ACSG 570 - Web Server Security

	Saint Xavier University
	ACSG 570 WEB SERVER SECURITY

Faculty Info:

Jim Aman, Ph.D.
Associate Professor of Computer Science
WAC - N326
Office: (773) 298-3454
Skype: jimaman (voice/text)

Office Hours:

TBA

Other times by appointment -- or just drop by the office, use Skype, or connect to the vRoom!

Course Info:

Counter Hack Reloaded
Ed Skoudis
Prentice Hall PTR, 2006
0-13-148104-5

Open Source Security Tools
Tony Howlett
Prentice Hall PTR, 2004
0-32-119443-8

Recommended additional readings:

The CERT Guide to System and Network Security Practices by Julia H. Allen (Addison Wesley, 2001, ISBN 0-201-73723-X)

A study of the technologies, terms, and processes related to security operations on the Internet. Students are introduced to available open source software tools and the websites for acquiring them. They also conduct hands-on study of the mechanisms and techniques of computer attacks and the imposition of effective defenses to them by working in an isolated lab environment. Causes of network and web insecurity, such as hacking, virus transmission, and code corruption, are investigated along with methods for hardening and securing operating systems and web services.

Course Syllabus

The syllabus will beavailable for download. Sections of the syllabus are included on this page. This is a four-semester-hour course. The target audience is second-year graduate students in the Master of Applied Computer Science program.

Capsule Description

This course is concerned with the planning, deployment, administration, and security of web servers. Administration topics include hardware and software selection, fundamentals of server configuration and maintenance, domain registration, site organization, and database implementation. Security topics include hacking, the nature of malicious attacks, resources for improving server security, backup procedures, and documentation techniques.

Philosophy

Computer security is rapidly emerging as a major field within computing. Threats to computer systems have been accelerating for many years without any signs of abating. The fundamentals of security are important knowledge for network , system, and web administrators, but the details of attacking and defending represent a very important body of information. Although hotly debated within the educational community, teaching the techniques of attack as a prelude to learning the techniques of defense is the approach of this course.

Objectives

The student who has mastered the material will ...

Understand how computer attacks occur and how to protect systems against them
Install, evaluate, and use software for web security
Install and employ software for computer attacks (in a closed lab environment)
Harden operating systems and secure web software
Learn to locate, install, and use open source software security tools
Demonstrate proficiency in protecting systems and knowledge of attack techniques by participation in a culminating security exercise

Teaching Methods

Lectures and Demonstrations:
Projects, lab exercises, and field work
Research paper and presentation
Possibly quizzes and exams
Internet Support: Check Blackboard and the class web page for additional information about the course. Blackboard will be the primary Internet tool of the course and will be used by the instructor to post assignments and occasionally by the students to post their work.

Policies:

Missed Classes: You are responsible for obtaining material which may have been distributed on class days when you were absent. This can be done through contacting a classmate who was presente or by contacting the instructor during office hours or by other means. Missed or late quizzes cannot be made up under any circumstances, but, with good cause and adequate notice, an early quiz may be given. There are no make-up exams. Students missing exams due to a pre-arranged, excused absence will be allowed to count the final exam at double value. Only official excuses will be accepted. Any uncoordinated, unexcused, missed exam will result in a score of 0 for that exam.
Assignments: All assignments are due at the beginning of class on the date due (the Wednesday of the week following coverage of the chapter). Late submission of assignments will be assessed a penalty of 10% per day. No exceptions will be made.
Academic Dishonesty: Plagiarism and cheating are serious offenses and may be punished by failure on exam, paper, or project; failure in course; and/or expulsion from the University. For more information, refer to the Undergraduate Catalog.
Need for Assistance: If you have any condition, such as a physical or learning disability, which will make it difficult for you to carry out the work as outlined here, or which will require academic accommodations, you must follow the University’s established policy for documenting the condition through the Learning Center. You should also notify me as soon as possible.
Posting of Grades: Final grades will not be officially posted by the instructor. Progress of grades may be followed on Blackboard, however.

Grading: