Syllabus
Instructor Information
Role | Name | Office Phone | Office Location | |
---|---|---|---|---|
Instructor | Prof. William Enck | 919.513.7905 | whenck@ncsu.edu | 2240M EB2 |
TA | Alex Ross | - | ajross6@ncsu.edu | - |
TA | Hansol Lim | - | hlim5@ncsu.edu | - |
Virtual Office Hours
Prof. William Enck | Tuesdays 3-4pm and by appointment |
Alex Ross | Thursdays 4-5pm |
Hansol Lim | Fridays 11am-12n |
The Zoom link for office hours is listed in Moodle.
Preferred Method of Communication
Announcements and online class discussion will occur via Piazza. Important announcements may also be sent via the class Google Groups mailing list. General class questions should be conducted via the class Piazza. This will help other students who who have the same question. The discussion forum should only be used for non-sensitive information.
Students may also email the Instructor and TAs. When emailing, use “[CSC 474]” in the subject. Email the TAs and CC the instructor if a) you have a homework grading issue, or b) you need to ask a question that would reveal a partial/complete solution to a homework problem. Email the instructor or meet during office hours if a) you have an exam grading issue, or b) you have a personal issue that you don’t want to share with the TA.
Response Time
Instructors and TAs will do their best to respond to emails within 24 hours.
Course Information
Course | CSC474 - Network Security, Fall 2023 |
Credits | 3 |
Meeting Location | 1011 Engineering Building I (EB1) |
Meeting Times | Mo/We 11:45-1:00pm |
Course Website | https://people.csc.ncsu.edu/whenck/csc474/f23 |
Class Forum | Class discussion will take place via Piazza |
Prerequisites/Corequisites
Formal: CSC 230
General Education Program (GEP) Information
None
Course Overview
Catalog Description
Basic concepts and techniques in information security and management such as risks and vulnerabilities, applied cryptography, authentication, access control, multilevel security, multilateral security, network attacks and defense, intrusion detection, physical security, copyright protection, privacy mechanisms, security management, system assurance and evaluation, and information warfare. Coverage of high-level concepts such as confidentiality, integrity, and availability applied to hardware, software, and data. Credit not allowed for both CSC 474 and CSC 574.
Course Description
This course introduces students to network security. Students will learn about network attacks and vulnerabilities as well as current defenses. Topics covered include cryptography, authentication protocols, firewalls, intrusion detection systems, routing and DNS security, communication privacy and anonymity, and wireless security.
This introductory course will impart a broad understanding of the underpinnings of security techniques, security best practices, and security failures. The course should help students to understand the mindsets of attackers (the bad guys and gals who do malicious things on the network) and system designers and defenders (the good guys and gals who try to stop the attackers). The course should prepare students to understand and assess security threats, become familiar with security engineering best practices, and write better software, protocols, and systems.
Structure
This course meets in-person twice a week. Content is primarily delivered via lectures with integrated learning activities. Homework assignments provide a written questions that apply knowledge taught in the classroom. Weekly hands-on exercises extend knowledge taught in the classroom. A detailed list of lecture by lecture contents, is available on the course schedule. Details including descriptions and due dates for Homework and Exercises are available on their respetive pages. The schedule, assignments, and due dates are subject to change as the semseter evolves.
Student Learning Outcomes
By the end of this course, students will be able to:
- Explain concepts related to applied cryptography, including plaintext, ciphertext, symmetric cryptography, asymmetric cryptography, digital signatures.
- Outline the requirements and mechanisms for identification and authentication of users and computer systems, including authentication protocols and key management. Identify the possible threats to each mechanism and ways to protect against these threats.
- Explain common network and Web vulnerabilities and attacks, defense mechanisms against these attacks, and cryptographic protection mechanisms.
- Describe the methods and motivation of Internet malware, and explain existing defense mechanisms and their limitations.
Textbooks and Reading Material
Required Textbook and/or Software
- Paul C. Van Oorschot. Computer Security and the Internet: Tools and Jewels. Springer. 2020. Note: Author’s self-archived version is freely available.
Optional Materials
The following online books provide additional information.
- Ross Anderson. Security Engineering, 2nd Edition. Wiley. April 2008.
- Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press. October 1996.
Technology Requirements
Hardware
NC State’s Online and Distance Education provides technology requirements and recommendations for computer hardware.
Software
- Moodle and Wolfware
- Zoom
- Panopto
- Piazza
- Piazza Accessibility Statement - Please use https://piazza.com/lite with assistive technology
- Piazza Privacy Policy
- Linux desktop or Virtual Machine software to run Linux
Minimum Computer and Digital Literacy Skills
This is an undergraduate senior-level course in computer science. Students are expected to have basic knowledge of the Unix command line. They should also be able to pick up a new programming language (e.g., Python) with relative ease.
Netiquette
Students should be aware that their behavior impacts other people, even online. I hope that we will all strive to develop a positive and supportive environment and will be courteous to fellow students and your instructor. Due to the nature of the online environment, there are some things to remember when taking an online course and engaging with others.
Tips for Success:
- Do: Follow the same standards of behavior that you subscribe to offline. Keep in mind that all online communication is documented and therefore permanent.
-
Don’t: Flame others in discussion forums. Flaming is the act of responding in a highly critical, sarcastic, or ridiculing manner – especially if done on a personal level. Remember that these discussions are meant for constructive exchanges and learning!
- Do: Ensure you are responding to forums by the due date, in order to leave time for peers to comment on your response.
-
Don’t: Go for long periods of time without communicating to your instructors or classmates. It is important to stay a part of the online community!
- Do: Remember to read over your posts before selecting “Submit.”
- Don’t: Use slang, poor grammar, and other informal language in discussion forums or email messages to instructors or classmates.
Grading
The course will consist of two midterms, a final, two homework assignments, weekly hands-on exercises, quizzes, and class discussion that contribute the the final grade in the following proportions:
- 15% Exam 1
- 15% Exam 2
- 15% Final Exam or average of Exam 1 and Exam 2
- 20% Homework Assignments
- 30% Weekly Hands-On Exercises
- 5% Podcast Discussion / Class Participation / Quizzes
The final letter grade will be based on the final percentage as follows:
A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F
REG 02.50.03 describes the grade point interpretation of letter grades.
Optional Final Exam: Students who are happy with the average of their Exam 1 and Exam 2 grades may request to use that average in place of taking the final exam. Students must explicitly inform the instructor of this choice and receive an acknowledgment. Simply missing the final exam will result in a zero for the final exam.
Homework Assignments: The instructor will two homework assignments that are due shortly before Exam 1 and Exam 2. The homework assignments will consist of written questions and are designed to help students prepare for the exams. The instructor will post the homework assignments before all of the content is covered in lectures. Students are encouraged to begin the homework early and ask questions during class or office hours. More details are on the Homework page.
Weekly Hands-On Exercises: The course will include (nearly) weekly hands-on exercises to supplement the concepts discussed in lectures. These exercises frequently provide experience with real tools and technologies. More details are on the Exercises page.
Podcast Discussion: Each week, the class will discuss the most recent podcast from Open Source Security. The evening before this class, students will submit relvant questions or comments about the podcast to be discussed. The instructor will use the student questions and comments to drive the discussion. The grade for this portion of the final grade will be based on the relevance of the question or comment (i.e., full credit if it is relevant). Students may miss submitting questions or comments for up to two podcasts.
Quizzes: The course may include unannounced quizzes. Students with legitmate reasons for missing class should contact the instructor before hand.
Course Schedule
See the course schedule. Note that the schedule is subject to change as the semester evolves.
The following are initial dates for exams and homework assignment due dates (subject to change):
- Exams
- Exam 1: Wed Sep 27, 2023 (in class)
- Exam 2: Wed Nov 15, 2023 (in class)
- Exam 2: Wed Dec 13, 2023 (12:00-2:30pm)
- Homework Assignments
- HW0: Fri Sep 01, 2023
- HW1: Fri Sep 22, 2023
- HW2: Fri Nov 10, 2023
- Weekly Hands-On Exercises
- Week 2: Sun Sep 03, 2023
- Week 3: Sun Sep 10, 2023
- Week 4: Sun Sep 24, 2023
- Week 7: Sun Oct 15, 2023
- Week 9: Sun Oct 22, 2023
- Week 10: Sun Oct 29, 2023
- Week 11: Sun Nov 05, 2023
- Week 13:
Course Policies
Late Assignments
Homework and Hands-On Exercise deadlines will be hard. Late assignments will be accepted within 24 hours with a 25% reduction in grade. Assignments submitted after 24 hours will have a 100% penalty. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.
Incomplete Grades
Extensions may be given for assignments due to exceptional circumstances. Assignments not completed by the end of the course will receive a grade of zero unless the student requests a Incomplete (IN) grade and a reasonable plan of completion is agreed upon with the instructor.
Attendance and Participation
The instructor will not take any formal attendance for class meetings. Participation will be assessed via the podcast discussion in Moodle. Note: exam material includes anything in the readings, slides, and topics discussed in class. Students missing class should consult classmates on missed material.
The university policy on excused absences will be observed (see REG 02.20.03). The students are responsible for discussing makeup exams if they miss exams due to excused absence. The instructor will choose a mutually agreed date and time for the makeup exam. Late submission of homework assignments due to excused absences is not subject to the policies on late assignments.
Ethics Statement
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. This is a very serious issue – violations may not just be immoral, they may violate federal laws.
When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.
Course-Specific Academic Integrity Policy
The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct. Students are also strongly encouraged to review the ACM Code of Ethics and Professional Conduct.
The instructor expects honesty in the completion of test and assignments. The instructor has a zero tolerance policy for violations of academic integrity. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign a negative grade and refer the student to the appropriate University bodies for possible further action. It is the understanding and expectation of instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid. For additional information, visit studentconduct.ncsu.edu.
Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.
University Policies
Academic Integrity and Honesty
Students are required to comply with the university policy on academic integrity found in the Code of Student Conduct. Therefore, students are required to uphold the university pledge of honor and exercise honesty in completing any assignment.
Please refer to the Academic Integrity web page for a detailed explanation of the University’s policies on academic integrity and some of the common understandings related to those policies.
Students may be required to disclose personally identifiable information to other students in the course, via electronic tools like email or web-postings, where relevant to the course. Examples include online discussions of class topics and posting of student coursework. All students are expected to respect the privacy of each other by not sharing or using such information outside the course.
Students are responsible for reviewing the NC State University PRR’s which pertains to their course rights and responsibilities:
- Equal Opportunity and Non-Discrimination Policy Statement and additional references
- Code of Student Conduct
- Grades and Grade Point Average
- Credit-Only Courses
- Audits
Students with Disabilities
Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with the Disability Resource Office at Holmes Hall, Suite 304,Campus Box 7509, 919-515-7653 . For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG02.20.01)
Trans-Inclusive Statement
In an effort to affirm and respect the identities of transgender students in the classroom and beyond, please contact me if you wish to be referred to using a name and/or pronouns other than what is listed in the student directory.
Basic Needs Security
Any student who faces challenges securing their food or housing or has other severe adverse experiences and believes this may affect their performance in the course is encouraged to notify the professor if you are comfortable in doing so. Alternatively, you can contact the Division of Academic and Student Affairs to learn more about the Pack Essentials program https://dasa.ncsu.edu/pack-essentials/
Course Evaluations
ClassEval is the end-of-semester survey for students to evaluate instruction of all university classes. The current survey is administered online and includes 12 closed-ended questions and 3 open-ended questions. Deans, department heads, and instructors may add a limited number of their own questions to these 15 common-core questions.
Each semester students’ responses are compiled into a ClassEval report for every instructor and class. Instructors use the evaluations to improve instruction and include them in their promotion and tenure dossiers, while department heads use them in annual reviews. The reports are included in instructors’ personnel files and are considered confidential.
Online class evaluations will be available for students to complete during the last two weeks of the semester for full semester courses and the last week of shorter sessions. Students will receive an email directing them to a website to complete class evaluations. These become unavailable at 8am on the first day of finals.
- Contact ClassEval Help Desk: classeval@ncsu.edu
- ClassEval website
- More information about ClassEval
Syllabus Modification Statement
Our syllabus represents a flexible agreement. It outlines the topics we will cover and the order we will cover them in. Dates for assignments represent the earliest possible time they would be due. The pace of the class depends on student mastery and interests. Thus minor changes in the syllabus can occur if we need to slow down or speed up the pace of instruction.