CYBV 302: Linux Security Essentials

The University of Arizona

College of Applied Science and Technology (CAST)
Fall 2024 (7W1)

Instructor: Ryan Hoy

Email: [email protected]
Office Hours: As needed
Course Delivery Method: Online
Location & Time: Live lectures will be held on Mondays from 8:00-11:00PM
Eastern time via Zoom (subject to change with notice).
See your D2L page for the link and additional details.

COURSE DESCRIPTION:
CYBV 302 provides students with an in-depth analysis of Linux and Unix security issues.
This includes configuration guidance using industry standards and benchmarks and
implementation through practical, real-world examples. The course will examine how to
mitigate or eliminate general problems that apply to Nix like OSs, including vulnerabilities
in passwords and password authentication systems, virtual memory system, and most
commonly run applications.

Prerequisites: None

REQUIRED TEXTS & LAB MATERIALS:

o Kinsey, D. and Rothwell, W. (2018). Linux Essentials for Cybersecurity. Hoboken,
NJ: Pearson. ISBN-10 0789759357, ISBN-13 978-0789759351
o Supplemental readings and other resources will be assigned on D2L throughout the
semester.

STUDENT LEARNING OUTCOMES:

Upon completion of this course students will be able to:
o Analyze Linux operating system components from the standpoint of security
o Examine which processes are running-and which may represent a threat
o Analyze logs, analytics, and auditing reports to pinpoint vulnerabilities
o Acquire critical information through advanced scripting techniques
 o Demonstrate critical thinking strategies including reasoning, problem solving,
analysis and evaluation by:
• Implementing OS hardening through industry standards
• Troubleshooting common security problems
• Detecting threats within networks
• Analyzing security logs and auditing reports

COURSE OBJECTIVES:
During this course, students will:
o Install, configure, and analyze Linux to achieve optimal security
o Securely configure accounts, devices, services, processes, data and networks
o Implement tools and automated scripting techniques for:
o Footprinting the network
o Penetration Testing
o Threat Detection
o Logging
o Auditing
o Software Management

EXPECTED COURSE WORKLOAD

Students should expect 3-hour weekly lectures and an additional 15 hours of
homework/exercises each week for this course. Live synchronous lectures will be held
each week. Students registered as Hybrid or ITV must attend the live synchronous
lectures. For online students that are unable to attend the live lectures, the lectures will
be recorded for viewing at their convenience.

REQUIREMENTS:
Requirements for the course are: seven quizzes. Students will be expected to draw on
assigned readings in the assigned textbooks, readings on D2L, and perform independent
research to complete all course assignments and examinations. No late work will be
accepted so please ensure you allot enough time to complete and turn in your work on
time.

GRADING:
The final grade in the course will be based upon:
Quizzes: 100% See Course Schedule/D2L
(7 Quizzes – 100 points each)

GRADING SCALE DISTRIBUTION

A 90 to 100 % 630 – 700 Points A
B 80 to 89% 560 – 629 Points B
C 70 to 79% 490 – 559 Points C
D 60 to 69% 420 - 489 Points D
E Below 60% 0 – 419 Points E
COURSE SCHEDULE:
Week 1 – Introducing Linux
• Week 1 Learning Objectives – Upon completion students will be able to identify
and describe:
o Linux Versions
o Linux File Structures
o Patching and Maintenance
o Password Representations
o Command Line Introduction
• Week 1 Assignments
o Week 1 Lecture & Presentation
o Read Chapters 1 - 5, 9, 10
o Week 1 Quiz

Week 2 – Command Line / Scripting

• Week 2 Learning Objectives – Upon completion students will be able to identify
and describe:
o Crontab and at
o Scripting
o Common Automation Tasks
o Develop an Automation Security Policy
• Week 2 Assignments
o Week 2 Lecture & Presentation
o Read Chapters 14 - 17
o Week 2 Quiz
o Week 2 Exercise – developing a security policy

Week 3 – Hardening Linux / Unix Systems 1

Week 3 Learning Objectives – Upon completion students will be able to identify
and describe:
o Memory Attacks and Overflows
o Vulnerability Minimization
o Boot-Time Configuration
o Encrypted Access
o Host Based Firewalls
• Week 3 Assignments
o Week 3 Lecture & Presentation
o Read Chapters 11, 12, 13, and 30
o Week 3 Quiz
o Week 3 Exercise – Analyze and Implement Host Based Firewalls
Week 4 – Hardening Linux / Unix Systems 2
• Week 4 Learning Objectives – Upon completion students will be able to identify
and describe:
o Rootkits and Malicious Software
o File Integrity Assessment
o Physical Attacks and Defenses
o User Access Controls
o Root Access Control
o Warning Banners
o Kernel Tuning for Security
• Week 4 Assignments
o Week 4 Lecture & Presentation
o Read Chapters 4 - 6
o Midterm Exam

Week 5 – Hardening Linux / Unix Systems 3

• Week 5 Learning Objectives – Upon completion students will be able to identify
and describe:
o Automating Tasks with SSH
o AIDE via SSH
o Linux / Unix Logging Overview
o SSH Tunneling
o Centralized Logging with Syslog - NG
• Week 5 Assignments
o Week 5 Lecture & Presentation
o Read Chapters 24 - 25
o Week 5 Quiz
o Week 5 Exercise – Log Analysis

Week 6 – Linux Application Security 1

• Week 6 Learning Objectives – Upon completion students will be able to identify
and describe:
o Chroot() for Application Security
o SCP-Only Shell
o SELinux Basics
o SELinux and the Reference Policy
• Week 6 Assignments
o Week 6 Lecture & Presentation
o Week 6 Quiz
o Week 6 Exercise – SELinux Lab
Week 7 – Linux Application Security 2
• Week 7 Learning Objectives – Upon completion students will be able to identify
and describe:
o BIND
o DNSSEC
o Apache
o Web Application Firewalls with mod_security
• Week 7 Assignments
o Week 7 Lecture & Presentation
o Read Chapters 31 - 33
o Final Exam
o Final Project
 University of Arizona Final Examination Policy: Final Exams | Office of the Registrar
(arizona.edu) and Final Exam Schedule http://www.registrar.arizona.edu/schedules/finals.htm
Grading Policy:
University policy regarding grades and grading systems is available at:
http://catalog.arizona.edu/policy/grades-and-grading-system

Requests for incompletes (I) and withdrawal (W) must be made in accordance with university
policies which are available at http://catalog.arizona.edu/policy/grades-and-grading-
system#incomplete and http://catalog.arizona.edu/policy/grades-and-grading-system#Withdrawal
respectively.

Classroom Behavior Policy:

To foster a positive learning environment, students and instructors have a shared responsibility.
We want a safe, welcoming, and inclusive environment where all of us feel comfortable with
each other and where we can challenge ourselves to succeed. To that end, our focus is on the
tasks at hand and not on extraneous activities (e.g., texting, chatting, reading a newspaper,
making phone calls, web surfing, etc.).

Threatening Behavior Policy:

The UA Threatening Behavior by Students Policy prohibits threats of physical harm to any
member of the University community, including to oneself. See:
http://policy.arizona.edu/education-and-student-affairs/threatening-behavior-students

Accessibility and Accommodations:

At the University of Arizona we strive to make learning experiences as accessible as possible. If
you anticipate or experience barriers based on disability or pregnancy, please contact the
Disability Resource Center (520-621-3268, https://drc.arizona.edu/) to establish reasonable
accommodations.

Code of Academic Integrity as described in the UA General Catalog:

Students are encouraged to share intellectual views and discuss freely the principles and
applications of course materials. However, graded work/exercises must be the product of
independent effort unless otherwise instructed. Students are expected to adhere to the UA Code
of Academic Integrity as described in the UA General Catalog. See:
https://deanofstudents.arizona.edu/policies/code-academic-integrity

The University Libraries have some excellent tips for avoiding plagiarism available at:
http://new.library.arizona.edu/research/citing/plagiarism

All written work is submitted to Turnitin, an anti-plagiarism application that compares submitted
assignments to a comprehensive database that includes all published and internet sources as well of
hundreds of thousands of student papers. You will be able to see for yourself what percentage of your
written work is considered “non-original” once you have submitted it to the appropriate Dropbox in
D2L. My position on plagiarism is non-negotiable—any written work that is plagiarized will result in a
failure for that assignment and possibly the course. Please familiarize yourself with the rules regarding
plagiarism.
Selling class notes and/or other course materials to other students or to a third party for resale is
not permitted without the instructor’s express written consent. Violations to this and other course
rules are subject to the Code of Academic Integrity and may result in course sanctions.
Additionally, students who use D2L or UA e-mail to sell or buy these copyrighted materials are
subject to Code of Conduct Violations for misuse of student e-mail addresses. This conduct may
also constitute copyright infringement.

UA Nondiscrimination and Anti-Harassment Policy:

The University is committed to creating and maintaining an environment free of discrimination;
see http://policy.arizona.edu/human-resources/nondiscrimination-and-anti-harassment-policy.
Our classroom is a place where everyone is encouraged to express well-formed opinions and their
reasons for those opinions. We also want to create a tolerant and open environment where such
opinions can be expressed without resorting to bullying or discrimination of others.

Absence and Class Participation Policy:

The UA’s policy concerning Class Attendance, Participation, and Administrative Drops is
available at: http://catalog.arizona.edu/policy/class-attendance-participation-and-administrative-
drop
The UA policy regarding absences for any sincerely held religious belief, observance or practice
will be accommodated where reasonable, http://policy.arizona.edu/human-resources/religious-
accommodation-policy.

Absences pre-approved by the UA Dean of Students (or Dean Designee) will be honored. See:
https://deanofstudents.arizona.edu/absences

Additional Resources for Students:

UA Academic policies and procedures are available at:

http://catalog.arizona.edu/policies

Student Assistance and Advocacy information is available at:

Student Assistance | Dean of Students Office (arizona.edu)

Academic Advising:
If you have questions about your academic progress this semester, please reach out to your
academic advisor (https://advising.arizona.edu/advisors/major). Contact the Advising Resource
Center (https://advising.arizona.edu/) for all general advising questions and referral assistance.
Call 520-626-8667 or email to [email protected]
 Life Challenges:
If you are experiencing unexpected barriers to your success in your courses, please note the Dean of
Students Office is a central support resource for all students and may be helpful. The Dean of Students
Office can be reached at (520) 621-2057 or [email protected].

Physical and Mental-Health Challenges:

If you are facing physical or mental health challenges this semester, please note that Campus Health
provides quality medical and mental health care. For medical appointments, call (520) 621-9202. For
After Hours care, call (520) 570-7898. For the Counseling & Psych Services (CAPS) 24/7 hotline, call
(520) 621-3334.

Confidentiality of Student Records

http://www.registrar.arizona.edu/personal-information/family-educational-rights-and-privacy-act-
1974-ferpa?topic=ferpa

*Subject to Change Statement

Information contained in the course syllabus, other than the grade and absence policy, may be subject
to change with advance notice, as deemed appropriate by the instructor.