IFSM 430 - Information and Security

	Information and Security Term 5, 2006
[ ]

	Home

	Homework
	Course Information
	Class Photo
	Textbooks
	Certification
	Mailing List
	Class Notes
	Links
	Trivia Scores

A survey course on establishing and maintaining a practical information security program. The security aspects and implications of database, telecommunications systems, and software are examined, along with techniques used to assess risks and discover abuses of systems.

In this class, you are going to be learning about breaking into and protecting computer systems.

Don't even think about taking this class unless you have taken IFSM 300 and IFSM 201. I would also suggest that you take IFSM 310, CMIS 325, IFSM 410 , and IFSM 450 before this class, since this course deals with hwardware, software and network protection, on a variety of platforms.

This class is prepare you for the Security+ Exam, but it is a tough test! Start studying now!

NEWS

Final today!
Security Certifications Earned: 4

Important - If you use VoIP in Korea - Read This

Mailing List is set up
Sign up before class starts

Download the free Security+ ebook


Homework

Date	#	Assignments
Jun 07	01	Register for the class Buy the book Sign up for the mailing list!
Jun 09	02	Read Chapter 1 - Introduction Bring laptops - we are installing Windows 2000 Server
Jun 12	03	Read Chapter 2 - The Need for Security Bring laptops, with Windows 2000 Server installed
Jun 14	04	Read Chapter 3 - Legal, Ethical and Professional Issues Password Challenge File: password_challenge.doc Bring in a printed report about your home computer Download Windows 2000 SP4 and bring to class Download Windows 2000 Update Rollup 1 and bring to class Download BGInfo and bring to class
Jun 19	05	Exam - 33 Questions, 30 Minutes - Covers Classes 1-4 Read Chapter 4 Download msxml.msi update and bring to class Download Microsoft Baseline Security Analyzer and bring to class Download PGP and bring it to class.
Jun 21	06	Read Chapter 5 Download WinStrobe and bring to class
Jun 26	07	PGP message to is be encrypted, signed and sent to submit.homework@gmail.com before Monday @ Noon. Print out and bring teacher's response message to class for grade.
Jun 28	08	Read Chapter 6 - Firewalls and VPNs Download fport and bring to class Download and print out the Hardening Instructions
Jul 03	09	Phishing Homework - Turn in Report on The Phishing Quiz at start of class Download and copy to VMware IIS Lockdown Tool ACL Worksheet - print and print to class ACL Spreadsheet - download and bring to class
Jul 05	10	Exam - 35 Questions, 30 Minutes - Covers Classes 5-9 Read Chapter 7
Jul 10	11	Security+ Cramsession Read Chapters 8 and 9
Jul 12	12	Security+ Cramsession Read Chapter 10 - Implementing Security
Jul 17	13	Computer Crime Investigation - Bring two prinouts of your report to class
Jul 18	14	Read Chapter 11 - Security and Personnel Ferengi Rules of Acquisition
Jul 24	15	Read Chapter 12
Jul 26	16	Final Exam - Comprehensive


Class Photos


Click here to see the class photo!


Course Information

Course Syllabus
On Being a Maryland Student - Your Rights and Responsibilities
Asian Division Catalog
Asian Division Student Handbook - Good tips for new and old students

Avoiding Plagiarism: The Proper Use of Sources
UMAD Academic Policies and Standards


Textbooks

Required

Whitman (2005) Principles of Information Security 2nd Ed ISBN: 0-619-21625-5

The Cuckoo's Egg, Cliff Stoll
eBook: Decrypting the Security+ Beta Exam, from AlphaGeekProductions

Recommended

Security+ Study Guide and DVD Training System, by Robert J. Shimonski
eBook: Safe & Secure Home Computer by D. Norris


Certification

Brainbench E-Certifications (Free)

Home Page

Microsoft

Exam 70-220: Designing Security for a Windows 2000 Network

CompTIA

Security+


Mailing List

I have set up a mailing list for all the students in the class. We can use this list to discuss class topics, assignments, problems, tips, etc... I require all the students to sign up for this list.

Note: You need to use an email address that reflects your name. If I can't figure out your email, I can not give you a grade for this assignment.

To subscribe to the list, send mail to ifsm430-065-subscribe@thinairlabs.com

In the body of the message enter: subscribe

Note: It is best if you cut and paste this information. You are sending email to an automated program, not a person. Follow the directons exactly, and you will be added to the list. You will have to reply to the confirmation message that is sent. Students have reported problems with Hotmail. Gmail is recommended. If you don't have a gmail account, and want one, email me.

Remember, everyone can read all messages sent to the mailing list. Send personal email to , but any and all class related message need to be sent to the mailing list.


Class Notes

You should download and read the lecture notes before class. The lecture notes are in PDF format, you might have to download a readerfor your machine. Note: You need Version 4.0 or better. You should visit the websites, and download the programs and run them (many of them are already installed in the lab.) Note: Do not print any of this information in the UMAD computer lab. Also, the lecture notes may not be complete, and should not serve as a substitute for attending class.

Date	#	Notes	Topic / Links
060607	01	PDF	Topic: Introductions / Computer (In)Security Foxit PDF Reader CNN Wireless Life Compter (In)Security Links - Links for all the tools mentioned in class Security Watch Information for New and Home Users Dodgeit.com - Free, Recieve only email - no setup, no password NTPasswordDisk - Reset any NT/2000/XP password
060609	02	PDF	Topic: General Security Concepts EasyVMX - create VMWare Player machines VMWare Player Image Creation Creating an XP Pro VM for the free VMware Player Microsoft Windows Server System Trial Software SecurityDocs Wintask Pro The Book of VMware: The Complete Guide to VMware Workstation Use VMware to test your grid applications - Free Registration VMware Documentation - From VMWare Build Your Skills: Test SQL Server 2000 clustering in VMware Don't Just Plug Random Crap Into Your Computer Techdirt
060612	03	PDF	Topic: The Need for Security Demo: Accent Office Password Recovery Are you prone to a Web attack? Distributed Denial of Service (DDoS) Attacks/tools How Viruses Work Man in the Middle - PDF document Virus Frequently Asked Questions The Wild List - a list of viruses that are out there Computer Virus Myths Symantec's anti-virus research center
060614	04	PDF	Topic: Legal, Ethical and Professional Issues Demo: Ubuntu ShipIt for Ubuntu - please order 10 Ubuntu CDs (10 PC Edition) Download Ubuntu pre-installed for VMWare Player Commissaries in S. Korea trying to shed light on black market Social Engineering, the USB Way Microsoft Technet Security TechNet Virtual Lab: Security - Free virtual Lab from Microsoft Security Screen Savers Center for Intellectual Property - UMUC Federal Computer Intrusion Laws US Copyright Office European Union law Computer Crime Laws by State International Law OpenOffice.org - Free clone of Microsoft Office
060619	05	PDF	EXAM - 35 Questions, 30 Minutes - Covers Classes 1-4 Topic: Risk Management, Remote Communications Demo: Deleting Files, PGP Ebay Fraud: Purchasing an ASO (Anvil Shaped Object) Ebay Shipping Scam Plus shipping and handling: field experiments on eBay The Island of Lost Maps by Miles Harvey An Analysis of the RADIUS Authentication Protocol PGP Corporation Phil Zimmerman The Phil Zimmerman Case Attacks' Toll Add a Programmer's Grief PGP - Encryption 30 day trial SMTP relaying misuse problems, and solutions About Relaying
060621	06	PDF	Topic: Risk Management, Wireless Demo: Port Scanning Encryption a simple tool to protect data Why the Future is in South Korea WinStrobe scanner IEEE P802.11, The Working Group for Wireless LANs WiFi Networking News WiFi Hotspots The Unofficial 802.11 Security Web Page The ABCs of Spread Spectrum -- A Tutorial Wardriving Building the Pringles Can Antenna
060626	07	PDF	Topic: Web Security, Blueprint for Security 'Cajun king of spam' stirs pot of controversy SSL 3.0 Specification KSU's Center for Information Security Education
060628	08	PDF	Topic: Firewalls and VPNs Demo: Hardening a Server The Phishing Quiz - How did you do? Active FTP vs. Passive FTP, a Definitive Explanation Internet Assigned Numbers Authority Port Numbers Access Control Lists: Overview and Guidelines Demystifying Cisco Access Control Lists Windows 2000 Security Checklist IIS 5.0 and Windows 2000 Hardening Guide Microsoft Windows 2000 Security Hardening Guide Windows 2000 Security Hardening Guide Overview: Windows 2000 Common Criteria Certification Microsoft Solution for Securing Windows 2000 Server IIS Lockdown Tool FPort - Identify Ports and their Processes
060703	09	PDF	Topic: Infrastructure Security Windows XP services that can be disabled Services Guide for Windows XP Optimize XP Services Running Windows with No Services - interesting read - but don't try it Understanding Windows Firewall IIS Lockdown Tool ACL Worksheet - print and print to class ACL Spreadsheet - download and bring to class ACL Lab - Assignment for Class 11 CebraSoft XP Firewall Exploit Demonstration
060705	10	PDF	EXAM - 35 Questions, 30 Minutes - Covers Classes 5-9 Topic: Topologies and IDS, Physical Security, OS Hardening VLAN Information NAT Explained Address Allocation for Private Internets Intrusion-detection systems sniff out security breaches The Orange Book Site
060710	11	PDF	Topic: Cryptography, PKI, Physical Security, Disaster Planning AES Home Page Crypto 101 - Online lessons Steganography Fortify - Upgrade and test your browser encryption Efforts to Ban Encryption encryption and privacy. A little political but. . . The Kryptos Sculpture at the CIA Center for Democracy and Technology The Complete, Unofficial TEMPEST Information Page TEMPEST 101 Privacy and Security on your PC Compromising emanations: eavesdropping risks of computer displays Video eavesdropping demo at CeBIT 2006 Faraday cage
060712	12	PDF	Topic: Implementing Security Demo: Snow Demo: The Third Eye Steganography Software Cyber Angels National Center for Victims of Crime The Anti Stalking Website Stalking Victim’s Sanctuary Victim-Assistance Online Katie.com - One Girl's Story
060717	13		Topic: Cyberstalking Microsoft: Shortcut 'trick' is legitimate feature Computer Crime Laws by State Computer Crime Legal Resources
060719	14	PDF	Topic: Security and Personnel, Computers and the Law Note: This is the same PDF from 13 Veterans Affairs faulted in data theft FBI grapples with out-of-date computers
060724	15	PDF	Topic e-Passports: Ready or not here they come Microsoft shutters Windows private folders
060726	16	PDF	Final Exam - Comprehensive


Links

Course Links

Course Syllabus

Mentioned in Class

Programs

PDF Reader - to read the lecture notes
Winzip - Needed to work with zip files
PGP - Encryption Freeware

FAQ Files

Tutorials, References

Risks List Risks in the Computer Age
College Students Think Piracy is Acceptable - A new Report
Cryptography A-2-Z
NIST Computer Security Resource Clearinghouse
NSA Handbook
Introduction to Cryptography

General Links

DOWNLOAD.COM Where many of the programs in class are found.
Computer Dictionary An online web based dictionary
PC Webopaedia - resource for information about PCs
Computer Almanac A lot of interesting Numbers about Computers
What is? A really good online reference


Trivia High Scores

This counts for nothing, but is just for fun...

# Name

7 Bremer, William

4 Chung, Min

2 Ditty, Scott

1 Fowler, Scott

2 Green, Timothy

1 Haase, Jason

4 Henderson, Bob

7 Jones, Douglas

6 Kanelos, Peter

3 Kim, Hellen

3 Lackie, Jerome

5 Myatt, Tyrome

4 Park, Simon

3 Rim, Jun

7 Schouweiler, Jeffrey

7 Taylor, David

3 Tuuao, Jacob

3 White, Mark