Cardinal Stefan Wyszynski University in Warsaw - Central Authentication System
Strona główna

Computer security

General data

Course ID: WM-I-BSK
Erasmus code / ISCED: (unknown) / (unknown)
Course title: Computer security
Name in Polish: Bezpieczeństwo systemów komputerowych
Organizational unit: Faculty of Mathematics and Natural Sciences. School of Exact Sciences.
Course groups:
ECTS credit allocation (and other scores): (not available) Basic information on ECTS credits allocation principles:
  • the annual hourly workload of the student’s work required to achieve the expected learning outcomes for a given stage is 1500-1800h, corresponding to 60 ECTS;
  • the student’s weekly hourly workload is 45 h;
  • 1 ECTS point corresponds to 25-30 hours of student work needed to achieve the assumed learning outcomes;
  • weekly student workload necessary to achieve the assumed learning outcomes allows to obtain 1.5 ECTS;
  • work required to pass the course, which has been assigned 3 ECTS, constitutes 10% of the semester student load.
view allocation of credits
Language: Polish
Subject level:

intermediate
Learning outcome code/codes:

(in Polish) I1_W08 P6S_WG

I1_W01 P6S_WG

I1_W12 P6S_WG

I1_U14 P6S_UW

I1_U18 P6S_UW

I1_K02 P6S_KK

I1 K08 P6S KR
Short description:

Course level:

II-III-IV years Informatics, Informatics and Econometrics

Objectives of the course: Presentation of the basic concepts, algorithms, models and mechanisms of computer systems security. Overview of threats in these systems and methods of preventing threats. Understanding and practical mastery of techniques for building, protecting and auditing the security of computer systems. Getting to know the basics and methodology of security management in computer systems and networks as well as with solutions used in modern secure computer systems, including telecommunications. Acquiring practical skills in configuring security elements of operating systems, analyzing and assessing the security level of the system, applications and local networks.

Prerequisites:

Basic algebra course, introduction to computer science, basics of algorithms, basics of programming, elements of the structure and functioning of modern operating systems.
Full description:

Course contents:

1. Basics

Introduction to security issues of ICT systems. Concepts of resource protection and data protection, overview of types of threats, attacks in the real world, taxonomy of attacks on computer systems. Security clauses, security policy. Identification and authentication of people and services. Access control in teleinformation systems. Multilevel protection, discussion of formal methods and protection models. Bell LaPadula's model of confidentiality protection, models of systems integrity protection. Clark-Wilson model of the integrity of financial transactions. Attacks on systems: viruses, denial of service (DOS attack), etc. Introduction to cryptography, cryptographic services as tools for building system security. Ability to use the OPENSSL package, encrypt files, calculate file hashes. Email security. Operating system integrity. Safe kernel models.

2. Cryptology

Fundamentals, selected algorithms and protocols.

3. Security mechanisms of operating systems

Structures, functioning and security mechanisms of the UNIX system. File structure, processes, methods of resource access control. Create and delete user accounts. Windows protection (NT, XT, Vista, ...). Application authentication. Attacks on operating systems, history and modern state. A practical demonstration of an attack on Windows XP DLLs. System audit, security monitoring and assessment methods. Practical ability to control system logs in UBUNTU.

4. Distributed systems

Security of local networks and wide area networks. Basics of internet and web security. Examples of attacks: "Morris worm", hackers, viruses, DOS network attacks. The role of DNS in protecting the integrity of the Internet. ICAAN, IANA and national DNS authorities. Practical ability to use network tools to track and verify IP addresses to find DNS servers. Safe electronic transactions,

Electronic signature infrastructure, certificate authorities, protocols and applications. Ability to create (under the UBUNTU system) electronic signature infrastructure, WiFi network security. Practical demonstrations of an attack on poorly secured local networks.

"Safe" transactional wide area networks: SWIFT, VISA, and security techniques in GSM and UMTS telephony networks.

Security of ICT services - e-commerce, distributed computing in the cloud, etc.

5. Database security

6. Political, economic and social aspects of computer systems security.
Bibliography: (in Polish)

1. Materiały - prezentacje wykładów.

2. Ross Anderson, "Inżynieria Zabezpieczeń", WNT 2005, lub wydanie angielskojęzyczne na stronie www autora.

3. A. Tannenbaum, "Systemy Opearacyjne", Helion 2010.

4. D. Gollman, "Computer Security", John Wiley & Sons 2006

5. D.R. Stinson, "Kryptografia w teorii i w praktyce", WNT 2004 (lub 3 wydanie wersji angielskojezycznej)

6. E. Amoroso, "Fundamentals of Computer Security Technology", Prentice Hall.

7. E. Amoroso, "Wykrywanie intruzów", Wydawnictwo RM.

8. E. Yourdon, "Wojna na bity", WNT 2004

9. Podręcznik systemu operacyjnego UNIX (Linux)

10. Podręcznik TCP/IP (R. Stevens lub D.E. Comer)

11. J.-P. Aumasson, Nowoczesna Kryptografia, PWN, Warszawa, 2018.

11. Aktualne serwisy sieciowe poświęcone bezpieczeństwu systemów komputerowych:

http://www.cert.org.pl

http://www.theregister.co.uk/security

http://www.schneier.com/crypto-gram.html

http://www.insecure.org

http://www.icsa.net
Efekty kształcenia i opis ECTS:

The student knows the security problems of computer systems and the basic security mechanisms.

He understood and mastered the definitions and descriptions of basic concepts, understood the principles of operation and mastered the ability to implement and use selected algorithms. He knows, identifies and is able to critically assess models and mechanisms of computer systems security.

He can present and analyze the types of threats in information systems, has mastered the selection techniques and the ability to apply methods of preventing threats. The effect of the classes is

understanding and practical mastery of computer systems security techniques, in particular risk assessment, proposition of methods for preventing, detecting and analyzing these threats, as well as identification of modern secure computer systems, their assessment, selection and determination of criteria required in example applications The student mastered

the ability and competence to problem-based assessment and administration of security in information systems. He gained the ability to analyze, create and implement security policy and the competence to propose appropriate technical, system and organizational solutions.

Can use basic security mechanisms and create trusted software.
This course is not currently offered.
Course descriptions are protected by copyright.
Copyright by Cardinal Stefan Wyszynski University in Warsaw.
ul. Dewajtis 5,
01-815 Warszawa tel: +48 22 561 88 00 https://uksw.edu.pl contact accessibility statement mapa serwisu USOSweb 7.0.4.0-1 (2024-05-13)