Derived from
|
20810140 CYBERSECURITY in Computer science and engineering LM-32 PIZZONIA MAURIZIO
(syllabus)
• Course introduction • Introduction to computer security and terminology • Vulneability and threats ◦ Software vulnerabilities. Trusted and untrusted input, input validation. Vulnerabilities of applications written with interpreted languages, code injection. Injection into web pages: XSS. Cross site request forgery. OWASP. ▪ Example of web site that is vulnerable to sql injection ◦ buffer overflow attacks. Exploitation: privilege excalation, intrusions through opens services, intrusions through untrusted documents (email, web, etc). ▪ Example of vulnerable code, buffer overflow and related exploit ◦ Vulnerabilities of networks: sniffing, mac flood, ARP poisoning, vulnerability of DNS, Kaminsky attack. TCP session hijecking, MitM attack, DoS and Distributed DoS, Route hijacking. • Security planning : security plan content, risk analysis. • Countermeasures ◦ Design principles of policies and mechanisms. ◦ Models: AAA, confinement, DAC, MAC, access control matrix ◦ Cryptographic techniques: ▪ critptography basics (hash, symmetric c., asymmetric c., MAC, digital signature), birthday attack, rainbow, key quality, pseudo-random number generators. ▪ Authentication protocols and key exchange. replay and reflection attacks. Nonces. Perfect Forward Secrecy. Diffie-Helman. ▪ Certificates, certification authority, public key infrastructures and their vulnerabilities. ▪ Applications: Protocols ssl, tls, ssh, virtual private networks, ipsec, etc. Autnetication protocols wan and lan. radius and vulnerabilities. Other applications. ◦ Anomaly detection systems. ◦ System security: ▪ general principles: passwords and their vulnerabilities, hardening, assessment and auditing ▪ unix: discertionaly access control, file system security, authentication, PAM, syslog ◦ Network security: ▪ Firewalling:stateless and statefull firewall, connections, syn-proxy and syn-cookies, load balancing and high availability, linux netfilter and configuration examples. ▪ Network siecurity at level 1 and 2. ▪ Applicative proxies and network intrusion detection systems . • Authenticated Data Structures • Distributed Ledger Technologies and Bitcoin • Smart contracts • Cybersecurity in big organizations.
(reference books)
Course handouts
|