During this introductory course, students will learn fundamental security topics in a hands-on and applied fashion. Students will critically examine concepts such as basic networking, system administration, team dynamics, risk management and system security as well as identify and apply basic security hardening techniques. Students will gain practical experience using a virtualized lab environment where they will build, configure and secure a small corporate network.
Course faculty are responsible for planning, administering and overseeing the course in accordance with the University at Buffalo policies and this syllabus. Faculty also determine final course grades consistent with the grading policy in this syllabus.
| Name | Chat Username | |
|---|---|---|
| Kevin Cleary | kpcleary@buffalo.edu | cleary.kevin.p |
| Dave Murray | djmurray@buffalo.edu | djmurray |
| Dominic Sellito | dmsellit@buffalo.edu | dsellitto |
Student Instructors are responsible for implementing the course curriculum and providing extensive support and mentoring to the class participants. Most questions, unless believed to be sensitive, should be directed to a student instructor. Please consult Mattermost or UBLearns for office hour meeting details.
| Name | Chat Username | Office Hours | |
|---|---|---|---|
| Raymond Harenza | rwharenz@buffalo.edu | rwharenz | Tuesday 4:00pm-5:00pm |
| Ethan Viapiano | ethanvia@buffalo.edu | ethanvia | Thursday 4:00pm-5:00pm |
| Blake Turner | blaketur@buffalo.edu | blaketnr | Thursday 5:00pm-6:00pm |
| Jared Moskowitz | jsmoskow@buffalo.edu | jsmoskow | Monday 2:00pm-3:00pm |
| Caleb Garver | cbgarver@buffalo.edu | cbgarver | Monday 4:00pm-5:00pm |
| Ben Donders | bhdonder@buffalo.edu | bhdonder | Wednesday 11:00am-12:00pm |
| Ben Juliano | bjjulian@buffalo.edu | bjjulian | Wednesday 3:00pm-4:00pm |
| Josh Wajnryb | jwajnryb@buffalo.edu | jwajnryb | Monday 11:00am-12:00pm |
| Name | Chat Username | |
|---|---|---|
| Mahek Acharya | mahekach@buffalo.edu | mahekacharya |
| Lauren Moore | lbmoore@buffalo.edu | lbmoore |
| Name | Chat Username |
|---|---|
| Vasu Baldwa | vasudevb |
| Phil Fox | xphilfox |
| Stephen James | stephenorjames |
| Anthony Magrene | magrene |
| Griffin Refol | grefol |
| Aaron Fiebelkorn | aaron |
| Website | ubnetdef.org/courses/syssec |
| Mattermost Chat | chat.ubnetdef.org |
| Wiki | wiki.ubnetdef.org |
| vCenter Server | cdr-vcenter.cse.buffalo.edu |
| UB VPN | buffalo.edu/ubit/service-guides/connecting/vpn/computer.html You need this to be able to connect to vCenter while off campus or off network. |
| Outcome | Assessment | ABET CAC | ABET EAC |
|---|---|---|---|
| Learn and Apply Basic Security Concepts | Homework & Project | 1 | 1,7 |
| Defend a Machine from Real-time Attackers | Competitions | 1,2,5 | 1,2,5,6,7 |
| Work Effectively in a Team | Competitions | 5 | 5 |
| Identify Threats and Vulnerabilities of Systems | Homework & Competitions | 1 | 1,6 |
| Effectively Communicate via Written Reports | Homework & Project | 3 | 3 |
Attendance for all lectures is required. One absence or late arrival is permitted without penalty. Each additional absence may result in a letter grade reduction in the course. Students arriving late or unprepared may also receive an equal or lesser penalty at the discretion of the instructor. Absences due to illness will be excused if the instructor is notified in advance, and the illness is documented by a physician or healthcare professional.
All students are required to participate fully in at least two cybersecurity competitions, one of which should be a UB Lockdown competition as either a competitor or competition organizer. Various competition opportunities will be announced throughout the semester.
Homework will be assigned each week, and will be based on the topics in the class schedule. Unless otherwise specified, they will be released and submitted at ublearns.buffalo.edu.
Homeworks will be accepted late (after 6:29pm Thursday) at a 25 point reduction each day. Each day after Thursday the point reduction will be at 11:59PM. Be careful submitting homeworks late, it’s easy to fall behind and they are the largest component of your grade!
An individual final project will be assigned at the end of the semester, which will require you to apply all the material covered during the semester. This will involve deploying, configuring, securing and assessing a small-scale enterprise network of Linux and Windows systems.
This schedule is subject to change.
| Week | Topic | Homework |
|---|---|---|
| Week 1 | Welcome - 1000-mile overview, vSphere, Virtualization | HW01 |
| Week 2 | Intermediate Networking (virtual lecture to precede) |
HW02 |
| Week 3 | Firewalls | HW03 |
| Week 4 | Windows | HW04 |
| Week 5 | Linux | HW05 |
| Week 6 | Windows Threat Hunting | HW06 |
| Saturday, October 5th, 2024: Internal Lockdown | ||
| Week 7 | Services + Hardening | HW07 |
| Week 8 | Software Security | HW08 |
| Week 9 | Advanced Networking | HW09 |
| Saturday, October 26th, 2024: Collegiate Lockdown | ||
| Week 10 | Firewalls 2 & Containerization | HW10 |
| Week 11 | Risk Analysis + Mangement | HW11 |
| Week 12 | OSINT & Digital Forensics Guest Lecture: Dominic Sellitto | Final Project |
| Week 13 | Pen Testing |
HW13 |
| Saturday, November 16th, 2024: HS Lockdown | ||
| Week 14 | Thanksgiving Break | |
| Week 15 | Powershell & Bash Scripting Basics | No HW |
The best way to request assistance is to ask on the Systems Security channel on the UBNetDef chat server. The instructors and mentors constantly monitor the chat, so it’s likely you will receive a response within 24-hours, if not sooner. If you do not have access to the UBNetDef chat server, please contact an instructor.
| Component | Percentage of overall grade |
|---|---|
| Attendance and Professionalism | 10% |
| Homework | 65% |
| Final Project | 15% |
| Competitions (2) | 10% |
| Total | 100% |
| Letter grade | Percentage |
|---|---|
| A | ≥ 93% |
| A- | ≥ 90% |
| B+ | ≥ 87% |
| B | ≥ 83% |
| B- | ≥ 80% |
| C+ | ≥ 77% |
| C | ≥ 73% |
| C- | ≥ 70% |
| D | ≥ 65% |
| F | <65% |
In certain cases, students may be eligible to receive a temporary incomplete (‘I’) grade. A grade of incomplete (‘I’) indicates that additional course work is required to fulfill the requirements of a given course. Students may only be given an ‘I’ grade if they have a passing average in coursework that has been completed and have well-defined parameters to complete the course requirements that could result in a grade better than the default grade. An ‘I’ grade may not be assigned to a student who did not attend the course. Detailed information is available from the Undergraduate Course Catalog.
Students are expected to exhibit professionalism, treat others with respect, and abide by the UB Classroom Conduct Policy.
This course allows the use of generative AI tools (e.g., ChatGPT) on certain assignments within given guidelines. Failure to follow these guidelines may be considered a violation of UB’s academic integrity policy. If you are unsure how and when generative AI can be used, be sure to ask.
Generative AI tools are best used as idea generation, not as a citable reference. Any use of generative AI tools must be rigorously documented and submitted with your assignment.
Students must conduct themselves in a manner that does not violate the University at Buffalo’s Academic Integrity Policy. Students found in violation of the Academic Integrity Policy will receive an F for the course.
As a student in cyber security, you are learning tools and given resources that are meant to help protect yourself and others. However, these tools and resources can also be used in malicious or illegal ways. It is imperative that while you are a representative of this class, and even well after, you perform any security education or training strictly inside our internal environment or a controlled and contained environment that you have prepared for yourself. Any activity outside of our internal environment is outside of our control and protection. If you are not sure what you’re doing, it is very easy to do something illegal without even knowing you are (even something as simple as port scanning outside our internal network). If you are unsure if something is allowed or not, contact one of the instructors or mentors. All network traffic inside our infrastructure will be monitored for malicious or suspicious activity. You are being given an opportunity to learn, so please do not waste it.
As a part of Systems Security, you are granted permissions to create Virtual Machines on the vCenter environment for educational purposes. Any misuse of the environment will result in immediate failure of the course.
All traffic within the vCenter environment is logged. Traffic captures may be shared with other individuals within UBNetDef for educational purposes. We highly discourage logging into any personal websites on a Virtual Machine hosted in the vCenter environment.
If you require reasonable accommodations to participate in this course, please contact the Office of Accessibility Resources in 60 Capen Hall, 716-645-2608 and also the instructor of this course during the first week of class.