Teaching - Università Roma Tre

CYBERSECURITY (objectives)

Code

20810140

Language

ITA

Type of certificate

Profit certificate

Credits

6

Scientific Disciplinary Sector Code

ING-INF/05

Contact Hours

54

Type of Activity

Core compulsory activities

Teacher	PIZZONIA MAURIZIO (syllabus) • Course introduction • Introduction to computer security and terminology • Vulneability and threats ◦ Software vulnerabilities. Trusted and untrusted input, input validation. Vulnerabilities of applications written with interpreted languages, code injection. Injection into web pages: XSS. Cross site request forgery. OWASP. ▪ Example of web site that is vulnerable to sql injection ◦ buffer overflow attacks. Exploitation: privilege excalation, intrusions through opens services, intrusions through untrusted documents (email, web, etc). ▪ Example of vulnerable code, buffer overflow and related exploit ◦ Vulnerabilities of networks: sniffing, mac flood, ARP poisoning, vulnerability of DNS, Kaminsky attack. TCP session hijecking, MitM attack, DoS and Distributed DoS, Route hijacking. • Security planning : security plan content, risk analysis. • Countermeasures ◦ Design principles of policies and mechanisms. ◦ Models: AAA, confinement, DAC, MAC, access control matrix ◦ Cryptographic techniques: ▪ critptography basics (hash, symmetric c., asymmetric c., MAC, digital signature), birthday attack, rainbow, key quality, pseudo-random number generators. ▪ Authentication protocols and key exchange. replay and reflection attacks. Nonces. Perfect Forward Secrecy. Diffie-Helman. ▪ Certificates, certification authority, public key infrastructures and their vulnerabilities. ▪ Applications: Protocols ssl, tls, ssh, virtual private networks, ipsec, etc. Autnetication protocols wan and lan. radius and vulnerabilities. Other applications. ◦ Anomaly detection systems. ◦ System security: ▪ general principles: passwords and their vulnerabilities, hardening, assessment and auditing ▪ unix: discertionaly access control, file system security, authentication, PAM, syslog ◦ Network security: ▪ Firewalling:stateless and statefull firewall, connections, syn-proxy and syn-cookies, load balancing and high availability, linux netfilter and configuration examples. ▪ Network siecurity at level 1 and 2. ▪ Applicative proxies and network intrusion detection systems . • Authenticated Data Structures • Distributed Ledger Technologies and Bitcoin • Smart contracts • Cybersecurity in big organizations. (reference books) Course handouts
Dates of beginning and end of teaching activities	From 23/09/2024 to 23/12/2024
Delivery mode	Traditional
Attendance	not mandatory
Evaluation methods	Written test