|February 1||Tuesday||Overview||Chapter 1|
|February 3||Thursday||Introduction to Cryptography||Chapter 2|
|February 8||Tuesday||Stream and Block Ciphers||Sections 3.2, 3.6-3.7|
Paper Summary 1 due
|February 15||Tuesday||DES and 3DES||Sections 3.1, 3.3-3.4, 6.1|
|February 17||Thursday||Applied Symmetric Encryption||Chapter 7|
|February 22||Tuesday||Public-Key Cryptography||Chapter 9|
Paper Summary 2 due
|March 1||Tuesday||Message Authentication||Chapter 11|
|March 3||Thursday||Hash Functions||
Sections 12.1-12.2, 12.4
Friedl, S. J., "An Illustrated Guide to Cryptographic Hashes," September 2004.
|March 8||Tuesday||Digital Signatures||Chapter 13|
Paper Summary 3 due
Bryant, B., "Designing an Authentication System: a Dialogue in Four Scenes," February 1998. Tung, B., "The Moron's Guide to Kerberos," December 1996.
|March 15||Tuesday||E-mail Encryption||Section 15.1|
|March 17||Thursday||Networking and TCP/IP||Kessler, G. C., "An Overview of TCP/IP Protocols and the Internet," December 2004.|
|March 22||Tuesday||TCP/IP Weaknesses||Bellovin, S.M., "A Look Back at 'Security Problems in the TCP/IP Protocol Suite,'" Invited Paper, "Classic Papers" Session, 20th Annual Computer Security Applications Conference, December 2004.|
Chapter 1, Sections 2.1-2, 3.2-7, 6.1,4, 7.2-3, Chapter 9, Sections 10.1-2, Chapter 11, Sections 12.1-2,4, 13.1-2, 14.1
|March 29||Tuesday||Spring Recess - No class|
|March 31||Thursday||Cesar Chavez Day - No class|
Paper Summary 4 due
Paper Summary 5 due
|April 12||Tuesday||SQL Injection and Cross-Site Scripting||
Friedl, S. J., "SQL Injection Attacks by Example," December 2004.
CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests
|April 14||Thursday||Intrusion Detection||Chapter 18|
|April 19||Tuesday||Viruses, Worms, and Log Analysis||Chapter 19|
Paper Summary 6 due
|April 26||Tuesday||Perimeter Defense||Synder, J., "Six Strategies for Defense-in-Depth," Aruba Wireless Networks|
|April 28||Thursday||Hardening and the SANS Top 20||The SANS Top 20 Internet Security Vulnerabilities|
|May 3||Tuesday||Vulnerability Assessment and Penetration Testing||
Dhanjani, N., "Installing and Configuring Nessus," ONLamp.com, April 2004.
Dhanjani, N., "Writing Nessus Plugins," ONLamp.com, June 2004.
McNab, C., "IP Network Scanning," Chapter 4 of Network Security Assessment, O'Reilly and Associates, March 2004.
Buffer Overflows and Shellcode
Paper Summary 7 due
|Aleph One, "Smashing the Stack for Fun and Profit," Phrack, Vol. 7, No. 47, November 1996.|
|May 10||Tuesday||Security Policies||Guel, M. D., "A Short Primer for Developing Security Policies," The SANS Institute, 2001.|
|May 12||Thursday||Threat Modeling and Risk Assessment||
Schneier, B., "Threat Modeling and Risk Assessment," "Security Policies and Countermeasures," and "Attack Trees," Chapters 19-21 of Secrets and Lies, John Wiley and Sons, 2000.
Meier, J., Mackman, A., et al., "Threat Modeling," Chapter 3 of Improving Web Application Security: Threats and Countermeasures, Microsoft Press, June 2003.
|May 17||Tuesday||Authentication, Authorization, and Accounting||
Kormann, D. P. and Rubin, A., "Risks of the Passport Single Signon Protocol," Computer Networks, Elsevier Science Press, volume 33, pages 51-58, 2000.
Matsumoto, T., Matsumoto, H., Yamada, K., and Hoshino, S., "Impact of Artificial 'Gummy' Fingers on Fingerprint Systems," Proceedings of SPIE Vol. #4677, January 2002.
Incident Response and Forensics
Paper Summary 8 due
Baker, S., Green, T., et al., "Checking Microsoft Windows Systems for Signs of Compromise," Forum for Incident Response and Security Teams Best Practice Guide, October 2004.
Green, T., and Baker, S., "Checking UNIX/LINUX Systems for Signs of Compromise," Forum for Incident Response and Security Teams Best Practice Guide, April 2005.
Final Exam, 5:00-6:50pm
Extra Credit Summary due