Academic year 2015-2016

Security Strategies in Networks and Services

Degree: Code: Type:
Bachelor's Degree in Computer Science 21474 Optional subject
Bachelor's Degree in Telematics Engineering 21743 Optional subject
Bachelor's Degree in Audiovisual Systems Engineering 21643 Optional subject

 

ECTS credits: 4 Workload: 100 hours Trimester: 3rd

 

Department: Dept. of Information and Communication Technologies
Coordinator: Vanesa Daza
Teaching staff:

Vanesa Daza, Matteo Signorini

Language:

English

Timetable:
Building: Communication campus - Poblenou

 

Introduction

Currently it is not difficult to find daily news explaining how hackers have compromised data and services of several companies. Even top companies from all fields (websites, online games, e-banking, social networks,...), operating primarily through the Internet, have been subjected to numerous attacks. Thus, distributed denial of service (DDoS) can significantly affect any of the services offered by a company, while other attacks such as session hijacking put the danger to user privacy.

We might think that a solution to ensure the security of the computer network of a company is to refrain from putting them connected to the Internet, and keeping them behind a locked door. But there are attacks that can be performed from within the workers themselves (statistics indicate that 70% or 80% are personal to the company itself). So, unfortunately, this is not a very practical solution.

Nowadays, computers are undoubtedly more useful if they are networked to share information and resources, but the companies that put their networked computers require the use of tools and protocols to reduce those threats and risks they are exposed to.

The main objective of this course is to work the main issues involved in the development of mechanisms and procedures for security management in telecommunication networks, establishing the main principles of information security, as well as main attacks and countermeasures known.

The approach of the course is that, in some parts, the student learns from mistakes. Thus, based on some vulnerability, students will understand the real need of security mechanisms.

 

Prerequisites

It is recommended that students have basic knowledge of the main concepts and networking protocols, that they should have achieved in the course Networks and Services.

 

Associated competences

GENERAL SKILLS

 

Instrumentals

 1. Ability to information search and management

2. Ability to analyze and synthesize

3. Ability to communicate orally

4. Ability to decision making

5. Ability to organize and plan

6. Ability to apply knowledge to analyze situations and solve problems

 

Interpersonal

1. Criticism and self-criticism.

2. Ethical commitment.

 

Systemic

1. Ability to solve problems with initiative, decision making, creativity, and to communicate and transmit knowledge, skills, understanding the ethical and professional activity of an ICT engineer.

2. Ability of motivation for quality and achieving.

3. Ability to generate new ideas.

 

SPECIFIC SKILLS

  1. Ability to apply techniques underlying networks, services and telematic applications to ensure security (cryptographic protocols, tunneling, firewalls, payment mechanisms, authentication and content protection).
  2. Identify representative threats for information security as well as the main protection mechanisms.
  3. Use best practices to ensure the physical security of servers and other network components.
  4. Know and use the main cryptographic protocols to ensure secure communications
  5. Understand and use the tools required to provide network security.

 

 

Assessment

For the evaluation of the course it will be taken into account the following elements:

 

-       Delivery of lab reports (video tutorial included) (70%). It is mandatory delivery of all laboratory sessions and a minimum of 3.5 points each. Students must pass calculating the grade average of all of them. The delayed delivery of the lab report will be penalized with 2 points each day after the deadline.

-       Blog activity (20%)

-       Capture the Flag activity (20%).

 

The final grade of the subject will be computed as

 

max(Lab grade + Blog grade  + CTF grade,10)

 

Participation in classroom sessions and in different learning activities proposed during the course from professors, might be an extra point (over 10) in the final assessment.

 

Only failed labs (graded with less than 3.5 points) will be  able to be recovered in July period.

 

Contents

1. Cryptographic Building Blocks

2. Software Security

3. Malware

4. Authentication Methods

5. Web Security

6. Network Security

 

 

Methodology

This subject will take place both in guided and non-guided sessions.

 

Theory and lab sessions will be both guided (at least partly). Here are the basic features of each type:

 

 

 

In lab sessions each student must use a computer. No computer should be shared during these sessions. Students are allowed to talk with students in their group (please sit nearby).  Only one report should be delivered per group. Report should include a video tutorial (maximum 4 minutes) where it is shown how you perform the lab as well as the results. All members of the group should perform at least two video tutorials (from the whole set of labs). 

 

In some lab sessions (3-4), a short validation test will be proposed. It will consist of a 5 - 10 minutes test, where contents of previous labs will be evaluated individually.  Whenever the result of the validation test is in the range 5 � 7, the grade of the corresponding lab will be weighted 0.7. If the grade of the test is lower than 5, then the lab will be weighted 0.5.

 

During non-guided sessions:

 

-   Students will work the concepts studied in the theory sessions.

-  Students prepare laboratory sessions consolidating the knowledge acquired in the theory sessions of the course, contrasting with bibliography and links provided by professors.

- Students will finish those parts that have not yet been finalized in the laboratory, including a good report, short and reflecting the understanding of the main concepts studied in the laboratory as well as a video tutorial.

-   Students should work, in groups of three people (the same groups as in the labs), on their blog (we recommend to use Wordpress). Breaking news, learning related topics, or extra-topics (as for exemple legal and ethical issues, cloud security, wireless security,� ) are expected to be part of the blogs. It is expected 1 post per group per week (minimum). It is mandatory to subscribe to all blogs.

- Students are expected to participate in the Capture the Flag activity. It is designed as a  hacking contest, where teams defend and attack a target simultaneously. In the same groups of 3 people, the activities will be proposed on the following days: 27/04,11/05, 25/05, 02/06. Solution should be published in the blog. First correct solution (per CTF activity) will take 0.5 points, whereas  second and third solutions (substantially different from the first one) will get 0.25 points.

 

All the course material (slides and statements) will be available in the Aula Global.

 

Resources

Basic Bibliography

 

 

Complementary Bibliography