PELLISSIPPI STATE TECHNICAL COMMUNITY COLLEGE 
MASTER SYLLABUS

CIW SECURITY ADMINISTRATOR CERTIFICATION
WEB 2691

Class Hours: 1.0

Credit Hours: 1.0

Laboratory Hours: 0.0

Revised: Fall 06

Catalog Course Description:

The preparatory course for the CIW Security Administrator exam (1D0-450) focuses on security administration skills that are not product- or system-specific. This course will use materials that allow students to instantly evaluate the level of IT knowledge achieved and will include practice exams.

Entry Level Standards:

Students taking this course should be proficient in Windows 98, 2000 or XP.

Prerequisites:

WEB 2200

Corequisites:

WEB 2601

Textbook(s) and Other Course Materials:

 Test preparation materials (CD) and cost of certification exam will run approximately $150 for this course. Your instructor will provide the URL to you to order the CD and will manage the ordering of the exam. Doing this through your instructor will get you the reduced price of $125. Otherwise, the cost for the CD and exam would be ~$300.

1.                    AssessPREP - CIW Security Administrator Individual License CD (1 year) Product Code: PRSAS-CASACL-PD-209 (Cost~$70) You need to order this directly from ProsoftTraining at http://sec.computerprep.com/pstcc/. AssessPREP is a computer-based assessment tool designed to measure a learner's proficiency on a given topic or application. The CIW AssessPREP CD will let you (a) pre-assess your aptitudes, then tailor your study accordingly (b) prepare for the certification exam (c) instantly evaluate course knowledge and (d) review materials in testing or study environments.

2.                    CIW Security Administrator Certification Exam You can either take the certification exam at Pellissippi State through the CIW Exam Membership Program (half price~$75) or go to a Prometric Testing Center to take the exam (~$125). Your instructor will order your exam if you take the exam at PSTCC.

Information on the CIW Security Administrator Certification Exam can be found at
http://www.ciwcertified.com/exams/1d0450.asp?comm=CND&llm=3#examinfo . This exam (CIW Security Administrator 1D0-450) specifically:

1. Contains a total of 60 items. To certify, you must correctly answer at least 45 of the 60 questions to achieve a total score of 75% or greater AND correctly answer at least 70% of the questions in each individual module.

2. You will have 75 minutes to complete the exam.

3. Each item offers four solutions or distracters. Exam candidates must select the one best solution for each item.

Security Administrator skills are not product- or system-specific. They are a combination of minimal technical and non-technical skills and knowledge required for those interested in developing specific Internet skills as a Web Security Administrator. The CIW Server Administrator exam focuses on server and network administration tasks and tools implemented by IT professionals. CIW Server Administrators manage and tune corporate e-business solutions and infrastructure including Web, FTP, news and mail servers, for midsize to large businesses. This certification validates knowledge and skills in configuring, managing and deploying e-business solutions servers.

1. Skills measured in the he CIW Security Administrator (1DO-450) exam include but are not limited to:

1.        Common IT services, focusing on hardware platforms and frequently used operating systems.

2.        TCP/IP configuration parameters, and Windows 2000 and Linux system configuration with static IP addresses.

3.        User access levels, password policies, and permissions based on standard practice and procedures.

4.        Management of users in Windows 2000 and Linux.

5.        Domain Name System (DNS) in Windows 2000 and Linux.

6.        Name resolution options for LANs and WANs, including the Windows Internet Naming Service (WINS) and Samba.

7.        Internet services including FTP and Telnet, and control of access to these services.

8.        Web servers, including Microsoft IIS and Apache Server.

9.        Advanced Web server administration tasks.

10.     User-based access to Web servers.

11.     Limitation of access based on IP addresses.

12.     Functionality of a Web server, including Perl configuration and additional services.

13.     Web server connection to a database via Open Database Connectivity (ODBC).

14.     Configuration and management of streaming media servers.

15.     Secure Sockets Layer (SSL) transactions.

16.     Management of news servers.

17.     Configuration and management of SMTP, IMAP and POP3 e-mail servers.

18.     Configuration and management of proxy servers and Internet servers.

19.     Server and service log analysis.

20.     System performance evaluation.

21.     Internal and external security risks.

NOTE: It is not necessary to pass the certification exam in order to pass this course. You will receive credit for taking the exam.

3. Supplementary Materials:
1. Software
   The following software should be installed on your system before beginning this class:

1.        Microsoft Windows (98/2000/Me or XP)

2.        Adobe Acrobat Reader. Download free from http://www.adobe.com/support/downloads/main.html

2. AssessPREP CD-ROM. You will purchase the AssessPREP CD-ROM with study files that you will use to pre-assess your skills, review the material covered on the actual certification exam, and use the material as practice for the exam.

NOTE: This course is one of a series in the Certified Internet Web (CIW) Professional program offered at Pellissippi State. This course is a part of the requirements for the PSTCC CIW Master Administrator certificate and can be used as a guided elective in the AAS in Media Technologies Web Concentration degree. The CIW certification program validates job-role skills competency for entry-level job seekers and seasoned professionals alike. Candidates can earn CIW certificates in various information technology (IT) job roles, from the foundational CIW Associate certification, continuing to CIW Professional and specialization certifications, and up to advanced-level Master CIW certifications. The course prepares you for the Master CIW Administrator certification. For detailed information, see CIW's website at http://www.ciwcertified.com/.

I. Week/Unit/Topic Basis:

 This course will begin on a specific date but the student can progress through the course objectives in a timeframe comfortable for him. If the student works hard, he can complete the coursework and certification exam before the formal end of the semester. The instructor will provide benchmarks for the completion of objectives during the semester. All students will complete the certification exam and course requirements by the end of the academic semester.

AssessPREP is a computer-based assessment tool designed to measure a learner's proficiency on a given topic or application. The CIW Security Administrator CD will assess a student's knowledge of the areas covered on the CIW Security Administrator Certification Exam (1D0-450).

Week

Topic

Phase I:
Fall\Spring Weeks 1-6
Summer Weeks 1-4

Order AssessPREP CD and certification exam. Student will order the AssessPREP CD (at the URL above). After installing the AssessPREP CD for this class on your computer, you can begin your self-study. The instructor will work with you to determine a date toward the end of the semester when you wish to schedule for the exam to be given; you must schedule the exam at least three weeks in advance of when you wish to take it. You can take the exam once. If you take the exam in the PSTCC CIW Exam lab, your scores will be recorded by the instructor and factored into your grade for this course; if you choose to take the exam in a testing center not associated with PSTCC, you will fax your test scores to the instructor so the score can be factored into your grade.

During Phase I of the semester, you will be studying and working through the companion CIW course (for this exam, the co-requisite course is WEB 2601 CIW Security Administrator). During this time, you can be using the AssessPREP CD to practice and review the material presented.

Phase II:
Fall/Spring Weeks 7-12
Summer Weeks 5-6

Use AssessPREP CD: Student will use the AssessPREP CD to review and practice for the CIW Security Administrator Certification Exam. Here are some of the activities on the CD you can use to help review and prepare for the certification exam:

Choose to take an exam or a drill by double clicking on the icons on the AssessPREP screen. The exams simulate the actual tests. Drills focus in a single subject matter.

Phase III:
Fall/Spring Weeks 13-14
Summer Weeks 7-8

Take WebCT Quizzes: Quizzes have been created in WebCT made up from the questions on the AssessPREP CD. You can take two Practice Quizzes (10 items each) before taking the 25-item Quiz that will count. The questions for all quizzes are randomly drawn from the test bank from the CD. Your performance on these quizzes will indicate to the instructor that you are studying and learning the skills presented from the companion course and from the CD and that you are progressing toward successful completion of the certification exam. Quizzes are only relevant when used with CIW AssessPREP Learning System student manuals. The materials allow for:

1. Multiple study modes for adaptive learning
2. Personalized study plan and progress reports
3. Study questions and reference tools
4. Simulations of actual testing environments
5. Alignment and references back to CIW instructor-led courseware
6. Drill-down testing on missed questions

Schedule and complete CIW Security Administrator Certification Exam (1D0-450). You need to schedule the date and time for your exam at least three weeks in advance. This is the lead time ProSoft needs for the certification exam to be ordered and scheduled for downloading to the CIW lab at PSTCC. The certification exam can be taken only once in this course.

II. Course Objectives*:

A.

Explain common IT services, focusing on hardware platforms and frequently used operating systems. (I)

B.

Apply TCP/IP configuration parameters, and Windows 2000, and Linux system configuration with static IP addresses. (I, IV)

C.

Apply user access levels, password policies, and permissions based on standard practice and procedures. (I, II)

D.

Describe management of users in Windows 2000 and Linux. (I, IV)

E.

Explain Domain Name System (DNS) in Windows 2000 and Linux. (I, II)

F.

Use name resolution options for LANs and WANs, including the Windows Internet Naming Service (WINS) and Samba. (II)

G.

Use Internet services including FTP and Telnet, and control of access to these services. (II, IV)

H.

Utilize web servers, including Microsoft IIS and Apache Server. (II, IV)

I.

Perform advanced Web server administration tasks. (II, IV)

J.

Utilize user-based access to Web servers. (II, IV)

K.

Explain the limitation of access based on IP addresses. (II, IV)

L.

Describe the functionality of a Web server, including Perl configuration and additional services. (II, IV)

M.

Apply web server connection to a database via Open Database Connectivity (ODBC). (II, IV)

N.

Apply configuration and management of streaming media servers. (II, IV)

O.

Utilize Secure Sockets Layer (SSL) transactions. (II, IV)

P.

Apply management of news servers. (II, IV)

Q.

Describe configuration and management of SMTP, IMAP and POP3 e-mail servers. (II, IV)

R.

Perform server and service log analysis. (II, IV)

S.

Explain configuration and management of proxy servers and Internet servers. (II, IV)

T.

Perform system performance evaluation. (II, IV)

U.

Describe internal and external security risks. (II, IV)

*Roman numerals after course objectives reference goals of the WEB program.

III. Instructional Processes*: 

Students will:

1.

1.        Explain the server and network administration tasks and tools required by IT professionals. (Technological literacy outcome)

2.

2.        Identify the current direction and application of server administration. (Technological literacy outcome)

3.

3.        Identify the differences between e-business solutions and infrastructure tools used in midsize to large businesses. (Technological literacy outcome)

4.

4.        Monitor FTP, news and mail servers, and Web servers. (Technological literacy outcome)

5.

5.        Configure and deploy e-business solutions servers. (Active Learning Strategies)

6.

6.        Use research activities to promote independent thinking. (Active Learning Strategies)

7.

7.        Use software tools and web development skills to administer web sites that are functional and efficient. (Active Learning Strategies)

*Strategies and outcomes listed after instructional processes reference TBR's goals for strengthening general education knowledge and skills, connecting course work to experiences beyond the classroom, and encouraging students to take active and responsible roles in the educational process. 

IV. Expectations for Student Performance*: 

Upon successful completion of this course, the student should be able to:

1.

List the services offered by IT departments. (A)

2.

Identify backbone and mission-critical services offered by IT departments. (A)

3.

Discuss the concepts of system maintenance, including fault tolerance, server optimization, and backup. (A)

4.

Identify common hardware platforms. (A)

5.

Describe capabilities of various platform components, including multiple CPUs, I/O issues, and system memory. (A)

6.

Define bandwidth and throughput (A)

7.

Identify common network operating systems (A)

8.

Determine the ideal operating system for a given environment. (A)

9.

Discuss system installation issues. (A)

10.

List key TCP/IP configuration parameters.  (B)

11.

Add NICs in Windows 2000 and Linux (B)

12.

Configure Windows 2000 with static IP addresses. (B)

13.

Configure Linux with static IP addresses. (B)

14.

Describe how DHCP works. (B)

15.

Define authentication. (C)

16.

Explain the share-level and user-level access security models. (C)

17.

Identify the purposes and functions of logon accounts, groups, and passwords. (C)

18.

Create a network password policy using standard practices and procedures. (C)

19.

Discuss permissions issues. (C)

20.

Describe the relationship between permissions and user profiles (C)

21.

Use administrative utilities for specific networks and operating systems (C)

22.

Identify the permissions needed to add, delete, or modify user accounts. (D)

23.

Identify the purpose of the Windows 2000 Security Accounts Manager. (D)

24.

Enforce system wide policies, including account lockout settings, password rules, and password aging. (D)

25.

Convert a FAT drive to NTFS. (D)

26.

Enable auditing in Windows 2000 Server. (D)

27.

View local and remote events in Event Viewer. (D)

28.

Manage file and directory ownership. (D)

29.

Manage user rights. (D)

30.

Enable custom user settings, such as specifying home directories, logon scripts, and dial-in access. (D)

31.

Identify accounts used by Windows 2000 services. (D)

32.

Create new accounts on Linux systems. (D)

33.

Set password-aging policies on Linux systems. (D)

34.

Set account policies in Linux. (D)

35.

View user accounts used by system daemons. (D)

36.

Explain run levels. (D)

37.

Use the ntsysv and chkconfig commands. (D)

38.

Explain the Domain Name System (DNS). (E)

39.

Identify DNS components, including zones, name server types, and resolvers. (E)

40.

List and create the common DNS record types, including A, NS, and CNAME. (E)

41.

Define reverse DNS lookup. (E)

42.

Implement DNS in Windows 2000 and Linux. (E)

43.

Deploy Dynamic DNS (DDNS). (E)

44.

Configure caching servers and forwarders. (E)

45.

Use nslookup and additional troubleshooting tools. (E)

46.

Explain the basics of NetBIOS, including the NetBIOS naming convention. (F)

47.

Identify additional name resolution options for LANs and WANs. (F)

48.

Implement and manage WINS. (F)

49.

Use Samba to create a WINS server in UNIX. (F)

50.

Configure a UNIX system as a WINS client. (F)

51.

Configure Samba systems to use Windows 2000 authentication. (F)

52.

Create and manage shares using Samba. (F)

53.

Deploy user-level and anonymous FTP access in Windows 2000 and Linux. (G)

54.

Describe standard and passive FTP. (G)

55.

Configure Telnet for Windows 2000 and Linux. (G)

56.

Configure finger in Linux. (G)

57.

Control access to Linux services. (G)

58.

Identify foundational services, including DNS, WINS, and Samba. (H)

59.

List mission-critical services, including Web servers, databases, e-commerce servers, news servers, streaming media servers, e-mail servers, and proxy servers.  (H)

60.

Discuss system maintenance and logging. (I)

61.

Describe performance monitoring and server optimization issues. (I)

62.

Explain the importance of implementing security features for your servers. (I)

63.

Identify the basic functions of a Web server. (I)

64.

Explain how a Web server identifies file types. (I)

65.

Customize the server root directories. (I)

66.

Redirect URLs and add default document types. (I)

67.

Enable user-based authentication for the Web server. (J)

68.

Control access to a Web server based on IP address. (K)

69.

Enable HTML administration for IIS 5.0. (L)

70.

Create virtual servers and directories (i.e. aliases) in IIS and Apache Server. (L)

71.

Implement common e-commerce elements, including databases and streaming media services. (M, N)

72.

Identify key HTTP error messages.  (N)

73.

Create a custom HTTP error message in IIS 5.0 (N)

74.

Explain how Web servers and clients and clients use MIME. (N)

75.

Describe how Web applications work with IIS 5.0. (N)

76.

Execute Active Server Pages (ASP) and CGI scripts in an e-commerce setting. (N)

77.

Connect a Web site to a database using a Web application. (N)

78.

Install, configure, and test a streaming media server. (N)

79.

Describe the functions of Secure Sockets Layer (SSL). (O)

80.

Identify the SSL handshake process. (O)

81.

Use the Internet Services Manager to generate an SSL certificate request. (O)

82.

Deploy the Certificate Authority snap-in to sign certificate requests. (O)

83.

Configure IIS 5.0 to use SSL. (O)

84.

Create newsgroups in both Windows 2000 and Linux. (P)

85.

Configure newsgroup expiration policies. (P)

86.

Control client access to a news server through IP access filtering and user-based authentications. (P)

87.

Describe the process of sending an e-mail message. (Q)

88.

Explain key e-mail server concepts, including forwarding, masquerading, and aliasing. (Q)

89.

Describe the functions of e-mail protocols such as SMTP, POP3, IMAP, and LDAP. (Q)

90.

Identify the purpose and usefulness of MX records. (Q)

91.

Discuss DNS as it applies to e-mail servers. (Q)

92.

Install an e-mail server in Windows 2000. (Q)

93.

Manage a Web-based e-mail service. (Q)

94.

Configure an e-mail server to filter content. (Q)

95.

Display a list server. (Q)

96.

Explain the benefits of a proxy server. (S)

97.

Differentiate between public and private IP addresses. (S)

98.

Install and configure web-based and SMTP-based proxy servers. (S)

99.

Explain the need for logging activity generated by servers and services. (R)

100.

Configure Web server logs in IIS, Apache Server, and ftpd. (R)

101.

Identify the need to check DNS and e-mail logs. (R)

102.

View information from a Web server log files using commercial log analysis software. (R)

103.

Explain the need for server monitoring and optimization. (T)

104.

Utilize tools when monitoring and optimizing servers. (T)

105.

Identify key Internet server elements to monitor. (T)

106.

Adjust Internet server settings to meet expected workload. (T)

107.

Identify ways to create fault tolerance in a network host. (U)

108.

Explain the concept of offsite storage. (U)

109.

Implement procedures for disaster assessment. (U)

110.

Follow a data-recovery strategy. (U)

111.

Implement recovery procedures to repair corrupted data. (U)

112.

Identify vulnerabilities commonly found in various operating systems. (U)

113.

List the steps to counteract operating system weaknesses. (U)

114.

Define firewall and intrusion detections concepts. (U)

115.

Discuss the effects of security measures on employees and system hosts. (U)

116.

Recognize security breaches. (U)

*Letters after performance expectations reference the course objectives listed above.

V. Evaluation:

A. Testing Procedures:

Online quizzes will be built into the course. The quiz items will be randomly generated from a bank of quiz items; each student may receive a different set of quiz questions over a specific topic.

1. 50% of grade: Completion of CIW Security Administrator Certification Exam. You do not have to pass the certification exam to pass this course. Your grade for this portion will be determined by the number of points you get correct on the exam. This will be combined with the points you earn on the other two percentage components of the course (Quizzes and Online Communication Tools) shown below.
             90 % of total correct = A
             80 % of total correct = B
             70 % of total correct = C
             60 % of total correct = D
             <60 % of total correct = F
2. 40% of grade: Quizzes--Online. Quizzes delivered online through WebCT will be used to measure your progress as you work independently with the AssessPREP CD. The questions you are studying and practicing from the CD will be included in a question database to be delivered in 25-item quizzes. Questions will be randomly selected from the database for each student for each quiz. Two practice quizzes and one graded quiz will be structured for each course objective. The quizzes are timed and the last one will simulate the way the actual certification exam is administered. You are encouraged to take all three tries to familiarize yourself with the questions.
3. 10% of grade: Online Communication Tools. Students will use email and discussion board to communicate with instructor and with each other.

B. Laboratory Expectations:

N/A

C. Field Work:

N/A

D. Other Evaluation Methods:

N/A

E. Grading Scale:

VI. Policies:

A. Attendance Policy:

Pellissippi State Technical Community College expects students to attend all scheduled instructional activities. As a minimum, students in all courses (excluding videotape and Web courses) must be present for at least 75 percent of their scheduled class and laboratory meetings in order to receive credit for the course. (Pellissippi State Catalog)

B. Academic Dishonesty:

You are expected to submit only work that you do yourself. Do not collaborate on work with other students unless you are given a group project. Failure to observe these rules could result in you receiving a failing grade or being dismissed from the class with a grade of F.
Plagiarism, cheating and other forms of academic misconduct are prohibited. A student guilty of academic misconduct, either directly or indirectly through participation or assistance, is immediately responsible to the instructor of the class. In addition to other possible disciplinary sanctions that may be imposed through the regular Pellissippi State procedures as a result of academic misconduct, the instructor has the authority to assign an F or a zero for the exercise or examination or to assign an F in the course. (Pellissippi State Catalog)

C. Accommodations for disabilities:

If you need accommodations because of a disability, if you have emergency medical information to share, or if you need special arrangements in case the building must be evacuated, please inform the instructor immediately. Please see the instructor privately after class or in his/her office. Students must present a current accommodation plan from a staff member in Services for Students with Disabilities (SSWD) in order to receive accommodations in this course. Services for Students with Disabilities may be contacted by going to Goins 127 or 131 or by phone: 694-6751(Voice/TTY) or 539-7153.

D. Other Policies:

Some exams are to be taken at the Testing Center at Pellissippi State. Policy requires that you have a photo ID to take a test in the Testing Center. Children are not allowed in the Testing Center. For location, hours, etc., refer to the Testing Center web site.

If you are taking this course at a distance and cannot come to the Pellissippi State Testing Center, it will be your responsibility to make arrangements for a proctored exam. Contact your instructor to discuss this matter.

Facilities: Students must have a valid Pellissippi ID to be presented on demand to gain access to Pellissippi facilities.

Hardware Requirements for This Course

IBM-type criteria:

1. Pentium Computer 300 MHz minimum (Pentium III/750 MHz preferred) processing speed
2. 128 MB RAM minimum
3. 256 KB L2 cache
4. Hard disk: 8 GB minimum
5. Monitor capable of at least 800 x 600 resolution
6. CD-ROM (DVD preferred) Drive 32X
7. 56 kbps modem with Internet access (high speed such as cable modem or DSL recommended, if possible)
8. Video adapter: at least 4 MB
9. Speakers and 16 bit sound card
10. Operating System: Windows 98 or higher

Macintosh criteria:

1. PowerPC minimum (G3/300 MHz preferred)
2. 128 MB RAM (
3. Monitor capable of at least 800 x 600 resolution
4. CD-ROM (DVD preferred)
5. 56 kbps modem with Internet access (high speed such as cable modem or DSL recommended, if possible)
6. Speakers
7. Video adapter: at least 4 MB
8. Operating System: Macintosh 8.5.1 or higher (Mac OS 8.6 or higher preferred)

Software Requirements for This Course

IBM-type criteria:

1. AssessPREP Security Administrator CD to be purchased at the URL listed above
2. Microsoft Windows (98/2000/Me or XP)
3. Internet Explorer 5.5 (or higher) with Outlook Express
4. Macromedia Shockwave and Flash players. Download free from http://www.macromedia.com/downloads/
5. Adobe Acrobar Reader. Download free from http://www.adobe.com/support/downloads/main.html
6. Crypto System FineCrypt version 1.0 (available on the student supplemental CD-ROM that ships with the text)
7. OPTIONAL: Netscape 7.0 (full installation)