Security Strategies in

Network and Services

Syllabus

Academic Year: 2014/2015

Term: Third
Subjects Name: Security Strategies in Networks and Services
Subjects Code: 21743
ECTS credits: 4 ECTS
Hours to be dedicated: 100
Timetable:
Academic Year: Third, Fourth
Term: Third
Professors: Vanesa Daza, Matteo Signorini

Syllabus for Security Strategies of Networks and Services

Syllabus
1. Basic data of the subject

Academic year: 2014/2015

Subjects Name: Security Strategies in Networks and Subjects Code: 21743

Type of subject: Optative

Degrees: Bachelors Degree in Telematics Engineering (even though it can also

be taken by students at the Bachelors Degree in Computer Science
Engineering and the Bachelors Degree in Audiovisual System Degree
Engineering)

ECTS credit number: 4

Hours to be dedicated: 100 h

Scheduling:
-

Year: 3rd and 4th year

Term: 3rd

Coordination: Vanesa Daza

Department: Department of Information and Communication Technologies

Professors: Vanesa Daza, Matteo Signorini

Language: English

Timetable:
- Monday 10:30 12:30
- Tuesday 8:30 10:30
- Thursday 12:30 14:30 (14:30 16:301)

Only for a group if necessary.

Syllabus for Security Strategies of Networks and Services

2. Presentation of the subject

Currently it is not difficult to find daily news explaining how hackers have
compromised data and services of several companies. Even top companies from all
fields (websites, online games, e-banking, social networks,...), operating primarily
through the Internet, have been subjected to numerous attacks. Thus, distributed
denial of service (DDoS) can significantly affect any of the services offered by a
company, while other attacks such as session hijacking put the danger to user
privacy.
We might think that a solution to ensure the security of the computer network of a
company is to refrain from putting them connected to the Internet, and keeping
them behind a locked door. But there are attacks that can be performed from
within the workers themselves (statistics indicate that 70% or 80% are personal to
the company itself). So, unfortunately, this is not a very practical solution.
Nowadays, computers are undoubtedly more useful if they are networked to share
information and resources, but the companies that put their networked computers
require the use of tools and protocols to reduce those threats and risks they are
exposed to.
The main objective of this course is to work the main issues involved in the
development of mechanisms and procedures for security management in
telecommunication networks, establishing the main principles of information
security, as well as main attacks and countermeasures known.
The approach of the course is that, in some parts, the student learns from
mistakes. Thus, based on some vulnerability, students will understand the real
need of security mechanisms.

Syllabus for Security Strategies of Networks and Services

3. Prerequisites
It is recommended that students have basic knowledge of the main concepts and
networking protocols, that they should have achieved in the course Networks and
Services.

4. Skills to be acquired in the course

General skills

Instrumentals
1. Ability to information search
and management
2.
Ability
to
analyze
and
synthesize
3. Ability to communicate orally
4. Ability to decision making
5. Ability to organize and plan
6. Ability to apply knowledge to
analyze situations and solve
problems

Specific skills
1.

2.

3.

4.

Interpersonal
1. Criticism and self-criticism.
2. Ethical commitment.

5.

Ability to apply techniques underlying

networks,
services
and
telematic
applications
to
ensure
security
(cryptographic
protocols,
tunneling,
firewalls,
payment
mechanisms,
authentication and content protection).
Identify
representative
threats
for
information security as well as the main
protection mechanisms.
Use best practices to ensure the physical
security of servers and other network
components.
Know and use the main cryptographic
protocols to ensure secure communications
Understand and use the tools required to
provide network security.

Systemic
1. Ability to solve problems with
initiative,
decision
making,
creativity, and to communicate
and transmit knowledge, skills,
understanding the ethical and
professional activity of an ICT
engineer.
2. Ability of motivation for quality
and achieving.
3. Ability to generate new ideas.

5. Contents
1. Cryptographic Building Blocks
o PKI
2. Software Security
3. Malware
4. Authentication Methods
5. Web Security
6. Network Security
o Attacks (spoofing, MiTM, DNS Pharming, SSLStrip)
o Prevention and Protection Mechanisms

Syllabus for Security Strategies of Networks and Services

6. Methodology
This subject will take place both in guided and non-guided sessions.
Theory and lab sessions will be both guided (at least partly). Here are the basic
features of each type:

Theory Sessions: They will last between half an hour and two hours.
The professor will present during these sessions the concepts,
processes and procedures relevant to each thematic. Although it will
be mainly expository, students will be encouraged to interact with
professor, answer questions, raise questions, etc.

Lab Sessions: They will last two hours. During the lab sessions, there will
be one or several exercises that students must solve. Students will
have the support of the lab professor to answer any questions that
may arise.
In lab sessions each student must use a computer. No computer
should be shared during these sessions. Students are allowed to talk
with students in their group (please sit nearby). Only one report
should be delivered per group. Report should include a video tutorial
(maximum 4 minutes) where it is shown how you perform the lab as
well as the results. All members of the group should perform at least
two video tutorials (from the whole set of labs).
In some lab sessions (3-4), a short validation test will be proposed. It
will consist of a 5 - 10 minutes test, where contents of previous labs will
be evaluated individually. Whenever the result of the validation test
is in the range 5 7, the grade of the corresponding lab will be
weighted 0.7. If the grade of the test is lower than 5, then the lab will
be weighted 0.5.

During non-guided sessions:

- Students will work the concepts studied in the theory sessions.
- Students prepare laboratory sessions consolidating the knowledge acquired
in the theory sessions of the course, contrasting with bibliography and links
provided by professors.
- Students will finish those parts that have not yet been finalized in the
laboratory, including a good report, short and reflecting the understanding of
the main concepts studied in the laboratory as well as a video tutorial.
- Students should work, in groups of three people (the same groups as in the
labs), on their blog (we recommend to use Wordpress). Breaking news, learning
related topics, or extra-topics (as for exemple legal and ethical issues, cloud
security, wireless security, ) are expected to be part of the blogs. It is
expected 1 post per group per week (minimum). It is mandatory to subscribe to
all blogs.
- Students are expected to participate in the Capture the Flag activity. It is
designed as a hacking contest, where teams defend and attack a target
simultaneously. In the same groups of 3 people, the activities will be proposed

Syllabus for Security Strategies of Networks and Services

on the following days: 27/04,11/05, 25/05, 02/06. Solution should be published in

the blog. First correct solution (per CTF activity) will take 0.5 points, whereas
second and third solutions (substantially different from the first one) will get 0.25
points.
All the course material (slides and statements) will be available in the Aula
Global.
7. Assessment
For the evaluation of the course it will be taken into account the following
elements:
-

Delivery of lab reports (video tutorial included) (70%). It is mandatory

delivery of all laboratory sessions and a minimum of 3.5 points each.
Students must pass calculating the grade average of all of them. The
delayed delivery of the lab report will be penalized with 2 points
each day after the deadline.
Blog activity (20%)
Capture the Flag activity (20%).

The final grade of the subject will be computed as

max(Lab grade + Blog grade + CTF grade,10)
Participation in classroom sessions and in different learning activities proposed
during the course from professors, might be an extra point (over 10) in the final
assessment.
Only failed labs (graded with less than 3.5 points) will be able to be recovered
in July period.

8. Bibliography

Basic Bibliography
o
o
o

Introduction to Computer Security, M. T. Goodrich, R. Tamassia.

Ed. Pearson, 2011.
Introduction to Computer Security, M. T. Goodrich, R. Tamassia.
Ed. Pearson, 2011.
Cryptography and Network Security: Principles and Practice, Ed.
Pearson 2011.

Complementary Bibliography
o
o
o

Computer Security: Principles and Practice, W. Stallings and L.

Brown, Ed. Pearson 2010.
Cryptovirology, A. Young, M. Yung, Wiley, 2004.
Network Security with openSSL: Cryptography for Secure
Communications, J. Viega, M. Messier, P. Chandra, OReally, 2002.

Syllabus for Security Strategies of Networks and Services

9. Plannning