Syllabus - Host-Based Security - University Alliance

Host-Based Security
MGT5156|Term:Summer12016
StudentAccess:5.2.201612:00AMEDT6.26.201611:59PMEDT|Section:1
Syllabus - Host-Based Security

CollapseAll
PrintOutline
Syllabus Entry
Instructor Email
YourinstructorsFloridaTechemailaddressislistedhere,butpleaseusetheusethecoursemessagingsystem
forcourserelatedmessages.
Instructor
LouayKaradsheh
E-mail
lkaradsheh@fit.edu
University Grading Scale

Grade
Quality
EquivalentRange
Points
excellent
90100
good
8089
average
7079
poor
6069
failure
059
incompletecoursework
auditnograde
pass,noeffectonGPA
officialwithdrawal
AU
Attendance
Attendanceisrequiredonaweeklybasis.Studentsareexpectedtoviewtheonlinelecturesintheweekthey
areoffered,andtologontothesiteoftenenoughtoremainabreastofthecommunicationontheMessageBoard
aswellasanyClassNewsorinformationfromtheProfessor.Itistheresponsibilityofthestudenttobeawareof
everythinghappeningintheclassonline.
Academic Honesty
AcademichonestyishighlyvaluedinFloridaTech'sonlinecourses.Thestudentmustalwayssubmitworkthat
representsoriginalwordsorideas.Ifanywordsorideasareusedthatdonotrepresentthoseoriginalwordsor
ideas,thestudentmustciteallrelevantsourcesandprovideacleardefinitionoftheextenttowhichsuch
sourceswereused.Wordsorideasthatrequirecitationinclude,butarenotlimitedtoallhardcopyorelectronic
publications,whethercopyrightedornot,andallverbalorvisualcommunicationwhenthecontentofsuch
communicationclearlyoriginatesfromanidentifiablesource.IntheFloridaTechonlinecourse,allsubmissions
toanypublicmeetingbulletinboardorprivatemailboxfallwithinthescopeofwordsandideasthatrequire
citationsifusedbysomeoneotherthantheoriginalauthor.Academicdishonestyinanonlinelearning
environmentcouldinvolve:
Havingatutororfriendcompleteaportionofthestudent'sassignments
Havingareviewermakeextensiverevisionstoanassignment
Copyingworksubmittedbyanotherstudenttoanotherpublicclassmeeting
Usinginformationfromonlineinformationserviceswithoutpropercitation
Anyofthesepracticescouldresultinchargesofacademicdishonesty.ForthecompleteFloridaTechpolicyon
academicdishonesty,cheatingandplagiarismseetheFloridaTechStudentHandbook:
http://www.fit.edu/studenthandbook/
Students with Disabilities

Individualswithdisabilitiesneedingspecialaccommodation(s)shouldcontactRachelDensler.Shemaybe
contactedbyphoneat(321)6748285orbyemailatdisabilityservices@fit.edu
Disaster Statement
SchoolClosure:
BothFloridaTechandtheUniversityAllianceobservenationalholidaysandstudentsarenotrequiredto
participateinclassesonsuchdays.InthecaseofanemergencyclosureofFloridaTechortheUniversity
Alliance,ifclassesarestillabletooperate,theywillcontinue.IntherarecasethattheLearningManagement
Systemisunavailableformaintenancereasons,classeswillresumeasquicklyaspossibleandstudentsshould
checktheUniversityAlliancewebsite(www.floridatechonline.com)regularlyforupdates
Naturaldisaster:
IfanaturaldisasterimpactstheMelbourne,FloridaareaallstudentsshouldchecktheFloridaTechwebsite
www.fit.eduorcall(800)8884348forupdates.
IntheeventthatanaturaldisasteroccursnearthestudentsresidencetheyshouldcontactCustomerService
at:18002809718atthesoonestopportunityandinformthemofthesituation.Theywillmaketheappropriate
contacttoinstructors.Finaldecisionsontheappropriatetimelinetocompletecourserequirementsareatthe
discretionoftheinstructor.
Course Withdrawal
Towithdrawpriortothestartofclass,youmustcontactyourUniversityAlliancerepresentative.Onceclass
begins,youmustwithdrawusingtheFloridaTech'sonlinestudentaccountsystem(PAWS).Ifyouareanew
student,PAWSaccessinformationwillbeprovidedpriortoclassstart.Youhavetheprerogativeofdroppinga
courseuntiltheendofthefirstweekofclasseswithoutreceivingagradeof"W".Afterthefirstweek,agradeof
"W"willbeassignedupuntilthefinalpublisheddateforwithdrawing(thelastdayofweeksix).Thatgradewillbe
reflectedonyourtranscript,butnotcalculatedintoyourgradepointaverage.Withdrawalsafterweeksixwill
resultinagradeof"F".Youareresponsibleformaintainingwrittenevidenceofalldrops/withdrawals.Telephone
andemaildrops/withdrawalswillnotbeaccepted.FollowingisatablethatclearlyoutlinesFloridaTech's
withdrawalandrefundpolicies:
WithdrawalPolicy/RefundChart
Week
WithdrawalPermitted
TuitionRefunded
Deadline
Yes
100%
BySundayat11:59PMET
Yes
60%
BySundayat11:59PMET
Yes
40%
BySundayat11:59PMET
Yes
NoRefund
BySundayat11:59PMET
Yes
NoRefund
BySundayat11:59PMET
Yes
NoRefund
BySundayat11:59PMET
No
NoRefundNoWithdrawal
No
NoRefundNoWithdrawal
PAWSisaccessiblethroughtheuniversityportalACCESSFloridaTech.TocontinuetoPAWSclickhere(opens
innewwindow)
Smarthinking
SMARTHINKING'sfundamentalobjectivesaretoengageandencouragestudentsinactivelearning,aswellas
toenhancetheirmotivation.Ourtutorsstrivetohelpstudentsdevelopsuccessfullearningskills,ratherthan
simply"givinganswers"or"doinghomework"forthem.Inaprofessionalandsupportiveenvironment,wefocus
onthepowerofhumaninteractionandtheuseoftechnologytoassistastudentcenteredtutoringprocess.
www.smarthinking.com
Course Introduction
CourseDescription
Exploressecurityrelatedaspectsofhostbasedcomputersecurity.Coverstheelementsofsystemsthatmake
themsecureorvulnerable,defensearchitectures,forensics,reverseengineering,metrics,virtualization,and
othertopics.Conveyskeyconceptsthroughhandsonexamples.
CourseObjectives
Aftercompletingthiscourse,studentsshouldbeableto:
Describehowhostandapplicationsecurityrelatesmoregenerallytocomputersecurity
Applysecurityconceptstothechallengeofprovidinghostandapplicationsecurity
Describethehostenvironmentandthewayapplicationsinteractwiththeunderlyinghostarchitecture
ApplybasicsecurityconceptstotheoperatingsysteminordertoevaluatethefunctionsprovidedbytheOS
fromasecurityperspective
Explainmalware,itsimplications,andremediationstrategies
Analyzethethreatofmaliciouscodeindifferentcontextsandapplythisevaluationtotheselectionof
remediationstrategies
AssesshowtheWebworksfromaclientperspectiveandapplythisknowledgetowebbasedsecurity
threatsfortheclient
Describecommonvulnerabilitytypesandapplyknowledgeoftheunderlyingarchitecturetoanalyzethe
dependenciesthatexistbetweenvulnerability,OS,andarchitecture
Explainsomeoftheimplicationsofthecloudandhostvirtualization
Applyconceptslearnedtoshapeandevaluatesecuritypoliciesinacorporateenvironment
Prerequisites
MGT5000,5002,5013,5014,5113,5114
CreditHours
3
Course Materials
TheArtofComputerVirusResearchandDefense,1sted.(2005).Szor,Peter.AddisonWesley.
Grading
Yourgradeinthiscoursewillbeourevaluationofyourperformance.Thisevaluationwillbebasedonyour
demonstratedcompetenceonassignmentsandexams.Theproportionalcontributionofeachwillbe:
Grading
Assignment
Points
ModuleAssignments(6@25)
150
ClassDiscussion(8@20)
160
Assignments(6@50)(1@60)
360
Exam#1(5modules)
130
Exam#2(11modules)
200
Total
1,000
GradingScale
PointRange
Grade
9001,000
880989
770879
660769
0659
Guidelines & Expectations

WeeklySchedule
Week
Module
Number
ModuleTitle
Introduction&
Overview
1
2
3a
2
3b
WhatIs
Security?
HowtheHost
Boots
Assignments
DiscussionTopics
Readpaper:"HowtoThinkAbout
Introduceyourself.
Security".
Whatarethe
Readstartofpaper:"A
implicationsof
MathematicalTheoryof
Shannon'sworkon
Communication".
security?
Module
Assignment
orExam
Module
Assignment1
on
terminology
Analyzethebootprocessand
lookforvulnerabilitiesread
Saltzer/Schroederpaper.
Synthesizetheinformation
shared.
Applicationsecurity
Module
Assignment2
ontheboot
process
CompareandcontrastLinux,iOS,
Discussopen
Module
Assignment3
HowtheOS
Works
andWindowswithrespectto
security.
Vulnerabilities
ReadSmashingtheStackfor
FunandProfitandThe
GeometryofInnocentFleshon
theBone.Usewhatyouhave
learnedtocreateanexploitfora
fileprovidedtoyou.
Malware
History
5
7
8
6
9a
9b
7
10
Computer
Viruses
VirusDefense
CaseStudy:
sourcevs.closed
sourceand
security.
onOS
security
features
DiscussROPand
codeinjection.
Exam1on
Modules15
Discusssomething
currentinmalware.
Module
Assignment4
onmalware
history
Discusshowtesting
ofantimalware
shouldbe
conducted.
Module
Assignment5
onviruses
anddetection
Discusswhether
desktop
virtualizationisa
panacea.
Module
Assignment6
onweb
vulnerabilities
Exam2on
entirecourse
Read"YourBotnetisMyBotnet".
Writeapolymorphic"HelloWorld"
generator.
Writeadetectorforthe
generators.
Web,Part1
ReadChromesecuritypaper.
CaseStudy:
WriteademonstrationofanXSS
Web,Part2
attack.
Virtualization
ReadIntelvirtualizationpaper.
Read"SoLongandThanksforAll
theExternalities".
8
11
Management
oftheHost
Comeupwithavulnerability
analysisofyourownhost,and
applythistoacompany.
ModuleAssignmentsandDiscussionTopics
Foreachmoduleorgroupofmodules,therewillbeamoduleassignmentusingessayquestionsthatcover
termsandconceptsfromthechapterassignedforthatmodule.YoumustuseAPAcitationsforanysources
used,includingthetextbook.ResponsesmustbesubmittedtotheDigitalDropBoxbySundayat11:59p.m.
EST.
Eachweek,therewillbeadiscussiontopicthatrelatestooneofthemodulescoveredthatweek.Studentswill
berequiredtopostoneoriginalcommentandalsoreplytoatleasttwootherstudentpostings.Theywillreceive
upto10pointsfortheoriginalpostingandupto10pointsforthefollowuppostings.Thesepointsarebasedon
thecontentandcontributionofthepost,notsimplyonitsexistence.
ForEACHdiscussionquestion,youmustprovideasubstantiveandrelevantresponse(atleast200words)
tothemainquestionANDtoatleasttwo(2)otherstudents'comments(atleast100wordseach)inthe
questionthread
Responsesthatreferenceexternalarticles,webpages,orbooksmustbecitedproperly
YourinitialpostshouldcontainatleastTWOexternalpeerreviewedsources(beyondthetextbook)
EACHresponsemustnotbebasedonopinion,butratherdemonstratethatyouhavesynthesizedthe
informationyouhavegatheredinordertocometoascholarlyconclusion.Youmustciteevidenceinthe
formofpeerreviewedliteraturetosupportyourconclusion
AllinformationmustbeparaphrasedfromtheoriginalsourceandmustusecitationsinAPAformatto
supporttheparaphrasedinformation
Important!Alackofparticipationinthediscussionboardbyotherstudentsshouldnotserveasahindrance
foryoutoparticipateindiscussion.Intheeventothershavenotengagedindiscussion,youstillneedto
posttherequirednumberofresponses
HomeworkAssignments
Papersshouldshowtheauthorandwheretheyareavailableonline
Assignmentswillbepostedonlineandsubmittedviathedigitaldropbox
Exams
Exam#1willconsistofessayquestionsandcoversModules15
Exam#2willconsistofessayquestionsandcoversallthematerialinthecourse
Examsshouldbetreatedlikeresearchpapers.Answersmustincludeproperlycitedreferences.
ResearchGuide
ToassistyouinutilizingtheFITLibrary,pleaseviewtheComputerScienceandInformationSystem's
"ResearchGuide".
Online Tutoring
Inadditiontoyourprofessorinthisclass,wehavemadearrangementsforyoutoaccessanonlinetutoring
serviceifyouwanttogetextrahelpwithmathandwriting.Whenyouclickonthelinkbelow,youwill
automaticallybeloggedintoawebsiteforthetutoringservice,offeredbySmarthinking.Noaccountsetupis
necessary,andthereisnoadditionalcosttoyouforthisservice.Youwillseeonthatpagethatyouhavethe
optiontoscheduleasessionwithatutor,submitaquestion,orsubmityourwritingforfeedback.
www.smarthinking.com
Week 1
Introduction and Overview

Howdovirusesandrootkitswork?IsaMacreallymoresecurethanaPC?WeexaminewhytheWebisa
dangerousplaceandconsiderhowcomputersecurityrelatestohostsandapplications.
Aftercompletingthismodule,studentsshouldbeableto:
Describethegoalsandscopeofthisclass
Identifybasictermsassociatedwithhostbasedsecurity
Lecture
Introduction&Overview
Wewillidentifybasictermsusedthroughoutthiscourseanddiscusscoursegoals.
Reading
Read
HowtoThinkAboutSecurity,Whittaker&Ford,IEEESecurity&Privacy,2006
Discussion
Introduction
Pleasetakeamomenttointroduceyourselftoyourclassmates.
DiscussionGuidelines
Youcanearnupto20pointsforeachweeklydiscussionboard.Youmustprovideanoriginalresponseofyour
ownandatleasttworepliestoclassmates.
Initialpost(10points)
YouroriginalpostisduebyWednesdayat11:59p.m.ET
Replyposts(10points)
YourresponsesareduebySundayat11:59p.m.ET
What Is Security?
Recognizesecurityinthecontextofthehost/application
Explainthedifferencesbetweenconfidentialityandintegrity
Deducetheimpactofmalicewhenanalyzingasystem
Describesystemsfromtheperspectiveofanattacker
Lecture
WhatIsSecurity?
Analyzethedifferencesbetweenconfidentiality,availability,andintegrity,andevaluatesystemsfromthe
perspectiveofanattacker.
Reading
Read
First11pagesofAMathematicalTheoryofCommunication,Shannon,TheBellSystemTechnical
Journal,1948
Discussion
SecurityImplications
WhataretheimplicationsofShannonsworkonsecurity?
Terminology Module Assignment

TerminologyModuleAssignment
Thismoduleassignmentcontainstenessayquestions
Thequestionscanbefoundhere
BesuretouseappropriateAPAcitationsforanysources,includingthetextbook
ClicktheSubmitAssignmentbelowtouploadyourassignmenttotheDigitalDropBox
DuebySundayat11:59p.m.ET
Week 2
How the Host Boots

Whattakesplacewhencomputersboot?Howdoesthecomputerworkonthelowestlevel?Wediscussdetails
ofsystemsoperationasafoundationforsecurityandexaminethenumerouswaysthebootsequenceis
vulnerabletoattack.
Describethewaymoderncomputersboot
Analyzethewaysinwhichthebootsequencecanbeleveragedbyanattacker
Explaintheroleoftrustedcomponentsinthebootsequence
Lecture
TheHost,Part1:BootSequence
Weexplorehowthehost,CPU,assemblylanguage,physicalmemory,poweron,POST,andthebootsector
relatetooneanotherinabootsequence.
Lecture
TheHost,Part2
Identifythepartsofthebootingsequencethatarevulnerabletoattacks.
Reading
Read
Chapter4inTheArtofComputerVirusResearchandDefense,Szor,2005
TheProtectionofInformationinComputerSystems,Saltzer&Schroeder,1975
Assignment
Essay
Whatarethevulnerabilitiesinthebootprocess?Whatcananattackerexploit?
Guidelines
Youressayshouldinclude:
APAformatting:coverpage,referencespage,12pointTimesNewRoman,anddoublespacing
IncludeacoverpageformattedtoAPAspecifications
Includeareferencespageandatleasttworeferencesbeyondthecoursetextbook
Length:onetotwopages(doublespaced)
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DuebySaturday11:59p.m.ET
Plagiarism
Threecommontypesofplagiarismyouneedtobeawareofasastudent:
Recyclingapaperdoubledippingselfplagiarism:Reusingapaperyouhavewrittenforaprevious
course
Copyingdirectlyfromasourcewithoutproperquotationsorparaphrasing:Whenyoutrytopass
somethingoffasyourownwork
Notusingpropercitations
AccordingtotheAcademicIntegrityandAcademicDishonestyHandbook:
Yourpapershouldhaveatleast80%ofyourownoriginalthought,notborrowed,paraphrased[or]quotedfrom
materialpulledfromtheInternet,articles,journals,books,etc.Yourthoughts,notsomeoneelses!
PleasereviewtheHandbookformoreexamplesofplagiarismandhowtoavoidit.
Discussion
AnAttacker'sPerspective
Discusshowanattackerlooksatthesystem.
Boot Process Module Assignment

BootProcessModuleAssignment
Week 3
How the OS Works

WeexploretheprocessofensuringOSintegrity,confidentiality,andavailability,andidentifythemeasuresused
toprotecttheOSfromthreats,viruses,worms,malware,orremotehackerintrusions.
Describecommonapproachesforprotectingmemoryandotherresources
Describethecommonaccesscontrolapproachesindetail
Explainwhymodernoperatingsystemsaredesignedthewaytheyare
Lecture
OperatingSystemSecurity,Part1
Examinetheroleoftheoperatingsystemandconsiderhowitsprimaryservices,directaccess,andmemory
managementaffectsecurity.
Lecture
OperatingSystemSecurity,Part2
Identifythecapabilitiesandweaknessesofvarioustypesofaccesscontrolapproachesandmodels.
Reading
Read
Chapters2and3inTheArtofComputerVirusResearchandDefense,Szor,2005
Assignment
Essay
WriteanessaycontrastingthesecuritymodelsofLinux,iOS,andWindows.Whichismoresecureandwhy?
Guidelines
Plagiarism
course
Discussion
OpenSourcevs.ClosedSource
Discussopensourcevs.closedsourceandsecurity.
OS Security Module Assignment

OSSecurityModuleAssignment
ModuleAssignmentduebySundayat11:59p.m.ET
Week 4
Vulnerabilities
Thisweek,weexplorecommonvulnerabilities,identifywaysacomputercanbebroken,andcompareand
contrastcodeanddataonmoderncomputers.
Listthedifferenttypesofvulnerabilitythatapplicationshave
Describehowabufferoverruncanbeexploited
Describehowreturnorientedprogrammingworks
Exploitdifferentvulnerabilities
Lecture
Vulnerabilities:HowThingsGoWrong,Part1
Howdoattackersexploitcomputervulnerabilities?Reviewescalationofprivilegeexamplesandconsiderrace
conditions,misconfigurations,designflaws,andconfuseddeputyproblems.
Lecture
Vulnerabilities:HowThingsGoWrong,Part2
Inthislecture,wediscussbinarycodeandcodeinjection.Wealsoidentifytypesofapplicationvulnerabilities
andhowastackbasedbufferoverruncanbeexploited.
Reading
Read
SmashingtheStackforFunandProfit,AlephOne,Phrack,1996
TheGeometryofInnocentFleshontheBone,Shacham,ACM,2007
Assignment
Essay
Describeindetailcodeinjectionattacksandthecountermeasuresthatexisttostopthem.Whatfuturesolutions
arethere?
Guidelines
Yourresponseshouldinclude:
Plagiarism
course
Discussion
ROPandCodeInjection
DiscussROPandcodeinjection.
Midterm Exam
MidtermExam
ContainsmaterialsfromModules15
Thisexamcontainsfiveessayquestions
Answersmustincludeproperlycitedreferencesandshouldbetreatedlikearesearchpaper
Youhave3hourstocompleteyourexam
ExamduebySundayat11:59p.m.ET
Week 5
Malware History
Explorethehistoryandevolutionofmaliciouscodeandidentifysomeofthemorethreateningviruses,spyware,
worms,androotkitsthathavebeencreated.
Placecurrenteventsinmalwareintheirhistoricalperspective
Describetheevolutionofmalwarefromtheverybeginningoftheproblem
Lecture
MalwareHistory
Inordertograspthetrajectoryofmalware,weexploreitshistory.
Reading
Read
YourBotnetisMyBotnet:AnalysisofaBotnetTakeover,StoneGrossetal.,ACM,2009
Computer Viruses
Describehowbootviruseswork
Describehowparasiticfileviruseswork
Describehowstealthworksformalware
Describehowpolymorphismandmetamorphismwork
Lecture
ComputerViruses:TheArtoftheAttacker
Discoverthevarioustypesofviruses,andexaminetheprocessofoverwritingthem.
Assignment
Essay
Whatarethefinancialandothermodelswhichdrivemalware?Howdotheyimpactthetypesofmalwareseen?
Guidelines
Plagiarism
course
Discussion
CurrentEvents
Discusssomethingcurrentinmalware.
Malware History Module Assignment

MalwareHistoryModuleAssignment
Thismoduleassignmentcontains10essayquestions
Week 6
Virus Defense
HowdoestheWebreallywork?Howdohackersconcealtheirattacks,andhowcanapplicationsecuritydefend
againstthem?Weinvestigateactiveandpassivestealth,identifygenericapproachestodefenseandspecific
defensemechanisms,andexplorethesecondgenerationofvirusscanners.
Contrastbenefitsanddisadvantagesofdifferentprotectionschemes
Explainhowscannerswork
Explainhowstealthandpolymorphismimpactthedefender
Describeheuristics,checksumming,andgenericdetection
Lecture
VirusDefense
Contrastthebenefitsanddisadvantagesofdifferentprotectionschemes,andexamineheuristics,
checksumming,andgenericdetection.
Reading
Read
Chapters11and12inTheArtofComputerVirusResearchandDefense,Szor,2005
Assignment
Essay
Howdoesantimalwaresoftwaredetectviruses?Whattechniquesareavailable,andhowdotheydiffer?
Guidelines
Plagiarism
course
Case Study: Web Security, Part 1

Haveyoueverbeenhackedorknowofarecentsituationinthenews?Wewilldiscoverwhy,asanenduser
machine,theWebisthelargestvulnerabilityandinfectionvector.
Explain,fromaclientperspective,howtheWebworks,withparticularemphasisonstate
ExploitsimpleXSSvulnerabilities
Analyzeanapplicationanddeterminehowitposesrisktotheclient
Enumerateandexplainthedifferentprimarysourcesofvulnerability
Lecture
CaseStudy:WebSecurity,Part1
Discoverwhy,asanendusermachine,theWebisthelargestvulnerabilityandinfectionvector.
Reading
Read
BrowserSecurity:LessonsfromGoogleChrome,Reisetal.,ACM,2009
Discussion
AntiMalwareTesting
Discusshowtestingofantimalwareshouldbeconducted.
Viruses and Virus Detection Module Assignment

VirusesandVirusDetectionModuleAssignment
Week 7
Case Study: Web Security, Part 2

Whataretheweaknessesofthewebmodel?Willthecloudmakehostandapplicationsecurityathingofthe
past?Weexaminehowvirtualizationworksandconsidertheconfidentiality,integrity,andlegalissuesofthe
cloud.
Explain,fromaclientperspective,howtheWebworks,withparticularemphasisonstate
ExploitsimpleXSSvulnerabilities
Analyzeanapplicationanddeterminehowitposesrisktotheclient
Enumerateandexplainthedifferentprimarysourcesofvulnerability
Lecture
CaseStudy:WebSecurity,Part2
Exploremorespecificwebvulnerabilities,suchascrosssitescriptingandclickjacking.
Assignment
Essay
Inanessayform,developanexampleofanXSSvulnerabilityandanexploitwhichdisplaysit.Youwillbe
expectedtoincludeasnippetofcodewhichillustratesanXSSvulnerabilityandalsoprovidessomegeneral
discussionofXSSvulnerabilities.
Guidelines
Yourresponseshouldinclude:
Plagiarism
course
Virtualization
DescribehowOSvirtualizationworks
Describeissuesthatimpactthedevelopmentofeconomicmodelsforsecurity,andexplainhowcorporate
culturecanaffecteconomicdecisionmaking
Lecture
Virtualization
Analyzehowvirtualizationcanhelpandhurtsecurity.
Reading
Read
IntelVirtualizationTechnology:HardwareSupportforEfficientProcessorVirtualization,Neigeretal.,
IntelTechnologyJournal,2006
Discussion
DesktopVirtualization
Discusswhetherdesktopvirtualizationisapanacea.
Web Vulnerabilities Module Assignment

WebVulnerabilitiesModuleAssignment
Week 8
Management of the Host

Howcanweapplytheideaswevediscussedtomanagingahost?Weexplorepatchmanagement,considerhow
tomitigateattackswhennodirectfixisavailable,andexaminehowtoreducetheattacksurfacebyusing
securebydefault.
Applylessonslearnedtotheproblemofsecurityforhostswithintheenterprise
Describedifferentlevelsofrisk
Lecture
Management,Part1
Inthistwopartlecture,wewillfocusonhowtomanagehostsecurityandputintopracticewhatwehavelearned
throughoutthecourse.
Lecture
Management,Part2
Inparttwoofthislecture,wewillanswerthefollowingquestion:Howcanyouknowyourpatchingprocedures
areworking?
Reading
Read
SoLong,andNoThanksfortheExternalities,Herley,ACM,2009
Assignment
Essay
YouaretheCISOofalargecompany.Usingyourownmachineasanexample,tellmehowyouwouldharden
yourownmachineandhowyouwouldhardenmachinesacrossthecompany,usingideasgarneredfromthis
class.
Guidelines
Plagiarism
course
Final Exam
FinalExam
Containsmaterialsfromtheentirecourse
Thisexamcontainsfiveessayquestions
Answersmustincludeproperlycitedreferencesandshouldbetreatedlikearesearchpaper
Youhave3hourstocompleteyourexam
ExamduebySundayat11:59p.m.ET
UniversityAllianceOnlineisadivisionofBiskEducation,Inc.2015Bisk
Education.Allrightsreserved.Company,products,servicenamesmaybe
trademarksoftheirrespectiveowners.

Syllabus - Host-Based Security - University Alliance

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Syllabus - Host-Based Security - University Alliance

Hochgeladen von

Copyright:

Verfügbare Formate

Host-Based Security

Syllabus - Host-Based Security

University Grading Scale

Students with Disabilities

Guidelines & Expectations

Introduction and Overview

Terminology Module Assignment

How the Host Boots

Boot Process Module Assignment

How the OS Works

OS Security Module Assignment

Malware History Module Assignment

Case Study: Web Security, Part 1

Viruses and Virus Detection Module Assignment

Case Study: Web Security, Part 2

Web Vulnerabilities Module Assignment

Management of the Host

Das könnte Ihnen auch gefallen