Topic | Name | Description |
---|---|---|
Course Introduction | ||
Unit 1: Computer Security Concepts | ||
1.1: Introduction to Information Security | Read these sections, which introduce information security. |
|
1.2: Introduction to Data and Network Security | Watch this lecture to learn about the methods for managing risks to information assets. IT practitioners seek to protect the confidentiality, integrity, and availability of data and their delivery systems - whether the data are in storage, in processing, or in transit, and whether threatened by malice or accident. |
|
1.3: Confidentiality, Integrity, and Availability | Read this page for an overview of the basic security concepts of confidentiality, integrity, and availability. |
|
1.4: NIST FIPS 199 Standard | Read this document to gain a better understanding of the security objectives of confidentiality, integrity, and availability. |
|
1.5: Assets and Threats | Read this article for an introduction to the types of information assets and associated threats. |
|
Unit 2: Basic Cryptographic Concepts | ||
2.1: Basic Cryptography Concepts: Symmetric Encryption Algorithms | Watch this video about the basics of information security and cryptographic concepts related to symmetric encryption algorithms like DES, Triple DES, and AES. |
|
2.2: Purpose of Cryptography | Read section 2 about basic cryptographic concepts. |
|
2.3: Data Encryption Standard (DES) | Read section 5.4 about DES symmetric key cryptography algorithm. |
|
2.4: Triple DES | Read this page about how Triple DES makes use of DES to improve on encryption-based security. |
|
2.5: Advanced Encryption Standard (AES) | Read section 5.9 about the advanced encryption standard (AES) algorithm. |
|
Unit 3: Public-Key Encryption | ||
3.1: Introduction to Public-Key Cryptography | Watch this video about the origins of cryptographic concepts. Whitfield Diffie, a key figure in the discovery of public-key cryptography, traces the growth of information security through the 20th century and into the 21st. In the 1970s, the world of information security was transformed by public-key cryptography, the radical revision of cryptographic thinking that allowed people with no prior contact to communicate securely. Public-key solved security problems born of the revolution in information technology that characterized the 20th century and made Internet commerce possible. Security problems rarely stay solved, however. Continuing growth in computing, networking, and wireless applications have given rise to new security problems that are already confronting us. |
|
3.2: Public-Key Encryption Algorithms | Watch these videos about cryptographic concepts related to public-key algorithms, such as the RSA algorithm and the Diffie-Hellman algorithm and how they are used in network security. |
|
3.3: Public-Key Cryptography | Read section 3.2 about the key concepts behind public-key cryptography. After reading this section, explain the history of public-key cryptography, the factorization problem, and describe how RSA works. |
|
3.4: RSA Public-Key Algorithm | Read section 5.3 about the steps in the RSA Public-Key Algorithm. After reading, you should be able to describe a simple example of generating public/private keys for RSA systems and describe the process of encrypting and decrypting a message. |
|
3.5: Diffie-Hellman Algorithm | Read section 5.2 about the steps in the Diffie-Hellman Public-Key Algorithm. |
|
3.6: Cryptography in Practice | Download this software, try to use different methods to encrypt messages, and then try to use the analysis tools to analyze the entropy such as floating frequency, histogram, N-Gram, autocorrelation, and periodicity, etc. Also try to use symmetric key ciphers such as DES and asymmetric ciphers such as RSA, DH, etc. |
|
Unit 4: Access Control Mechanisms | ||
4.1: Authentication | Read this chapter about authentication, a process of determining if a user or entity is who he/she claims to be. |
|
4.2: Access Control and Authorization | Read this chapter about discretionary access control (DAC) and role-based access control (RBAC), a technical means for controlling access to computer resources. |
|
4.3: Role-Based Access Control | Read this page about role-based access control (RBAC), a technical means for controlling access to computer resources. |
|
4.4: Role-Based Access Control and Role Graph Model | Watch this video about techniques used in context of Role-Based Access Control mechanism. |
|
Unit 5: Security Solutions | ||
5.1: Security Protocols and Solutions | Watch this video about cryptographic concepts related to Secure Sockets Layer (SSL), Secure Shell (SSH), and Internet Protocol Security (IPSec). |
|
5.2: Internet Protocol Security | Read section 5.6 about Internet Protocol for securing communications. After reading this section, describe the two modes for IPSec: AH and ESP. Also try to explain how to use AH and ESP to build VPN (tunnel mode and transport mode). |
|
5.3: Secure Sockets Layer | Read section 5.7 about the SSL family of protocols for securing transactions over the Internet. When reading this section, please pay special attention to the diagram in Figure 5. You need to be able to explain the message flows in Figure 5 for SSL/TLS. |
|
5.4: Pretty Good Privacy | Read section 5.5 about Pretty Good Privacy (PGP), one of today's most widely used public-key cryptography programs. |
|
Unit 6: Firewalls, Intrusion Detection, and Intrusion Prevention | ||
6.1: Security Protocols and Solutions | Watch this video. Following a brief introduction to intranets and extranets used frequently today by businesses, Sengupta explains cryptographic concepts related to securing communication using firewalls. |
|
6.2: Firewall | Read this page. |
|
Read this page. |
||
6.3: Host-Based IDS vs. Network-Based IDS | Read this article about host-based and network-based intrusion detection systems. |
|
6.4: Network Attacks and Defense | Read this chapter. While you read, try to explain various attacks, the skills that are needed for carrying out these attacks, and how to defend your system against these attacks. |
|
Unit 7: Physical Security | ||
7.1: Physical Security | Read this chapter. |
|
Read this chapter. After reading these chapters, explain the relationship between threat models and attacks. Take the communication examples in the chapters and try to explain different attacks based on different assumption of threat models. |
||
7.2: NASA's Physical Security Program | Read this page about NASA's physical security program. Physical security in IT context requires most of the ideas discussed here, even though they were developed in the context of NASA's requirements. |
|
7.3: Types of Attacks | Read this page. After you read, explain how the attacker identifies the target/victim and how to carry out social engineering via various approaches (phones, online chatting, Dumpster diving, reverse engineering etc.). |
|
Unit 8: Malicious Software and Software Security | ||
8.1: Malicious Web | Watch this video to learn about how malicious actors leverage legitimate websites for the delivery of attacks that target vulnerabilities in client-side software. |
|
8.2: Internet Security Issues | Watch this video to learn about security issues on the Internet, and what could have been done differently had we realized this was going to be the global information exchange infrastructure of the 21st century. |
|
8.3: Types of Internet Security Issues | Read this page. While you read, try to explain the modes of DoS attacks, such as consumption of scarce resources, configuration information alternation, and physical destruction. For DDoS attacks, describe the tools that are used for DDoS, why the DDoS attacks are possible, and the protocol vulnerabilities that are used in DDoS attacks. |
|
Read this page. |
||
8.4: Secure Coding | Read this page. After you read, describe the top 10 best practices for secure coding and describe the principles for secure coding (e.g., separation of duties, least privilege). |
|
Read this page. |
||
8.5: Electronic and Information Warfare | Read this chapter. After you read, describe the different attacks on communication systems and how one could use these attacks to carry out information warfare (in particular, based on the interaction between civil and military uses). |
|
Unit 9: Security Risk Management | ||
9.1: How Much Security Do You Really Need? | Read this page to learn about the basics of risk assessment. |
|
9.2: Risk Management | Watch this video about security and the risk management process. |
|
9.3: Information Security Risk Assessment Case Studies | Read the introduction to this report. After you read, describe the recommended process for risk assessment including the different roles involved. Then, read each of the case studies. As you read, try to map these two case studies to the risk assessment processes in the introduction. |
|
9.4: Risk Assessment in Practice | Download and install this program. Use some simple cases to carry out a business risk profile assessment and defense in depth assessment. |