Home | Syllabus | Schedule | Class Notes | Resource links | Student projects

University of North Carolina at Chapel Hill
School of Information and Library Science

INLS 187: Information Security

Class Schedule

Note: You should bring your laptop computer to class daily (unless other instructions are given). The computer should be configured for wireless access to the campus network.

Wednesday, January 8 (online class notes)

  • Class introduction and overview
  • Laptop usage; Linux installation description
  • What is information security?
  • The modern security context
  • To do: subscribe to the class mailing list; get the class texts; prepare for your computer use
  • Read: Schneier Chapter 1, "Introduction"

Monday, January 13 (online class notes)

  • Information threats
  • Assessing risk
  • Types of attacks
  • The US Constitution and Bill of Rights
  • To Do: subscribe to ISN via majordomo@attrition.org
  • Read: US Constitution and Bill of Rights (via the LOC or via Gutenberg or read it elsewhere). Focus on the Bill of Rights.
  • Read: Schneier Chapter 2, "Digital threats"
  • Read: Schneier Chapter 3, "Attacks"

Wednesday, January 15 (online class notes)

  • Server security tour
  • Tools: ping, telnet, process listing
  • Automated and semi-automated security solutions
  • Tools: SAINT
  • Read: Toxen Chapter 1, "Introduction"
  • Read: Toxen Chapter 2, "Quick Fixes for Common Problems"

Monday, January 20: No class due to MLK holiday

Wednesday, January 22 (online class notes)

  • Historically interesting security events
  • Hacking 101
  • Hacker hangouts, publications and conferences
  • The Computer Fraud and Abuse Act of 1986
  • Tools: System updates and patches
  • Read: Toxen Chapter 3, "Quick and Easy Hacking and How to Avoid It"
  • Read: Toxen Chapter 4, "Common Hacking by Subsystem"
  • Skim: Toxen Appendix A: "Internet Resources for the Latest Intrusions and Defenses"
  • Skim: Toxen Appendix B: "Books, CD-ROMS and Videos"
  • Read: Peruse 2600.com online

Monday, January 27 (online class notes)

  • Security policy
  • Writing security and privacy policies
  • Evaluating security and privacy policies
  • 3rd party validation of privacy and security (BBBOnline, TRUSTe)
  • Read: Schneier Chapter 4, "Adversaries"
  • Read: Schneier Chapter 5, "Security needs"
  • Read: Toxen Chapter 7, "Establishing Security Policies"

Wednesday, January 29 (online class notes)

  • Ongoing vulnerabilities in FTP, Outlook and elsewhere
  • Monitoring network activity
  • Tools; netstat, TCPDUMP
  • Tools: nmap
  • Read: Toxen Chapter 5, "Common Hacker Attacks"
  • Read: Toxen Chapter 10, "Case Studies"

Monday, February 3 (online class notes)

  • Crypto; types of encryption
  • Steganography
  • Signal v. noise
  • DES and AES (Rinjdahl)
  • Read: Schneier Chapter 6, "Cryptography"
  • Read: Schneier Chapter 7, "Cryptography in context"

Wednesday, February 5 (online class notes)

  • Password systems
  • Tools: L0phtcrack (aka LC4), cracklib
  • Tools: rsh, ssh
  • Tools: GPG
  • Read: Toxen Chapter 8, "Trusting Other Computers"
  • Due: 1st assignment

Monday, February 10 (online class notes)

  • The Orange Book and Common Criteria
  • Organizations working on computer security
  • Read: Schneier Chapter 8, "Computer security"
  • Read: Schneier Chapter 9, "Identification and authentication"
  • Skim: ISO 15408, "Common Criteria CC V2.1" at NIST

Wednesday, February 12 (online class notes)

  • Firewalls and VPNs
  • Tools: iptables
  • Tools: IPSEC
  • Read: Toxen Chapter 6, "Advanced Security Issues"
  • Read: Toxen Chapter 9, "Gutsy Break-Ins"

Monday, February 17 (class cancelled due to snow and ice)

  • Telecommunications security
  • Networking infrastructure and resilience to attack
  • Read: Schneier Chapter 10, "Networked-computer security"
  • Read: Schneier Chapter 11, "Network security"

Wednesday, February 19 (online class notes)

Monday, February 24 (online class notes)

  • Viruses, worms, trojan horses and hybrids
  • Privacy and the law
  • The Database Nation
  • Read: Schneier Chapter 12, "Network defenses"
  • Read: Schneier Chapter 13, "Software reliability"

Wednesday, February 26 (online class notes)

  • DoS and DDoS
  • Tools: Anti-virus programs
  • Read: Toxen Chapter 11, "Recent Break-Ins"
  • Due: 2nd assignment

Monday, March 3

  • Movie: Freedom Downtime (first part)
  • Read: Schneier Chapter 14, "Secure hardware"
  • Read: Schneier Chapter 15, "Certificates and credentials"

Wednesday, March 5

  • Movie: Freedom Downtime (last part)
  • Read: Toxen Chapter 12, "Hardening Your System"
  • Read: Toxen Chapter 13, "Preparing Your Hardware"
  • Read: Toxen Chapter 14, "Preparing Your Configuration"

Monday, March 12 and Wednesday March 14: No class due to spring recess

Monday, March 17 (online class notes)

  • Guest speaker: John Reuning of iBiblio
  • Read: Schneier Chapter 16, "Security tricks"

Wednesday, March 19 (online class notes)

  • Guest speaker: Jeff Bollinger of ATN Security
  • Read: Toxen Chapter 15, "Scanning Your System"
  • Read: Toxen Chapter 16, "Monitoring Activity"
  • Due: 3rd assignment

Monday, March 24 (online class notes)

  • Personnel security
  • Social engineering
  • Organizational security
  • Disaster planning
  • Read: Schneier Chapter 17, "The human factor"
  • Read: Schneier Chapter 18, "Vulnerabilities and the vulnerability landscape"

Wednesday, March 26 (online class notes)

  • Integrity checking
  • Tools: Integrit and tripwire
  • Read: Toxen Chapter 17, "Scanning Your System for Anomalies"

Monday, March 31 (online class notes)

  • Security in libraries
  • TEACH legislation
  • PATRIOT act and the 4th Ammendment revisited
  • Read: Schneier Chapter 19, "Threat modeling and risk assessment"
  • Read: Schneier Chapter 20, "Security policies and countermeasures"
  • Read: ALA brief on TEACH legislation

Wednesday, April 2 (online class notes)

  • Software piracy
  • DVD piracy
  • Eavesdropping and surveillance
  • Tools: keystroke loggers
  • Tools: BO2K
  • Read: Toxen Chapter 18, "Regaining Control of Your System"
  • Read: BO2K legitimacy statement

Monday, April 7 (online class notes)

  • Cookies
  • Spam
  • Tools: privoxy and adsubtract
  • Tools: Spam filtering
  • Read: Schneier Chapter 21, "Attack trees"
  • Read: Schneier Chapter 22, "Product testing and verification"

Wednesday, April 9 (online class notes)

  • Incident handling
  • Forensic analysis
  • Read: Toxen Chapter 19, "Finding and Repairing the Damage"
  • Read: Toxen Chapter 20, "Finding the Attacker's System"
  • Due: 4th assignment

Monday, April 14 (online class notes)

  • Information ethics. How are ethics learned?
  • Being censorproof
  • Hactivismo
  • Freenet and other efforts at censorship bypass
  • Read: Schneier Chapter 23, "The future of products"
  • Read: Schneier Chapter 24, "Security processes"

Wednesday, April 16 (online class notes)

  • Proxy servers
  • Tools: socks
  • Tools: Logcheckers
  • Read: Toxen Chapter 21, "Having the Cracker Crack Rocks"

Monday, April 21 (online class notes)

  • Security certification
  • Read: Schneier Chapter 25, "Conclusion"

Wednesday, April 23 (online class notes)

  • Real and imagined risks
  • The future of information security
  • Careers in information security
  • Read: Schneier "Afterword"

Note: 5th assignment is due during the assigned final exam period, Monday May 5 at 8:00 a.m.


Most recently updated: Saturday, 30-May-2009 23:47:36 PDT