TC2010 : Computer and Information Security

advertisement
TC2010 :
Computer and Information Security
Academic department: Tecnologías Computacionales
C - L - U: 3 - 0 - 8
Programs: 6 ISC05, 6 ISI05, 6 ITC05
Prerequisites: ( TC2002 and TC2008 )
Equivalences: None.
Course intention within the general study plan context:
Intermediate level course, that when the student completes he will have
acquires the competencies needes to perform the activities of his discipline in
a safe way and guarantee confidentiality, integrity, and information
availabiity. As course learning result the student will: Present a basic safe
policy of a determined organization. Elaborate a report of the vulnerabilities
detected in a computer and propose the actions needes to mitigate them.
Present a report explaining the information produced by the IDS and propose
a mixture of the generic "firewall" rules to mitigate the identified attacks.
Elaborate a report that identifies, in a prototypical scenario, if the present
informatics security legislation is being complied with.
Course objective:
At the end, the student will have a general vision of informatics security with
the necessary foundations to understand the risks, threats, vulnerabilities at
with computational systems are faced, besides, the controls and methods of
protection against possible attacks, that are necessary to the correct
functioning of this systems in modern business.
Additional to this, the student will be presented an introduction of the actual
state of the laws that are incumbent on the security of information systems
in the national and international environment
Course topics and subtopics:
1. Basic concepts
a. Definition of informatics security
b. Physical security vs. Logical security
c. Objectives of informatics security
d. Treats, vulnerabilities and risks
2. Strategies of informatics security
a. Risk analysis
b. Security policies
c. Security mechanisms
d. Results evaluation
3. Informatics security mechanisms
a. Prevention mechanisms
b. Detection mechanisms
c. Restore mechanisms
4. Actors in informatics security
a. Hackers and crackers
b. White-hat, black-hat, gray-hat.
c. Phreakers, script-kiddies, lammers, newbies.
5. Informatics security certifications
a. Individuals oriented certifications: CISSP, CISM, GIAC.
b. Business oriented certifications: BS-17799, ISO 27001.
c. Products oriented certifications: Orange Book, Common Criteria.
6. Basic
a.
b.
c.
concepts of security policies
Policies definitions
Standards definitions
Lineaments definitions
7. Risks
a.
b.
c.
d.
e.
analysis
Definitions
Organizations assets
Identifications of risks an treats of an organization
Relation between assets, risks and acceptance levels
Cost prevention and cost of remedy calculations
8. Security policies creation
a. Best practices to create a security policy
9. Cryptology
a. Cryptology and cryptanalysis
b. Elements of a cryptosystems
c. Objectives of cryptology
d. Symmetric and asymmetric cryptology
10.Symmetric cryptology
a. Symmetric cryptology flow
b. Cryptosystems in flow examples
c. Symmetric cryptology in by blocks
d. Systematic attacks to cryptosystems
e. Disadvantages of symmetric cryptology
11.Asymmetric cryptology
a. Characteristic of asymmetric cryptology
b.
c.
d.
e.
f.
g.
Algorithms of keys exchange
Examples of algorithms for keys exchange
Cipher asymmetric algorithms
Examples of algorithms of asymmetric ciphering
Attacks to asymmetric cryptosystems
Hybrids ciphering systems
12.Cryptology and information integrity
a. One way functions
b. Examples of one way functions
c. Attacks to one way functions (birthday attacks)
13.Cryptography and authentication
a. Digital signature
b. Standards of digital signatures: RSA y DSS.
c. Message authentication codes (MAC).
14.PKI.
a.
b.
c.
d.
PKI definitions
Certificates
Certifications authorities
Trust relations
15.Private Virtual Networks (VPN).
a. Definition
b. Tunneling concept
c. SSL protocol
d. IPSec protocol
e. SSH protocol.
16.Protocol analyzers
a. Analyzers and sniffers.
b. Functions of protocols analyzers
c. Active protocol Analyzers vs. Passive Protocol Analyzers
d. Example and use of a passive analyzer
e. Example and use of an active analyzer
17.Vulnerabilities analyzers
a. Characteristics of vulnerabilities analyzers
b. Functions of a vulnerability analyzer
c. Installation analyzer and use of a vulnerabilities analyzer
18.Firewalls.
a. Firewall characteristics
b. Firewall types: packages filtering, stateful and proxies.
c. Elements of a secure architecture: bastion-host, dual-homed
host, screened-host, screened-net.
d. Personal firewalls
e. Example of installation and configuration of personal firewalls
19.Intruders detection systems
a. Characteristics of an IDS
b. Kinds of IDS: host and network
c. Paradigm of intruders detection: signatures vs inference
d. Honeypots
e. Example and installation of IDS
20.Malicious code
a. Characteristics of Malicious code
b. Kinds of Malicious code: virus, spyware, spam, rootkits, etc.
c. Vectors of Malicious code attacks
21.Application level attacks
a. Buffer overflow.
b. SQL insertion.
c. XSS attacks.
22.Mitigation methodologies
a. Antivirus, antispyware, antispam and other software of Malicious
code prevention
b. buffer overflow prevention.
c. SQL and XSS attacks prevention.
23.Mexican legislation
a. Mexican legislation related with informatics security
b. Mexican legislation related with e-commers
c. Firma Electrónica Avanzada: Fiel.
d. Standar NOM-151 for documents secured storage
24.International legislation
a. International standars
b. RFC 1087
c. Comparison between Mexican an international legislation
25.Future trends
a. Oportunities of research in informatics security
b. Main informatics securyt publications
c. Main informatics security websites
d. Main informatics security research congress
Teaching and learning techniques:
Problems based learning
Bibliography:
TEXT BOOKS:
* Rick Lehtinen, Computer Security Basics, 2 edition, O´Reilly, , , , 9780596006693
* Ferguson, Niels., Practical cryptography / Niels Ferguson, Bruce Schneier.,
, New York : Wiley, c2003., , , , 047122894X (acid-free paper)0471223573
(pbk. : aci
* Nitesh Dhanjani, Justin Clarke, Network Security Tools, Writting, Hacking, ,
Wiley, , , , 978-0596007942
Academic credentials required to teach the course:
· Academic Degrees:
Master's degree in Computational Sciences; Doctoral degree in
Computational Sciences; Master's degree in Information Technologies;
Doctoral degree in Information Technologies.
Abstract, key words:
Security, Cryptography, Malicious code, Risk analysis, Security tools.
Language of Instruction:
Spanish
Download