System and Network Security
A.Y. 2021/2022
Learning objectives
The course has the goal to present in a critical perspective the basic principles on computer security and to analyze the threats to systems in TCP/IP networks and the eventual countermeasures. The course will focus on the most important approaches for the definition of security policies, and on the most diffused attacks to network protocols and related infrastructures.
Expected learning outcomes
At the end of the course, the students will be able to:· Discuss and design security in complex networked systems
· Analyze TCP/IP protocols from a security perspective
· Know common threats both in local networks and in the infrastructure
· Know how to analyze traffic to discover security problems
· Know how to build common network defences such as firewalls and network intrusion detection systems
· Know how to defend user security in untrusted networks.
· Analyze TCP/IP protocols from a security perspective
· Know common threats both in local networks and in the infrastructure
· Know how to analyze traffic to discover security problems
· Know how to build common network defences such as firewalls and network intrusion detection systems
· Know how to defend user security in untrusted networks.
Lesson period: First semester
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course cannot be attended as a single course. Please check our list of single courses to find the ones available for enrolment.
Course syllabus and organization
Single session
Responsible
Lesson period
First semester
Lessons
Lessons will be held relying on Microsoft Teams platform and will follow the schedule or will also be available asynchronously on the same platform
The content of the course will not have any variation
Remote exams will be held using the exam.net platform, following the guidelines published on the Unimi Website.
Lessons will be held relying on Microsoft Teams platform and will follow the schedule or will also be available asynchronously on the same platform
The content of the course will not have any variation
Remote exams will be held using the exam.net platform, following the guidelines published on the Unimi Website.
Prerequisites for admission
No preliminary knowledge is requested
Assessment methods and Criteria
The exam consists of a mandatory written test with open answers including a test in laboratory. At the end of the test, the evaluation is expressed on a scale from 0 to 30, taking into account the following parameters: grade of knowledge on the topics, capacity of applying the knowledge to real problems. An optional oral discussion on a topic or on the description of a project can be requested to increase the final evaluation.
Modulo A - Sicurezza dei sistemi e delle reti
Course syllabus
General principles: Security, Malware, Security Policy
Threats to TCP/IP stack :
Ethernet
IP
ARP
TCP
UDP
Port scanning
Secure version for TCP/IP protocols and services:
IPSEC
DNSSEC
TSL/SSL
Traffic analysis:
Perimeter security
Stateless filtering
Stateful filtering
Intrusion detection
Zero Day, polymorphism and botnet
Threats to TCP/IP stack :
Ethernet
IP
ARP
TCP
UDP
Port scanning
Secure version for TCP/IP protocols and services:
IPSEC
DNSSEC
TSL/SSL
Traffic analysis:
Perimeter security
Stateless filtering
Stateful filtering
Intrusion detection
Zero Day, polymorphism and botnet
Teaching methods
Lecture
Teaching Resources
Web site: http://scimatossr.ariel.ctu.unimi.it/v5/home/Default.aspx
Security Engineering R. Anderson, Wiley 2008 http://www.cl.cam.ac.uk/~rja14/book.html
Stallings-Brown Computer Security: Principles and Practice, 4th Edition 2018
- Bishop -Computer Security, 1-2 Edition
- Computer Security A Hands-on Approach- Wenliang Du
- Computer Security - Dieter Gollmann
Security Engineering R. Anderson, Wiley 2008 http://www.cl.cam.ac.uk/~rja14/book.html
Stallings-Brown Computer Security: Principles and Practice, 4th Edition 2018
- Bishop -Computer Security, 1-2 Edition
- Computer Security A Hands-on Approach- Wenliang Du
- Computer Security - Dieter Gollmann
Modulo B - Sicurezza dei sistemi e delle reti
Course syllabus
Protection of network infrastructure and of critical services:
Attacks to DHCP, DNS, BGP, RIP, OSPF
Secure versions of services:
DNSSEC
sBGP
Authentication: Kerberos - Single SIgn On and attacks
Wireless network security: WEP, WPA, WPA2
VPN /Onion routing
Buffer Overflow
Web security
Attacks to DHCP, DNS, BGP, RIP, OSPF
Secure versions of services:
DNSSEC
sBGP
Authentication: Kerberos - Single SIgn On and attacks
Wireless network security: WEP, WPA, WPA2
VPN /Onion routing
Buffer Overflow
Web security
Teaching methods
Lecture
Teaching Resources
Web site: http://scimatossr.ariel.ctu.unimi.it/v5/home/Default.aspx
Security Engineering R. Anderson, Wiley 2008 http://www.cl.cam.ac.uk/~rja14/book.html
Stallings - Cryptography and Network Security: Principles and Practice, 7th Edition 2017
Bishop -Computer Security, 1-2 Edition
Pfleeger - Security in Computing, 5th Edition
Computer Security A Hands-on Approach- Wenliang Du
Computer Security - Dieter Gollmann
Security Engineering R. Anderson, Wiley 2008 http://www.cl.cam.ac.uk/~rja14/book.html
Stallings - Cryptography and Network Security: Principles and Practice, 7th Edition 2017
Bishop -Computer Security, 1-2 Edition
Pfleeger - Security in Computing, 5th Edition
Computer Security A Hands-on Approach- Wenliang Du
Computer Security - Dieter Gollmann
Modulo A - Sicurezza dei sistemi e delle reti
INF/01 - INFORMATICS - University credits: 6
Lessons: 48 hours
Professor:
Cimato Stelvio
Modulo B - Sicurezza dei sistemi e delle reti
INF/01 - INFORMATICS - University credits: 6
Lessons: 48 hours
Professors:
Anisetti Marco, Cimato Stelvio
Professor(s)