USC Data Science 529 (DSci 526): Secure Systems Administration - Spring 2021

Lecture Wednesday - 2PM to 5:20PM PM, Online
Clifford Neuman


Announcements

The first lecture for DSci526 this semester will be on Wednesday January 20th, 2021.
Please log in to D2L, within the distrance education network platform, for the Zoom link to the live lecture.

Schedule

Course Description

The system security administrator is the focal point for planning security in the installation and the "front line" when defending systems from cyber attack. Typically systems come with security features turned off to facilitate initial operation and must be tailored to the security needs of the organization. The only thing between a new system and a cyber attacker is the knowledge of the system administrator. The system administrator not only assures that user IDs and an initial password are set robustly, but also configures firewalls, intrusion detection systems, etc. and facilitates the development and enforcement of effective security policy for the organization.

The system security administrator plays an integral role in the system security design, testing, certification, accreditation, and operation of complex cyber systems, as well as operationally defending the system against real-time attacks.

The course provides students with hands on experience in the field of security administration. The student will learn how a security professional fulfills various Information Assurance requirements using the Linux operating system (the same principles apply to other operating systems). Students will be presented throughout the semester with a series of hypothetical systems representative of typical services and organizational models. Working in groups, students will design their information architecture for the systems in such organizations, paying careful attention to the required and prohibited information flows. Students will individually submit their plans for the placement of data and defense technologies.

In teams, students will deploy systems to manage access to data according to their plans and deploy defensive technologies. The teams will then participate in a capture the flag competition where they seek to defend their systems, while compromising the security of the systems deployed by other teams. This process will be repeated four times during the semester, each focused on a different scenarios representing different classes of systems.

Lecture topics include an examination of server, workstation and network vulnerabilities; procedures and tools for security assessment; development of security policies, procedures and standards; firewalls, logging and audit tools, hardening scripts as well as other tools and techniques used to implement secure computing environments.

This course is intended for graduate students with the following qualification: typically coming out of computer science, mathematics, computer engineering, informatics, and/or Information security undergraduate program. Also, it is highly recommended that students have successfully completed coursework involving policy and network security.

Students in this class will learn primarily from hands on activities, augmented by lecture and weekly assigned readings. There will be a mid-term and final exam, and four case study group hands on exercises.

Course Objectives

This course is designed to transfer both knowledge and applicable skills in utilizing technology, methods and policy to solve the information security challenges. In doing so, many of the objectives will require a “hands-on” approach to learning. After completing this course, students will be able to:
  1. Analyze the needs of an organization and create an appropriate security policy and concomitant documentation
  2. Develop security requirements
  3. Evaluate exposure to risk in a computing environment
  4. Determine tools and techniques necessary to meet requirements
  5. Lead efforts to implement the necessary steps to meet security requirements
  6. Demonstrate the ability to recognize characteristics of various computer attacks to include:
    1. Malicious code
    2. Network attacks
  7. Develop responses to computer attacks
  8. Demonstrate the ability to interpret log files
  9. To demonstrate fluency in the use of the following security tools:
    1. Firewall
    2. Intrusion detection system
      1. Host-based
      2. Network-based
    3. Logfile watcher
  10. Create a firewall based upon a security policy.
  11. Use tools to conduct a vulnerability analysis of a live network
    1. Nmap
    2. Nessus
    3. Others as necessary
  12. Interpret the results of the vulnerability analysis, including defining recommendations for the network owner

Instructors and Assistants

Academic Integrity

Assignments

Course Grade Components

A letter grade will be assigned for each assignment, project, or exam. The individual assignment, project, and exam scores are based on student performance relative to other students in the class. The final course grade will be determined by weighted calculation from the component grades, and may be adjusted upward if the students participation is exemplary. The components of the final course grade are:

Lecture Slides

Course Materials - Readings - Suplemental list of useful references

Exams from Prior Years

Return of Course Assignments