Overview

During this introductory course, students will learn fundamental security topics in a hands-on and applied fashion. Students will critically examine concepts such as basic networking, system administration, team dynamics, risk management and system security as well as identify and apply basic security hardening techniques. Students will gain practical experience using a virtualized lab environment where they will build, configure and secure a small corporate network.

Faculty

Course faculty are responsible for planning, administering and overseeing the course in accordance with the University at Buffalo policies and this syllabus. Faculty also determine final course grades consistent with the grading policy in this syllabus.

Name Email Chat Username
Dave Murray djmurray@buffalo.edu djmurray
Kevin Cleary kpcleary@buffalo.edu cleary.kevin.p

Student Instructors

Student Instructors are responsible for implementing the course curriculum and providing extensive support and mentoring to the class participants. Most questions, unless believed to be sensitive, should be directed to a student instructor. Please consult Mattermost or UBLearns for office hour meeting details.

Name Email Chat Username Office Hours
Raymond Harenza rwharanz@buffalo.edu rwharenz Wednesdays 1pm - 2pm
Phuong Quynh Nguyen pnnguyen@buffalo.edu pnnguyen Mondays 2:00pm - 3:00pm
Griffin Refol grefol@buffalo.edu grefol Mondays 8am - 9am
Fridays 9am - 10am
Ethan Viapiano ethanvia@buffalo.edu ethanvia Thursdays 5pm - 6pm

Student Volunteers

Name Email Chat Username
Radhika Jois radhikaj@buffalo.edu radhikaj
Lucas Crassidis lucascra@buffalo.edu luke
Vasu Baldwa vasudevb@buffalo.edu vasudevb
John Ryan jpryan2@buffalo.edu jpryan2

Alumni Volunteers

Name Chat Username
Aaron Fiebelkorn aaron
Phil Fox xphilfox
Stephen James stephenorjames
Shreya Lakhkar shreya
Anthony Magrene magrene
Aibek Zhylkaidarov aibek

Course Resources

Website ubnetdef.org/courses/syssec
Mattermost Chat chat.ubnetdef.org
Wiki wiki.ubnetdef.org
vCenter Server cdr-vcenter.cse.buffalo.edu
UB VPN buffalo.edu/ubit/service-guides/connecting/vpn/computer.html
You need this to be able to connect to vCenter while off campus or off network.

Student Learning Outcomes

Outcome Assessment ABET CAC ABET EAC
Learn and Apply Basic Security Concepts Homework & Project 1 1,7
Defend a Machine from Real-time Attackers Competitions 1,2,5 1,2,5,6,7
Work Effectively in a Team Competitions 5 5
Identify Threats and Vulnerabilities of Systems Homework & Competitions 1 1,6
Effectively Communicate via Written Reports Homework & Project 3 3

Course Requirements

Lectures

Attendance for all lectures is required. One absence or late arrival is permitted without penalty. Each additional absence may result in a letter grade reduction in the course. Students arriving late or unprepared may also receive an equal or lesser penalty at the discretion of the instructor. Absences due to illness will be excused if the instructor is notified in advance, and the illness is documented by a physician or healthcare professional.

Competition Participation

All students are required to participate fully in at least two cybersecurity competitions, one of which should be a UB Lockdown competition as either a competitor or competition organizer. Various competition opportunities will be announced throughout the semester.

Homework Assignments

Homework will be assigned each week, and will be based on the topics in the class schedule. Unless otherwise specified, they will be released and submitted at ublearns.buffalo.edu.

Final Project

An individual final project will be assigned at the end of the semester, which will require you to apply all the material covered during the semester. This will involve deploying, configuring, securing and assessing a small-scale enterprise network of Linux and Windows systems.

Class Schedule

This schedule is subject to change.

Week Topic Homework
Week 1 Welcome - 1000-mile overview, vSphere, Virtualization HW01
Week 2 Networking HW02
Week 3 Firewalls HW03
Week 4 Windows HW04
Saturday, September 24th, 2022: Internal Lockdown v2
Week 5 Linux HW05
Week 6 Windows Incident Response HW06
Week 7 Application Security
Guest Lecture: Tim Mongan
HW07
Saturday, October 15th, 2022: Lockdown v13
Week 8 Services HW08
Week 9 Advanced Firewalls HW09
Week 10 Advanced Networking
Guest Lecture: Kevin Cleary
HW10
Week 11 Risk Management
Guest Lecture: Anthony Magrene
HW11
Week 12 Penetration Testing HW12
Week 13 Fall Break
Week 14 Lockdown: The Blue Teams Strike back! Final Project
Saturday, December 3rd, 2022: Highschool Lockdown v8
Week 15 Digital Forensics
Guest Lecture: Dominic Sellitto
Final Project

Getting Assistance

The best way to request assistance is to ask on the Systems Security channel on the UBNetDef chat server. The instructors and mentors constantly monitor the chat, so it’s likely you will receive a response within 24-hours, if not sooner. If you do not have access to the UBNetDef chat server, please contact an instructor.

Grading Policy

Grading Breakdown

Component Percentage of overall grade
Attendance 10%
Weekly Projects 65%
Final Project 15%
Competitions (2) 10%
Total 100%

Grading Scale

Letter grade Percentage
A ≥ 93%
A- ≥ 90%
B+ ≥ 87%
B ≥ 83%
B- ≥ 80%
C+ ≥ 77%
C ≥ 73%
C- ≥ 70%
D ≥ 65%
F <65%

Incomplete Grades

In certain cases, students may be eligible to receive a temporary incomplete (‘I’) grade. A grade of incomplete (‘I’) indicates that additional course work is required to fulfill the requirements of a given course. Students may only be given an ‘I’ grade if they have a passing average in coursework that has been completed and have well-defined parameters to complete the course requirements that could result in a grade better than the default grade. An ‘I’ grade may not be assigned to a student who did not attend the course. Detailed information is available from the Undergraduate Course Catalog.

Course Policies

Classroom Conduct and Professionalism

Students are expected to exhibit professionalism, treat others with respect, and abide by the UB Classroom Conduct Policy.

Academic Integrity

Students must conduct themselves in a manner that does not violate the University at Buffalo’s Academic Integrity Policy. Students found in violation of the Academic Integrity Policy will receive an F for the course.

Ethics Policy

As a student in cyber security, you are learning tools and given resources that are meant to help protect yourself and others. However, these tools and resources can also be used in malicious or illegal ways. It is imperative that while you are a representative of this class, and even well after, you perform any security education or training strictly inside our internal environment or a controlled and contained environment that you have prepared for yourself. Any activity outside of our internal environment is outside of our control and protection. If you are not sure what you’re doing, it is very easy to do something illegal without even knowing you are (even something as simple as port scanning outside our internal network). If you are unsure if something is allowed or not, contact one of the instructors or mentors. All network traffic inside our infrastructure will be monitored for malicious or suspicious activity. You are being given an opportunity to learn, so please do not waste it.

vCenter Usage and Network Logging Notification

As a part of Systems Security, you are granted permissions to create Virtual Machines on the vCenter environment for educational purposes. Any misuse of the environment will result in immediate failure of the course.

All traffic within the vCenter environment is logged. Traffic captures may be shared with other individuals within UBNetDef for educational purposes. We highly discourage logging into any personal websites on a Virtual Machine hosted in the vCenter environment.

Accessibility Resources

If you require reasonable accommodations to participate in this course, please contact the Office of Accessibility Resources in 60 Capen Hall, 716-645-2608 and also the instructor of this course during the first week of class.