Security of Systems and Networks
Keywords |
Classification |
Keyword |
OFICIAL |
Telecommunications |
Instance: 2021/2022 - 1S
Cycles of Study/Courses
Acronym |
No. of Students |
Study Plan |
Curricular Years |
Credits UCN |
Credits ECTS |
Contact hours |
Total Time |
M.EEC |
64 |
Syllabus |
1 |
- |
6 |
39 |
162 |
2 |
Teaching language
Portuguese
Objectives
The security of communications and of computer network, services, and system infrastructure is of critical importance to the security of applications, users, information, and, with the deployment of the internet of things, of ‘things’ themselves. The goal of this curricular unit is to familiarize the student with 1) the limitations of protocols, services, systems, and communication infrastructure when they face a motivated attacker, as well as with 2) some of the existing solutions to mitigate or avoid the impact of these limitations.
Learning outcomes and competences
After completing this curricular unit, the student should:
1) know transversal security concepts such as CIA and different threat models, and how to apply them to different networks and systems;
2) be able to identify and exploit known network and system vulnerabilities at different layers of the TCP/IP stack and in different systems and applications, with passive and active methods including man-in-the-middle attacks;
3) be able to identify and design security mechanisms for networks and systems namely by changing the network architecture, and implementing access control, filtering, intrusion detection, and virtual private networks (VPN);
4) be able to develop and analyze applications that use cryptography-based communication protocols;
5) be able to autonomously explore new topics in security by analyzing scientific papers and other reports and by experimenting with the new topics in a lab.
Working method
Presencial
Pre-requirements (prior knowledge) and co-requirements (common knowledge)
Programming, computer networking, communication protocols.
Program
1. Security-related concepts including threat model, vulnerabilities and exploits, security policies, security by design and by obfuscation, risk management, and penetration testing methodology.
2. Known vulnerabilities in networks and systems -- sniffing and spoofing including scapy programming, higher layer attacks (TCP, HTTP, etc).
3. Security mechanisms based in access control and in network and traffic segmentation; filtering, firewalls, intrusion detection, and VPNs.
4. Cryptography-based communication protocols such as TLS, IPSec, 802.11, secure DNS, and secure BGP.
5. Selected topics in security including privacy, denial of service, malware and IoT malware, sandboxing, honeypots, cyber intelligence, and security operations centers.
Mandatory literature
W. Stallings;
Cryptography and Network Security: Principles and Practice (7th Edition), Pearson, 2016. ISBN: 978-0134444284
W.Du;
Internet Security: A Hands-on Approach, Self-published, 2019. ISBN: 978-1733003919
Complementary Bibliography
R. Hertzog and J. O'Gorman; Kali Linux Revealed: Mastering the Penetration Testing Distribution, Offsec Press, 2017. ISBN: 9780997615609 (Freely available from the editor at https://kali.training/downloads/Kali-Linux-Revealed-2021-edition.pdf)
A. Zúquete; Segurança em Redes Informáticas (5ª Edição), FCA Editores, 2018. ISBN: 978-972-722-857-7
Teaching methods and learning activities
1) Exploration of the fundamental concepts in network, service, and system security through a) lectures, b) autonomous search for scientific papers, use case reports, and other information available online, c) flipped classroom technique with self-learning of previously identified content and with later discussion of these concepts in the classroom.
2) Practical assignments in the laboratory to explore vulnerabilities and practice defense mechanisms.
3) Project in selected topics in security that are of particular interest to students or proposed to them.
Evaluation Type
Distributed evaluation with final exam
Assessment Components
Designation |
Weight (%) |
Teste |
50,00 |
Trabalho prático ou de projeto |
50,00 |
Total: |
100,00 |
Amount of time allocated to each course unit
Designation |
Time (hours) |
Estudo autónomo |
52,00 |
Frequência das aulas |
39,00 |
Trabalho laboratorial |
71,00 |
Total: |
162,00 |
Eligibility for exams
Develop the project (lab work) and submit a report for it.
Calculation formula of final grade
CF = 0,5*T + 0,5*P; if ( T < 10,0 or P < 10,0 ) then CF =MIN(CF, 9.0)
T - test
P - project
Observations
Ligação para a primeira aula.
https://videoconf-colibri.zoom.us/j/88420659993?pwd=SzZsd0lSb2RtaGZOSXBNWVdFRTA1QT09
É necessário autenticação federada no zoom/colibri com login *.up.pt. Mais informação aqui
https://www.up.pt/it/en/services/teaching-support/videoconference-39b95206