The course has the goal to present in a critical perspective the basic principles on computer security and to analyze the threats to systems in TCP/IP networks and the eventual countermeasures. The course will focus on the most important approaches for the definition of security policies, and on the most diffused attacks to network protocols and related infrastructures.
Expected learning outcomes
At the end of the course, the students will be able to:· Discuss and design security in complex networked systems · Analyze TCP/IP protocols from a security perspective · Know common threats both in local networks and in the infrastructure · Know how to analyze traffic to discover security problems · Know how to build common network defences such as firewalls and network intrusion detection systems · Know how to defend user security in untrusted networks.
General principles: Security, Malware, Security Policy Threats to TCP/IP stack : Ethernet IP ARP TCP UDP
Port scanning Secure version for TCP/IP protocols and services: IPSEC DNSSEC TSL/SSL
Traffic analysis: Perimeter security Stateless filtering Stateful filtering Intrusion detection Zero Day, polymorphism and botnet Protection of network infrastructure and of critical services: Attacks to DHCP, DNS, BGP, RIP, OSPF Secure versions of services: DNSSEC sBGP Authentication: Kerberos - Single SIgn On and attacks Wireless network security: WEP, WPA, WPA2
The exam consists of a mandatory written test with open answers including a test in laboratory. At the end of the test, the evaluation is expressed on a scale from 0 to 30, taking into account the following parameters: grade of knowledge on the topics, capacity of applying the knowledge to real problems. An optional oral discussion on a topic or on the description of a project can be requested to increase the final evaluation.