protecting networks.

Course Objectives: -
By the end of this course, students will be able to: -
❖ Understand the basic concepts in information security, including security attacks/threats,
security vulnerabilities, security policies, security models, and security mechanisms
❖ Understand the concepts, principles and practices related to elementary cryptography,
including plain-text, cipher-text, the four techniques for crypto-analysis, symmetric
cryptography, asymmetric cryptography, digital signature, message authentication code,
hash functions, and modes of encryption operations.
❖ Understand issues related to program security and the common vulnerabilities in computer
programs; including buffer overflow vulnerabilities, time-of-check to time-of-use flaws,
incomplete mediation.
❖ Explain and compare security mechanisms for conventional operating systems, including
memory, time, file, object protection requirements and techniques and protection in
contemporary operating systems.
❖ Understand the basic requirements for trusted operating systems, and describe the
independent
evaluation, including evaluation criteria and evaluation process.
❖ Describe security requirements for database security, and describe techniques for ensuring
database reliability and integrity, secrecy, inference control, and multi-level databases.
❖ Describe threats to networks, and explain techniques for ensuring network security,
including
encryption, authentication, firewalls, and intrusion detection.
❖ Explain the requirements and techniques for security management, including security
policies, risk analysis, and physical threats and controls.

1
Course Outline
Chapter 1: Introduction to Computer Security (3 hrs)
1.1 Basic concepts of computer security
1.2 Threats, vulnerabilities, controls, risk
1.3 Goals of computer security
1.4 Security attack
1.5 Security policies and mechanisms
1.6 Prevention, detection, and deterrence
1.7 Software security assurance
Chapter 2: Computer Threat (4 hrs)
2.1 Malicious code
2.1.1 Viruses
2.1.2 Trojan horses
2.1.3 Worms
2.1.4 Spy-wares, etc.
2.2 Class of Attacks
2.2.1 Reconnaissance
2.2.2 Access
2.2.3 Denial of Service, etc.
2.3 Program flaws
2.3.1 Buffer overflows
2.3.2 Time-of-check to time-of-use flaws
2.3.3 Incomplete mediation
2.4 Controls to protect against program flaws in execution
2.4.1 Operating system support and administrative controls
2.5 Program Security Defenses
2.5.1 Software development controls and Testing techniques
2.5.2 Database management systems security
Chapter 3: Cryptography and Encryption Techniques (13 hrs)
3.1 Basic cryptographic terms
3.2 Historical background
3.3 Cipher Techniques
3.3.1 Transposition Cipher
3.3.2 Substitution Cipher
3.4 Conventional encryption algorithms
3.5 Cryptanalysis
3.6 Cryptographic Systems
3.6.1 Symmetric key cryptography
3.6.1.1 DES
3.6.1.2 3DES
3.6.1.3 AES
3.6.1.4 Block Cipher Modes
3.6.2 Public key cryptography
3.6.2.1 Diffie-Hellman
3.6.2.2 RSA
3.6.3 Digital Signature

2
3.6.3.1 Using Public Key
3.6.3.2 Using Message Digest
3.6.3.2.1 MD4family
3.6.3.2.2 SHA family
3.6.3.2.3 RIPEMD
3.6.4 Public key Infrastructure (PKI)
3.6.4.1.1 Trusted Third Party
3.6.4.1.2 Certification
3.6.4.1.3 Key Distribution
3.6.4.1.4 PKI Topology
3.6.4.1.5 Enrollment and Revocation Procedures
Chapter 4: Network Security (4 hrs)
4.1 Network security basics
4.2 Threats on network
4.3 Trust, Weaknesses, Risk and Vulnerabilities
4.4 TCP/IP Suit Weaknesses and Buffer Overflows
4.5 Network security protocols
4.5.1 Application layer security
4.5.1.1 Web security
4.5.1.2 E-mail security
4.5.2 Transport layer security
4.5.3 Network layer security
4.5.4 Link layer security
4.5.5 Physical security
4.6 Wireless security
Chapter 5: Security Mechanisms (3 hrs)
5.1 Firewall
5.2 Proxy server
5.3 IDS/IPS
5.4 Virtual Private network
Chapter 6: Authentication and Access control (3 hrs)
6.1 Authentication basics
6.1.1 Password and Passphrase
6.1.2 Biometrics
6.1.2.1 Fingerprint
6.1.2.2 Palm Scan
6.1.2.3 Hand Geometry
6.1.2.4 Iris Scan
6.1.2.5 Signature Dynamics
6.1.2.6 Voice Print
6.1.2.7 Facial Scan
6.1.2.8 Hand Typography
6.1.3 AAA server
6.1.4 Smart card and memory cards
6.1.5 Kerberos
6.2 Access control basics

3
6.3 Access control models
6.3.1 Discretionary Access Control (DAC)
6.3.2 Mandatory Access Control (MAC)
6.3.3 Role-Based Access Control (RBAC)
Chapter 7: Administering security (2 hrs)
7.1 Security planning
7.2 Risk analysis
7.3 Security policies
7.4 Cyber security
7.5 Ethics

You might also like