Overview

During this introductory course, students will learn fundamental security topics in a hands-on and applied fashion. Students will critically examine concepts such as basic networking, system administration, team dynamics, risk management and system security as well as identify and apply basic security hardening techniques. Students will gain practical experience using a virtualized lab environment where they will build, configure and secure a small corporate network.

Faculty

Course faculty are responsible for planning, administering and overseeing the course in accordance with the University at Buffalo policies and this syllabus. Faculty also determine final course grades consistent with the grading policy in this syllabus.

Name Email Chat Username
Kevin Cleary kpcleary@buffalo.edu cleary.kevin.p
Dave Murray djmurray@buffalo.edu djmurray

Student Instructors

Student Instructors are responsible for implementing the course curriculum and providing extensive support and mentoring to the class participants. Most questions, unless believed to be sensitive, should be directed to a student instructor. Please consult Mattermost or UBLearns for office hour meeting details.

Name Email Chat Username Office Hours
Raymond Harenza rwharanz@buffalo.edu rwharenz Tuesday 1pm-2pm
Ethan Viapiano ethanvia@buffalo.edu ethanvia Wednesday 11am-12pm
Dikshit Khandelwal dikshitk@buffalo.edu dikshitkhandelwal Thursday 2pm-3pm
Lauren Moore lbmoore@buffalo.edu lbmoore Monday 2pm-3pm
Steffi Yeh cyeh4@buffalo.edu cyeh4 Thursday 3pm-4pm
Austin Chen aechen2@buffalo.edu aechen2 Monday 11am-12pm
Ben Juliano bjjulian@buffalo.edu bjjulian Tuesday 2pm-3pm
Josh Wajnryb jwajnryb@buffalo.edu jwajnryb Wednesday 1pm-2pm
Shreyas Ramesh ramesh3@buffalo.edu ramesh3 Thursday 1pm-2pm

Student Volunteers

Name Email Chat Username
Blake Turner blaketur@buffalo.edu blaketnr
Griffin Refol grefol@buffalo.edu grefol
Vasu Baldwa vasudevb@buffalo.edu vasudevb

Alumni Volunteers

Name Chat Username
Aaron Fiebelkorn aaron
Phil Fox xphilfox
Stephen James stephenorjames
Anthony Magrene magrene

Course Resources

Website ubnetdef.org/courses/syssec
Mattermost Chat chat.ubnetdef.org
Wiki wiki.ubnetdef.org
vCenter Server cdr-vcenter.cse.buffalo.edu
UB VPN buffalo.edu/ubit/service-guides/connecting/vpn/computer.html
You need this to be able to connect to vCenter while off campus or off network.

Student Learning Outcomes

Outcome Assessment ABET CAC ABET EAC
Learn and Apply Basic Security Concepts Homework & Project 1 1,7
Defend a Machine from Real-time Attackers Competitions 1,2,5 1,2,5,6,7
Work Effectively in a Team Competitions 5 5
Identify Threats and Vulnerabilities of Systems Homework & Competitions 1 1,6
Effectively Communicate via Written Reports Homework & Project 3 3

Course Requirements

Lectures

Attendance for all lectures is required. One absence or late arrival is permitted without penalty. Each additional absence may result in a letter grade reduction in the course. Students arriving late or unprepared may also receive an equal or lesser penalty at the discretion of the instructor. Absences due to illness will be excused if the instructor is notified in advance, and the illness is documented by a physician or healthcare professional.

Competition Participation

All students are required to participate fully in at least two cybersecurity competitions, one of which should be a UB Lockdown competition as either a competitor or competition organizer. Various competition opportunities will be announced throughout the semester.

Homework Assignments

Homework will be assigned each week, and will be based on the topics in the class schedule. Unless otherwise specified, they will be released and submitted at ublearns.buffalo.edu.

Final Project

An individual final project will be assigned at the end of the semester, which will require you to apply all the material covered during the semester. This will involve deploying, configuring, securing and assessing a small-scale enterprise network of Linux and Windows systems.

Class Schedule

This schedule is subject to change.

Week Topic Homework
Week 1 Welcome - 1000-mile overview, vSphere, Virtualization HW01
Week 2 Intermediate Networking
(virtual lecture to precede)
HW02
Week 3 Firewalls HW03
Week 4 Windows HW04
Saturday, Febuary 10th, 2024: HS Lockdown
Week 5 Linux HW05
Week 6 Windows Threat Hunting HW06
Week 7 Services + Hardening HW07
Week 8 Software Security HW08
Week 9 Spring Break
Week 10 Firewalls 2 HW10
Saturday, March 30th, 2024: Internal Lockdown
Week 11 Risk Analysis + Mangement HW11
Week 12 Data Loss Prevention
Guest Lecture: Tim Mongan
Week 13 Pen Testing
HW13
Saturday, April 20th, 2024: Collegiate Lockdown
Week 14 Network Resiliency
HW14
Week 15 OSINT & Digital Forensics
Guest Lecture: Dominic Sellitto
Final Project

Getting Assistance

The best way to request assistance is to ask on the Systems Security channel on the UBNetDef chat server. The instructors and mentors constantly monitor the chat, so it’s likely you will receive a response within 24-hours, if not sooner. If you do not have access to the UBNetDef chat server, please contact an instructor.

Grading Policy

Grading Breakdown

Component Percentage of overall grade
Attendance and Professionalism 10%
Weekly Projects 65%
Final Project 15%
Competitions (2) 10%
Total 100%

Grading Scale

Letter grade Percentage
A ≥ 93%
A- ≥ 90%
B+ ≥ 87%
B ≥ 83%
B- ≥ 80%
C+ ≥ 77%
C ≥ 73%
C- ≥ 70%
D ≥ 65%
F <65%

Incomplete Grades

In certain cases, students may be eligible to receive a temporary incomplete (‘I’) grade. A grade of incomplete (‘I’) indicates that additional course work is required to fulfill the requirements of a given course. Students may only be given an ‘I’ grade if they have a passing average in coursework that has been completed and have well-defined parameters to complete the course requirements that could result in a grade better than the default grade. An ‘I’ grade may not be assigned to a student who did not attend the course. Detailed information is available from the Undergraduate Course Catalog.

Course Policies

Classroom Conduct and Professionalism

Students are expected to exhibit professionalism, treat others with respect, and abide by the UB Classroom Conduct Policy.

Use of Generative AI

This course allows the use of generative AI tools (e.g., ChatGPT) on certain assignments within given guidelines. Failure to follow these guidelines may be considered a violation of UB’s academic integrity policy. If you are unsure how and when generative AI can be used, be sure to ask.

Generative AI tools are best used as idea generation, not as a citable reference. Any use of generative AI tools must be rigorously documented and submitted with your assignment.

Academic Integrity

Students must conduct themselves in a manner that does not violate the University at Buffalo’s Academic Integrity Policy. Students found in violation of the Academic Integrity Policy will receive an F for the course.

Ethics Policy

As a student in cyber security, you are learning tools and given resources that are meant to help protect yourself and others. However, these tools and resources can also be used in malicious or illegal ways. It is imperative that while you are a representative of this class, and even well after, you perform any security education or training strictly inside our internal environment or a controlled and contained environment that you have prepared for yourself. Any activity outside of our internal environment is outside of our control and protection. If you are not sure what you’re doing, it is very easy to do something illegal without even knowing you are (even something as simple as port scanning outside our internal network). If you are unsure if something is allowed or not, contact one of the instructors or mentors. All network traffic inside our infrastructure will be monitored for malicious or suspicious activity. You are being given an opportunity to learn, so please do not waste it.

vCenter Usage and Network Logging Notification

As a part of Systems Security, you are granted permissions to create Virtual Machines on the vCenter environment for educational purposes. Any misuse of the environment will result in immediate failure of the course.

All traffic within the vCenter environment is logged. Traffic captures may be shared with other individuals within UBNetDef for educational purposes. We highly discourage logging into any personal websites on a Virtual Machine hosted in the vCenter environment.

Accessibility Resources

If you require reasonable accommodations to participate in this course, please contact the Office of Accessibility Resources in 60 Capen Hall, 716-645-2608 and also the instructor of this course during the first week of class.