• TITLE
  • UNIT III: OPERATING SYSTEM SECURITY
  • Course title: Web Server and Application Security




    Download 39.03 Kb.
    Sana21.03.2017
    Hajmi39.03 Kb.

    METROPOLITAN COMMUNITY COLLEGE
    COURSE OUTLINE


    COURSE TITLE: Web Server and Application Security




    COURSE PREFIX AND NO. MCT 286 LEC 4.0 LAB 1.5 CREDIT HOURS 4.5



    COURSE DESCRIPTION:
    This course examines a variety of communication protocols, the servers that use them and their vulnerabilities. Students will explore methods to exploit vulnerabilities through Internet/Intranet applications. Discussion will center on best practices and students will use various utilities to build, test and defend servers in the web environment.
    COURSE PREREQUISITE:
    MCT 280 and good understanding of networking concepts
    RATIONALE:
    The astronomical growth in the Internet has made it a prime target for attack. Many companies rely on financial transactions in an environment where identity theft and malicious attacks on Internet functionality are a daily occurrence. It is vital that IT personnel understand the threats to their systems, how to build their system minimizing the risk and then how to monitor and defend it.
    REQUIRED TEXTBOOK (S) and/or MATERIALS:
    Title: Web Security - For Network and System Administrators
    Author: David Mackey
    Publisher: Course Technology
    Materials:
    Attached course outline written by: Jamie Bridgham Date: WI/03

    Revised by: Date:

    Effective Date: 03/WI

    Academic Dean: Thos C. Pensabene Date:


    TITLE: Web Server and Application Security PREFIX/NO.: MCT286




    COURSE OBJECTIVES:
    Upon successful completion of this course, the student will be able to:


    1. Understand and demonstrate the process of risk analysis in the web environment

    2. Demonstrate how to create a security policy and implement it in both Linux and Microsoft environments

    3. Discuss the need for security issue management, the role of security advisories and network monitors

    4. Describe the process required to respond to a security incident

    5. Identify the types of attacks directed to the web environment and demonstrate the proper methods to harden the network operating system and services involved

    6. Recognize and demonstrate Intrusion Detection Systems for web environments

    7. Understand and demonstrate how to evaluate applications and their potential threat to the network


    TOPICAL UNIT OUTLINE/UNIT OBJECTIVES:
    UNIT I: INFORMATION SECURITY AND PROCESSES

    1. Know and explain the CIA and PPP triads applying them to common network environments.

    2. Understand the process involved in evaluating risk and creating a complete and usable security policy including both Linux and Microsoft systems.

    3. Understand and demonstrate the security process and the role of advisories, evaluation, and targeted implementation in that process.


    UNIT II: THREATS

    1. Use appropriate tools to gather information about the network and its systems

    2. Use appropriate communication to gather user requirements

    3. Take both network and user information to create a risk analysis, ensuring user success with the least amount of exposure to the network.



    UNIT III: OPERATING SYSTEM SECURITY

    1. Understand the role of partitioning to create & maintain reliable systems

    2. Understand the purpose of service packs, patches, and hot fixes as they pertain to both server and workstation configurations.

    3. Understand and demonstrate methods used to maintain patches, service packs, and hot fixes including those used to monitor compliance.


    UNIT IV: NETWORK SECURITY

    1. Understand and demonstrate the role of the infrastructure as it pertains to application security

    2. Identify how and why web applications use ports, IP Addressing, name resolution and proxy to secure the network

    3. Identify new methods to combat attacks such as “ man-in-the-middle” and “session hijacking “


    UNIT V: APPLICATION SECURITY

    1. Install and configure a standard web sewer and recognize normal responses from it

    2. Target elements that increase risk factors such as banners, operating systems, open ports, etc,

    3. Understand and demonstrate appropriate placement of support servers such as SQL, Exchange, DNS, etc,


    UNIT VI: STANDARDS AND COMPLIANCE

    1. Understand how to survey and evaluate risks in a specific environment

    2. Take a specific risk management report and create a standards document.

    3. Understand & demonstrate the process used to create a compliance report configuring the tools necessary to complete it.


    UNIT VII: SECURITY TESTING

    1. Understand and demonstrate how to use and automate tools for monitoring a mature network

                  1. Recognize the difference between general tools and an IDS (Intrusion Detection System) used to monitor a network environment


    OUTCOME/ASSESSMENT MEASURES:
    Upon successful completion of the objectives for this course, the student will have acquired basic cognitive knowledge of
    This course requires students to work an average of 4.
    General (lot. generalis - umumiy, bosh) - qurolli kuchlardagi harbiy unvon (daraja). Dastlab, 16-a.da Fransiyada joriy qilingan. Rossiyada 17-a.ning 2-yarmidan maʼlum. Oʻzbekiston qurolli kuchlarida G.
    5 hours per week in hands-on, lab activity. Students are responsible for completing all lab work outside of the classroom. While you may choose to do this lab work somewhere other than the College, Metro provides computer labs for students who do not have the required resources or facilities available to them.
    OUTCOME MEASURES






    COURSE OBJECTIVES

    ASSESSMENT MEASURES

    1.

    Understand and demonstrate the process of risk analysis in the web environment

    Project:

    Midterm/Final:

    • Students will apply the correct definitions for term used in risk analysis

    • Students will demonstrate an understanding of the steps necessary to complete the risk assessment process

    2.

    Demonstrate how to create a security policy and implement it in both Linux and Microsoft environments

    Project:

    • Students will create a complete security policy including:

      • Risk Analysis

      • Operating System & Server Hardening

      • Infrastructure Hardening

      • Application Hardening

      • Incident Procedures

      • Auditing and Monitoring

    Midterm/Final:

    • Students will demonstrate an understanding of the steps necessary to complete their policy

    3.

    Discuss the need for security issue management, the role of security advisories and network monitors

    Project:

    • Students will successfully write an Incident Response Process as part of their Security Policy

    Log:

    • Students will maintain a log of responses during the duration of the course




    4.

    Describe the process required to respond to a security incident

    Project:

    • Students will successfully write an Incident Response Process as part of their Security Policy

    5.

    Identify the types of attacks directed to the web environment and demonstrate the proper methods to harden the network operating system and services involved

    Project:

    Midterm/Final:

    • Students will recognize the appropriate methods used in systems hardening

    6.

    Recognize and demonstrate Intrusion Detection Systems for web environments

    Project:

    • Students will successfully write, test and finalize the IDS for their Security Policy

    Midterm/Final:

    • Students will be able to define terms used in an IDS

    7.

    Understand and demonstrate how to evaluate applications and their potential threat to the network

    Project:

    • Students will successfully write, test and finalize hardened installations for their Security Policy




    Metro Community College Page of Revised: Mar 04


    Download 39.03 Kb.

    Bosh sahifa
    Aloqalar

        Bosh sahifa


    Course title: Web Server and Application Security

    Download 39.03 Kb.