Wednesday, January 8 (online class notes)

• Class introduction and overview
• Laptop usage; Linux installation description
• What is information security?
• The modern security context
• To do: subscribe to the class mailing list; get the class texts; prepare for your computer use
• Read: Schneier Chapter 1, "Introduction"

Monday, January 13 (online class notes)

• Information threats
• Assessing risk
• Types of attacks
• The US Constitution and Bill of Rights
• To Do: subscribe to ISN via majordomo@attrition.org
• Read: US Constitution and Bill of Rights (via the LOC or via Gutenberg or read it elsewhere). Focus on the Bill of Rights.
• Read: Schneier Chapter 2, "Digital threats"
• Read: Schneier Chapter 3, "Attacks"

Wednesday, January 15 (online class notes)

• Server security tour
• Tools: ping, telnet, process listing
• Automated and semi-automated security solutions
• Tools: SAINT
• Read: Toxen Chapter 1, "Introduction"
• Read: Toxen Chapter 2, "Quick Fixes for Common Problems"

Monday, January 20: No class due to MLK holiday

Wednesday, January 22 (online class notes)

• Historically interesting security events
• Hacking 101
• Hacker hangouts, publications and conferences
• The Computer Fraud and Abuse Act of 1986
• Tools: System updates and patches
• Read: Toxen Chapter 3, "Quick and Easy Hacking and How to Avoid It"
• Read: Toxen Chapter 4, "Common Hacking by Subsystem"
• Skim: Toxen Appendix A: "Internet Resources for the Latest Intrusions and Defenses"
• Skim: Toxen Appendix B: "Books, CD-ROMS and Videos"
• Read: Peruse 2600.com online

Monday, January 27 (online class notes)

• Security policy
• Writing security and privacy policies
• Evaluating security and privacy policies
• 3rd party validation of privacy and security (BBBOnline, TRUSTe)
• Read: Schneier Chapter 4, "Adversaries"
• Read: Schneier Chapter 5, "Security needs"
• Read: Toxen Chapter 7, "Establishing Security Policies"

Wednesday, January 29 (online class notes)

• Ongoing vulnerabilities in FTP, Outlook and elsewhere
• Monitoring network activity
• Tools; netstat, TCPDUMP
• Tools: nmap
• Read: Toxen Chapter 5, "Common Hacker Attacks"
• Read: Toxen Chapter 10, "Case Studies"

Monday, February 3 (online class notes)

• Crypto; types of encryption
• Steganography
• Signal v. noise
• DES and AES (Rinjdahl)
• Read: Schneier Chapter 6, "Cryptography"
• Read: Schneier Chapter 7, "Cryptography in context"

Wednesday, February 5 (online class notes)

• Password systems
• Tools: L0phtcrack (aka LC4), cracklib
• Tools: rsh, ssh
• Tools: GPG
• Read: Toxen Chapter 8, "Trusting Other Computers"
• Due: 1st assignment

Monday, February 10 (online class notes)

• The Orange Book and Common Criteria
• Organizations working on computer security
• Read: Schneier Chapter 8, "Computer security"
• Read: Schneier Chapter 9, "Identification and authentication"
• Skim: ISO 15408, "Common Criteria CC V2.1" at NIST

Wednesday, February 12 (online class notes)

• Firewalls and VPNs
• Tools: iptables
• Tools: IPSEC
• Read: Toxen Chapter 6, "Advanced Security Issues"
• Read: Toxen Chapter 9, "Gutsy Break-Ins"

Monday, February 17 (class cancelled due to snow and ice)

• Telecommunications security
• Networking infrastructure and resilience to attack
• Read: Schneier Chapter 10, "Networked-computer security"
• Read: Schneier Chapter 11, "Network security"

Wednesday, February 19 (online class notes)

• Wireless security
• Honeypots
• Tools: Kismet
• Read: About the Honeynet project at http://project.honeynet.org

Monday, February 24 (online class notes)

• Viruses, worms, trojan horses and hybrids
• Privacy and the law
• The Database Nation
• Read: Schneier Chapter 12, "Network defenses"
• Read: Schneier Chapter 13, "Software reliability"

Wednesday, February 26 (online class notes)

• DoS and DDoS
• Tools: Anti-virus programs
• Read: Toxen Chapter 11, "Recent Break-Ins"
• Due: 2nd assignment

Monday, March 3

• Movie: Freedom Downtime (first part)
• Read: Schneier Chapter 14, "Secure hardware"
• Read: Schneier Chapter 15, "Certificates and credentials"

Wednesday, March 5

• Movie: Freedom Downtime (last part)
• Read: Toxen Chapter 12, "Hardening Your System"
• Read: Toxen Chapter 13, "Preparing Your Hardware"
• Read: Toxen Chapter 14, "Preparing Your Configuration"

Monday, March 12 and Wednesday March 14: No class due to spring recess

Monday, March 17 (online class notes)

• Guest speaker: John Reuning of iBiblio
• Read: Schneier Chapter 16, "Security tricks"

Wednesday, March 19 (online class notes)

• Guest speaker: Jeff Bollinger of ATN Security
• Read: Toxen Chapter 15, "Scanning Your System"
• Read: Toxen Chapter 16, "Monitoring Activity"
• Due: 3rd assignment

Monday, March 24 (online class notes)

• Personnel security
• Social engineering
• Organizational security
• Disaster planning
• Read: Schneier Chapter 17, "The human factor"
• Read: Schneier Chapter 18, "Vulnerabilities and the vulnerability landscape"

Wednesday, March 26 (online class notes)

• Integrity checking
• Tools: Integrit and tripwire
• Read: Toxen Chapter 17, "Scanning Your System for Anomalies"

Monday, March 31 (online class notes)

• Security in libraries
• TEACH legislation
• PATRIOT act and the 4th Ammendment revisited
• Read: Schneier Chapter 19, "Threat modeling and risk assessment"
• Read: Schneier Chapter 20, "Security policies and countermeasures"
• Read: ALA brief on TEACH legislation

Wednesday, April 2 (online class notes)

• Software piracy
• DVD piracy
• Eavesdropping and surveillance
• Tools: keystroke loggers
• Tools: BO2K
• Read: Toxen Chapter 18, "Regaining Control of Your System"
• Read: BO2K legitimacy statement

Monday, April 7 (online class notes)

• Cookies
• Spam
• Tools: privoxy and adsubtract
• Tools: Spam filtering
• Read: Schneier Chapter 21, "Attack trees"
• Read: Schneier Chapter 22, "Product testing and verification"

Wednesday, April 9 (online class notes)

• Incident handling
• Forensic analysis
• Read: Toxen Chapter 19, "Finding and Repairing the Damage"
• Read: Toxen Chapter 20, "Finding the Attacker's System"
• Due: 4th assignment

Monday, April 14 (online class notes)

• Information ethics. How are ethics learned?
• Being censorproof
• Hactivismo
• Freenet and other efforts at censorship bypass
• Read: Schneier Chapter 23, "The future of products"
• Read: Schneier Chapter 24, "Security processes"

Wednesday, April 16 (online class notes)

• Proxy servers
• Tools: socks
• Tools: Logcheckers
• Read: Toxen Chapter 21, "Having the Cracker Crack Rocks"

Monday, April 21 (online class notes)

• Security certification
• Read: Schneier Chapter 25, "Conclusion"

Wednesday, April 23 (online class notes)

• Real and imagined risks
• The future of information security
• Careers in information security
• Read: Schneier "Afterword"

Note: 5th assignment is due during the assigned final exam period, Monday May 5 at 8:00 a.m.