|
Saint Xavier University |
ACSG 570
WEB SERVER SECURITY
|
|
| |
| Faculty Info: |
Jim Aman, Ph.D.
Associate Professor of Computer Science
WAC - N326
Office: (773) 298-3454
Skype: jimaman (voice/text)
|
Office Hours: |
| |
Tuesday & Thursday: 10-11 am
Thursday: 4:00-5:30 pm
Other times by appointment -- or just drop by the office, use Skype, or connect to the vRoom! |
| Course Info: |
|
Penetration Testing and Network Defense
Andrew Whitaker and Daniel Newman
Cisco Press, 2005
978-1587052088
|
| |
|
Recommended additional readings:
- The CERT Guide to System and Network
Security Practices by Julia H. Allen (Addison Wesley, 2001, ISBN
0-201-73723-X)
A study of the technologies, terms, and processes related to security operations on the Internet. Students are introduced to techniques for penetration testing using available open source software tools and the websites for acquiring them. They are also introduced to mechanisms and procedures for defending networks against attacks. Hands-on study of the mechanisms and techniques of computer attacks and the imposition of effective defenses to them is an integral part of the course. Causes of network and web insecurity, such as hacking, virus transmission, and code corruption, are investigated along with methods for hardening and securing operating systems and web services.
Course Syllabus
The syllabus will beavailable for download. Sections of the syllabus are included on this page.
This is a 4.5-semester-hour course, including a portfolio component. The target audience is graduate students in the Master of Applied Computer Science program.
Capsule Description
This course is concerned with the planning, deployment, administration, and security of web servers. Administration topics include hardware and software selection, fundamentals of server configuration and maintenance, domain registration, site organization, and database implementation. Security topics include hacking, the nature of malicious attacks, resources for improving server security, backup procedures, and documentation techniques.
Philosophy
Computer security is rapidly emerging as a major field within computing. Threats to computer systems have been accelerating for many years without any signs of abating. The fundamentals of security are important knowledge for network , system, and web administrators, but the details of attacking and defending represent a very important body of information. Although hotly debated within the educational community, teaching the techniques of attack as a prelude to learning the techniques of defense is the approach of this course.
Objectives
| The student who has mastered the material will
... |
- Understand how computer attacks occur and how to protect systems
against them
- Install, evaluate, and use software for web security
- Install
and employ software for computer attacks (in a closed lab
environment)
- Harden operating systems and secure web software
- Learn to locate, install,
and use open source software security tools
- Demonstrate proficiency
in protecting systems and knowledge of attack techniques by
participation in a culminating security exercise
|
Teaching Methods
- Lectures and Demonstrations:
- Projects, lab exercises, and field work
- Research paper and presentation
- Possibly quizzes and exams
- Internet Support: Check Blackboard and
the class web page for additional information about the course.
Blackboard will be the primary Internet tool of the course
and will be used by the instructor to post assignments and
occasionally by the students to post their work.
|
|
|
| Policies: |
- Missed Classes: You are responsible for obtaining material
which may have been distributed on class days when you were
absent. This can be done through contacting a classmate who
was presente or by contacting the instructor during office
hours or by other means. Missed or late quizzes cannot be
made up under any circumstances, but, with good cause and
adequate notice, an early quiz may be given. There are no
make-up exams. Students missing exams due to a pre-arranged,
excused absence will be allowed to count the final exam at
double value. Only official excuses will be accepted. Any
uncoordinated, unexcused, missed exam will result in a score
of 0 for that exam.
- Assignments: All assignments are due at the beginning of
class on the date due (the Wednesday of the week following
coverage of the chapter). Late submission of assignments
will be assessed a penalty of 10% per day. No exceptions
will be made.
- Academic Dishonesty: Plagiarism and cheating are serious
offenses and may be punished by failure on exam, paper, or
project; failure in course; and/or expulsion from the University.
For more information, refer to the Undergraduate Catalog.
- Need for Assistance: If you have any condition, such as
a physical or learning disability, which will make it difficult
for you to carry out the work as outlined here, or which
will require academic accommodations, you must follow the
University’s established policy for documenting the
condition through the Learning Center. You should also notify
me as soon as possible.
- Posting of Grades: Final grades will not be officially
posted by the instructor. Progress of grades may be followed
on Blackboard, however.
|
|
| Grading: |
| Assignments ........... |
45% |
| Exercise ................... |
45% |
| Participation ............ |
10% |
|
| Schedule: |
|
Schedule
|
DATE |
TOPICS |
READINGS
|
Jan 14 |
Introduction |
|
Jan 21 |
Understanding Penetration Testing
Legal and Ethical Considerations |
Chapter 1 & 2 |
Jan 28 |
|
|
Feb 4 |
|
|
Feb 11 |
|
|
Feb 18 |
|
|
Feb 25 |
|
|
Mar 4 |
|
|
Mar 11 |
|
|
Mar 18 |
|
|
Mar 25 |
|
|
Apr 1 |
|
|
BYTE ME!
2008 Security Exercise |
Apr 8 |
Meet with Consultant |
| |
THE EXERCISE! |
May 6 |
Wrap-Up Night |
|
|
|
|
|
|
|
Copyright © 2008-10, J. R. Aman |
|
1/20/10 |
|
|
