pchapin's CIS-4040 Computer Security, Fall 2019

Instructor

Peter C. Chapin. Office: BLP-415 on the Williston campus. Office hours are by appointment. Phone: 802-879-2367 (voice mail active). Email: pchapin@vtc.edu. I will usually respond to email within 24 hours, not including weekends or holidays. Email is the best way to contact me. I am also sometimes on the FreeNode IRC network under the nickname pcc.

Course Description

The official course outline lists high level course objectives and content.

Computer security is a broad subject that can be treated on many levels. The topics covered in this course are intended to be useful to you in the long term by giving you the background you need to understand and evaluate security issues. We won't be covering the latest Windows vulnerabilities or Linux exploits. We won't be talking about how to change passwords or configure a secure web server. Instead we will cover the underlying principles of computer security that apply to a wide range of situations. After taking this course you will be better able to understand the reason why certain things are done and better able to evaluate new security threats and the technologies that protect against them.

As is typical for VTC courses, this course attempts to balance theory and practice. While we won't necessarily be looking at specific exploits, we will spend some time talking about how security issues are handled in the real world. We will look at how encryption technology is used, how some actual secure network protocols work, and how real life intrusion detection systems work (for example). However, it is important to understand that there is a body of knowledge about security theory as well. Although we will not delve into the theory to a great extent in this course, we will discuss some aspects of the theory so that you are at least aware of its existence.

Prerequisites

This course will draw from a wide variety of background material. Your knowledge of networking and system administration will be important. This is not a programming course, but we will be referring to programming concepts in some cases. Also some concepts from your math courses, particularly discrete math, might be useful.

Resources

The text is Computer Security Principles and Practice by William Stallings and Lawrie Brown (fourth edition). ISBN=978-0-13-479410-5

I have created an email distribution list for the class. I will use this list to distribute announcements and other supplementary materials. Be sure to check your mail regularly (daily) or you might miss something important. If you send a question in email directly to me, I may reply to my distribution list if I think that others would benefit from my answer. If you would rather I did not reply to the list you should say so in your message.

My home page contains various documents of general interest.

Grading Policy

I grade on a point system. Each assignment is worth a certain number of points. At the end of the semester I total all the points you earned and compare that to the total number of possible points. In this course there are two components to your grade.

  1. Homework. 20 pts/each. There will be approximately eight assignments during the semester for a total of 160 points. You will have one to two weeks to do each assignment, depending on the complexity of the assignment and other scheduling issues.

  2. Exam. 50 pts. There will be one exam. It will be a take home exam given during the final exam period at the end of the semester.

When doing the exam you can use any resources available to you except that you can not consult with other students about exam questions nor post questions related directly to the exam on Internet forums or mailing lists (it is okay to read existing posts, however). If you have questions about the exam, please contact me.

For homework you can discuss the questions with other students and post questions related to the assignments in on-line forums. However, you should still do your own work. See the section on "Copying Policy" below for more information.

I will not formally take attendance, but I will notice people who seem "disengaged" in the class. Although attendance is not specifically part of my grading policy it will, like other intangible items such as "professionalism," play a role in how likely I am to round up borderline grades.

Late Policy

I attempt to either publish solutions to assignments or return graded assignments (or both) a few days after the due date. Once either of those things occur, I cannot accept any further submissions. The interval between the formal due date and when I either publish a solution or return graded work is a grace period during which I will continue to accept assignments with no penalty. For best results, you should endeavor to submit assignments on time. If something comes up that prevents you from handing in an assignment on time, contact me, before the due date if possible, to discuss your issue. I am usually open to reasonable requests for extensions.

Copying Policy

I encourage you to share ideas with your fellow students so I won't be shocked to learn that you've been talking with someone about an assignment. In fact, if you worked closely with someone else you should make a note on your submission that mentions the names of your associates.

However, I do ask you to do your own work in your final submissions. The goal is for all of the work in your submission to have passed through your brain so that you comprehend it. If in doubt, ask yourself this: if I called you into my office and asked you to explain what you did, would you be able to do so?

If two submissions exhibit what I feel to be "excessive similarity" I will grade the submissions based on merit and then divide the grade by two, assigning half the grade to each submission. If I receive more than two excessively similar submissions I will divide the grade by the number of such submissions and distribute the result accordingly.

Since "excessive similarity" is a bit subjective, I may only give you a warning if the similarity is not too excessive—especially for a first offense. However, I do keep records when I find excessive similarity and I will be much less inclined to be forgiving if I discover it again. If you are concerned about the possibility of submitting something that might be too similar to another student's work, don't hesitate to speak with me first. Remember that I won't be surprised to learn that you are working closely with someone (it's a good thing!), so don't feel reluctant to say so. Also keep in mind that I'm not out to persecute you. I want you to be successful, and I want to work with you to ensure you are submitting appropriate work.

If you find material on the Internet or in a book that seems to answer questions I ask in an assignment, you may include such material in your submission provided you properly reference it. If I discover that you have included unreferenced material from such sources, I may not give you any credit for the question(s) answered by such material. You do not need to provide a reference to our text book or to materials I specifically provide in class.

Other Matters

Students with disabilities may request accommodation as provided within federal law. All such requests should be made by first contacting Robin Goodall, Learning Specialist, in the Center for Academic Success on the Randolph campus. She can be reached by phone at (802) 728-1278 or by email at rgoodall@vtc.edu.

The Vermont State Colleges System is committed to ensuring our campuses are safe places for students and employees. Faculty and staff are considered mandated reporters when it comes to experiences of interpersonal violence (sexual assault, sexual harassment, dating/domestic violence, and stalking). Disclosures of interpersonal violence will be reported to the Title IX Coordinator, who can help provide support and academic accommodations for students who have been impacted. More information can be found online.


Last Revised: 2019-08-21
© Copyright 2019 by Peter C. Chapin <pchapin@vtc.edu>