Home‎ > ‎

CIS 193

UNIX/Linux Security Administation

 Time Thursdays, 10:00am to 2:05pm
 Room 829 Aptos Main Campus
 Live Online (Passcode: 942733)
 Archives
 Roll Call
 Lab Open Lab - 4 hours 5 minutes per week TBA
 Units 4
 Prerequisites  CIS 192AB
 Book UNIX and Linux System Administration Handbook (4th Edition)
 Evi Nemeth, Garth Snyder, Trent R. Hein, Ben Whaley
 Prentice Hall PTR 
 ISBN: 978-0131480056
 Status Version 1: Alpha 
 Calendar, assignments subject to change
 Links VMWare VLab Web Access 
 VMWare RDP Access

Course Calendar

DateTopicReadingLab
January 29, 2015 Introduction   
February 5, 2015 Secure Access with SSH Chapter 22 Lab 1: Get Access 
February 12, 2015 Authentication Chapter 4 Lab 2: Secure Access with SSH 
February 19, 2015 Filesystem ACLs Chapter 6 Lab 3: PAM 
February 26, 2015 Filesystem Auditing  Lab 4: Extended ACLs 
March 5, 2015 Filesystem Encryption  Lab 5: Auditing 
March 12, 2015 Mandatory Access Control  Lab 6: Encrypted File Systems 
March 19, 2015 Logging Chapter 11 Lab 7: AppArmor 
March 26, 2015 Midterm   
April 2, 2015 Spring Break   
April 9, 2015 Netfilter Part 1 Chapter 14  
April 16, 2015 Netfilter Part 2  Lab 9: NMAP 
April 23, 2015 IPsec  Lab 10: Firewall 
April 30, 2015 VPN https://wiki.strongswan.org/projects/strongswan/wiki Lab 11: IPsec Introduction 
May 7, 2015 Intrusion Detection/Prevention Systems  Lab 12: IPsec Transport 
May 14, 2015 Securing Services Chapter 23  
May 21, 2015 Final  Lab 8: Snorby (Extra Credit) 
Showing 17 items from page CIS 193 Calendar sorted by Date. View more »

Course Description
Teaches how to perform the tasks and examine the strategies of UNIX/Linux host, files, and network security management. Helps develop skills in managing firewalls, performing security audits, and detecting intrusions. Covers host-based intrusion detection, password cracking, auditing, access control, file encryption, VPNs, and securing network services. Prepares for industry level certification in the area of Linux system security. May be offered in a Distance-Learning Format.

Student Learner Outcomes
  • Use system logs and auditing techniques to validate the integrity of a host system and to identify compromises in its security.
  • Implement safeguards to prevent, avert, mitigate, or recover from damages due to breaches in security.
  • Perform a risk analysis by weighing the various threats to networks with the vulnerabilities present within a given system.
  • Using various technologies associated with network security, design a basic network with appropriate security structures in place that meet a Defense in Depth requirement.
Objectives
  1. Audit and analyze a given network to identify and assess its vulnerabilities in terms of their origins in software, hardware, natural forces, and human behavior.
  2. List common encryption and compression algorithms and describe their basic structure and implementation.
  3. Describe how ACLs, VPNs, IDSs, firewalls, user/group permissions, and SUID programs are implemented in the UNIX/Linux platform and how they contribute to network security.
  4. Identify network attack signatures.
  5. Describe the types of network security breaches that crackers attempt to use.
  6. Define and describe the purpose behind security ethics, specifically in the case of system administrators.
  7. Describe advantages of xinetd over inetd.
  8. Outline the function of TCP Wrappers and their use in developing a secure network.
  9. Use ipchains and iptables to restrict the flow of information in a network.
  10. Give the reasons for and process of applying kernel patches.
  11. Use digital certificates and certificate authorities to establish secure transactions.
  12. Describe the vulnerabilities of NFS, NIS, Sendmail, Apache, and other applications when securing a network.
  13. Describe different ways in which cryptography can be used to secure data.
  14. Identify network attack signatures.
  15. Use PGP and GPG data-encryption utilities.
  16. Describe the elements of a security policy.
  17. Use UNIX utilities to set and change owner, group, permissions, and other file attributes.
  18. Monitor the availability of system resources.
  19. Restore a damaged or compromised system from backup media.
  20. Configure the file logging mechanism and configure various services to use that system.
  21. Use file compression and encryption tools to secure sensitive data.
  22. Describe how to use special routing techniques to protect local network traffic.
  23. Use package management tools to apply vendor patches and upgrades to kernel and operating system software that fix identified vulnerabilities.
  24. Install and configure an Intrusion Detection System and use it to identify a security transgression.
  25. Install and configure third party tools that exploit system vulnerabilities and/or detect such exploits.
  26. Use UNIX commands to verify the integrity of the software on the system.
  27. Discuss advantages and disadvantages of application warning banners.
  28. Verify the authenticity of the users accessing a computer system.
  29. Use PPP with secure shell to allow remote client computers access to a LAN through a virtual private network.
  30. Describe how Linux's PAM hierarchy, Kerberos, and NIS services control network authentication.
Grading Policy
  • 60% Labs and homework
  • 20% Midterm
  • 20% Final
TBA (To Be Arranged) Lab Hours
This course meets weekly at the times shown in the Cabrillo Schedule of Classes and above. In addition each student is required to spend lab time every week in either the CIS Lab (room 830) or online using the CIS VLab. Students may choose the time and day for their TBA Lab Hours where they will work on lab assignments designed to give them practical hands-on experience and continue the learning process. These TBA lab hours are required, tracked, and graded. It is the student’s responsibility to complete the TBA lab hours, which start on Week 1 of the term, and record their attendance. Tip: A great time to do TBA lab hours is in the CIS Lab when the instructor is there. If that is not possible, questions can always be posted on the electronic help forum which is monitored by the instructor.

Late Work Will Not Be Accepted
Homework is due one hour before class on the calendar date where the homework is listed. Please complete all assignments on time as they will not be accepted if they are late. This will help both the student and instructor keep the class moving and avoid log jams at the end of the term. If an assignment is not complete by the deadline it is better to make an incomplete submission for partial credit than no submission at all. There may be extra credit work for students needing extra points.

Classroom Etiquette
It is important to have an effective, distraction-free classroom environment for learning. To minimize distractions all cell-phones should be turned off or at least silenced. Never carry on conversations during the lecture as this is probably the most annoying distraction possible to those sitting nearby.

For students in the physical classroom, computers can be turned on for viewing lecture slides locally, Google-ing related technical information, and doing classroom exercises. A student's full attention is desired so the computers should not be used during lecture for email or anything that would distract them or others from the material being taught.

For students in the virtual classroom, use the "Raise hand" icon in CCC Confer to let the instructor know you have a question. The chat window can be used to ask questions and communicate with the instructor or other classmates. For students dialing in please use *6 on your phone to mute/unmute your line so background noises in your location don't distract the class.

Please plan on coming to all classes. If class will be missed let the instructor know ahead of time. It is the student's responsibility to get any missed material or information from other classmates (the forum is a good way to do this). Please note that being disruptive is grounds for being dropped from the class by the instructor.

Academic Conduct
Instructors at Cabrillo will not tolerate any forms of academic dishonesty. We do not accept remarkably similar assignments. Students who engage in violations of academic integrity (cheating, plagiarizing print or electronic sources, copying computer files, web site content) as outlined in Cabrillo's "Student Rights and Responsibilities" document are subject to disciplinary action by the instructor including receiving an "F" for the assignment, being dropped from the course with a "W" or being issued an "F" for the course.

Special Learning Needs
Veterans or students with disabilities, including "invisible" disabilities such as chronic diseases, learning, and psychological disabilities, are encouraged to explain their needs and appropriate accommodations to the instructor during office hours. Please bring a verification of your disability from the Learning Skills or DSPS offices and a counselor or specialist's recommendations for accommodating your needs.

As required by the Americans with Disabilities Act (ADA), accommodations are provided to insure equal opportunity for students with verified disabilities. If you need assistance with an accommodation, please contact the Learning Skills Program at 831-479-6220 (for students with learning disabilities and attention deficit disorders) or Disabled Student Programs and Services (DSPS) at 831-479-6379 or 831-479-6421 (TTY) to make arrangements as soon as possible.

Missing Classes and Drops
It is the student's responsibility to officially withdraw from classes. If you miss more than two classes or two lab assignments, the instructor may drop you from the course enrollment unless prior arrangements have been made and agreed to.