Course Home Lectures Assignments Submitting Homework

COMS W4180 — Network Security

TueThu 2:40-3:55 PM
Room 535 S.W. Mudd


Introduction to network security concepts and mechanisms. Foundations of network security and an in-depth review of commonly-used security mechanisms and techniques, security threats and network-based attacks, applications of cryptography, authentication, access control, intrusion detection and response, security protocols (IPsec, SSL, Kerberos), denial of service, viruses and worms, software vulnerabilities, web security, wireless security, and privacy.

Computer Use
Homework Policies
Academic Honesty


COMS W3137 or W3139 and W4119, or the instructor's permission. If you have not taken W4119, see this and see me.

Teaching Assistants

Elli Androulaki <elli@cs....> (Office hours Thursday 4-6, Mudd 122A)
Isa Muqattash <imm2104@columbia...> (Office hours Wednesday 6-8, Mudd 122A)


Homeworks  50%

Exams will be open book/open notes.

If you have complaints about grading of any homework or exam question, please discuss it first with the TA, within two weeks of when the grade is assigned. If you're still not satisfied, forward all relevant email to me.


  • Kaufman, Perlman, and Speciner. Network Security: Private Communication in a Public World, Second Edition, Prentice Hall PTR, 2002, ISBN 0130460192. Required.
  • Cheswick, Bellovin, and Rubin. Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition, Addison-Wesley Professional, 2003, ISBN 020163466X. (Recommended)


TCP/IP Sockets in C -- Practical Guide for Programmers, by Michael J. Donahoo and Kenneth L. Calvert. They also have sort of an e-book

Also see — it's decent, though not perfect.

Computer Use

All programs must compile and run on the CLIC machines in the computer science department. To use these machines, you must have a CS account. If you do not have one, apply immediately, since you probably cannot do your homework without one. Programs may be written in Java or C.

You are, of course, welcome to develop and test your programs anywhere; however, all evaluation and grading will be done based on what happens on the CLIC machines. Programs that do not compile will receive no credit.


There will be approximately five homework assignments. Homeworks will consist of written answers and programming problems. All assigments must be submitted electronically; the exact mechanism will be announced shortly.

Homeworks serve three purposes: practice in the material covered in class, ensuring that you've learned material covered in class, and pedagogical. That is, you're expected to learn from the homework assignments. In particular, this means that not every last detail will be spelled out. You're expected to use sound judgment in making any necessary decisions. In general, the more central to the purpose of the assignment a decision is, the more critical it is.

All homeworks are due at the start of class. Homeworks received later that day lose 5%, the next day 10%, two days late 20%, three days late 30%; after that, zero credit. You need a really good reason to get an extension, backed up if necessary by appropriate documentation.

Assignments are here.

Academic Honesty

I expect students to observe the highest standards of academic honesty. The penalty for a first offense is a zero grade on the affected assignment and/or reduction in course grade; in addition, I will report the offense to the Academic Committee and to the Dean's office. There will be no warnings and no second chances.

Discussing lectures, assignments, algorithms, and the like is permitted and encouraged. Turning in someone else's answers or code is strictly prohibited, whether the source is someone else in the class or something you found on the Internet.

The CS department has its own academic honesty policy. You are responsible for reading, understanding, and following it.

This is a security course; that is not a license to hack. Attacking a machine is permissible if and only if you have been granted permission to do so. See the University's network use policy.