Hide menu

Practical IT Security Seminar

FDA146, 2003VT

Status Archive
School Computer and Information Science (CIS)
Division ADIT
Owner Nahid Shahmehri

  Log in  


Course plan

No of lectures

20 h.

Recommended for

PhD students interested in practical IT security, with strong focus on networking.

The course was last given

Never.

Goals

Get to know the security requirements that are imposed on todays IT infrastructure and systems, from the viewpoint of both the administrator and the potential attacker. This includes good overviews of the technologies, algorithms and standards with which security requirements can be achieved.

Prerequisites

Networking Technology (such as TCP/IP fundamentals), Unix (Knowledge of C for exercises). Nice to have: Unix Inter-Process Communication, Cryptography.

Organization

Lectures and exercises/mini-project.

Contents

In the first part of the seminar, basic cryptographic building blocks are explained such that they can be used in a black-box fashion. This allows to understand their properties, and how they can be employed in specific application contexts. Concepts such as Confidentiality, Authenticity, Integrity, Visibility, Availability and the corresponding terminologies are introduced and relevant protcols presented. An extended look will also be taken at security policies, and how they can be described and defined.
In a second part, the seminar focusses on the security problems that have surfaced thanks to the increased networking of all aspects of our public and private life through the Internet. The goal is to achieve an understanding of the weaknesses of our IT infrastructure, and to be able to discern which tools can be used to counter those weaknesses. This also contains a look at very specific systems, and how they need to be augmented by security measures.

Finally, an overview over existing security systems is given, showing in what context their use makes sense. Besides finished products like PGP, S/MIME, Kerberos, Intrusion Detection System fundamentals are also examined. With this analysis of real systems, usual forms of attacks and protective measures against attacks are introduced.

Legal and ethical concerns and limitations in conjunction with the design, building and operation of secure IT systems are are also discussed.

Literature

Network Security Essentials, William Stallings, 2000.
ISBN 0-13-016093-8.

Lecturers

Germano Caronni

Examiner

Nahid Shahmehri

Examination

Exercises, oral examination

Credit

3 credits

Comments


Page responsible: Director of Graduate Studies