INTERNET SECURITY
Academic Year 2022/2023 - Teacher: Giampaolo BELLAExpected Learning Outcomes
- Knowledge and understanding. Students will get to grips with the security issues affecting the Internet today, as well as of methods and tools to thwart such issues.
- Applying knowledge and understanding. Students will complete their fundamental security knowledge with the practical applications of the tools to establish security, for example through the setup, both at hardware and software level, of a portable laboratory consisting of laptops and hubs.
- Making judgements. Students will become expert players of the "security game", namely the game of finding attacks to a system that would have to be secure, and then devising appropriate ways to patch the attacks found.
- Communication skills. Students will familiarise with the typical cyber security terms, building their capacity to conjugate the general "security" word as appropriate depending on context.
- Learning skills. Students will get the critical attitude and competences to tackle and solve the security problems are they arise in various forms.
Course Structure
Upfront teaching is enriched with practical mini-challenges, which are not compulsory. More precisely, students receive a small project during a class, which they can then develop at home and are called to reproduce during the subsequent class on a small, portable set of appliances that the lecturer brings to class every time. Taking a mni-challenge and succeed will grant the students a bonus towards the final mark.
Towards the end of the teaching term, students receive an individual, compulsory project that they should complete before the final exam, which is a traditional oral interview.
Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus. Learning assessment may also be carried out on line, should the conditions require it.
Detailed Course Content
Lectures
1. Real examples and false myths
2. Properties, attacks and attackers
3. Introduction to cryptography
4. Classical security protocols
5. Authentication
6. Security and privacy policies
7. Malware
8. Intrusions
9. Internet security protocols
10. Firewalls
Laboratory
1. Violating root permissions
2. Securing a file space
3. Networking
4. Password sniffing
5. Traffic analysis
6. Intrusion detection
7. Malware experimenting
8. Firewalling
9. SQL injection
10. Cross-site scripting
Textbook Information
- William Stallings: Network security essentials.
- Bruce Schneier: Secrets and lies.
Course Planning
| Subjects | Text References | |
|---|---|---|
| 1 | Esempi di attacchi reali e falsi miti | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 2 | Proprietà, attacchi e attaccanti | William Stallings ''Sicurezza delle reti. Applicazioni e standard'' |
| 3 | Cenni di crittografia | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 4 | Protocolli di sicurezza classici | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 5 | Tecniche di autenticazione | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 6 | Politiche di sicurezza e privatezza | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 7 | Malware e tecniche di rimozione | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 8 | Intrusioni e tecniche di rilevamento e contenimento | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 9 | Protocolli di sicurezza per Internet | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 10 | Firewall e loro configurazione | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 11 | Laboratorio di networking sicuro | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 12 | Laboratorio di password sniffing e cracking | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 13 | Laboratorio di traffic analysis | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 14 | Laboratorio di intrusion detection | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 15 | Laboratorio di malware containment | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 16 | Laboratorio di SQL injection | William Stallings "Sicurezza delle reti. Applicazioni e standard" |
| 17 | Laboratorio di cross-site scripting | William Stallings "Sicurezza delle reti. Applicazioni e standard" |