NOTE: THE WEB PAGE GOT CORRUPTED. ALL INFORMATION PRIOR TO WEEK 6 WAS ACCIDENTALLY DELETED. I HAVE RECONSTRUCTED IT AS BEST AS I CAN. THE SLIDES ARE THE SAME, BUT IT IS POSSIBLE THAT SOME OF THE READINGS ARE DIFFERENT. FOR THE FINAL EXAM, YOU WILL BE RESPONSIBLE FOR THE READINGS AS CURRENTLY LISTED, NOT AS THEY ORIGINALLY WERE. MY APOLOGIES FOR THIS PROBLEM.
This page is organized by the weeks of the quarter in which lectures were given. The weeks are in inverse order, on the assumption you will most often be looking for the most recent week.
This class will be taught by Peter Reiher. The textbook is Computer Security: Art and Science, by Matt Bishop. Assigned readings are from this book, unless otherwise indicated. Dr. Bishop has also published a second textbook that contains selected sections of this book, with a similar title. I can't guarantee that all material assigned will actually be in this other book, and it will definitely be at different pages if it's there at all.
I will be lecturing on these subjects during the class.
The TA for the course is Ilya Moiseenko -- iliamo@cs.ucla.edu . The labs for this course will consist of 5 hands-on, practical and exploratory projects covering security-related topics, plus a short introduction to the lab software. Office hour and discussion section information will be determined following the first recitation section and posted here.
Instructions for accessing the homework will be given out via email following the first class section and will be discussed during the first recitation section. The lab manual and all necessary materials for the labs are located here (login information for these resources will be provided on Thursday via email).
The midterm will be held on Thursday, November 1 in class. It will consist of multiple choice and short answer questions. Here is a sample midterm in a similar style. This midterm was offered several years ago, so the material I lectured on was somewhat different. Thus, some of the questions may be unfamiliar, but most of them are covered by what I lectured on this year. The midterm will cover all lecture and assigned reading material through the lecture before the midterm.
Here are the answers to the sample midterm.
The final exam will be held Wednesday, December 12 8-11, in our regular classroom. It will consist of multiple choice and short answer questions, much like the midterm exam. The exam will cover the entire class, but more emphasis will be on the materials presented after the midterm. Here is a sample final exam. This exame was offered several years ago, so the material I lectured on was somewhat different. Thus, some of the questions may be unfamiliar, but most of them are covered by what I lectured on this year. Here is an answer sheet for this sample exam.
Slides:
The SANS 20 Critical Control Web Page. This page has a couple of appendices at the end, which you are not responsible for. However, it also has links to 20 other pages, one for each of the critical controls. You should visit each of these pages and read the top portion of the page, titled on each "How Do Attackers Exploit the Absence of This Control?" Each of these sections is only 1-3 paragraphs long, and you need not read the rest of these pages, so the overall amount of reading is not that much.
Slides:
Textbook: Chapter 21 (pages 571 -608)
Slides:
No readings assigned for Thursday.
Slides:
No readings assigned for Tuesday.
Thanksgiving. No class today.
Slides:
No readings assigned for Tuesday.
Slides:
No readings assigned for Thursday.
Slides:
Textbook: Chapter 22 (pages 613-641)
Slides:
Textbook: Chapter 25 (pages 723-767)
Web link (not required reading):
SANS' frequently asked question page on intrusion detection contains links to a lot of useful information, without trying to sell you on a particular product.
Slides:
No new readings assigned for today.
MIDTERM
Slides:
Textbook: Chapter 26 (pages 773-799)
Slides:
Textbook: Chapter 24. (Pages 689-719)
Slides:
No readings for this class.
Slides:
Textbook: Chapter 12 (pages 309-335)
Web links:
A discussion on choosing secure passwords.
A short essay on the limits of using biometrics by Bruce Schneier. This essay is embedded in a longer newsletter. You need only read the section titled "Biometrics in Airports".
Slides:
No assigned readings for today.
Slides:
Textbook: Chapter 10, sections 10.1, 10.3, 10.4, and 10.5 (pages 245-246, 252-266)
Slides:
Textbook: Chapter 9, sections 9.2.2.2-9.7 (pages 227-241)
Slides:
Textbook: Introduction to Section IV and Chapter 9, sections 9.1-9.2.2.2 (pages 215-227).
Textbook: Chapter 2 (pages 31-44) and Chapter 15 (pages 381-396).
Slides:
Textbook: Chapter 4, Sections 4.1-4.6 (pages 95-114)
Chapter 5, Sections 5.1-5.2.2 (pages 123-132)
Chapter 6, Sections 6.1-6.2 (pages 151-155)
Chapter 7, Section 7.1 (pages 169-177)
Slides:
Textbook: Chapter 1 (pages 1-25)
Web links:
Improving the Security of Networked Systems, Julia Allen, Christopher Alberts, Sandi Behrens, Barbara Laswell, and William Wilson.
Why Computers Are Insecure, Bruce Schneier. (The link leads to an entire web page on various security subjects. Read it all, if you want, but the assignment is only this essay, which is around a page and a half.)
Social Engineering Fundamentals, Part I: Hacker Tactics Sarah Granger.
The Stuxnet worm was discussed in class. This article talks about how it was analyzed and determined to be intended for taking control of certain kinds of facilities.