Course
Description
This course provides an overview
of modern information assurance (IA) and security, with a focus on computer and
network security. This course will give students basic and comprehensive
understanding of security from both theoretical and practical perspectives, and
it will cover key security problems and their possible solutions.
Specific topics covered include:
●
Security
and privacy principles
●
Physical security
●
Personnel security
●
Contingency
and disaster recovery planning
● Information assurance policies
● Authentication and access control
● Administrative security controls
● Risk analysis and management
● Computer virus and malware
● Network attacking attempts
● Phishing
● Social engineering
● Software security
● Definitions of software security
● Traditional software vulnerabilities
● Modern software vulnerabilities
● Vulnerability
discovery
● Vulnerability
mitigation
● Secure software development
● Laws and regulations about Information Assurance
● Ethical hacking
Learning Outcomes
Learners completing this course
will be able to:
● Recognize common security threats and
attacking attempts.
● Identify typical vulnerabilities in programs.
● Develop secure programs.
● Analyze legal and ethical concerns of computer
security activities.
● Launch attacks in ethical hacking environments.
Estimated
Workload/ Time Commitment Per Week
Average of 20 hours per week
Required Prior Knowledge and Skills
This
course will be challenging, and students are expected to learn the necessary
technologies on their own time. If you are not already proficient in the
following areas, consider expanding your skills in these areas and taking this course at a
later time.
Proficient Mathematical Skills and
Theoretical Understanding:
● Algebra
● Linear Algebra
● Algorithms
● Data Structures
● Computer Organization and Architecture
● Operating Systems
● Computer networking
Strong Application Skills:
● Ability to effectively read C code
● Ability to effectively read Python code
● Confidence executing at least one programming language:
○ Python
○ Java
○ C#
○ C++
○ C
Note: The course project will be
completed using the language that the student chooses. However, the course team
will not be able to help the student if they choose any language that is not
Python, Java, or C#.
Proficient
Experience:
● Clear understanding of theoretical and applied
industry-relevant operating systems and computer networks (e.g., Ethernet, ARP,
Routing, IP Addresses, Fragmentation, ICMP, UDP, TCP, and x86-64 assembly)
● Experience reading technical specifications
and documentation
Technology Requirements
Hardware
● Personal computer with 8 GB RAM or higher and
an x86-64 CPU. Must be able to install virtual machines on this computer.
Computers with ARM processors (or any other architecture) will not work.
Software
and Other
● Reliable Internet connection with unrestricted
access to key websites that are commonly used in software development
activities (e.g., GitHub and StackOverflow)
● Linux (Ubuntu 20.04 is recommended) (Ubuntu 20.04 LTS)
● A virtual machine application, such as VMware,
is recommended for non-Linux. users You can get VMware for free as an ASU
student (strongly recommended) and install Ubuntu 20.04 in a VM.
● Most reference code will be provided as a
Python script. Therefore, Python is strongly recommended. Note: For some coursework, the course team will not be able to help you
if you choose any language that is not Python, Java, or C#; therefore, to
create the best learning experience, Python is strongly recommended. This is
noted on the overview docs where it applies.
● Browser (e.g., Chrome, FireFox, or Microsoft
Edge), an HTTP request sender (curl), and Burp
Suite
● Ability to access AWS resources
●
You are
strongly encouraged to use Python 3 and the scapy package
Textbook
and Readings
At the graduate level, inquiry,
research, and critical reading are part of the learning experience; however,
this course does not have a required textbook. All content is available within
the course.
Course
Content
Instruction
Video Lectures Demonstration Videos
Live Events (e.g. Live Sessions hosted by the instructor
of record and Virtual Office Hours hosted by the course team members)
Assessments
Assignments (graded, auto-graded) Individual Project
(graded, auto-graded) Practice Quizzes (ungraded, auto-feedback) Graded Quizzes
(graded, auto-graded) Practice Exam 1 (ungraded, auto-feedback) Exam 1
(proctored, graded, auto-graded)
Practice Exam 2 (ungraded, auto-feedback) Exam 2
(proctored, graded, auto-graded)
Details of the main instructional
and assessment elements this course:
Lecture videos: The
concepts you need to know will be presented through a collection of video
lectures. You may stream these videos for playback within the browser by
clicking on their titles or download the videos. You may also download the
lecture slides that are used in the videos. The lecture slides, where
available, are provided with the video. Demonstration videos and interview
videos do not have accompanying slides.
Discussion Forums: Discussion
forums are present each week in the course, and there are designated forums for
each project, assignment, and exams, so targeted questions of interest can be
asked and categorized in specific spaces. Although the course team is engaged
in these discussions, the forums are spaces to clarify, support, and enrich
student-to-student communication and learning. If you have specific questions that you would like the instructor to
consider addressing in the weekly Live Events, please indicate your request in
your post.
Practice Quizzes: To
help you prepare for other assessments in the course, you will be able to take
practice quizzes prior to taking graded quizzes. Note that practice quizzes are
not present in all weeks by design;
they are only present in weeks that
have graded quizzes. Designed to support your learning and prepare you for the
graded quiz experience, practice quizzes are ungraded quizzes to test your
knowledge of the concepts presented in all the lecture videos for that week.
You may take your time, review your notes, and learn at your own pace because
practice quizzes are untimed. You may retake these as often as you would like
at any point in the course. You are encouraged to read the feedback, review
your answer choices, and compare them to the correct answers. With the feedback as your guide, you are
encouraged to use these as opportunities to study for other assessments and
tasks in the course. You may engage with your peers in the discussion
forums to address questions, share resources and strategies, and provide
feedback to help one another learn. If
you have specific questions that you would like the instructor to consider
addressing in the weekly Live Events, please indicate your request in your
post.
Graded Quizzes: Timed
graded quizzes are included at the end of several weeks when there is not an assignment or project present.
They are designed to assess you on a given week’s content. Review the course
outline closely. Graded quizzes typically
include 10 multiple choice questions. You will have 45 minutes to complete
each quiz. Once you open the quiz, your testing session begins, and you must
complete it in a single session. You will be allowed one (1) attempt to take
and complete each quiz. There is a 12%
grade penalty for each day late past the deadline. For academic integrity
purposes, the exact answers will not be shared, which includes which questions
students got correct and incorrect.
Practice Exams: Our
goal is to prepare you for the timed, proctored final exam experience. To do
this, we have designed the practice exam questions so they follow the same
question style used in Exam 1 and Exam 2. You may engage with your peers in the
discussion forums to address questions, share resources and strategies, and
provide feedback to help one another learn. If
you have specific questions that you would like to be considered to be
addressed in the weekly Live Events, please indicate your request in your post.
Practice
Exam Details
● Single-answer, multiple choice questions
● Unlimited time
● Unlimited number of attempts
● Full feedback
Proctored Exams: You
will have two (2) timed, proctored exams. No
late exams will be permitted and will result in an automatic score of 0 points.
For academic integrity purposes, the exact answers will not be shared, which
includes which questions students got correct and incorrect.
Exam 1 Details
●
Content covered: Weeks 1, 2, 3, and 4
●
Question type(s): single answer, multiple-choice questions
● Availability:
12:01AM AZ Time on Monday,
November 9, 2020 - Sunday, November 15, 2020 at 11:59 PM AZ Time
●
Time: 2 hours = 120 minutes
● Attempts:
You will be allowed one (1)
attempt to take and complete the exam. Once you open the exam, your testing
session begins and you must complete it in a single session.
● Proctoring:
You need to set up your
proctoring at least 72 hours prior
to the exam. Due to high-volume testing
windows, you are strongly encouraged to schedule by Sunday, October 18, 2020. ProctorU
is an online proctoring service that allows students to take exams online while
ensuring the integrity of the exam for the institution. Additional information
and instructions are provided in the Welcome
and Start Here section of the course. The
exam proctor will input the exam password.
Exam 2 Details
● Content
covered: Weeks 5, 6, and 7
● Question
type(s): single answer,
multiple-choice questions
● Availability:
12:01AM AZ Time on Monday,
November 30, 2020 - Sunday, December 6, 2020 at 11:59 PM AZ Time
● Time:
2 hours = 120 minutes
● Attempts:
You will be allowed one (1)
attempt to take and complete the exam. Once you open the exam, your testing
session begins and you must complete it in a single session.
● Proctoring:
You need to set up your
proctoring at least 72 hours prior
to the exam. Even though
this exam is much later in the semester, due to high-volume
testing windows, you are strongly
encouraged to schedule by Sunday, October 18, 2020. There is no penalty
if you have to schedule later. ProctorU is an online proctoring service that
allows students to take exams online while ensuring the integrity of the exam
for the institution. Additional information and instructions are provided in
the Welcome and Start Here section of
the course. The exam proctor will input
the exam password.
Exam 1 and 2 Allowances: Both
exams are closed resource exams. No materials, resources, technologies, or
communication is permitted during the exams.
●
Hardcopy
and/or digital books and/or reference materials (all): None
● Calculators
(all): None (calculations may
be achieved by hand)
●
Notes in
any format of any kind (all): None
● Web
(all): None
● Software
(all): None and all virtual
machines must be closed prior to starting proctoring
●
Other
technologies, devices, and means of communication (all): None
● Scratch
paper, whiteboard, and writing utensils: unlimited amount of blank scratch paper, writing utensils
(e.g., pens, pencils, markers, and/or highlighters; please have extra ones
should you run out of ink, the pencil breaks, etc.), and eraser(s). If using a
whiteboard, students may have erasable whiteboard markers and what is needed to
erase writing on the whiteboard.
● Other:
Students are to independently
take the exam in a single session without leaving the testing space (e.g., no
bathroom breaks) to ensure proctoring of the entire session.
Assignments and Projects:
This course includes six (6) individual assignments and one (1) project. All
are provided to students in the first week of the course, so you can review
what is expected and design your own learning schedules to complete these on
time. They will be re-introduced in the week each is due. A submission area is
provided at the end of each week they are due. Review the Technology
Requirements for this course to ensure you have what is needed to complete the
assignments and project. Assignments and the project may be submitted an
unlimited number of times. There is an
automatic 6% grade penalty for each day late.
List of
Assignments and Project
● Week 3 Assignment: Caesar Cipher
● Week 3 Assignment: Esper Cipher
● Week 4 Assignment: UDP Spoofing
● Week 4 Assignment: TCP Spoofing
● Week 5 Assignment: Pwn Them All
● Week 6 Project: Fuzz Them All
● Week 6 Assignment: Finding Crashes
Course Grade Breakdown
*This is an MCS Portfolio eligible course.
Grade Scale
NOTE: You must earn a cumulative grade of 70% to earn a
"C" in this course.
The
instructor reserves the right to adjust individual grades based on, but not
limited to, violations of academic integrity.
Live
Events
Live
Sessions - Weekly
Live Sessions are a valuable part
of the learning experience because students can meet with the course instructor
and fellow classmates to learn more about course topics, special topics within
the field, and discuss coursework. The official weekly schedule for these
events will be announced once the course starts. If you are able to attend
these Live Sessions, you are strongly encouraged to do so. If you have specific
questions or topics of interest that you would like to be discussed during the
live events, please indicate your request in your discussion forum post.
Although it may not be possible to address all requests live, the instructor is
interested in tailoring the live events to your questions and interests. The
instructor will be following a set agenda, so please be mindful of that when
engaging in the live session.
Live
Sessions hosted by the faculty will be recorded and uploaded to the course.
Live Sessions Expectations
The environment should remain
professional at all times. Inappropriate content/visuals, language, tone,
feedback, etc. will not be tolerated, reported and subject to disciplinary
action. Review the Policy Regarding Expected Classroom Behavior section of the
syllabus and the Student Code of Conduct for more detailed information.
Virtual
Office Hours - Weekly
Virtual Office Hours offer a
chance for students to get their questions answered from the course team. The
official weekly schedule for office hours will be announced once the course
starts.
Virtual
office hours are recorded, but not uploaded into the course.
Virtual Office Hour Expectations
Although the course team is
responsive to trends in the discussion forums and mcsonline emails, these
sessions focus on addressing students’ specific questions related to content:
clarifications, reteaching, assessment review, etc. These sessions are not
intended to address program or course design questions or feedback. Teaching
assistants do not have the authority to weigh in or make decisions regarding those items, so
please do not include those at this time. These sessions are specific to
helping students learn materials and understand various course assessments.
Feedback of that nature is best addressed in the communication channel: mcsonline@asu.edu and please include it in your course survey.
The environment should remain
professional at all times. Inappropriate content/visuals, language, tone,
feedback, etc. will not be tolerated, reported and subject to disciplinary
action. Review the Policy Regarding Expected Classroom Behavior section of the
syllabus and the Student Code of Conduct for more detailed information.
Course Schedule
Week # and Name
Begin
Date
12:01 AM AZ Time
End Date
11:59 PM AZ Time
Week 1: Foundations of Information Assurance and Security
Monday, October 12, 2020
Sunday, October 18, 2020
Week 2: Physical Security, Personnel Security, Authentication,
and Access Control
Monday,
October 19, 2020
Sunday,
October 25, 2020
Week 3: Cryptography
Monday, October 26, 2020
Sunday, November 1, 2020
Week 4: IA in Information
Systems
Monday, November 2, 2020
Sunday, November 8, 2020
Exam 1
Monday,
November 9, 2020
Sunday,
November 15, 2020
Week 5: Web
Security
Monday,
November 9, 2020
Sunday,
November 15, 2020
Week 6: Software Security
Monday, November 16, 2020
Sunday, November 22, 2020
Week 7: Privacy and Ethical
Issues
Monday, November 23, 2020
Sunday, November 29, 2020
Exam 2
Monday, November 30, 2020
Sunday, December 6, 2020
*Grades are due December 7,
2020-December 14, 2020. (Please see the ASU Academic
Calendar for additional information.)
Assignment
and Project Deadlines
Unless otherwise noted, all graded
work is due on Sundays by 11:59 PM Arizona time. An example of “otherwise
noted” would be a course announcement when the course is running. Assignments
and the project may be submitted an unlimited number of times. There is an automatic 6% grade penalty for
each day late.
Assignment
and Project Deadlines
● Week 3 Assignment: Caesar Cipher due by
Sunday, November 1, 2020 at 11:59 PM AZ Time
● Week 3 Assignment: Esper Cipher due by Sunday,
November 1, 2020 at 11:59 PM AZ Time
● Week 4 Assignment: UDP Spoofing due by Sunday,
November 8, 2020 at 11:59 PM AZ Time
● Week 4 Assignment: TCP Spoofing due by Sunday,
November 8, 2020 at 11:59
PM AZ Time
● Week 5 Assignment: Pwn Them All due by Sunday,
November 15, 2020 at 11:59 PM AZ Time
● Week 6 Project: Fuzz Them All due by Sunday,
November 22, 2020 at 11:59 PM AZ Time
● Week 6 Assignment: Finding Crashes due by
Sunday, November 22, 2020 at 11:59 PM AZ Time
Course Outline with Assignments
Week 1: Foundations of
Information Assurance and Security
Lesson 1: Introduction Lesson 2: Security Principles
Lesson 3: Security Strategies
Lesson 4: Mission Assurance and
Risk Management
Lesson 5: IA Policies, Contingency, and Disaster Recovery Planning
Assignments
❏
Practice Quiz
❏
Graded
Quiz (Due by Sunday, October 18, 2020 at 11:59 PM AZ time)
12% grade penalty for each day past the
deadline.
For
academic integrity purposes, the exact answers will not be shared, which
includes which questions students got correct and incorrect.
Week 2: Physical Security, Personnel Security,
Authentication, and Access Control
Lesson 1: Physical and
Personnel Security
Lesson 2: Authentication Lesson 3: Access Control
Assignments
❏
Practice Quiz
❏
Graded
Quiz (Due by Sunday, October 25, 2020 at 11:59 PM AZ time)
12% grade penalty for each day past the
deadline.
For
academic integrity purposes, the exact answers will not be shared, which
includes which questions students got correct and incorrect.
Week 3:
Cryptography
Lesson 1: Introduction to Cryptography Lesson 2: Common
Crypto Algorithms Lesson 3: Bad Crypto
Lesson 4: Common Weaknesses in
Crypto Uses
Assignments
❏
Caesar
Cipher (Due by Sunday, November 1, 2020 at 11:59 PM AZ Time)
6% grade penalty for each day past the
deadline.
❏
Esper
Cipher (Due by Sunday, November 1, 2020 at 11:59 PM AZ Time)
6% grade penalty for each day past the
deadline.
Week 4: IA in Information Systems
Lesson 1: Introduction to Network Security Lesson 2:
Common Attacks on Networks Lesson 3: Modern Security Threats
Lesson 4: IA in Outsourcing and Open-source Software
Lesson 5: IA in Cloud Computing
Assignments
❏
UDP
Spoofing due by Sunday, November 8, 2020 at 11:59 PM AZ Time
6% grade penalty for each day past the
deadline.
❏
TCP
Spoofing due by Sunday, November 8, 2020 at 11:59 PM AZ Time
6% grade penalty for each day past the
deadline.
Week 5: Web Security
Lesson 1: Web Security Overview Lesson 2: HTML
Lesson 3: Common Vulnerabilities in Web Applications
Lesson 4: Phishing
Lesson 5: Vulnerability Discovery
Assignments
❏ Pwn Them All (Due by Sunday, November 15, 2020
at 11:59 PM AZ Time)
6% grade penalty for each day past the
deadline.
Exam 1
Available from Monday, November 9, 2020 at 12:01AM AZ
Time - Sunday, November 15, 2020 at 11:59PM AZ Time
100% grade penalty for each day past the
deadline.
No late exams accepted.
For
academic integrity purposes, the exact answers will not be shared, which
includes which questions students got correct and incorrect.
Week 6: Software Security
Lesson 1: Software Security Overview
Lesson 2: Common Vulnerabilities in Software
Lesson 3: Memory Model, X86-64 Assembly Language, and
Debugging Lesson 4: Buffer Overflows
Lesson 5: Vulnerability
discovery
Assignments
❏
Fuzz Them
All (Due by Sunday, November 22, 2020 at 11:59 PM AZ Time)
6% grade penalty for each day past the
deadline.
❏
Finding
Crashes (Due by Sunday, November 22, 2020 at 11:59 PM AZ Time)
6% grade penalty for each day past the
deadline.
Week 7: Privacy, IA Management, and
Ethical Issues
Lesson 1: Privacy and Social Networks Lesson 2: Ethical
Hacking
Assignments
❏
Practice Quiz
❏
Graded
Quiz (Due by Sunday, November 29, 2020 at 11:59 PM AZ time)
12% grade penalty for each day
past the deadline.
For academic integrity purposes,
the exact answers will not be shared, which includes which questions students
got correct and incorrect.
❏ Optional: Portfolio Inclusion Report for ASU
MCS Degree
❏
Course Survey
Exam 2
❏
Practice
Exam 2
❏ Exam 2 (Available from Monday, November
30, 2020 at 12:01AM AZ Time - Sunday,
December 6, 2020 at 11:59PM AZ Time)
No
late exams accepted. 100% grade penalty.
For academic integrity purposes,
the exact answers will not be shared, which includes which questions students
got correct and incorrect.
Policies
All ASU and Coursera policies will
be enforced during this course. For policy details, please consult the MCS
Graduate Handbook and the MCS Onboarding Course.
Absence
Policies
There are no required or mandatory
attendance events in this online course. Live Events, both Live Sessions hosted
by the faculty and Virtual Office Hours hosted by the course team do not take
attendance.
Students are to complete all
graded coursework (e.g., assignments, project, and exams). If exceptions for
graded coursework deadlines need to be made for excused absences, please reach
out to the course team by Sunday,
October 18, 2020 using the mcsonline@asu.edu email address (these
need to be built into the course). Review the exam availability windows and
schedule accordingly. The exam availability windows allow for your own
flexibility and you are expected to plan ahead. Personal travel does not
qualify as an excused absence and does not guarantee an exception.
Review the resources for what qualifies as an excused
absence and review the late penalties in the Assignment Deadlines section of
the syllabus and the course:
a. Excused absences related to religious observances/practices
that are in accord with ACD 304–04,
“Accommodation for Religious Practices”
b. Excused absences related to university
sanctioned events/activities that are in accord with ACD 304–02,
“Missed Classes Due to University-Sanctioned
Activities”
c.
Excused
absences related to missed class due to military line-of-duty activities that are
in accord with ACD 304–11,
“Missed Class Due to Military Line-of-Duty Activities,” and SSM 201–18,
“Accommodating Active Duty Military”
Policy Regarding Expected Course
Behavior
The aim of education is the
intellectual, personal, social, and ethical development of the individual. The
educational process is ideally conducted in an environment that encourages
reasoned discourse, intellectual honesty, openness to constructive change, and
respect for the rights of all individuals. Self-discipline and a respect for
the rights of others in the university community are necessary for the
fulfillment of such goals. An instructor may withdraw a student from a course
with a mark of “W” or “E” or employ other interventions when the student’s
behavior disrupts the educational process. For more information, review SSM 201–10.
If you identify something as
unacceptable classroom behavior on the class platform (e.g., Coursera
discussion forum) or communication channels (e.g., Zoom, virtual live session,
virtual office hours, Slack, etc.), please notify the course team using the mcsonline@asu.edu email. In the
discussion forums, you can also flag the post for our attention. For more
specifics on appropriate participation, please review our Netiquette
infographic.
Our classroom community rules are to:
● Be professional
● Be positive
● Be polite
● Be proactive
Academic Integrity
Students in this class must adhere
to ASU’s academic integrity policy, which can be found at https://provost.asu.edu/academic-integrity/policy. Students are responsible for reviewing this policy and
understanding each of the areas in which academic dishonesty can occur. In
addition, all engineering students are expected to adhere to both the ASU
Academic Integrity Honor Code and the Fulton Schools of Engineering Honor Code. All
academic integrity violations will be reported to the Fulton Schools of
Engineering Academic Integrity Office (AIO). The AIO maintains a record of all
violations and has access to academic integrity violations committed in all
other ASU colleges/schools.
Specific
academic integrity announcements for this class:
Security is a field that honors integrity to
the maximum extent. As an introductory course to security, this course has a
zero-tolerance policy towards academic integrity violations. Any academic
integrity violations will lead to a failure of this course (no refunds) with a
failing grade (F), and the violation will be reported to the university.
Copyright
All course content and materials,
including lectures (Zoom recorded lectures included), are copyrighted materials
and students may not share outside the class, upload to online websites not
approved by the instructor, sell, or distribute course content or notes taken
during the conduct of the course (see ACD 304–06,
“Commercial Note Taking Services” and ABOR Policy 5-308 F.14 for more
information).
You must refrain from uploading to
any course shell, discussion board, or website used by the course instructor or
other course forum, material that is not the student's original work, unless
the students first comply with all applicable copyright laws; faculty members
reserve the right to delete materials on the grounds of suspected copyright
infringement.
Policy Against Threatening Behavior
(SSM 104-02)
Students, faculty, staff, and
other individuals do not have an unqualified right of access to university
grounds, property, or services. Interfering with the peaceful conduct of
university-related business or
activities or remaining on campus grounds after a request to leave may be
considered a crime. All incidents and allegations of violent or threatening
conduct by an ASU student (whether on- or off-campus) must be reported to the
ASU Police Department (ASU
PD) and the Office of the Dean of Students.
Disability
Accommodations
Suitable accommodations will be
made for students having disabilities. Students needing accommodations must
register with the ASU Student Accessibility and Inclusive Learning Services and provide documentation of that registration to the
instructor. Students should communicate the need for an accommodation in
sufficient time for it to be properly arranged. See ACD 304-08 Classroom and
Testing Accommodations for Students with Disabilities.
Harassment and Sexual Discrimination
Arizona State University is
committed to providing an environment free of discrimination, harassment, or
retaliation for the entire university community, including all students,
faculty members, staff employees, and guests. ASU expressly prohibits
discrimination, harassment, and retaliation by employees, students,
contractors, or agents of the university based on any protected status: race,
color, religion, sex, national origin, age, disability, veteran status, sexual
orientation, gender identity, and genetic information.
Title IX is a federal law that
provides that no person be excluded on the basis of sex from participation in,
be denied benefits of, or be subjected to discrimination under any education
program or activity. Both Title IX and university policy make clear that sexual
violence and harassment based on sex is prohibited. An individual who believes
they have been subjected to sexual violence or harassed on the basis of sex can
seek support, including counseling and academic support, from the university.
If you or someone you know has been harassed on the basis of sex or sexually
assaulted, you can find information and resources at https://sexualviolenceprevention.asu.edu/faqs.
Mandated sexual harassment reporter: As a mandated reporter, I am obligated to report any
information I become aware of regarding alleged acts of sexual discrimination,
including sexual violence and dating violence. ASU Counseling Services, https://eoss.asu.edu/counseling, is available if you wish to discuss any concerns
confidentially and privately.
0 comments:
Post a Comment