San Jos State University College of Engineering/Electrical Engineering Department EE-209/CMPE-209, Network Security, Section 1, Spring 2014

Course and Contact Information Instructor: Office Location: Telephone: Email: Office Hours: Class Days/Time: Classroom: Prerequisites: TA/ISA Course Format This course requires the student to have a personal computer that is installed with a modern operating system, such as MS Windows , Mac OS X , or Linux. The personal computer must be able to connect to Internet and is capable of running multiple virtual machines, such as VMWare VMPlayer. Faculty Web Page and MYSJSU Messaging Course materials such as syllabus, handouts, notes, assignment instructions, etc. can be found on the course shell available from the eLearning platform Canvas (i.e. eCampus) at: http://sjsu.instructure.com. You are responsible for regularly checking with the messaging system (email, discussions, announcements news) through Canvas and MySJSU to learn any updates. Course Description The course covers network security protocols and applications, cryptography algorithms, authentication systems, intrusion detection, network attacks and defenses, system-level security issues, and how to build secure systems. Prerequisite: EE 281 or CMPE 206. Dr. Chao-Li Tarng ENG 367 TBD chaolli.tarng@sjsu.edu Wednesday, 10:15am 11:15am Or by appointment in person or Skype (cltarng) Tuesday and Thursday 6:00pm 7:15pm ENG 329 EE 281 or CMPE 206 TBD

EE 209/CMPE 209 Network Security, Spring, 2014

Page 1 of 8

Course Goals and Learning Outcomes

Course Learning Outcomes (CLO)

Upon successful completion of this course, students will be able to: 1. Demonstrate in-depth understanding of tools and common techniques in different network attacking phases and effective defenses against these attacks. 2. Demonstrate in-depth understanding of cryptography algorithms and standards, authentication protocols. 3. Demonstrate the proficiency of utilizing network monitoring and analysis tools. 4. Demonstrate the capability of collecting, classifying, and critically evaluating the design of Internet technologies. 5. Demonstrate the capability of working collaboratively and productively in a team environment. Required Texts/Readings
Textbook

W. Stallings, Cryptography and Network Security: Principles and Practice, 6th Ed., Prentice Hall 2013. ISBN 10: 0-13-335469-5, ISBN 13: 978-0-13-335469-0 Ed Skoudis, Tom Liston, Counter Hack Reloaded, A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2nd edition, Prentice Hall PTR, 2006. ISBN: 0-13148104-5
Other Readings

P. Engebretson, The Basics of Hacking and Penetration Testing, 2nd Ed., Syngress 2013. ISBN: 978-0-12-411644-3
Other equipment / material requirements (optional)

TBD Course Requirements and Assignments SJSU classes are designed such that in order to be successful, it is expected that students will spend a minimum of forty-five hours for each unit of credit (normally three hours per unit per week), including preparing for class, participating in course activities, completing assignments, and so on. More details about student workload can be found in University Policy S12-3 at http://www.sjsu.edu/senate/docs/S12-3.pdf. The class assignments that are assessed and that contribute to your final grade include homework assignments, project presentation and report, one midterm exam, and one final exam. In a semester-long class project, each project team will identify a security attack, complete a set of testbed exercises of the attack, perform in-depth research on the defense schemes, analyze and compare these defense schemes, and present experiment steps, findings, and research results in project reports throughout the semester.

EE 209/CMPE 209 Network Security, Spring, 2014

Page 2 of 8

Each project team is required to select a security topic for in-depth research and hands-on practice. The project is partitioned into 4 phases: Attack Identification, Testbed Experiments, Defense Schemes, Analysis and Comparisons. Each team is required to submit a project report for each phase to the course Canvas site. The due date of each report is to be announced later. Report 1 2 3 4 Artifacts Attack identification Testbed experiments Defense schemes Analysis and comparisons

NOTE that University policy F69-24, Students should attend all meetings of their classes, not only because they are responsible for material discussed therein, but because active participation is frequently essential to insure maximum benefit for all members of the class. Attendance per se shall not be used as a criterion for grading. Grading Policy 10% 25% 25% 40% Homework assignments Project presentation and reports Midterm Exam Final Exam

The instructor reserves the right to change the percentages Failure to complete and submit 90% of homework and project assignments will result in a failing grade in this class. Late work will result in a reduced grade. There will be no extra credit work. Research papers will be submitted both in hard copy and through Canvas. Plagiarism will result in a grade of F for the class as well being referred to the Department Chair.
Grading

Grade A+ A AB+ B BC D F

Overall Score 98-100 94-97.99 90-93.99 85-89.99 75-84.99 70-74.99 60-69.99 50-59.99 0-49.99

EE 209/CMPE 209 Network Security, Spring, 2014

Page 3 of 8

Classroom Protocol Each student is required to engage in classroom activities, participate in labs, submit assignments and reports on time, and take exams and tests on time. Each student is required to engage in classroom activities, submit assignments and reports on time, and take exams and tests on time. Web-browsing or online chatting in class is not allowed. Cell Phones are to be turned off or switched into silence mode during lectures and tests. During exams if you receive a cell phone call or page it will be assumed that you have completed your exam and no further work will be allowed. No make-up exams will be held. Exams will be closed book, closed notes. Student causing disruption in the class will be asked to leave the class

UNIX/Linux Account Each student is required to have a UNIX/Linux account, which can be applied online through https://unix.engr.sjsu.edu/wiki/doku.php. Each student is encouraged to have his own setup of Linux OS via virtual machine or multiple disk partition. University Policies
Dropping and Adding

Students are responsible for understanding the policies and procedures about add/drop, grade forgiveness, etc. Refer to the current semesters Catalog Policies section at http://info.sjsu.edu/static/catalog/policies.html. Add/drop deadlines can be found on the current academic year calendars document on the Academic Calendars webpage at http://www.sjsu.edu/provost/services/academic_calendars/. The Late Drop Policy is available at http://www.sjsu.edu/aars/policies/latedrops/policy/. Students should be aware of the current deadlines and penalties for dropping classes. Information about the latest changes and news is available at the Advising Hub at http://www.sjsu.edu/advising/.
Consent for Recording of Class and Public Sharing of Instructor Material

University Policy S12-7, http://www.sjsu.edu/senate/docs/S12-7.pdf, requires students to obtain instructors permission to record the course. Common courtesy and professional behavior dictate that you notify someone when you are recording him/her. You must obtain the instructors permission to make audio or video recordings in this class. Such permission allows the recordings to be used for your private, study purposes only. The recordings are the intellectual property of the instructor; you have not been given any rights to reproduce or distribute the material.

EE 209/CMPE 209 Network Security, Spring, 2014

Page 4 of 8

o It is suggested that the greensheet include the instructors process for granting permission, whether in writing or orally and whether for the whole semester or on a class by class basis. o In classes where active participation of students or guests may be on the recording, permission of those students or guests should be obtained as well. Course material developed by the instructor is the intellectual property of the instructor and cannot be shared publicly without his/her approval. You may not publicly share or upload instructor generated material for this course such as exam questions, lecture notes, or homework solutions without instructor consent.

Academic integrity

Your commitment as a student to learning is evidenced by your enrollment at San Jose State University. The University Academic Integrity Policy S07-2 at http://www.sjsu.edu/senate/docs/S07-2.pdf requires you to be honest in all your academic course work. Faculty members are required to report all infractions to the office of Student Conduct and Ethical Development. The Student Conduct and Ethical Development website is available at http://www.sjsu.edu/studentconduct/.
Campus Policy in Compliance with the American Disabilities Act

If you need course adaptations or accommodations because of a disability, or if you need to make special arrangements in case the building must be evacuated, please make an appointment with me as soon as possible, or see me during office hours. Presidential Directive 97-03 at http://www.sjsu.edu/president/docs/directives/PD_1997-03.pdf requires that students with disabilities requesting accommodations must register with the Accessible Education Center (AEC) at http://www.sjsu.edu/aec to establish a record of their disability. Student Technology Resources (Optional) Computer labs for student use are available in the Academic Success Center at http://www.sjsu.edu/at/asc/ located on the 1st floor of Clark Hall and in the Associated Students Lab on the 2nd floor of the Student Union. Additional computer labs may be available in your department/college. Computers are also available in the Martin Luther King Library. A wide variety of audio-visual equipment is available for student checkout from Media Services located in IRC 112. These items include DV and HD digital camcorders; digital still cameras; video, slide and overhead projectors; DVD, CD, and audiotape players; sound systems, wireless microphones, projection screens and monitors. SJSU Peer Connections (Optional) Peer Connections, a campus-wide resource for mentoring and tutoring, strives to inspire students to develop their potential as independent learners while they learn to successfully navigate through their university experience. You are encouraged to take advantage of their services which include course-content based tutoring, enhanced study and time management skills, more effective critical thinking strategies, decision making and problem-solving abilities, and campus resource referrals.
EE 209/CMPE 209 Network Security, Spring, 2014 Page 5 of 8

In addition to offering small group, individual, and drop-in tutoring for a number of undergraduate courses, consultation with mentors is available on a drop-in or by appointment basis. Workshops are offered on a wide variety of topics including preparing for the Writing Skills Test (WST), improving your learning and memory, alleviating procrastination, surviving your first semester at SJSU, and other related topics. A computer lab and study space are also available for student use in Room 600 of Student Services Center (SSC). Peer Connections is located in three locations: SSC, Room 600 (10th Street Garage on the corner of 10th and San Fernando Street), at the 1st floor entrance of Clark Hall, and in the Living Learning Center (LLC) in Campus Village Housing Building B. Visit Peer Connections website at http://peerconnections.sjsu.edu for more information. SJSU Writing Center (Optional) The SJSU Writing Center is located in Clark Hall, Suite 126. All Writing Specialists have gone through a rigorous hiring process, and they are well trained to assist all students at all levels within all disciplines to become better writers. In addition to one-on-one tutoring services, the Writing Center also offers workshops every semester on a variety of writing topics. To make an appointment or to refer to the numerous online resources offered through the Writing Center, visit the Writing Center website at http://www.sjsu.edu/writingcenter. For additional resources and updated information, follow the Writing Center on Twitter and become a fan of the SJSU Writing Center on

Facebook. (Note: You need to have a QR Reader to scan this code.) SJSU Counseling Services The SJSU Counseling Services is located on the corner of 7th Street and San Fernando Street, in Room 201, Administration Building. Professional psychologists, social workers, and counselors are available to provide consultations on issues of student mental health, campus climate or psychological and academic issues on an individual, couple, or group basis. To schedule an appointment or learn more information, visit Counseling Services website at http://www.sjsu.edu/counseling.

EE 209/CMPE 209 Network Security, Spring, 2014

Page 6 of 8

EE209/CMPE209 Network Security, Sec 1, Spring 2014 Course Schedule

This schedule is tentative and is subject to change. Course Schedule Week 1 2 1/28 1/30 2/4 2/6 2/11 2/13 2/18 2/20 2/25 2/27 3/4 3/6 3/11 3/13 3/18 3/20 3/25 3/27 4/1 4/3 4/8 4/10 4/15 4/17 4/22 4/24 Date 1/23 Topics Introduction to the class: Linux setup, testbeds, network security, penetration tests Part I: Ethical Hacking Reconnaissance Scanning Exploitation and Gaining Access Exploitation and Gaining Access Denial-of-Service Attacks Web-based Exploitation Maintaining Access Covering tracks and hiding Midterm exam (closed book, closed note) Part II: Cryptography Overview of Cryptography Symmetric Ciphers: Classic Encryption Techniques Symmetric Ciphers: Block Ciphers and DES Number Theory and Finite Fields Spring break no class Symmetric Ciphers: AES Asymmetric Ciphers: Public Key Crypto, RSA Asymmetric Ciphers: Public Key Crypto, RSA Digital Signatures Key Management and Distribution User Authentication Protocols

3 4 5 6 7 8

9 10 11 12 13 14

EE 209/CMPE 209 Network Security, Spring, 2014

Page 7 of 8

Week 15 16 17

Date 4/29 5/1 5/6 5/8 5/13 5/15 Project Presentation Project Presentation

Topics

Review Final Exam (December 15th, Thursday 5:15 pm 7:30 pm)

EE 209/CMPE 209 Network Security, Spring, 2014

Page 8 of 8