Overview
The final project for this course is the creation of a Technical Paper and Slide Presentation about an information security issue. Your security issue must be narrow enough in focus that you are able to perform the following and document the process in a technical paper:
Research: Conduct research in current professional literature on your security issue. What are the limitations in your topic? What are the implications of this security issue in today’s organization? How does it impact business processes?
Design: Design a solution for the issue.
Implement: Implement or simulate parts of the solution.
Analyze the process: What happened? Did you expect it to happen? What were the weaknesses in your solution? What did you learn? What improvements would you make to your original solution?
Report: Demonstrate what you learned by documenting the entire process.
You can choose one of the suggested projects listed below or choose a related project that excites you and/or complements your functions at your workplace.
Example Projects (Courtesy of University of Virginia Computer Science Candidates Projects)
Active Defense
It is challenging to track an attacker back through the internet and locate the attacker’s bases of operation and identity.
Design a trace-back system.
Is IP v6 an adequate base?
What legal/ethical impediments might there be to implementing your scheme?
Estimate performance costs of your trace mechanism.
How would attackers seek to avoid your trace, and how you could counter their attempts?
Create a Sandbox
Devise a scenario in which you place attackers in a sandbox.
How would you create the sandbox?
Could they detect that they have been corralled in your sandbox?
What can you learn about the hackers, their motivations, and their knowledge of your company’s systems through the sandbox technique?
Create a TCP/IP Hijacking Tool
Observe TCP/IP traffic.
Determine how to intrude upon a session without being observed.
Would you change messages, or insert your own messages?
Intrusion Detection
Create an intrusion detection system by adding code to Linux kernel for monitoring intrusions. Your approach would be to minimize false alarms, and to assure that your performance overhead is “acceptable.”
Set Out Some Honeypots
Your corporation maintains highly proprietary information and wants to use the honeypot technique to test whether attackers who would steal the corporation’s information are entering corporate systems.
Design the honey pots.
How would you keep the intruders “at bay”, i.e. manage the intruders when they appear?
Virtual Private Network for TCP and/or UDP packets using your own cryptographic code
Create a private network where all your data is encrypted.
Observe the packet headers to determine which packets should be encrypted.
Encrypt the data using your own encryption algorithm.
Objectives
To successfully complete this project, you will be expected to apply what you have learned in this course and should include several of the following course objectives:
Understand the tradeoffs between achieving business objectives and securing business information
Understand the role of firewalls, intrusion detection, intrusion prevention, and honey pot and computer forensics in information security
Examine important concerns in information security among business, governments, and users
Identify security management principles and develop sound processes and practices based upon those principles
Main Elements
Technical Paper
Your technical paper should include these main elements:
Abstract (100–150 words). Briefly address the problem and primary results.
Introduction (1–2 pages)
State the issue you selected
Why it is important
Why this issue is challenging
How your approach differs from other solutions (from your primary resources)
Components of your approach and any limitations you encountered
Body (5–7 pages)
State the problem(s)
State your approach
Include your results (include screen shots and other graphics that demonstrate implementation/simulation aspects of your project).
References to any related work that may exist
Conclusion
Slide Presentation (5-10 slides)
You may utilize a product such as Microsoft’s PowerPoint or Google Presentation to create your presentations.
There are various template designs that you can find on the web for your presentation. However, first consider your presentation from the perspective of your audience prior to selecting a specific style. Distracting backgrounds, large blocks of text, all uppercase fonts, elaborate font styles, grammatical errors, and misspellings are distracting. Be consistent with the style of text, bullets, and sub-points in order to support a powerful presentation that allows your content to be the focus.
Each slide should include your key point(s). Do not place large blocks of text on the visual. Your presentation is not a means of presenting a short paper. In an actual presentation you would not “read” from your slides but rather use them as prompts.
Any notes or narration you would use in delivering this presentation to a group should be listed in the “notes” section of the slide.
References should be listed at the bottom of the slide in slightly smaller text.
Use clip art, AutoShapes, pictures, charts, tables, and diagrams to enhance but not overwhelm your content.
Be mindful of the intended audience and seek to assess the presentation’s effectiveness by gauging audience comprehension (when possible).