| details
| Module number |
CO43034 |
 |
| Module name |
Advanced Security and Forensic
Computing |
| Module leader |
W.Buchanan |
| Session |
Semester 2, 2005 |
| Email |
w.buchanan@napier.ac.uk |
| PDF Version |
[2003/2004] |
student workload
| Lectures/Tutorials |
24 hours |
| Practicals/Project
Work |
12 hours |
| Examination |
|
assessment
| Continual Assessment |
100% |
aim
The aim of the module are:
The aim of
the module is to develop a deep understanding
of system security and forensic computing,
which will allow students to act professionally
in the design, analysis, implementation,
and reporting of security strategies
and in forensic computing investigations.
|
learning outcomes
The aims of the module are:
| L1 |
design, analyse, and implement
security systems and critically evaluate
their performance.
|
| L2 |
abstract complex networked systems
in order to assess key issues in the
security policy and implementation.
|
| L3 |
conduct an effective strategy
for the data collection, data preservation,
data analysis and reporting of forensic
computing investigations.
|
module content
The areas covered are:
| 
|
Network Security. Firewalls, NAT,
PIX firewall, VPN’s, Transport Layer
(SSL, PCT), Application Layer (HTTPS),
Defence-in-depth, DMZ, IPSec, AAA.
|
|
|
Intrusion Detection
Systems. Techniques, Snort, IDS Rules,
Tripwire, Audit Logs, Profiling.
Encryption. Techniques, Public-key,
Secure Sockets, MD5, RSA, 3DES, Authentication,
Email security, Key Exchange. |
|
|
|
|
|
Wireless Security. Issues, authentication,
encryption, weaknesses.
|
|
|
Software Security. Security Goals,
Buffer Overflows, Java Security, CGI/API,
Database Security, Client/Server-side
Security.
|
|
|
Forensic Computing. Process, Legal
Aspects, Ethical issues, CPAR process.
Host-based Forensic Tools. ILook,
EnCase, Ethereal, tcpdump.
|
|
|
Incident Response. Defining a
plan, documentation, management, event
detection, network design for forensics.
|
|
|
Data Collection. Validation,
Host-based collection, Duplication,
Signature generation, Network-based
collection, Documentation, Event tracing.
|
|
|
Data hiding. Data hiding, Covert
Channel Analysis, Stenography, Information
Assurance.
|
|
|
Forensic Analysis. Data/Incident
analysis, Network device investigation,
Network log analysis, Network trace
analysis.
|
reference material
Buchanan
WJ, “The Complete Handbook of the Internet”,
Kluwer, 2003, ISBN 1-4020-7236-8.
IEEE/ACM Transactions on Networking.
Proceedings of the International Conference
on Mobile Computing and Network.
Proceedings of the International Conference
on Computer and Communications Security.
notes
The LTA will split into two main parts:
Academic material. The academic
part of the module will be delivered with
an integrated teaching pack. This will include
notes, related WWW material, presentation
slides, lecture text, tutorials, and exercises.
All the material will be also be available
on-line.
Laboratory material. This will involve
an integrated lab development, where students
follow set practical exercises.
assessment
The module will be assessed with two assessments:
1. Network security. Students will be given
system intrusion scenarios, and be asked
to present alternatives for the method of
intrusion. They must then present methods
which would then protect data and networks
against intruders. [50%]
2. Research Summary and Presentation. Students
will review the current research in the
field of mobile networks, and present a
paper and presentation based on current
research practice. The style of the paper
will be in the form of a formal research
paper. [50%] |
