LAB OF COMPUTER SECURITY
- Academic year
- 2024/2025 Syllabus of previous years
- Official course title
- LAB OF COMPUTER SECURITY
- Course code
- ET7016 (AF:386299 AR:216870)
- Modality
- On campus classes
- ECTS credits
- 6
- Degree level
- Bachelor's Degree Programme
- Educational sector code
- ING-INF/05
- Period
- 1st Term
- Course year
- 3
- Where
- RONCADE
- Moodle
- Go to Moodle page
Contribution of the course to the overall degree programme goals
Computer and network security is one of the most critical areas in ICT. A digital manager must be aware of the foundations of computer security in order to manage this key component of any digital business activity.
The goal of this course is to introduce the technical foundations of computer and network security, in order to be able to understand the threats that any digital business can be subject to.
Students will approach the themes of computer security, networking principles, security protocols and security services, with a hands-on approach.
The goal of this course is to introduce the technical foundations of computer and network security, in order to be able to understand the threats that any digital business can be subject to.
Students will approach the themes of computer security, networking principles, security protocols and security services, with a hands-on approach.
Expected learning outcomes
During the course the student will achieve the following knowledge and skills:
Knowledge:
- The basics of a system administration, privileges and commands in a GNU/Linux environment;
- What is a security service, a security threat and a software bug;
- What are the foundations of computer communications (Internetworking) and the basics of network security;
- A primer on cryptography;
- Secure Internet protocols.
Skills; the student will be able to:
- Reproduce basic examples of typical software vulnerabilities;
- Perform basic network survey, security analysis and remote attacks (e.g. ethical hacking);
- Use and recognize secure Internet services;
The student will be also able to make assessments on the robustness and security features of systems with regards to typical security services (authentication, data secrecy, availability etc.) and to be able to communicate with experts of the domain on the security features that a specific service needs to offer to its users.
Knowledge:
- The basics of a system administration, privileges and commands in a GNU/Linux environment;
- What is a security service, a security threat and a software bug;
- What are the foundations of computer communications (Internetworking) and the basics of network security;
- A primer on cryptography;
- Secure Internet protocols.
Skills; the student will be able to:
- Reproduce basic examples of typical software vulnerabilities;
- Perform basic network survey, security analysis and remote attacks (e.g. ethical hacking);
- Use and recognize secure Internet services;
The student will be also able to make assessments on the robustness and security features of systems with regards to typical security services (authentication, data secrecy, availability etc.) and to be able to communicate with experts of the domain on the security features that a specific service needs to offer to its users.
Pre-requirements
Familiarity with programming languages, achieved with the "Introduction to Coding" course.
Contents
The course is structured in 5 weeks, each week addresses one topic and provides hands-on experience with the relevant related software tools. The program is not intended to be immutable, it can change based on the student's interest and reactions.
Week one: Introduction to information security and operating system (OS) security:
- Introduction to security services, threats and mechanisms;
- Introduction to the GNU/Linux OS, the users, the privileges and the design of the OS as an example of OS security.
Week two: OS Security:
- Software attacks: what is a vulnerability?;
- Examples of well-known vulnerabilities
- Sources of known vulnerabilities: Common Vulnerability Exposure;
Week three: Network Security:
- Introduction to networks and networking;
- Attacking remote systems;
- Known and typical attacks to various network layers: scanning, spoofing, DDoS, remote brute force.
Week four: Introduction to Cryptography:
- Classical cryptography concepts;
- Symmetric cryptography;
- Hash functions and HMAC;
- Example applications: password hashing and blockchains.
Week five: Asymmetric cryptography and PKI:
- Public/Private key cryptography;
- Certificates and PKI;
- Secure protocols: TLS;
Week one: Introduction to information security and operating system (OS) security:
- Introduction to security services, threats and mechanisms;
- Introduction to the GNU/Linux OS, the users, the privileges and the design of the OS as an example of OS security.
Week two: OS Security:
- Software attacks: what is a vulnerability?;
- Examples of well-known vulnerabilities
- Sources of known vulnerabilities: Common Vulnerability Exposure;
Week three: Network Security:
- Introduction to networks and networking;
- Attacking remote systems;
- Known and typical attacks to various network layers: scanning, spoofing, DDoS, remote brute force.
Week four: Introduction to Cryptography:
- Classical cryptography concepts;
- Symmetric cryptography;
- Hash functions and HMAC;
- Example applications: password hashing and blockchains.
Week five: Asymmetric cryptography and PKI:
- Public/Private key cryptography;
- Certificates and PKI;
- Secure protocols: TLS;
Referral texts
The lesson slides together with the lecture notes written by the professor are enough to prepare the exam.
More references:
One reference book that contains material for almost the whole course (and much more) is:
Wenliang Du: Computer & Internet Security: A Hands-on Approach, (second edition, 2019, ISBN: 978-1-7330039-2-6, hardcover. ISBN: 978-1-7330039-3-3, paperback). The book is available at: https://www.handsonsecurity.net/ .
Other books that can serve as additional references are:
Andrew S. Tanenbaum, David J. Wetherall, Computer Networks: Pearson, fifth edition.
Olivier Bonaventure Computer Networks: Principles, Protocols, Practice https://inl.info.ucl.ac.be/cnp3 (Creative Commons license, third edition).
William Stallings, Cryptography and Network Security, Pearson, seventh edition.
More references:
One reference book that contains material for almost the whole course (and much more) is:
Wenliang Du: Computer & Internet Security: A Hands-on Approach, (second edition, 2019, ISBN: 978-1-7330039-2-6, hardcover. ISBN: 978-1-7330039-3-3, paperback). The book is available at: https://www.handsonsecurity.net/ .
Other books that can serve as additional references are:
Andrew S. Tanenbaum, David J. Wetherall, Computer Networks: Pearson, fifth edition.
Olivier Bonaventure Computer Networks: Principles, Protocols, Practice https://inl.info.ucl.ac.be/cnp3 (Creative Commons license, third edition).
William Stallings, Cryptography and Network Security, Pearson, seventh edition.
Assessment methods
The grading will take place in two ways:
- multiple choice test + group project
- multiple choice test + written open-ended answers
The test will be composed of multiple choice questions which aim to evaluate the knowledge of the basic notions and the ability to interpret relationships between the topics covered (50% of the grade).
The project and/or the open-ended essay have the aim of verifying the skills developed in putting the concepts into practice, or in interpreting their applicability to complex scenarios (50%).
Students will be given optional assignments during the course as a self-check of understanding of the subject.
- multiple choice test + group project
- multiple choice test + written open-ended answers
The test will be composed of multiple choice questions which aim to evaluate the knowledge of the basic notions and the ability to interpret relationships between the topics covered (50% of the grade).
The project and/or the open-ended essay have the aim of verifying the skills developed in putting the concepts into practice, or in interpreting their applicability to complex scenarios (50%).
Students will be given optional assignments during the course as a self-check of understanding of the subject.
Type of exam
written
Teaching methods
Each week will be made of 60% lectures and 40% hands-on sessions. Students will install a virtual machine on which to experiment the commands and the software that is required to achieve the learning goals.
Teaching language
English
Definitive programme.
Last update of the programme: 04/03/2024