Academic year 2015-16

Security Strategies in Networks and Services

Degree:	Code:	Type:
Bachelor's Degree in Computer Science	21474	Optional subject
Bachelor's Degree in Telematics Engineering	21743	Optional subject
Bachelor's Degree in Audiovisual Systems Engineering	21643	Optional subject

 

ECTS credits:

4

Workload:

100 hours

Trimester:

3rd

 

Department:	Dept. of Information and Communication Technologies
Coordinator:	Vanesa Daza
Teaching staff:	Vanesa Daza, Antoine Chaux
Language:	English
Timetable:
Building:	Communication campus - Poblenou

 

Introduction

Currently it is not difficult to find daily news explaining how hackers have compromised data and services of several companies. Even top companies from all fields (websites, online games, e-banking, social networks,...), operating primarily through the Internet, have been subjected to numerous attacks. Thus, distributed denial of service (DDoS) can significantly affect any of the services offered by a company, while other attacks such as session hijacking put the danger to user privacy.

We might think that a solution to ensure the security of the computer network of a company is to refrain from putting them connected to the Internet, and keeping them behind a locked door. But there are attacks that can be performed from within the workers themselves (statistics indicate that 70% or 80% are personal to the company itself). So, unfortunately, this is not a very practical solution.

Nowadays, computers are undoubtedly more useful if they are networked to share information and resources, but the companies that put their networked computers require the use of tools and protocols to reduce those threats and risks they are exposed to.

The main objective of this course is to work the main issues involved in the development of mechanisms and procedures for security management in telecommunication networks, establishing the main principles of information security, as well as main attacks and countermeasures known.

The approach of the course is that, in some parts, the student learns from mistakes. Thus, based on some vulnerability, students will understand the real need of security mechanisms.

 

Prerequisites

It is recommended that students have basic knowledge of the main concepts and networking protocols, that they should have achieved in the course Networks and Services.

 

Associated competences

GENERAL SKILLS

 

Instrumentals

 1. Ability to information search and management

2. Ability to analyze and synthesize

3. Ability to communicate orally

4. Ability to decision making

5. Ability to organize and plan

6. Ability to apply knowledge to analyze situations and solve problems

 

Interpersonal

1. Criticism and self-criticism.

2. Ethical commitment.

 

Systemic

1. Ability to solve problems with initiative, decision making, creativity, and to communicate and transmit knowledge, skills, understanding the ethical and professional activity of an ICT engineer.

2. Ability of motivation for quality and achieving.

3. Ability to generate new ideas.

 

SPECIFIC SKILLS

1. Ability to apply techniques underlying networks, services and telematic applications to ensure security (cryptographic protocols, tunneling, firewalls, payment mechanisms, authentication and content protection).
2. Identify representative threats for information security as well as the main protection mechanisms.
3. Use best practices to ensure the physical security of servers and other network components.
4. Know and use the main cryptographic protocols to ensure secure communications
5. Understand and use the tools required to provide network security.

 

 

Assessment

For the evaluation of the course it will be taken into account the following elements:

 

-       Delivery of lab video reports (30%). It is mandatory delivery of all laboratory sessions and a minimum of 3.5 points each. Students must pass calculating the grade average of all of them. The delayed delivery of the lab video will be penalized with 2 points for each day after the deadline.

-        Project proposal (10%). The project proposal (1 page maximum) should include at least these sections:

• • Title.
  • List of group members, listing responsibilities of each group.
  • Project description -- what you intend to do.
  • References.

             Deadline: May 9^th.

-       Group project (30%).  The evaluation of the professor will be 15% and the evaluation of the students 15%.  

-       Final exam (30%). Every student should get at least 4 out of 10 in the exam to pass the subject.  It will cover both theory and practice concepts.

 

The final grade of the subject will be computed as

 

     FG=Lab grade + Project Grade  + Final Exam grade

 

Both the final exam and those failed labs (graded with less than 3.5 points) will be able to be recovered in July period. 

 

Contents

The contents of the subject will cover the following topics:

1. Cryptography Basics
2. System Security
   1. Software Security
3. Web Security
4. Network Security

 

 

 

Methodology

This subject will take place both in guided and non-guided sessions.

 

Theory and lab sessions will be both guided (at least partly). Here are the basic features of each type:

 

• Theory Sessions: They will last two hours. The professor will present during these sessions the concepts, processes and procedures relevant to each topic. Students will be encouraged to interact with professor, answer questions, raise questions, etc.

Part of the sessions will be devoted to guide and supervise projects. The project consists in planning and designing a security solution, preparing a presentation/demo targeting a hypothetical investor or target client. The projects will be executed in groups of 5-6 people (where it is mandatory that at least they proceed from at least two different degrees).

• Lab Sessions: They will last two hours. During the lab sessions, there will be one or several exercises that students must solve. Students will have the support of the lab professor to answer any questions that may arise.

In lab sessions each student must use a computer. No computer should be shared during these sessions. Students are allowed to talk with students in their group (please sit nearby).  Only one report should be delivered per group. Report should include a video tutorial (maximum 4 minutes) where it is shown how you perform the lab as well as the results. All members of the group should perform at least two video tutorials (from the whole set of labs). 

During non-guided sessions:

-   Students will work the concepts studied in the theory sessions.

-  Students prepare laboratory sessions consolidating the knowledge acquired in the theory sessions of the course, contrasting with bibliography and links provided by professors.

- Students will finish those parts that have not yet been finalized in the laboratory, including a good video-report, short and reflecting the understanding of the main concepts studied in the laboratory as well as a video tutorial.

- Students will prepare in groups their security project.

 

All the course material (slides – if used - and statements) will be available in the Aula Global.

 

Resources

Basic Bibliography

 

• Introduction to Computer Security, M. T. Goodrich, R. Tamassia. Ed. Pearson, 2011.
• Cryptography and Network Security: Principles and Practice, Stallings, Ed. Pearson 2011.

 

Complementary Bibliography

 

• Constel·lació Babileka, Editorial UOC.  Disponible a  http://cataleg.upf.edu/record=b1530628~S11*cat
• Cryptovirology, A. Young, M. Yung, Wiley, 2004.
• Network Security with openSSL: Cryptography for Secure Communications, J. Viega, M. Messier, P. Chandra, O’Really, 2002.