Vous êtes sur la page 1sur 9

San Jos State University

College of Engineering/Electrical Engineering Department


EE-209/CMPE-209, Network Security, Section 02, Spring 2015
Course and Contact Information
Instructor:

Dr. Chao-Li Tarng

Office Location:

ENG 367

Telephone:

TBD

Email:

chaolli.tarng@sjsu.edu

Office Hours:

Tuesday, 10:15am 11:15am


Or by appointment in person or Skype (cltarng)

Class Days/Time:

Tuesday and Thursday 6:00pm 7:15pm

Classroom:

ENG 331

Prerequisites:

EE 281 or CMPE 206

TA/ISA

TBD

Course Format
This course requires the student to have a personal computer that is installed with a
modern operating system, such as MS Windows , Mac OS X , or Linux. The
personal computer must be able to connect to Internet and is capable of running at three
instances of virtual machines, such as VMware. The midterm and final exams will be
conducted online and students are required to install the Respondus LockDown Browser
in order to take the online exams.
Faculty Web Page and MYSJSU Messaging
Course materials such as syllabus, handouts, notes, assignment instructions, etc. can be
found on the course shell available from the eLearning platform Canvas (i.e. eCampus) at:
https://sjsu.instructure.com. You are responsible for regularly checking with the
messaging system (email, discussions, announcements news) through Canvas and
MySJSU to learn any updates.
Course Description
The course covers network security protocols and applications, cryptography algorithms,
authentication systems, intrusion detection, network attacks and defenses, system-level
security issues, and how to build secure systems. Prerequisite: EE 281 or CMPE 206.

EE 209/CMPE 209 Network Security, Section 02, Spring 2015

Page 1 of 9

Course Goals and Learning Outcomes


Course Learning Outcomes (CLO)

Upon successful completion of this course, students will be able to:


1. Demonstrate in-depth understanding of tools and common techniques in different
network attacking phases and effective defenses against these attacks.
2. Demonstrate in-depth understanding of cryptography algorithms and standards,
authentication protocols.
3. Demonstrate the proficiency of utilizing network monitoring and analysis tools.
4. Demonstrate the capability of collecting, classifying, and critically evaluating the
design of Internet technologies.
5. Demonstrate the capability of working collaboratively and productively in a team
environment.
Required Texts/Readings
Textbook (Required)

[PE] P. Engebretson, The Basics of Hacking and Penetration Testing, 2nd Ed., Syngress
2013. ISBN: 978-0-12-411644-3
[WS] W. Stallings, Cryptography and Network Security: Principles and Practice, 6th Ed.,
Prentice Hall 2013. ISBN 10: 0-13-335469-5, ISBN 13: 978-0-13-335469-0
Other Readings (Reference)

[Penetration Testing]
Ed Skoudis, Tom Liston, Counter Hack Reloaded, A Step-by-Step Guide to Computer
Attacks and Effective Defenses, 2nd edition, Prentice Hall PTR, 2006. ISBN: 0-13148104-5
S. McClure, J. Scambray, G. Kurtz, Hacking Exposed 7: Network Security Secrets &
Solutions, 7th Ed., McGraw-Hill Osborne Media, 2012. ISBN-13: 978-0071780285
J. Erickson, Hacking: The Art of Exploitation, 2nd Ed., No Starch Press, 2008. ISBN-13:
978-1593271442
[Computer and Network Security]
W. Stallings, Computer Security: Principles and Practices, 3rd Ed., Prentice Hall 2014.
ISBN-10: 0133773922, ISBN-13: 978-0133773927
Other equipment / material requirements (optional)

TBD
Course Requirements and Assignments
SJSU classes are designed such that in order to be successful, it is expected that students
will spend a minimum of forty-five hours for each unit of credit (normally three hours per
EE 209/CMPE 209 Network Security, Section 02, Spring 2015

Page 2 of 9

unit per week), including preparing for class, participating in course activities,
completing assignments, and so on. More details about student workload can be found in
University Policy S12-3 at http://www.sjsu.edu/senate/docs/S12-3.pdf.
The class assignments that are assessed and that contribute to your final grade include
homework assignments, project presentation and report, one midterm exam, and one final
exam.
In a semester-long class project, each project team will identify a security attack,
complete a set of testbed exercises of the attack, perform in-depth research on the defense
schemes, analyze and compare these defense schemes, and present experiment steps,
findings, and research results in project reports throughout the semester.
Each project team is required to select a security topic for in-depth research and hands-on
practice. The project is partitioned into 4 phases: Attack Identification, Testbed
Experiments, Defense Schemes, Analysis and Comparisons. Each team is required to
submit a project report for each phase to the course Canvas site. The due date of each
report is to be announced later.
Report
1
2
3
4

Artifacts
Attack identification
Testbed experiments
Defense schemes
Analysis and comparisons

NOTE that University policy F69-24, Students should attend all meetings of their
classes, not only because they are responsible for material discussed therein, but because
active participation is frequently essential to insure maximum benefit for all members of
the class. Attendance per se shall not be used as a criterion for grading.
Grading Policy
20%
20%
25%
35%

Homework assignments
Project presentation and reports
Midterm Exam
Final Exam

The instructor reserves the right to change the percentages


Failure to complete and submit 90% of homework and project assignments will result in
a failing grade in this class.
Late work will result in a reduced grade. There will be no extra credit work.
Research papers will be submitted both in hard copy and through Canvas.
Plagiarism will result in a grade of F for the class as well being referred to the
Department Chair.

EE 209/CMPE 209 Network Security, Section 02, Spring 2015

Page 3 of 9

Grading

Grade
A+
A
AB+
B
BC
D
F

Overall Score
98-100
94-97.99
90-93.99
85-89.99
75-84.99
70-74.99
60-69.99
50-59.99
0-49.99

Classroom Protocol

Each student is required to engage in classroom activities, participate in labs, submit


assignments and reports on time, and take exams and tests on time.
Each student is required to engage in classroom activities, submit assignments and
reports on time, and take exams and tests on time.
Web-browsing or online chatting in class is not allowed. Cell Phones are to be turned
off or switched into silence mode during lectures and tests. During exams if you
receive a cell phone call or page it will be assumed that you have completed your
exam and no further work will be allowed.
No make-up exams will be held.
Exams will be close book, close notes.
Student causing disruption in the class will be asked to leave the class

UNIX/Linux Account
Each student is required to have a UNIX/Linux account, which can be applied online
through https://unix.engr.sjsu.edu/wiki/doku.php. Each student is encouraged to have his
own setup of Linux OS via virtual machine or multiple disk partition.
University Policies
Dropping and Adding

Students are responsible for understanding the policies and procedures about add/drop,
grade forgiveness, etc. Refer to the current semesters Catalog Policies section at
http://info.sjsu.edu/static/catalog/policies.html. Add/drop deadlines can be found on the
current academic year calendars document on the Academic Calendars webpage at
http://www.sjsu.edu/provost/services/academic_calendars/. The Late Drop Policy is
available at http://www.sjsu.edu/aars/policies/latedrops/policy/. Students should be aware
of the current deadlines and penalties for dropping classes.
Information about the latest changes and news is available at the Advising Hub at
http://www.sjsu.edu/advising/.

EE 209/CMPE 209 Network Security, Section 02, Spring 2015

Page 4 of 9

Consent for Recording of Class and Public Sharing of Instructor Material

University Policy S12-7, http://www.sjsu.edu/senate/docs/S12-7.pdf, requires students to


obtain instructors permission to record the course.

Common courtesy and professional behavior dictate that you notify someone
when you are recording him/her. You must obtain the instructors permission to
make audio or video recordings in this class. Such permission allows the
recordings to be used for your private, study purposes only. The recordings are
the intellectual property of the instructor; you have not been given any rights to
reproduce or distribute the material.
o It is suggested that the syllabus includes the instructors process for
granting permission, whether in writing or orally and whether for the
whole semester or on a class by class basis.
o In classes where active participation of students or guests may be on the
recording, permission of those students or guests should be obtained as
well.
Course material developed by the instructor is the intellectual property of the
instructor and cannot be shared publicly without his/her approval. You may not
publicly share or upload instructor generated material for this course such as exam
questions, lecture notes, or homework solutions without instructor consent.

Academic integrity

Your commitment as a student to learning is evidenced by your enrollment at San Jose


State University. The University Academic Integrity Policy S07-2 at
http://www.sjsu.edu/senate/docs/S07-2.pdf requires you to be honest in all your academic
course work. Faculty members are required to report all infractions to the office of
Student Conduct and Ethical Development. The Student Conduct and Ethical
Development website is available at http://www.sjsu.edu/studentconduct/.
Campus Policy in Compliance with the American Disabilities Act

If you need course adaptations or accommodations because of a disability, or if you need


to make special arrangements in case the building must be evacuated, please make an
appointment with me as soon as possible, or see me during office hours. Presidential
Directive 97-03 at http://www.sjsu.edu/president/docs/directives/PD_1997-03.pdf
requires that students with disabilities requesting accommodations must register with the
Accessible Education Center (AEC) at http://www.sjsu.edu/aec to establish a record of
their disability.
Student Technology Resources (Optional)
Computer labs for student use are available in the Academic Success Center at
http://www.sjsu.edu/at/asc/ located on the 1st floor of Clark Hall and in the Associated
Students Lab on the 2nd floor of the Student Union. Additional computer labs may be
available in your department/college. Computers are also available in the Martin Luther
King Library.
A wide variety of audio-visual equipment is available for student checkout from Media
Services located in IRC 112. These items include DV and HD digital camcorders; digital
EE 209/CMPE 209 Network Security, Section 02, Spring 2015

Page 5 of 9

still cameras; video, slide and overhead projectors; DVD, CD, and audiotape players;
sound systems, wireless microphones, projection screens and monitors.
SJSU Peer Connections (Optional)
Peer Connections, a campus-wide resource for mentoring and tutoring, strives to inspire
students to develop their potential as independent learners while they learn to
successfully navigate through their university experience. You are encouraged to take
advantage of their services which include course-content based tutoring, enhanced study
and time management skills, more effective critical thinking strategies, decision making
and problem-solving abilities, and campus resource referrals.
In addition to offering small group, individual, and drop-in tutoring for a number of
undergraduate courses, consultation with mentors is available on a drop-in or by
appointment basis. Workshops are offered on a wide variety of topics including
preparing for the Writing Skills Test (WST), improving your learning and memory,
alleviating procrastination, surviving your first semester at SJSU, and other related topics.
A computer lab and study space are also available for student use in Room 600 of Student
Services Center (SSC).
Peer Connections is located in three locations: SSC, Room 600 (10th Street Garage on
the corner of 10th and San Fernando Street), at the 1st floor entrance of Clark Hall, and in
the Living Learning Center (LLC) in Campus Village Housing Building B. Visit Peer
Connections website at http://peerconnections.sjsu.edu for more information.
SJSU Writing Center (Optional)
The SJSU Writing Center is located in Clark Hall, Suite 126. All Writing Specialists have
gone through a rigorous hiring process, and they are well trained to assist all students at
all levels within all disciplines to become better writers. In addition to one-on-one
tutoring services, the Writing Center also offers workshops every semester on a variety of
writing topics. To make an appointment or to refer to the numerous online resources
offered through the Writing Center, visit the Writing Center website at
http://www.sjsu.edu/writingcenter. For additional resources and updated information,
follow the Writing Center on Twitter and become a fan of the SJSU Writing Center on

Facebook. (Note: You need to have a QR Reader to scan this code.)


SJSU Counseling Services
The SJSU Counseling Services is located on the corner of 7th Street and San Fernando
Street, in Room 201, Administration Building. Professional psychologists, social
workers, and counselors are available to provide consultations on issues of student mental
health, campus climate or psychological and academic issues on an individual, couple, or
EE 209/CMPE 209 Network Security, Section 02, Spring 2015

Page 6 of 9

group basis. To schedule an appointment or learn more information, visit Counseling


Services website at http://www.sjsu.edu/counseling.

EE 209/CMPE 209 Network Security, Section 02, Spring 2015

Page 7 of 9

EE209/CMPE209 Network Security, Sec 02, Spring 2015


Course Schedule
This schedule is tentative and is subject to change.

Course Schedule
Week Date
1

1/22

3
4
5
6
7

1/27
1/29
2/3
2/5
2/10
2/12
2/17
2/19
2/24
2/26
3/3
3/5

8
3/10
3/12
9
10
11

3/17
3/19
3/23
3/25
3/31
4/2

Topics
Introduction to the class: Virtual machine setup, test
beds, network security, penetration tests

Readings
[PE] Ch. 1

Part I: Penetration Testing


Reconnaissance
Scanning
Exploitation and Gaining Access

[PE] Ch. 2
[PE] Ch. 3

Exploitation and Gaining Access (contd)


Denial-of-Service Attacks
Web-based Exploitation

[PE] Ch. 4
Class notes
[PE] Ch. 6

Buffer Overflow Attacks


Maintaining Access

Class notes
[PE] Ch. 7

Maintaining Access (contd)


Overview of Cryptography

[PE] Ch. 7
[WS] Ch. 1

Part II: Cryptography


Symmetric Ciphers: Classic Encryption Techniques
Midterm exam (close book, close note, covering
Penetration Testing only)
Symmetric Ciphers: Block Ciphers and DES
Number Theory and Finite Fields
Spring break no class

[PE] Ch. 4

[WS] Ch. 2

[WS] Ch. 3
[WS] Ch. 4

Cesar Chavez Day no class


Symmetric Ciphers: AES

[WS] Ch. 5

12

4/7
4/9

More Number Theory


Asymmetric Ciphers: Public Key Crypto, RSA

[WS] Ch. 8
[WS] Ch. 9

13

4/14
4/16

Asymmetric Ciphers: Public Key Crypto, RSA (contd)


Cryptographic Hash Functions

[WS] Ch. 9
[WS] Ch. 10

EE 209/CMPE 209 Network Security, Section 02, Spring 2015

Page 8 of 9

Week Date

Topics

Readings

14

4/21
4/23

Message Authentication Code (MAC)


Key Management and Distribution

[WS] Ch. 11
[WS] Ch. 14

15

4/28
4/30

Network Access Control and Cloud Security


Transport-Level Security

[WS] Ch. 16
[WS] Ch. 17

16

Project Presentation

17

5/5
5/7
5/12

18

5/19

Project Presentation
Final Exam (May 19th, Tuesday 5:15 pm 7:30 pm,
covering Cryptography only)

EE 209/CMPE 209 Network Security, Section 02, Spring 2015

Page 9 of 9