Academic year 2015-2016
Security Strategies in Networks and Services
|Bachelor's Degree in Computer Science||21474||Optional subject|
|Bachelor's Degree in Telematics Engineering||21743||Optional subject|
|Bachelor's Degree in Audiovisual Systems Engineering||21643||Optional subject|
|ECTS credits:||4||Workload:||100 hours||Trimester:||3rd|
|Department:||Dept. of Information and Communication Technologies|
Vanesa Daza, Matteo Signorini
|Building:||Communication campus - Poblenou|
Currently it is not difficult to find daily news explaining how hackers have compromised data and services of several companies. Even top companies from all fields (websites, online games, e-banking, social networks,...), operating primarily through the Internet, have been subjected to numerous attacks. Thus, distributed denial of service (DDoS) can significantly affect any of the services offered by a company, while other attacks such as session hijacking put the danger to user privacy.
We might think that a solution to ensure the security of the computer network of a company is to refrain from putting them connected to the Internet, and keeping them behind a locked door. But there are attacks that can be performed from within the workers themselves (statistics indicate that 70% or 80% are personal to the company itself). So, unfortunately, this is not a very practical solution.
Nowadays, computers are undoubtedly more useful if they are networked to share information and resources, but the companies that put their networked computers require the use of tools and protocols to reduce those threats and risks they are exposed to.
The main objective of this course is to work the main issues involved in the development of mechanisms and procedures for security management in telecommunication networks, establishing the main principles of information security, as well as main attacks and countermeasures known.
The approach of the course is that, in some parts, the student learns from mistakes. Thus, based on some vulnerability, students will understand the real need of security mechanisms.
It is recommended that students have basic knowledge of the main concepts and networking protocols, that they should have achieved in the course Networks and Services.
1. Ability to information search and management
2. Ability to analyze and synthesize
3. Ability to communicate orally
4. Ability to decision making
5. Ability to organize and plan
6. Ability to apply knowledge to analyze situations and solve problems
1. Criticism and self-criticism.
2. Ethical commitment.
1. Ability to solve problems with initiative, decision making, creativity, and to communicate and transmit knowledge, skills, understanding the ethical and professional activity of an ICT engineer.
2. Ability of motivation for quality and achieving.
3. Ability to generate new ideas.
For the evaluation of the course it will be taken into account the following elements:
- Delivery of lab reports (video tutorial included) (70%). It is mandatory delivery of all laboratory sessions and a minimum of 3.5 points each. Students must pass calculating the grade average of all of them. The delayed delivery of the lab report will be penalized with 2 points each day after the deadline.
- Blog activity (20%)
- Capture the Flag activity (20%).
The final grade of the subject will be computed as
max(Lab grade + Blog grade + CTF grade,10)
Participation in classroom sessions and in different learning activities proposed during the course from professors, might be an extra point (over 10) in the final assessment.
Only failed labs (graded with less than 3.5 points) will be able to be recovered in July period.
1. Cryptographic Building Blocks
2. Software Security
4. Authentication Methods
5. Web Security
6. Network Security
This subject will take place both in guided and non-guided sessions.
Theory and lab sessions will be both guided (at least partly). Here are the basic features of each type:
In lab sessions each student must use a computer. No computer should be shared during these sessions. Students are allowed to talk with students in their group (please sit nearby). Only one report should be delivered per group. Report should include a video tutorial (maximum 4 minutes) where it is shown how you perform the lab as well as the results. All members of the group should perform at least two video tutorials (from the whole set of labs).
In some lab sessions (3-4), a short validation test will be proposed. It will consist of a 5 - 10 minutes test, where contents of previous labs will be evaluated individually. Whenever the result of the validation test is in the range 5 � 7, the grade of the corresponding lab will be weighted 0.7. If the grade of the test is lower than 5, then the lab will be weighted 0.5.
During non-guided sessions:
- Students will work the concepts studied in the theory sessions.
- Students prepare laboratory sessions consolidating the knowledge acquired in the theory sessions of the course, contrasting with bibliography and links provided by professors.
- Students will finish those parts that have not yet been finalized in the laboratory, including a good report, short and reflecting the understanding of the main concepts studied in the laboratory as well as a video tutorial.
- Students should work, in groups of three people (the same groups as in the labs), on their blog (we recommend to use Wordpress). Breaking news, learning related topics, or extra-topics (as for exemple legal and ethical issues, cloud security, wireless security,� ) are expected to be part of the blogs. It is expected 1 post per group per week (minimum). It is mandatory to subscribe to all blogs.
- Students are expected to participate in the Capture the Flag activity. It is designed as a hacking contest, where teams defend and attack a target simultaneously. In the same groups of 3 people, the activities will be proposed on the following days: 27/04,11/05, 25/05, 02/06. Solution should be published in the blog. First correct solution (per CTF activity) will take 0.5 points, whereas second and third solutions (substantially different from the first one) will get 0.25 points.
All the course material (slides and statements) will be available in the Aula Global.