During this introductory course, students will learn fundamental security topics in a hands-on and applied fashion. Students will critically examine concepts such as basic networking, system administration, team dynamics, risk management and system security as well as identify and apply basic security hardening techniques. Students will gain practical experience using a virtualized lab environment where they will build, configure and secure a small corporate network.
Course faculty are responsible for planning, administering and overseeing the course in accordance with the University at Buffalo policies and this syllabus. Faculty also determine final course grades consistent with the grading policy in this syllabus.
Student Instructors are responsible for implementing the course curriculum and providing extensive support and mentoring to the class participants. Most questions, unless believed to be sensitive, should be directed to a student instructor. Please consult Mattermost or UBLearns for office hour meeting details.
|Name||Chat Username||Office Hours|
|Raymond Harenzaemail@example.com||rwharenz||Tuesday 3:30p-4:30p|
|Ethan Viapianofirstname.lastname@example.org||ethanvia||Thursday 5:00p-6:00p|
|Dikshit Khandelwalemail@example.com||dikshitkhandelwal||Wednesday 12:00p-1:00p|
|Lauren Moorefirstname.lastname@example.org||lbmoore||Monday 1:00p-2:00p|
|Steffi Yehemail@example.com||cyeh4||Wednesday 2:00p-3:00p|
|Austin Chenfirstname.lastname@example.org||aechen2||Wednesday 3:00p-4:00p|
|Jonathan Pestingeremail@example.com||jlpestin||Monday 5:00p-6:00p|
|Kyle Lemmafirstname.lastname@example.org||kylelemm||Wednesday 11:00a-12:00p|
You need this to be able to connect to vCenter while off campus or off network.
|Outcome||Assessment||ABET CAC||ABET EAC|
|Learn and Apply Basic Security Concepts||Homework & Project||1||1,7|
|Defend a Machine from Real-time Attackers||Competitions||1,2,5||1,2,5,6,7|
|Work Effectively in a Team||Competitions||5||5|
|Identify Threats and Vulnerabilities of Systems||Homework & Competitions||1||1,6|
|Effectively Communicate via Written Reports||Homework & Project||3||3|
Attendance for all lectures is required. One absence or late arrival is permitted without penalty. Each additional absence may result in a letter grade reduction in the course. Students arriving late or unprepared may also receive an equal or lesser penalty at the discretion of the instructor. Absences due to illness will be excused if the instructor is notified in advance, and the illness is documented by a physician or healthcare professional.
All students are required to participate fully in at least two cybersecurity competitions, one of which should be a UB Lockdown competition as either a competitor or competition organizer. Various competition opportunities will be announced throughout the semester.
An individual final project will be assigned at the end of the semester, which will require you to apply all the material covered during the semester. This will involve deploying, configuring, securing and assessing a small-scale enterprise network of Linux and Windows systems.
This schedule is subject to change.
|Week 1||Welcome - 1000-mile overview, vSphere, Virtualization||HW01|
|Saturday, September 30th, 2023: Internal Lockdown|
|Week 6||Windows Threat Hunting||HW06|
|Week 8||Firewalls 2||HW08|
|Saturday, October 21st, 2023: Collegiate Lockdown|
|Week 9||Networking II||HW09|
|Week 10||Risk Analysis + Mangement||HW10|
|Week 11||Application Security
Guest Lecture: Tim Mongan
|Week 12||Pen Testing
|Week 13||Thanksgiving Break|
|Week 14||Digital Forensics
Guest Lecture: Dominic Sellitto
|Saturday, December 2nd, 2023: HS Lockdown|
|Week 15||Secure Coding||Final Project|
The best way to request assistance is to ask on the
Systems Security channel on the UBNetDef chat server. The instructors and mentors constantly monitor the chat, so it’s likely you will receive a response within 24-hours, if not sooner. If you do not have access to the UBNetDef chat server, please contact an instructor.
|Component||Percentage of overall grade|
|Attendance and Professionalism||10%|
In certain cases, students may be eligible to receive a temporary incomplete (‘I’) grade. A grade of incomplete (‘I’) indicates that additional course work is required to fulfill the requirements of a given course. Students may only be given an ‘I’ grade if they have a passing average in coursework that has been completed and have well-defined parameters to complete the course requirements that could result in a grade better than the default grade. An ‘I’ grade may not be assigned to a student who did not attend the course. Detailed information is available from the Undergraduate Course Catalog.
Students are expected to exhibit professionalism, treat others with respect, and abide by the UB Classroom Conduct Policy.
Students must conduct themselves in a manner that does not violate the University at Buffalo’s Academic Integrity Policy. Students found in violation of the Academic Integrity Policy will receive an F for the course.
As a student in cyber security, you are learning tools and given resources that are meant to help protect yourself and others. However, these tools and resources can also be used in malicious or illegal ways. It is imperative that while you are a representative of this class, and even well after, you perform any security education or training strictly inside our internal environment or a controlled and contained environment that you have prepared for yourself. Any activity outside of our internal environment is outside of our control and protection. If you are not sure what you’re doing, it is very easy to do something illegal without even knowing you are (even something as simple as port scanning outside our internal network). If you are unsure if something is allowed or not, contact one of the instructors or mentors. All network traffic inside our infrastructure will be monitored for malicious or suspicious activity. You are being given an opportunity to learn, so please do not waste it.
As a part of Systems Security, you are granted permissions to create Virtual Machines on the vCenter environment for educational purposes. Any misuse of the environment will result in immediate failure of the course.
All traffic within the vCenter environment is logged. Traffic captures may be shared with other individuals within UBNetDef for educational purposes. We highly discourage logging into any personal websites on a Virtual Machine hosted in the vCenter environment.
If you require reasonable accommodations to participate in this course, please contact the Office of Accessibility Resources in 60 Capen Hall, 716-645-2608 and also the instructor of this course during the first week of class.