Practical IT Security SeminarFDA146, 2003VT
|
|
Course plan
No of lectures
20 h.
Recommended for
PhD students interested in practical IT security, with strong focus on networking.
The course was last given
Never.
Goals
Get to know the security requirements that are imposed on todays IT infrastructure and systems, from the viewpoint of both the administrator and the potential attacker. This includes good overviews of the technologies, algorithms and standards with which security requirements can be achieved.
Prerequisites
Networking Technology (such as TCP/IP fundamentals), Unix (Knowledge of C for exercises). Nice to have: Unix Inter-Process Communication, Cryptography.
Organization
Lectures and exercises/mini-project.
Contents
In the first part of the seminar, basic cryptographic building blocks are
explained such that they can be used in a black-box fashion. This allows to
understand their properties, and how they can be employed in specific
application contexts. Concepts such as Confidentiality, Authenticity,
Integrity, Visibility, Availability and the corresponding terminologies are
introduced and relevant protcols presented. An extended look will also be taken
at security policies, and how they can be described and defined.
In a second part, the seminar focusses on the security problems that have
surfaced thanks to the increased networking of all aspects of our public and
private life through the Internet. The goal is to achieve an understanding of
the weaknesses of our IT infrastructure, and to be able to discern which tools
can be used to counter those weaknesses. This also contains a look at very
specific systems, and how they need to be augmented by security measures.
Finally, an overview over existing security systems is given, showing in what
context their use makes sense. Besides finished products like PGP, S/MIME,
Kerberos, Intrusion Detection System fundamentals are also examined. With this
analysis of real systems, usual forms of attacks and protective measures
against attacks are introduced.
Legal and ethical concerns and limitations in conjunction with the design,
building and operation of secure IT systems are are also discussed.
Literature
Network Security Essentials, William Stallings, 2000.
ISBN 0-13-016093-8.
Lecturers
Germano Caronni
Examiner
Nahid Shahmehri
Examination
Exercises, oral examination
Credit
3 credits
Comments
Page responsible: Director of Graduate Studies