|Course Number||CST 266|
|Course Description||Prerequisites: CST 260 and one of CST 262 or 263 or 265. Analyzes, designs, defines, and troubleshoots security policies and procedures to maintain information integrity, confidentiality and availability. (60-0)|
Outcomes and ObjectivesDescribe concepts of information security.
Describe concepts of authentication.
- Discuss security threats.
- Describe the goals of information security: integrity, confidentiality, and availability.
- Discuss ramifications involved in information security, like cost and technology barriers.
Recognize different types of attacks.
- Create and store passwords.
- Describe the Kerberos authentication process.
- Describe other authentication mechanisms like CHAP and KDC.
- Discuss multifactor authentication and why it is necessary.
- Create and use digital certificates.
- Describe tokens and their functions.
- Discuss the strengths and weaknesses of biometric authentication.
Identify malicious code.
- Describe and discuss back door attacks.
- Describe and discuss spoofing attacks.
- Describe and discuss man-in-the-middle attacks.
- Understand the concept of social engineering.
- Describe and discuss TCP/IP hijacking.
- Describe and discuss birthday attacks
- Describe and discuss brute-force attacks.
- Describe and discuss dictionary attacks.
- Describe and discuss denial-of-service attacks.
- Describe and discuss a DDoS (distributed denial-of-service) attack.
- Describe and discuss ping-of-death attacks.
Identify and eliminate security weaknesses.
- Identify and discuss viruses.
- Identify and discuss trojan horses.
- Identify and discuss logic bombs.
- Identify and discuss worms.
Describe how auditing is used for security awareness.
- Identify and disable nonessential services.
- Identify and disable nonessential protocols.
- Identify and disable nonessential programs.
- Identify and disable nonessential utilities.
- Identify and disable nonessential processes.
Identify strengths and weaknesses of remote access.
- Log system activities.
- Scan system for unusual activities.
Identify strengths and weaknesses of email security.
- Differentiate between the 802.11 specifications.
- Identify and discuss vulnerabilities of VPNs (Virtual Private Networks).
- Identify and discuss vulnerabilities of remote access protocols like PPTP and L2TP.
- Discuss IPSec (IP security).
Identify different methods of web security.
- Identify email vulnerabilities.
- Outline the advantages and disadvantages of GP and S/MIME.
- Discuss the implications of email hoaxes and spam.
Identify security issues associated with file transfers.
- Describe SSL (Secure Socket Layer).
- Describe HTTPS as it relates to SSL.
- Describe other encryption methods, like symmetric & asymmetric key encryption.
- Describe encryption algorithms, like DES, IDEA, Diffie-Hellman, DSA, and RSA.
- Identify security weaknesses associated with instant messaging.
- Use packet sniffers.
- Discuss privacy concerns.
Identify security issues associated with wireless data transfer.
- Identify and discuss vulnerabilities in secure FTP.
- Identify and discuss vulnerabilities in anonymous FTP.
- Identify and discuss vulnerabilities of file sharing.
Describe how hardware is used in information security policies.
- Identify and discuss vulnerabilities in the IEEE 802.11 wireless networking specifications.
- Describe WAP (Wireless Application Protocol).
- Describe the WTLS (Wireless Transport Layer Security) protocol.
- Describe WEP (Wired Equivalent Privacy).
Describe security issues involving media.
- Compare and contrast hardware-enabled firewalls.
- Discuss how routers are used for security purposes.
- Identify the role of switches in information security.
- Discuss security issues involving mobile devices.
Describe various security topologies.
- Compare and contrast network media.
- Compare and contrast storage media.
Describe intrusion detection systems.
- Identify and discuss security zones.
- Identify and discuss a DMZ.
- Identify and discuss intranets and extranets.
- Identify and discuss VLANs.
- Examine NAT (Network Address Translation).
- Discuss tunneling.
Describe security baselines.
- Differentiate between host-based and network-based intrusion detection.
- Discuss the advantages and disadvantages of honeypots.
- Identify active and passive detection features of intrusion detection.
- Describe the role of a security incident response team in an organization.
Identify and explain cryptography algorithms.
- Explain the concept of OS/NOS hardening.
- Explain the concept of network hardening.
- Explain the concept of application hardening.
- Describe how to install and apply updates, service packs, and patches.
Discuss the advantages and disadvantages of cryptography.
- Describe hashing.
- Compare and contrast symmetric versus asymmetric algorithms.
- Differentiate between DES and Triple DES.
- Compare and contrast other algorithms like AES, CAST, RC, Blowfish, IDEA, RSA, Diffie-Hellman, El Gamal, Merkle-Hellman, and Elliptic Curve.
Describe the concept of PKI (Public Key Infrastructure).
- Discuss integrity and confidentiality.
- Discuss digital signatures.
- Discuss nonrepudiation.
Examine physical security methods.
- Define different types of certificates.
- Compare certificate policies.
- Understand certificate revocation.
- Understand certificate trust models.
Describe the concept of Disaster Recovery.
- Identify different types of physical barriers.
- Identify and describe different types of biometrics.
- Discuss the role of physical location in information security.
Describe the concept of Business Continuity.
- Identify and describe backup plans.
- Discuss the importance of offsite storage.
- Create a disaster recovery plan.
Discuss the importance of policies and procedures.
- Identify Business Continuity utilities.
- Understand the concept of fault tolerance.
Describe computer forensics.
- Determine acceptable use.
- Understand the need for privacy.
- Understand separation of duties.
- Discuss methods of password management.
- Identify ways to dispose of or destroy obsolete information.
- Discuss employee hiring procedures relating to security.
- Discuss employee termination procedures relating to security.
- Develop a code of ethics.
- Develop an incident response policy.
Discuss risk identification.
- Understand chain of custody.
- Discuss ways to collect evidence.
- Identify methods of evidence preservation.
Discuss the need for proper training of end users.
- Explain asset identification.
- Explain risk assessment.
- Explain threat identification.
Describe the need for proper documentation.
- Discuss effective communication of policies and procedures.
- Identify methods of user awareness.
- Explore online resources.
Communicate effectively in reading and writing: gather information about information security by reading technical text.
- Determine standards and guidelines.
- Identify system architecture.
- Keep logs and inventories.
- Develop change control procedure.
- Identify methods of documentation retention and storage.
- Identify methods of destroying old documentation.
Think critically and access, analyze and use information including using current Internet programming technology; interpret technical statements, texts, theories, problems, symbols, and observations.
- Identify and utilize information from technical text.
- Derive meaning from technical text.
Think critically and access, analyze and use information including using current Internet programming technology; formulate a question or need, develop a strategy to meet that question or need to solve a technical problem.
- Clarify and analyze the meanings of technical words, phrases, and statements.
- Learn the meanings of terms and acronyms used with information security and ways to use them.
- Generate and collect relevant observable or measurable information or data using intrusion detection software and hardware.
- Organize and present information or data in written form.
- Generate, assess, and validate solutions to a security problem involving web or network access.
- Develop and question alternative formulations of a security problem involving web or network access.
- Search and access information via the Internet.
- Evaluate information or data for quality, validity, and bias to determine if it is objective and reliable.
- Question assumptions, data, and formulations of problems and proposed answers.