Introduction to Information Security
Information security is becoming increasingly important in today's networked world, and is impacting every aspect of our lives including finance, healthcare, government, education, arts and entertainment.
The object of this course is to teach the basic principles of information security from the perspective of providing security awareness and its best practices for the real world.
- Motivation for security
- Tools and techniques used by adversaries to gather information and launch attacks
- Internet security, firewalls, basics of encryption and authentication, virus protection, secure credit card and bank transactions, wireless security, computer forensics, identity theft and protection, anti-phishing and biometric security
Content will be delivered via a combination of lectures and discussions in the class times and interactive exercises in the lab times.
- Define the terms identification, authentification, authorization, and distinguish between them
- Explain the purpose and function of cryptography
- Explain what access control entails and its purpose
- Describe the purpose, differences, advantages, and disadvantages of capabilities-based and access control list (ACL) based systems
- Explain the operation and differences of public key encryption and symmetric key encryption
- Describe the fundamental concepts in TCP/IP networks, including: the IP address scheme, subnets and net masks, routing, and ports
- Explain what port scanning, sniffing, and intrusion detection entails
- Describe form, function and purpose of common social engineering attacks, such as pretexting, phishing, baiting, etc
- Explain the purpose and operation of a firewall
- Explain the purpose, setup, and operation of an intrusion detection system (IDS)
- Use a port scanner and sniffer to identify potential vulnerabilities in a network
- Design and implement a firewall configuration to protect hosts in a small office or home office (SOHO) environment against common vulnerabilities
- Differentiate between various forms of malware such as viruses, worms, trojans, etc
- Describe form, function, advantages, and disadvantages of various best practices, countermeasures, and defenses against social engineering and malware attacks
- Formulate an attack on a host using a series of commonly known exploits
- Formulate a defense of a host against a series of commonly known exploits
There are no prerequisites for this class.
Textbook: The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice. Second Edition. Author: Jason Andress