Syllabus

Instructor Information

Role	Name	Office Phone	Email	Office Location
Instructor	Prof. William Enck	919.513.7905	whenck@ncsu.edu	2240M EB2
TA	Jinku Cui	-	jcui23@ncsu.edu	-
TA	Zhizhen Li	-	zli92@ncsu.edu	-

Virtual Office Hours

Prof. William Enck	Tuesdays 3-4pm and by appointment
Jinku Cui	Wednesdays 2-3pm
Zhizhen Li	Tuesdays 3-4pm

The Zoom link for office hours is listed in Moodle.

Preferred Method of Communication

Announcements and online class discussion will occur via Piazza. Important announcements may also be sent via the class Google Groups mailing list. General class questions should be conducted via the class Piazza. This will help other students who who have the same question. The discussion forum should only be used for non-sensitive information.

Students may also email the Instructor and TAs. When emailing, use “[CSC 474]” in the subject. Email the TAs and CC the instructor if a) you have a homework grading issue, or b) you need to ask a question that would reveal a partial/complete solution to a homework problem. Email the instructor or meet during office hours if a) you have an exam grading issue, or b) you have a personal issue that you don’t want to share with the TA.

Response Time

Instructors and TAs will do their best to respond to emails within 24 hours.

Course Information

Course	CSC474 - Network Security, Fall 2022
Credits	3
Meeting Location	2336 Fitts-Woolard Hall
Meeting Times	Tu/Th 11:45-1:00pm
Course Website	https://people.engr.ncsu.edu/whenck/csc474/f22
Class Forum	Class discussion will take place via Piazza

Prerequisites/Corequisites

Formal: CSC 230

General Education Program (GEP) Information

None

Course Overview

Catalog Description

Basic concepts and techniques in information security and management such as risks and vulnerabilities, applied cryptography, authentication, access control, multilevel security, multilateral security, network attacks and defense, intrusion detection, physical security, copyright protection, privacy mechanisms, security management, system assurance and evaluation, and information warfare. Coverage of high-level concepts such as confidentiality, integrity, and availability applied to hardware, software, and data. Credit not allowed for both CSC 474 and CSC 574.

Course Description

This course introduces students to network security. Students will learn about network attacks and vulnerabilities as well as current defenses. Topics covered include cryptography, authentication protocols, firewalls, intrusion detection systems, routing and DNS security, communication privacy and anonymity, and wireless security.

This introductory course will impart a broad understanding of the underpinnings of security techniques, security best practices, and security failures. The course should help students to understand the mindsets of attackers (the bad guys and gals who do malicious things on the network) and system designers and defenders (the good guys and gals who try to stop the attackers). The course should prepare students to understand and assess security threats, become familiar with security engineering best practices, and write better software, protocols, and systems.

Structure

This course meets in-person twice a week. Content is primarily delivered via lectures with integrated learning activities. Homework assignments provide a combination of written questions that apply knowledge taught in the classroom and more hands-on or programming questions that extend knowledge taught in the classroom. A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.

Student Learning Outcomes

By the end of this course, students will be able to:

• Explain concepts related to applied cryptography, including plaintext, ciphertext, symmetric cryptography, asymmetric cryptography, digital signatures.
• Outline the requirements and mechanisms for identification and authentication of users and computer systems, including authentication protocols and key management. Identify the possible threats to each mechanism and ways to protect against these threats.
• Explain common network and Web vulnerabilities and attacks, defense mechanisms against these attacks, and cryptographic protection mechanisms.
• Describe the methods and motivation of Internet malware, and explain existing defense mechanisms and their limitations.

Textbooks and Reading Material

Required Textbook and/or Software

• Paul C. Van Oorschot. Computer Security and the Internet: Tools and Jewels. Springer. 2020. Note: Author’s self-archived version is freely available.

Optional Materials

The following online books provide additional information.

• Ross Anderson. Security Engineering, 2nd Edition. Wiley. April 2008.
• Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press. October 1996.

Technology Requirements

Hardware

NC State’s Online and Distance Education provides technology requirements and recommendations for computer hardware.

Software

• Moodle and Wolfware
  • Moodle Accessibility Statement
  • Moodle Privacy Policy
  • NC State Privacy Policy
• Zoom
  • Zoom Accessibility Statement
  • Zoom Privacy Policy
• Panopto
  • Accessibility Features
  • Privacy Policy
• Piazza
  • Piazza Accessibility Statement - Please use https://piazza.com/lite with assistive technology
  • Piazza Privacy Policy
• Linux desktop or Virtual Machine software to run Linux

Minimum Computer and Digital Literacy Skills

This is an undergraduate senior-level course in computer science. Students are expected to have basic knowledge of the Unix command line. They should also be able to pick up a new programming language (e.g., Python) with relative ease.

Netiquette

Students should be aware that their behavior impacts other people, even online. I hope that we will all strive to develop a positive and supportive environment and will be courteous to fellow students and your instructor. Due to the nature of the online environment, there are some things to remember when taking an online course and engaging with others.

Tips for Success:

• Do: Follow the same standards of behavior that you subscribe to offline. Keep in mind that all online communication is documented and therefore permanent.

• Don’t: Flame others in discussion forums. Flaming is the act of responding in a highly critical, sarcastic, or ridiculing manner – especially if done on a personal level. Remember that these discussions are meant for constructive exchanges and learning!

• Do: Ensure you are responding to forums by the due date, in order to leave time for peers to comment on your response.

• Don’t: Go for long periods of time without communicating to your instructors or classmates. It is important to stay a part of the online community!

• Do: Remember to read over your posts before selecting “Submit.”
• Don’t: Use slang, poor grammar, and other informal language in discussion forums or email messages to instructors or classmates.

Grading

The course will consist of two midterms, a final, five homework assignments, quizzes, and class discussion that contribute the the final grade in the following proportions:

• 15% Exam 1
• 15% Exam 2
• 15% Final Exam or average of Exam 1 and Exam 2
• 50% Homework Assignments
• 5% Podcast Discussion / Class Participation

The final letter grade will be based on the final percentage as follows:

A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F

REG 02.50.03 describes the grade point interpretation of letter grades.

Optional Final Exam: Students who are happy with the average of their Exam 1 and Exam 2 grades may request to use that average in place of taking the final exam. Students must explicitly inform the instructor of this choice and receive an acknowledgment. Simply missing the final exam will result in a zero for the final exam.

Homework Assignments: The instructor will assign homework assignments on a periodic basis for topics associated with the class assignments. These homeworks include questions as well as programming tasks. The content and due dates of these assignments will be decided over the course of the semester. If you cannot attend a lecture, contact other students to see if any assignments have been made and consult the syllabus.

Podcast Discussion: Each week, the class will discuss the most recent podcast from Open Source Security. The evening before this class, students will submit relvant questions or comments about the podcast to be discussed. The instructor will use the student questions and comments to drive the discussion. The grade for this portion of the final grade will be based on the relevance of the question or comment (i.e., full credit if it is relevant). Students may miss submitting questions or comments for up to two podcasts.

Course Schedule

See the course schedule. Note that the schedule is subject to change as the semester evolves.

The following are initial dates for exams and homework assignment due dates (subject to change):

• Exams
  • Exam 1: Thu Sep 22 (in class)
  • Exam 2: Thu Nov 03 (in class)
  • Exam 2: Thu Dec 08 (12:00-2:30pm)
• Homework Assignments
  • HW0: Tue Aug 30
  • HW1: Tue Sep 13
  • HW2: Tue Oct 04
  • HW3: Tue Oct 18
  • HW4: Sun Oct 30
  • HW5: Thu Dec 01

Course Policies

Late Assignments

Homework and project deadlines will be hard. Late homework will be accepted within 24 hours with a 25% reduction in grade. Homeworks submitted after 24 hours will have a 100% penalty. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Incomplete Grades

Extensions may be given for assignments due to exceptional circumstances. Assignments not completed by the end of the course will receive a grade of zero unless the student requests a Incomplete (IN) grade and a reasonable plan of completion is agreed upon with the instructor.

Attendance and Participation

The instructor will not take any formal attendance for class meetings. Participation will be assessed via the podcast discussion in Moodle. Note: exam material includes anything in the readings, slides, and topics discussed in class. Students missing class should consult classmates on missed material.

The university policy on excused absences will be observed (see REG 02.20.03). The students are responsible for discussing makeup exams if they miss exams due to excused absence. The instructor will choose a mutually agreed date and time for the makeup exam. Late submission of homework assignments due to excused absences is not subject to the policies on late assignments.

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. This is a very serious issue – violations may not just be immoral, they may violate federal laws.

When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.

Course-Specific Academic Integrity Policy

The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct. Students are also strongly encouraged to review the ACM Code of Ethics and Professional Conduct.

The instructor expects honesty in the completion of test and assignments. The instructor has a zero tolerance policy for violations of academic integrity. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign a negative grade and refer the student to the appropriate University bodies for possible further action. It is the understanding and expectation of instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid. For additional information, visit studentconduct.ncsu.edu.

Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.

University Policies

Academic Integrity and Honesty

Students are required to comply with the university policy on academic integrity found in the Code of Student Conduct. Therefore, students are required to uphold the university pledge of honor and exercise honesty in completing any assignment.

Please refer to the Academic Integrity web page for a detailed explanation of the University’s policies on academic integrity and some of the common understandings related to those policies.

Students may be required to disclose personally identifiable information to other students in the course, via electronic tools like email or web-postings, where relevant to the course. Examples include online discussions of class topics and posting of student coursework. All students are expected to respect the privacy of each other by not sharing or using such information outside the course.

Students are responsible for reviewing the NC State University PRR’s which pertains to their course rights and responsibilities:

• Equal Opportunity and Non-Discrimination Policy Statement and additional references
• Code of Student Conduct
• Grades and Grade Point Average
• Credit-Only Courses
• Audits

Students with Disabilities

Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with the Disability Resource Office at Holmes Hall, Suite 304,Campus Box 7509, 919-515-7653 . For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG02.20.01)

Trans-Inclusive Statement

In an effort to affirm and respect the identities of transgender students in the classroom and beyond, please contact me if you wish to be referred to using a name and/or pronouns other than what is listed in the student directory.

Basic Needs Security

Any student who faces challenges securing their food or housing or has other severe adverse experiences and believes this may affect their performance in the course is encouraged to notify the professor if you are comfortable in doing so. Alternatively, you can contact the Division of Academic and Student Affairs to learn more about the Pack Essentials program https://dasa.ncsu.edu/pack-essentials/

Course Evaluations

ClassEval is the end-of-semester survey for students to evaluate instruction of all university classes. The current survey is administered online and includes 12 closed-ended questions and 3 open-ended questions. Deans, department heads, and instructors may add a limited number of their own questions to these 15 common-core questions.

Each semester students’ responses are compiled into a ClassEval report for every instructor and class. Instructors use the evaluations to improve instruction and include them in their promotion and tenure dossiers, while department heads use them in annual reviews. The reports are included in instructors’ personnel files and are considered confidential.

Online class evaluations will be available for students to complete during the last two weeks of the semester for full semester courses and the last week of shorter sessions. Students will receive an email directing them to a website to complete class evaluations. These become unavailable at 8am on the first day of finals.

• Contact ClassEval Help Desk: classeval@ncsu.edu
• ClassEval website
• More information about ClassEval

Syllabus Modification Statement

Our syllabus represents a flexible agreement. It outlines the topics we will cover and the order we will cover them in. Dates for assignments represent the earliest possible time they would be due. The pace of the class depends on student mastery and interests. Thus minor changes in the syllabus can occur if we need to slow down or speed up the pace of instruction.