INTERNET SECURITY & LABORATORY

Module LABORATORY

1. Knowledge and understanding. Students will get to grips with the security issues affecting the Internet today, as well as of methods and tools to thwart such issues.
2. Applying knowledge and understanding. Students will complete their fundamental security knowledge with the practical applications of the tools to establish security, for example through the setup, both at hardware and software level, of a portable laboratory consisting of laptops and hubs.
3. Making judgements. Students will become expert players of the "security game", namely the game of finding attacks to a system that would have to be secure, and then devising appropriate ways to patch the attacks found.
4. Communication skills. Students will familiarise with the typical cyber security terms, building their capacity to conjugate the general "security" word as appropriate depending on context.
5. Learning skills. Students will get the critical attitude and competences to tackle and solve the security problems are they arise in various forms.

If the course is taught in hybrid or online mode, the necessary adjustments may be introduced with respect to what was previously stated, in order to comply with the programme outlined in the syllabus.

• Intrusions
• Firewall
• Intrusion Prevention System
• Endpoint Detection and Response
• Incident Response
• System Logs
• Security Information and Event Management
• Security Orchestration, Automation and Response
• Security Operation Center
• Recent Threats

After the lectures, the instructor provides students with the slides projected. These can serve as an accurate description of the course programme, but never as the primary study tool. They should therefore be supplemented with material from textbooks, scientific articles available online, and ideally with the notes taken by the student during the lectures.

• William Stallings: Network security essentials.
• Bruce Schneier: Secrets and lies.

1. Optional mid-term tests, with lab activities aiming to solve real-world problems.
2. Implementation project.
3. Oral examination.

Examinations may take place remotely, if required by the circumstances.

For the assignment of grades for individual assessments, the following criteria are typically followed:

• Fail: The student has not acquired the basic concepts and is unable to answer questions or complete the exercises.
• 18-23: The student demonstrates a minimal mastery of the fundamental concepts; their ability to present and connect content is modest, and they can solve simple exercises.
• 24-27: The student shows a good grasp of the course content; their ability to present and connect the content is good, and they solve exercises with few errors.
• 28-30 with honors: The student has acquired all course content and can present them comprehensively with a critical perspective; they solve exercises completely and without errors.

Students with disabilities and/or learning disorders (DSA) must contact the lecturer, the CInAP representative at DMI (prof. Patrizia Daniele) and the CInAP itself well in advance of the exam date, to inform them of their intention to take the exam with the appropriate compensatory measures.

• Mid-term test: detect the exploitation of a CVE, using one of the solutions discussed within the course.
• Implementation project: protect a server that runs some outdates services, leveraging both protection and monitoring solutions.
• Oral examination: describe a possible strategy for the detection of a ransomware.

Please note that these questions are purely indicative and the questions that will be asked during the exam can substantially differ from the aforementioned ones.