Overview

During this introductory course, geared for students new to cyber security, students will be introduced to fundamental security topics. Students will critically examine concepts such as basic networking, system administration, and system security as well as identifying and applying basic security hardening techniques. Students will gain practical experience through a virtualized lab environment where they will be building a small corporate network.

Faculty Instructors

Faculty Instructors are responsible for administering the course in accordance with the University at Buffalo policies and this syllabus. Faculty Instructors also determine final course grades consistent with the grading policy in this syllabus.

Name Email Slack Username
Dave Murray djmurray@buffalo.edu djmurray
Kevin Cleary kpcleary@buffalo.edu cleary.kevin.p

Student Instructors

Student Instructors are responsible for running the class. Most questions, unless believed to be sensitive, should go to someone from this list.

Name Email Slack Username
Aaron Fiebelkorn amf42@buffalo.edu a-a-ron
Alexandra Mazzei ammazzei@buffalo.edu becausealex
James Droste jamesdro@buffalo.edu james
Jered Geist jeredgei@buffalo.edu jered
Stefan Jagroop stefanja@buffalo.edu stefanja
Tanmay Bhagwat tanmaybh@buffalo.edu usmarine

Course Resources

Website https://ubnetdef.org/courses/syssec
Slack Channel https://ubnetdef.slack.com
Assessment Engine https://assessment.ubnetdef.org
Wiki https://wiki.ubnetdef.org
vCenter Server cdr-vcenter1.cse.buffalo.edu
vCenter Client https://ubnetdef.org/vcenter

Student Learning Outcomes

Upon successful completion of this course a student will be able to… Assessment
Learn Basic Security Concepts and Topics Lesson 2, 12, 14 Deliverables
Setup a Virtual Router and Firewall Build-A-Network & Lesson 4, 10 Deliverables
Create and Deploy VMs running services Build-A-Network & Lesson 6, 7 Deliverables
Defend a Machine from Real-time Attackers Lesson 8 & 9 Deliverables

Course Materials

Course Requirements

Lectures

Attendance for all lectures is mandatory and each absence will result in a full letter grade penalty. One absence or late arrival is permitted without penalty. Students arriving late or unprepared may also receive a penalty at the discretion of the instructor. Absences due to illness may be excused if the instructor is notified in advance, and the illness is documented by a physician or healthcare professional.

Homework Assignments

This list of homework assignments is subject to change. For an up-to-date list, please check here.

Homework Due Date Report vCenter Wiki
CyberSecurity Job Postings September 15, 2016 @ 6:00PM
Topology of the LAN to their WAN September 22, 2016 @ 6:00PM
pfSense VM Setup September 29, 2016 @ 6:00PM
{Windows, Linux} Client Setup October 6, 2016 @ 6:00PM
{Web, Database} Server VM Setup October 13, 2016 @ 6:00PM
Windows Server VM Setup October 20, 2016 @ 6:00PM
Implementing a Password Policy Report October 27, 2016 @ 6:00PM
Post-Mortem Incident Report October 27, 2016 @ 6:00PM
Firewall Rules Implementation November 3, 2016 @ 6:00PM
TBD November 10, 2016 @ 6:00PM
TBD November 10, 2016 @ 6:00PM
TBD November 16, 2016 @ 6:00PM
Thanksgiving
TBD December 1, 2016 @ 6:00PM
TBD December 8, 2016 @ 6:00PM

Extra Mile Deliverables

As a note, the “Extra Mile” deliverables were created for advanced students who already know the material. Completion of Extra Mile deliverables is for “bragging rights” only. No additional or bonus points will be awarded if a group completes them. We will, however, stress that groups should do them, and possibly create a leaderboard for them as well.

Report Policies

TBA.

Competition Participation

The Crucible, a competition that happens during the semester in Systems Security, does not count for this requirement.

All students are required to participate fully in a Cyber Security competition, as well as the UB Lockdown competition. Various competitions will be announced throughout the academic semester.

Getting Assistance

The best way to request assistance is to ask on the #syssec channel on UBNetDef’s slack. The instructors and mentors are constantly on the slack, so it’s likely you will get a response within 24-hours, if not less. If you do not have access to the UBNetDef slack, please contact an instructor.

Grading Policy

Grading is done on a point scale, with a max available points of 2600. Late submissions are accepted, however, there will be a deduction of 50 points per week the deliverable due is late.

Points are accumulated by the following ways:

  1. Assignments - 1800 Points
    1. Build-A-Network: 600 Points
    2. Wiki Guides: 600 Points
    3. Reports: 600 Points
  2. Competition Participation - 800 Points
    1. Competitions will be announced during the semester. Examples include: National Cyber League, UB Lockdown, RIT ISTS, Alfred State ASIST.
    2. Each competition attended is worth 400 points.
Systems Security Grading Scale
A 2000-2600 Points
B 1400-1900 Points
C 800-1300 Points
D 400-700 Points
F 0-300 Points

Course Conduct

Academic Integrity

Students must conduct their coursework in a manner that does not violate the University at Buffalo’s Academic Integrity Policy. Students found in violation of the Academic Integrity Policy will receive an F for the course.

Ethics Policy

As a student in cyber security, you are learning tools and given resources that are meant to help protect yourself and others. However, these tools and resources can also be used in malicious or illegal ways. It is imperative that while you are a representative of this class, and even well after, you perform any security education or training strictly inside our internal environment or a controlled and contained environment that you have prepared for yourself. Any activity outside of our internal environment is outside of our control and protection. If you are not sure what you’re doing, it is very easy to do something illegal without even knowing you are (even something as simple as port scanning outside our internal network). If you are unsure if something is allowed or not, contact one of the instructors or mentors. All network traffic inside our infrastructure will be monitored for malicious or suspicious activity and acted upon with severe consequences if such privileges are abused. You are being given an opportunity to learn, please do not waste it.

vCenter Usage

As a part of Systems Security, you are granted permissions to create Virtual Machines on the vCenter environment, for educational purposes. Any misuse of the environment will result in the immediate failure of the student.

Network Logging Disclaimer

All traffic that occurs within the vCenter environment is being logged for analysis purposes. Traffic captures (pcaps) may be shared with other individuals within UBNetDef for educational purposes only. We highly discourage logging into any personal or social networking websites on a Virtual Machine hosted in the vCenter environment.