Computer security
General data
Course ID: | WM-I-BSK |
Erasmus code / ISCED: | (unknown) / (unknown) |
Course title: | Computer security |
Name in Polish: | Bezpieczeństwo systemów komputerowych |
Organizational unit: | Faculty of Mathematics and Natural Sciences. School of Exact Sciences. |
Course groups: | |
ECTS credit allocation (and other scores): |
(not available)
|
Language: | Polish |
Subject level: | intermediate |
Learning outcome code/codes: | (in Polish) I1_W08 P6S_WG I1_W01 P6S_WG I1_W12 P6S_WG I1_U14 P6S_UW I1_U18 P6S_UW I1_K02 P6S_KK I1 K08 P6S KR |
Short description: |
Course level: II-III-IV years Informatics, Informatics and Econometrics Objectives of the course: Presentation of the basic concepts, algorithms, models and mechanisms of computer systems security. Overview of threats in these systems and methods of preventing threats. Understanding and practical mastery of techniques for building, protecting and auditing the security of computer systems. Getting to know the basics and methodology of security management in computer systems and networks as well as with solutions used in modern secure computer systems, including telecommunications. Acquiring practical skills in configuring security elements of operating systems, analyzing and assessing the security level of the system, applications and local networks. Prerequisites: Basic algebra course, introduction to computer science, basics of algorithms, basics of programming, elements of the structure and functioning of modern operating systems. |
Full description: |
Course contents: 1. Basics Introduction to security issues of ICT systems. Concepts of resource protection and data protection, overview of types of threats, attacks in the real world, taxonomy of attacks on computer systems. Security clauses, security policy. Identification and authentication of people and services. Access control in teleinformation systems. Multilevel protection, discussion of formal methods and protection models. Bell LaPadula's model of confidentiality protection, models of systems integrity protection. Clark-Wilson model of the integrity of financial transactions. Attacks on systems: viruses, denial of service (DOS attack), etc. Introduction to cryptography, cryptographic services as tools for building system security. Ability to use the OPENSSL package, encrypt files, calculate file hashes. Email security. Operating system integrity. Safe kernel models. 2. Cryptology Fundamentals, selected algorithms and protocols. 3. Security mechanisms of operating systems Structures, functioning and security mechanisms of the UNIX system. File structure, processes, methods of resource access control. Create and delete user accounts. Windows protection (NT, XT, Vista, ...). Application authentication. Attacks on operating systems, history and modern state. A practical demonstration of an attack on Windows XP DLLs. System audit, security monitoring and assessment methods. Practical ability to control system logs in UBUNTU. 4. Distributed systems Security of local networks and wide area networks. Basics of internet and web security. Examples of attacks: "Morris worm", hackers, viruses, DOS network attacks. The role of DNS in protecting the integrity of the Internet. ICAAN, IANA and national DNS authorities. Practical ability to use network tools to track and verify IP addresses to find DNS servers. Safe electronic transactions, Electronic signature infrastructure, certificate authorities, protocols and applications. Ability to create (under the UBUNTU system) electronic signature infrastructure, WiFi network security. Practical demonstrations of an attack on poorly secured local networks. "Safe" transactional wide area networks: SWIFT, VISA, and security techniques in GSM and UMTS telephony networks. Security of ICT services - e-commerce, distributed computing in the cloud, etc. 5. Database security 6. Political, economic and social aspects of computer systems security. |
Bibliography: |
(in Polish) 1. Materiały - prezentacje wykładów. 2. Ross Anderson, "Inżynieria Zabezpieczeń", WNT 2005, lub wydanie angielskojęzyczne na stronie www autora. 3. A. Tannenbaum, "Systemy Opearacyjne", Helion 2010. 4. D. Gollman, "Computer Security", John Wiley & Sons 2006 5. D.R. Stinson, "Kryptografia w teorii i w praktyce", WNT 2004 (lub 3 wydanie wersji angielskojezycznej) 6. E. Amoroso, "Fundamentals of Computer Security Technology", Prentice Hall. 7. E. Amoroso, "Wykrywanie intruzów", Wydawnictwo RM. 8. E. Yourdon, "Wojna na bity", WNT 2004 9. Podręcznik systemu operacyjnego UNIX (Linux) 10. Podręcznik TCP/IP (R. Stevens lub D.E. Comer) 11. J.-P. Aumasson, Nowoczesna Kryptografia, PWN, Warszawa, 2018. 11. Aktualne serwisy sieciowe poświęcone bezpieczeństwu systemów komputerowych: http://www.cert.org.pl http://www.theregister.co.uk/security http://www.schneier.com/crypto-gram.html http://www.insecure.org http://www.icsa.net |
Efekty kształcenia i opis ECTS: |
The student knows the security problems of computer systems and the basic security mechanisms. He understood and mastered the definitions and descriptions of basic concepts, understood the principles of operation and mastered the ability to implement and use selected algorithms. He knows, identifies and is able to critically assess models and mechanisms of computer systems security. He can present and analyze the types of threats in information systems, has mastered the selection techniques and the ability to apply methods of preventing threats. The effect of the classes is understanding and practical mastery of computer systems security techniques, in particular risk assessment, proposition of methods for preventing, detecting and analyzing these threats, as well as identification of modern secure computer systems, their assessment, selection and determination of criteria required in example applications The student mastered the ability and competence to problem-based assessment and administration of security in information systems. He gained the ability to analyze, create and implement security policy and the competence to propose appropriate technical, system and organizational solutions. Can use basic security mechanisms and create trusted software. |
Copyright by Cardinal Stefan Wyszynski University in Warsaw.