|
After completing this course successfully, the student can:
• Critically discuss, select and compare security mechanisms in communication protocols on the data link, network, transport and application layer.
• Identify, compare and discuss several security risks and countermeasures at the networked system level and the web.
• Understand attacks on web servers.
|
|
According to popular movies, a hacker breaks into the FBI systems for breakfast, gets access to a government’s classified information within seconds and can trace your chat history with just a few clicks of a button. For the most part, those scenarios stay in the movies. But how do network systems prevent these kinds of scenarios from happening?
Through following this course, students will gain a basic understanding of the principles behind network security and the working of the main protocols, mechanisms and techniques in the area of security. The course consists of three parts: 1) Internet Security Protocols, 2) Internet Security Attacks and Defense and 3) Web security.
In the first part the following topics will be discussed: WEP/WPA, IPSec, SSH, SSL and HTTPS. The second part discusses topics like scans, intrusions, DDOS attacks and firewalls. The last part focuses on web security, including SQL-injection and X-side scripting attacks.
Teaching method: The course is organised in the form of a Massive Online Open Course (MOOC) via https://learnintsec.org/. The MOOC runs twice a year: in the first (Q1) as well as the third quarter (Q3). It consists of three modules: 1) Internet Security Protocol (2EC), 2) Internet Security Attacks and Defence (2EC) and 3) Web security (1EC). For 4-TU students there will be short weekly (video) meetings to answer questions and provide feedback. These weekly meetings may also be used for guest presentations. For students outside the 4-TU collaboration (parts of) the course will be provided as “MOOC-only”.
Examination: Weekly exercises via the MOOC platform; the web hacking assignment are those from Certified Secure (https://www.certifiedsecure.com). The exercises can be performed twice a year, in Q1 and Q3. There is no “classical exam”, but selected students may be invited for an oral or a remote video meeting (like Skype) to explain and defend the answers they provided via the MOOC platform.
Prerequisite This course is intended for students following a M.Sc. program in the area of Computer Science, but can also be followed by students who are at the end of their B.Sc. or at the start of their Ph.D. program. To follow this course, students should have a solid understanding of TCP/IP and some basic skills in programming (C or Java). In addition, students should be able to use Linux systems (Ubuntu) and set-up and maintain Virtual Machines (VirtualBox, Vagrant).
Content Security protocols: WPA, IPSec, SSH, TLS, SSL, HTTPS, DNSSec. Attack and Defense: network monitoring, distributed denial-of-service attacks (DDoS), Reflection and amplification, DNS security, Intrusion detection, firewalls.
|
 |
|