CS 4803E, 8803E, Spring Semester 2000

Survey of Information Security

Instructors: Dr. Philip Enslow , (404) 894-3187
Teaching Assistant: Rod Peters , (404) 894-1155
Time: Tuesdays, Thursdays 9:30-11:00am
Place: CCB Room 101
Text:: Security in Computing by Charles P. Pfleeger, Prentice Hall, 1997.
Description: Complete examination of the issues and problems in providing security for information processing
systems - secure operating systems and applications, network security, cryptography, security protocols, etc.

MISSING HOMEWORK ASSIGNMENTS LINK

Team Assignments:

Team #1  Buyer, Julie, Jensen, Peter and Lunz, Jason.
Team #2  Farahmand, Fariborz, Khalaf, Hani and Preble, Adam.
Team #3  EL Sallah, Mohd Wajih Abdul-Jalil, Hsieh, Hung-Yun and Shillingburg, Rebecca.
Team #4  Molavi, Darius, Nettles, Ladonna and Razzaque, Aqib.
Team #5  Lemons, Desiree, Liu, Jian and Mitchell, Brian.
Team #6  Dixon, Robert, Grandhige, Hemanth and Wright, Gregory.
Team #7  Griffin, Shanna, Hicks, Jeffrey and Nowatkowski, Michael.

Reading Assignments:   (subject to change)

  1. For 01/13/00: Chap. 1 pgs. 1 - 20.

  2. For 01/18/00: Chap. 2 pgs. 21 - 46.

  3. For 01/20/00: Chap. 2 continued.

  4. For 01/25/00: Chaps. 2 & 3 pgs. 47 - 82.

  5. For 01/27/00: Chap. 3 pgs. 82 - 125.

  6. For 02/01/00: Chap. 4 pgs. 126 - 159.

  7. For 02/03/00: Chap. 4 pgs. 159 - 175.

  8. For 02/08/00: Chap. 5 pgs. 176 - 207.

  9. For 02/10/00: Chap. 5 pgs. 207 - 227.

  10. For 02/15/00: Chap. 5 pgs. 207 - 227.

  11. For 02/17/00: Chap. 6 pgs. 228 - 268.

  12. For 02/22/00: Chap. 6 pgs. 228 - 268.

  13. For 02/24/00: Chap. 6 pgs. 269 - 306.

  14. For 02/29/00: Chap. 7 pgs. 306 - 335.

  15. For 03/02/00: Guest Speaker: Peter Wan

  16. For 03/14/00: Chap. 8 pgs. 336 - 376.

  17. For 03/16/00: Chap. 9 pgs. 377 - 422.

  18. For 03/21/00: Guest Speaker: Jim Butler

  19. For 03/23/00: Chap. 9 pgs. 377 - 422.

  20. For 03/28/00: Network Security cont.

  21. For 03/30/00:Chap. 9 pgs. 422 - 446.

  22. For 04/04/00: Network Security cont.

  23. For 04/06/00: Network Security cont.

  24. For 04/11/00: Chap. 10 pgs. 447 - 491.    HW DUE: Identifying Paths of System Penetration

  25. For 04/13/00: Chap. 11 pgs 492 - .

  26. For 04/18/00: Chap. 11 cont.

  27. For 04/20/00: Chap. 11 cont.             HW DUE: Acceptable Use Practices

  28. For 04/25/00: TBD

  29. For 04/27/00: Final Project Due


Links to Security Information on the Web: (student submissions)


Week of 1/23/00:
  1. Cyphers by Ritter (M. Nowatkowski)
  2. RSA Panelist Debate on Cryptography (R. Shillingburg)
  3. Cyber Law Journal (B. Dixon)
  4. DES is Not Secure (H. Hsieh)
  5. Chaffing and Winnowing: Confidentiality without Encryption (A. Preble)
  6. GSM Cell Phone Authentication Protocol (P.Jensen)
  7. "Tales of the Encrypted" (D. Molavi)
  8. Advanced Encryption Standard Development Effort (G. Wright)
  9. Beginner's Guide to Crypto (S. Griffin)
  10. Digital Signatures and and Public Key Cryptosystems (D. Lemons)
  11. Java Security (H. Grandhige)
  12. Cryptography is Harder than it Looks (J. Buyer)
  13. Full Disclosure - PacketStorm Security (J. Lunz)

Week of 1/30/00:
  1. AspEncrypt's Crypto 101 (R. Shillingburg)
  2. Forum on Risks - Risk Digest (B. Dixon)
  3. Hackers Attack AOL IM Accounts (F. Farahmand)
  4. The Hacker Quarterly (J. Buyer)
  5. SecurityFocus (M. Nowatkowski)
  6. Internet Explorer Security Area IE 4.0 (J. Liu)
  7. Windows NT Info Security (G. Wright)
  8. Cryptanalysis of SkipJack (A. Razzaque)
  9. Information warfare: A two-edged Sword (J. Buyer)
  10. LAN to DSL Uplink Security Risks (J. Lunz)
  11. The Risks of Key Recovery, Key escrow, and Trusted Third-Party Encryption (H. Hsieh)
  12. IPSEC.com - an inforsecurity site (D. Molavi)

Week of 2/6/00:
  1. Nist Pubs - A Guide to Selecting Anti-virus Tools and Techniques (R. Shillingburg)
  2. What is a virus and how does work (R. Shillingburg)
  3. The Terrorism research Center, Inc. (A. Preble)
  4. CNN - Hackers (H. Khalaf)
  5. A Security Glossary of Terms (S. Griffin)
  6. InfoSec and InfoWar Portal (G. Wright)
  7. Navigator's Encryption Scheme Gets Broken (D. Lemons)
  8. IEEE Electronic Newsletter on Security and Privacy (B. Mitchell)
  9. George Washington Univ. Class Page on InfoSec (H. Grandhige)
  10. Micorsoft Windows 2000 security Issues (F. Farahmand)
  11. The Virus Wars (real audio file) (M. Nowatkowski)
  12. Attack Trees (A. Razzaque)
  13. A Computer Security Index on the Web (P. Jensen)
  14. The Cryptography FAQ (P. Jensen)
  15. Cyber-attacks batter Web Heavyweights (J. Buyer)
  16. Center for Information Technology - NIH (J. Lunz)
  17. Lucent Personalized Web Assistant (B. Dixon)
  18. Intruder Detection List (S. Griffin)

Week of 2/13/00:
  1. Computer Virus Myths and Hoaxes (A. Hsieh)
  2. Sun Microsystems' Internet Security Tutorial (R. Shillingburg)
  3. Random Number Generators (M. Nowatkowski)
  4. Network Security Buyer's Guide (B. Mitchell)
  5. Computer Viruses and Data Protection (D. Lemons)
  6. Linux Privacurity (J. Liu)
  7. Phil Zimmerman - The Creator of PGP (D. Molavi)
  8. Mixed Signals Over Encryption Technology (H. Khalaf)
  9. Gelb Organization - Papers on Firewalls (G. Wright)
  10. Three New Attack Strategies Disclosed (F. Farahmand)
  11. Article on Virus W32.FunLove.4099 (J. Buyer)
  12. Hiding Crimes in Cyberspace (A. Razzaque)
  13. Cryptographic Software Solutions and How to Use Them (J. Lunz)
  14. Virus Database (H. Grandhige)
  15. Covert Channels (P. Jensen)
  16. Phrack.com (B. Dixon)
  17. Steganography (with related links) (A. Preble)
  18. Choosing Passwords (S. Griffin)
  19. Open Source Security (A. Hsieh)

Week of 2/20/00:
  1. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks (B. Dixon)
  2. Opinion: Is Free Software Communist? (H. Khalaf)
  3. Practical UNIX & Internet Security (J. Liu)
  4. Symantec Antivirus Center (D. Molavi)
  5. Distributed Denial of Service - Dave Dittrich (M. Nowatkowski)
  6. Computer Security Awareness - A course (R. Shillingburg)
  7. Basic Information on Computer Viruses (B. Mitchell)
  8. Wipe Out Viruses (D. Lemons)
  9. Trojan Horses, Worms, and Viruses (J. Buyer)
  10. Java and ActiveX Security Issues (A. Razzaque)
  11. An Essay on Trust (P. Jensen)
  12. Network Vulnerabilities - Cisco Secure Consulting Report (P. Jensen)
  13. Open SSH (J. Lunz)
  14. WWW Security Issues (G. Wright)
  15. Center for Education and Research in Information Assurance and Security (S. Griffin)
  16. NTP Security Model (H. Grandhige)
  17. Research Challenges in Operating System Security (H. Hsieh)

Week of 2/27/00:
  1. Paul Judge's efforts on Security related topics (R. Shillingburg)
  2. Security Architecture for the Internet Protocol (D. Molavi)
  3. Computer and Network Security Reference Index (D. Lemons)
  4. Unix and Internet Security Info Page (B. Mitchell)
  5. Secure Linux Project at Univ. of Utah (L. Liu)
  6. Network World Fusion (M. Nowatkowski)
  7. Peter Galvin's Unix OS Security Tutorial (G. Wright)
  8. Freshmeat.com - Linux Information (A. Preble)
  9. Redhat's Linux Security Site (A. Razzaque)
  10. NSI - Virus Information (J. Buyer)
  11. Insecure.org - Murphy's Law for Computer Security (H. Hsieh)
  12. Cellular Message Encryption Algorithm (J. Lunz)
  13. Computer Viruses: Background, Safe Computing Practices, and Recommended Antiviral Software (S. Griffin)

Week of 3/12/00:
  1. Defending Against Sequence Number Attacks (D. Molavi)
  2. Security Issues Related to Database Access from the Web (R. Shillingburg)
  3. Security Enabled E-business (J. Liu)
  4. NSI Threat Listing (F. Farahmand)
  5. ADSL Security Issues (F. Farahmand)
  6. Nortel Networks ADSL Security Page (F. Farahmand)
  7. Open Systems Security Issues (F. Farahmand)
  8. Securing a UNIX System (A. Razzaque)
  9. Network Security Information (D. Lemons)
  10. The Information Security News Daily (B. Mitchell)
  11. International Federation for Information Processing - Database Security (M. Nowatkowski)
  12. X Windows Security (S. Griffin)
  13. Kevin Mitnick and Tsutomu Shimora - A description of a cyberattack (H. Grandhige)
  14. ACLU.org - Echelon Watch (H. Hsieh)
  15. COMMSEC.com - PGP Information Site (J. Buyer)

Week of 3/19/00:
  1. A Network Security Tutorial (R. Shillingburg)
  2. P3P Implementations and Privacy Negotiation Services (J. Liu)
  3. Privacy Act of 1974 (D. Lemons)
  4. The Unofficial Tempest Homepage (D. Molavi)
  5. Cryptographic Service Providers (A. Preble)
  6. Innovative Security Products Newsletter (B. Mitchell)
  7. Differential Power Analysis (F. Farahmand)
  8. Center for Information Technology Standards - Public Key Infrastructure Standardization Home Page (M. Nowatkowski)
  9. Network Security Planning (G. Wright)
  10. Java Security - MSIE (S. Griffin)
  11. A Secure Linux Distribution Project (B. Dixon)
  12. Cybercops (H. Khalaf)
  13. Free ISP and why it will cost you dearly (H. Khalaf)
  14. IEEE 1363 Standard for PK Cryptography (H. Grandhige)
  15. Hacking Tools and Solutions to Avoid being Hacked (A. Razzaque)
  16. Anticode.com (J. Buyer)
  17. Northern Light Technology - Computer Privacy (H. Hsieh)

Week of 03/26/00:
  1. Intrusion Detection Pages (R. Shillingburg)
  2. Risks of the Passport Single Signon Protocol (B. Dixon)
  3. Stealth Programs - Iopus.com (D. Molavi)
  4. Information and Privacy - Commisioner/Ontario (D. Lemons)
  5. Apache Cross Site Scripting Problem (J. Liu)
  6. AntiOnline.com (B. Mitchell)
  7. Federal Computer Week (M. Nowatkowski)
  8. Looksmart.com - security, terrorism, cybercrimes, etc. (F. Farahmand)
  9. Customer-Data Software That We Could Do Without (H. Khalaf)
  10. Secure Internet Programming Laboratory (A. Preble)
  11. Red Hat Linux Security Advisories (G. Wright)
  12. Securing NIS Networks (S. Griffin)
  13. Webroot.com - Internet Privacy Software (J. Buyer)
  14. Biometrics (H. Hsieh)
  15. Security Networking Tools for the Unix Environment (A. Razzaque)

Week of 4/02/00:
  1. Human Identification in Information Systems (J. Buyer)
  2. Intruder Detection (H. Khalaf)
  3. The EPIC Cookies Page (R. Shillingburg)
  4. ACM Crossroads - Security Techniques (J. Liu)
  5. Electronic Privacy Information Center (D. Lemons)
  6. U.S. Navy - Information Security (D. Molavi)
  7. Zeuros Network Solutions - Firewalls (B. Mitchell)
  8. The Unix Secure Programming FAQ (A. Preble)
  9. TSSI - Custom Security Solutions (G. Wright)
  10. Viruses (F. Farahmand)
  11. Model Security Policies (S. Griffin)
  12. Fishnet Security (M. Nowatkowski)
  13. PKI Links Page (H. Hsieh)
  14. NT Security Advisories (A. Razzaque)

Week of 4/09/00:
  1. IT Security Cookbook (R. Shillingburg)
  2. CCIPS - Computer Crime and Intellectual Property Section of the Dept. of Justice (M. Nowatkowski)
  3. Denial of Service Attack Tools (D. Molavi)
  4. Net Privacy Violators (H. Khalaf)
  5. Famous Hackers and Crackers (F. Farahmand)
  6. SecureLab.com (J. Liu)
  7. Public Key Infrastructures and Standards (B. Mitchell)
  8. Software Patents Tangle the Web (D. Lemons)
  9. Computer Crime Laws and Penalties (A. Razzaque)
  10. TripWireSecurity.com (G. Wright)
  11. Theory of Cryptography Library (S. Griffin)
  12. IETF IPSec Page (B. Dixon)
  13. Director of Computer Security FAQs (B. Dixon)
  14. Internet Taxes (D. Lemons)
  15. The (EBX) Electronic Book Exchange Specification (H. Hsieh)
  16. 3-Part Password (J. Buyer)

Week of 4/16/00:
  1. Secure Sockets Layer (R. Shillingburg)
  2. Zonelab's Firewall Software Site (J. Liu)
  3. NSA - Information Systems Security Organization (D. Molavi)
  4. Beyond Concern: Understanding Net Users' Attitudes About Online Privacy (D. Lemons)
  5. Picking Up the Digital Check (H. Khalaf)
  6. Encryption Methods (F. Farahmand)
  7. Java Security Hotlist (B. Mitchell)
  8. Bruce Schneier - Cryptorhythms (P. Jensen)
  9. Crypto-Gram Archive (P. Jensen)
  10. Identity Theft and Fraud (A. Razzaque)
  11. Credit Fraud (G. Wright)
  12. CERT Coordination Center FAQs (S. Griffin)
  13. The Children's Online Privacy Protection Rule (B. Dixon)
  14. Declassified NSA Documents (H. Grandhige)
  15. Clipper Chip and the Clinton ADministration (H. Grandhige)
  16. FAS.org - useful security links (J. Buyer)

Week of 4/23/00:
  1. Electronic Voting (H. Hsieh)
  2. Survivability Blends Computer Security with Business Risk Management (R. Shillingburg)
  3. The Cookie Debate D. Lemons)
  4. A Secure Client-Server Application? (M. Nowatkowski)
  5. Naval Postgraduate School - CS4601 Computer Security (M. Nowatkowski)
  6. The Computer Security Insitute (D. Molavi)
  7. Designing Secure Software (L. Jian)
  8. Center For Education and Research in Information Assurance and Security (B. Mitchell)
  9. Once Again, technology Is Outrunning Privacy (H. Khalaf)
  10. Peter G. Neumann's Web page (P. Jensen)
  11. RSA FAQs (A. Preble)
  12. NIST AES Homepage (A. Preble)
  13. Vulnerable Library Calls (A. Preble)
  14. FreeVSD.org (A. Preble)

Course Bibliography:


  1. Radcliff, Deborah. "Diary of a Hack Attack". In Network World, January 10, 2000, pgs. 42 and 43.
  2. Simons, John. "How an FBI Cybersleuth Busted a Hacker Ring". In Telecom Digest, October, 1999.
  3. Dunn, Ashley. "Self-Spreading Viruses Represent Growing Threat to Home PCs". In the Atlanta Journal-Constitution, October 10, 1999.
  4. Lawton, George. "Explorer Worm Targets Networks, Deletes Data". In Computer, August, 1999, pgs. 15 - 17.
  5. Anderson, Ross. "How to Cheat at the Lottery (or Massively Parallel Requirements Engineering)", University of Cambridge Computer Laboratory, pgs. 1 - 13.
  6. Thompson, Ken. "Reflections on Trusting Trust", Communications of the ACM, Vol. 27, No. 8, August 1984, pgs. 761 - 763.
  7. Harris, B. and Hunt, R. "TCP/IP Security Threats and Attack Methods", Computer Communications, Vol. 22, 1999, pgs. 885 - 897.

Contact Information:
Prof. Philip Enslow , (404) 894-3187
Office hours: Tues, Thurs 11am-12pm CCB 269 (thru Room 264)
enslow@cc.gatech.edu

TA: Rod Peters , (404) 894-1155
Office hours: MWF 10:00am-11:00am CCB 153
repeters@cc.gatech.edu

Last Modified: Jan. 11, 2000