Subject: SICUREZZA INFORMATICA (A.A. 2022/2023)
Unit Sicurezza informatica
Information Technology (lesson)
Lezioni in streaming e registrate saranno disponibili a questo URL. Si ricorda che le registrazioni sono fornite in modalità "best effort": non aspettatevi inquadrature professionali e audio cristallino. Non si garantisce che tutte le lezioni vengano registrate.
This class provides students with main concepts about IT security. In particular, it covers cryptography, security protocols, digital signature and authentication systems, network and system monitoring.
Attack techniques and protection methodologies and tools are considered in depth, while other topics, such as privacy issues, anonimity and information hiding, are outlined.
Operating systems, Network protocols, Internet-based services
Part I - Attacks
- Security communication protocols
- Wireless protocols vulnerabilities
- Operating systems and network applications vulnerabilities
Part II - Defense
- Risk maangement and security governance
- Private/Public Key systems, digital signature, certification authority
- Secure protocols: IPsec, SSL, HTTPS, S/MIME, SSH, PGP
Part III - Design of secure architectures
- Intrusion Detection System
- VLAN, NAT, Virtual Private Network, Intranet e Extranet, DMZ.
Part IV - Note on laws and policies
Information security policy
Laws concerning cybercrime
Classes carried out with the support of slides and training exercises in lab where each student is provided with his own PC.
The examination consists of two parts typically scheduled in adjacent days. It aims to test knowledge and practical ability of all the educational objectives described above. - The first part is a computer test where the student can demonstrate his/her ability to solve a practical security problem similar to excercise tests done in lab classes. - Students who pass the lab test are admitted to the oral examination where they have to demonstrate knowledge about theoretical and practical problems discussed in class.
- To know the main methods of attack.
- To know the main methods and tools of defense of digital information.
- To know the main methods and tools of defense of networked systems.
- To know how to apply the methods and tools of defense in real contexts.
"Network Security Essentials", William Stallings, Pearson, 6th edition [ISBN: 0133370437]
"Practical Unix and Internet security", S. Garfinkel, G. Spafford, O'Reilly Media, 3rd edition [ISBN: 978-0-596-00323-4, ISBN 10: 0-596-00323-4]