"Secure Systems Administration" Full Course Description

Course Description:

The system security administrator is the focal point for planning security in the installation and the "front line" when defending systems from cyber attack. Typically systems come with security features turned off to facilitate initial operation and must be tailored to the security needs of the organization. The only thing between a new system and a cyber attacker is the knowledge of the system administrator. The system administrator not only assures that user IDs and an initial password are set robustly, but also configures firewalls, intrusion detection systems, etc. and facilitates the development and enforcement of effective security policy for the organization.

The system security administrator plays an integral role in the system security testing, certification, accreditation, and operation of complex cyber systems, as well as operationally defending the system against real-time attacks.

The course provides students with hands on experience in the field of security administration. The student will learn how a security professional fulfills various Information Assurance requirements using the Linux operating system (the same principles apply to other operating systems). Topics include an examination of server, workstation and network vulnerabilities; procedures and tools for security assessment; development of security policies, procedures and standards; firewalls, logging and audit tools, hardening scripts as well as other tools and techniques used to implement secure computing environments.

This course is intended for graduate students with the following qualification: typically coming out of computer science, mathematics, computer engineering, informatics, and/or information security undergraduate program. Also, it is highly recommended that students have successfully completed coursework involving policy [lgp1] and network security[lgp2] .

This class will be primarily individual study, with weekly assigned readings, five [lgp3] homework assignments, one take home quiz, one project, a midterm and a final. The course will also have nine [lgp4] laboratory assignments which will be separate from the lecture period and performed outside of the class time. Each lab assignment will take approximately two to three hours to complete. Students may work in teams on the lab assignments and on the semester project but will submit individual reports/results.

Objectives:

This course is designed to transfer both knowledge and applicable skills in utilizing technology, methods and policy to solve information security challenges. In doing so, many of the objectives will require a “hands-on” approach to learning. After completing this course, students will be able to:

1. Analyze the needs of an organization and create an appropriate security policy and concomitant documentation

2. Develop security requirements

3. Evaluate exposure to risk in a computing environment

4. Determine tools and techniques necessary to meet requirements

5. Lead efforts to implement the necessary steps to meet security requirements

6. Demonstrate the ability to recognize characteristics of various computer attacks to include:

a. Malicious code

b. Network attacks

7. Develop responses to computer attacks

8. Demonstrate the ability to interpret log files

9. To demonstrate fluency in the use of the following security tools:

a. Firewall

b. Intrusion detection system

i. Host-based

ii. Network-based

c. Logfile watcher

10. Create a firewall based upon a security policy.

11. Use tools to conduct a vulnerability analysis of a live network

a. Nmap

b. Nessus

c. Others as necessary

12. Interpret the results of the vulnerability analysis, including defining recommendations for the network owner

13. Use various forms of "adversary emulation" (Red Teaming, Penetration Testing, Red/Blue Team Design Spiral, etc.) to harden a system composed of evaluated and/or off-the-shelf components.