Name: NETWORK SECURITY
Code: 505104001
Type: Compulsory
ECTS: 6
Length of subject: Per term
Semester and course: 4th Year - First term
Speciality:
Language: English
Mode of study: On-site class
Lecturer data: CANO BAÑOS, MARÍA DOLORES
Knowledge area: Ingeniería Telemática
Department: Tecnologías de la Información y las Comunicaciones
Telephone: 968325953
Email: mdolores.cano@upct.es
Office hours and location:
Qualifications/Degrees:
Academic rank in UPCT: Catedrática de Universidad
Number of five-year periods: 4
Number of six-year periods: 3 de investigación
Curriculum Vitae: Full Profile
Lecturer data: BURRULL I MESTRES, FRANCESC
Knowledge area: Ingeniería Telemática
Department: Tecnologías de la Información y las Comunicaciones
Telephone: 968325365
Email: francesc.burrull@upct.es
Office hours and location:
Qualifications/Degrees:
Academic rank in UPCT: Profesor Titular de Escuela Universitaria
Number of five-year periods: 5
Number of six-year periods: 0
Curriculum Vitae: Full Profile
[CG3 ]. Knowledge of basic subjects and technologies which enables the student to learn new methods and technologies, and gives them great versatility to adapt to new situations
[T1 ]. Ability to build, operate and manage telecommunications networks, services, processes and applications, inasmuch as they are considered as systems for capturing, transporting, representing, processing, storing, managing and presenting multimedia information, from the point of view of telematic services.
[T2 ]. Ability to apply the techniques on which telematic networks, services and applications are based, such as management systems, signaling and switching, routing, security (cryptographic protocols, tunneling, firewalls, as well as collection, authentication and content-protection mechanisms), traffic engineering (graph theory, queuing theory and tele-traffic), charging and reliability and quality of service, both in fixed, mobile, personal, local or long-haul environments, with different bandwidths, including telephony and data.
Se recomienda haber cursado las asignaturas: Redes y Servicios de Telecomunicaciones, y Conmutación
[TR1 ]. Spoken and written effective communication
[TR5 ]. Putting the acquired knowledge into practice
At the end of the course, the student should be able to:
Identify and implement a security policy and encryption system.
Identify and distinguish vulnerabilities, threats, and attacks in a telecommunication system, being able to select the appropriate methods of defense against such threats.
Understand and evaluate the operation of the most common encryption systems and know how to select the most appropriate encryption system for a work scenario.
Understand the purpose and operation of authentication methods and authentication protocols.
To understand the purpose and operation of digital signatures, digital certificates, and certification authorities.
To describe the operation of the most common security protocols on the Internet.
Select the most effective security protocols according to the scope of work.
To understand the usefulness of a virtual private network and a firewall.
Select the most appropriate firewall topology and/or tunneling system for the scope of work.
Practical application of the knowledge acquired (e.g. equipment configuration, etc.).
Conceptos básicos de seguridad. Criptografía. Seguridad en Internet. Cortafuegos y VPN. Mecanismos de cobro, autenticación y protección de contenidos.
BLOQUE 1. INTRODUCCIÓN A LA SEGURIDAD EN LAS REDES DE COMUNICACIONES.
Conceptos básicos. Definición y tipos de ataques, vulnerabilidades y amenazas. Conceptos básicos como confidencialidad, integridad, disponibilidad y autenticación. Política de seguridad. Definición y características de una política de seguridad.
BLOQUE 2. CRIPTOGRAFÍA.
Cifrado en bloque. Estudiar el funcionamiento de los principales algoritmos de cifrado en bloque, simétricos y asimétricos (por ejemplo: AES; DES, RSA, curva elíptica, Diffie-Hellman, etc.). Cifrado en flujo. Estudiar el funcionamiento de los principales algoritmos de cifrado en flujo (por ejemplo: RC4, A5, etc.).
BLOQUE 3. SEGURIDAD EN INTERNET.
Autenticación. Sistemas y protocolos de autenticación, certificados y firma digital, protección de contenidos. Seguridad a nivel de aplicación y a nivel de transporte. Descripción, ventajas y desventajas. Casos de estudio. Seguridad a nivel de red y a nivel de enlace. Descripción, ventajas y desventajas. Casos de estudio. Redes privadas virtuales y cortafuegos. Descripción, ventajas y desventajas. Casos de estudio.
PRACTICA 1: Funciones hash aplicadas a la autenticación de usuarios.
El uso más frecuente de funciones hash es para firmar documentos y para autenticar usuarios. En esta práctica se ejemplificará el uso que hace el sistema operativo Linux de los hash DES, MD5, SHA-256 y SHA-512 para autenticar usuarios. En otra práctica se estudiará el uso de los hash para firmar documentos.
PRACTICA 2: Usos cotidianos de la criptografía.
En esta práctica se experimentará con distintas técnicas criptográficas que se utilizan de forma cotidiana. En concreto se estudiará: La transferencia segura de archivos entre máquinas remotas (scp), cifrar y descifrar con sistemas simétricos, cifrar y descifrar con sistemas asimétricos, la conexión remota segura (ssh), técnicas esteganográficas, la verificación de un hash (openssl), la generación de contraseñas seguras, el acceso a portales a través de certificados digitales, el escaneo de puertos TCP/UDP abiertos, la firma electrónica, el envío de correos electrónicos firmados y encriptados mediante el estándar openPGP.
PRACTICA 3: Configuración de un portal seguro.
De entre todos los modelos basados en la arquitectura cliente-servidor, el portal web es el más conocido y utilizado. Por ello, es muy importante saber configurar un portal web seguro (https), basado en tecnología PKI (Public key infrastructure).
PRACTICA 4: Configuración de un firewall.
Un firewall es el dispositivo de red diseñado para filtrar el tráfico de paquetes que circulan por él. Los firewalls se utilizan con frecuencia para evitar que los paquetes generados por usuarios de Internet no autorizados puedan acceder a redes corporativas (intranets). Todos los paquetes que entren o salgan de la intranet pasan a través del firewall, que examina cada paquete y bloquea aquellos que no cumplen los criterios de seguridad especificados.
Promoting the continuous improvement of working and study conditions of the entire university community is one the basic principles and goals of the Universidad Politécnica de Cartagena. Such commitment to prevention and the responsibilities arising from it concern all realms of the university: governing bodies, management team, teaching and research staff, administrative and service staff and students. The UPCT Service of Occupational Hazards (Servicio de Prevención de Riesgos Laborales de la UPCT) has published a "Risk Prevention Manual for new students" (Manual de acogida al estudiante en materia de prevención de riesgos), which may be downloaded from the e-learning platform ("Aula Virtual"), with instructions and recommendations on how to act properly, from the point of view of prevention (safety, ergonomics, etc.), when developing any type of activity at the University. You will also find recommendations on how to proceed in an emergency or if an incident occurs. Particularly when carrying out training practices in laboratories, workshops or field work, you must follow all your teacher's instructions, because he/she is the person responsible for your safety and health during practice performance. Feel free to ask any questions you may have and do not put your safety or that of your classmates at risk.
Se recomienda haber cursado las asignaturas: Redes y Servicios de Telecomunicaciones, y Conmutación
Class in conventional classroom: theory, problems, case studies, seminars, etc
Expository classes with interaction with the students. Through this educational activity the student should develop the following study skills that facilitate the learning process:
- Attention: Self-control, organization and time management skills
- Short-term memory: Repetition of information and note-taking
- Long-term memory: note-taking, question generation, graphical representation
- Retrieval and application: Organization in schemes, mnemonic rules, diagrams, feedback, analysis, and transversal thinking
Classes developed together with the theory classes in which we work on individual problem solving, group problem solving, information search (individual or group), discussions, group championships, short oral presentations, short tests, etc. All these activities are focused on those concepts that are most difficult for students who are currently studying the subject and that can change depending on the year (current students).
In addition, these activities are developed on a weekly basis throughout the term, observing the students' feedback and adapting the following activities to be carried out.
30
100
Class in laboratory: practical classes / internships
We work with students in the laboratory, giving them practical tasks of programming, installation, configuration, etc. related to security in communication networks. Attendance at the practical sessions is compulsory for all students. Those students who, for justified reasons, cannot attend any of the practice sessions at the time established for this purpose, may make up the sessions by making a written request to the teacher in charge of the subject, attaching the corresponding receipts.
26
100
Class in the field or open classroom (technical visits, lectures, etc.). In general, activities that require special resources or planning
We work with students in the laboratory, giving them practical tasks of programming, installation, configuration, etc. related to security in communication networks. Attendance at the practical sessions is compulsory for all students. Those students who, for justified reasons, cannot attend any of the practice sessions at the time established for this purpose, may make up the sessions by making a written request to the teacher in charge of the subject, attaching the corresponding receipts.
Attendance at seminars, conferences, etc., with the aim of strengthening the practical/professional application of the contents of this course.
1
100
Assessment activities (continuous assessment system)
Performance evaluation tests
3
100
Assessment activities (final assessment system)
Final evaluation activities
3
100
Tutorials
Solving questions from the students at office hours, individually or in teams.
1
50
Student work: study or individual or group work
Exercises, problems, and cases about the content seen in this course.
Individual (or group) work to study and understand the contents of this course.
116
0
Practical laboratory assignment
At the end of each lab (it can correspond to one or more laboratory sessions) a test control will be carried out to evaluate the knowledge acquired in this activity. Knowledge and practical reasoning are therefore evaluated. The final qualification of this activity corresponds to the average of all the taken tests. A minimum grade of 4 out of 10 is established in this activity to pass the course.
30 %
Written and/or oral exams (assessment of theoretic and applied content and/or laboratory practice)
An examination that will evaluate through short questions and/or problems and/or test-type questions the contents of this course (except laboratory practices). A minimum qualification of 4 out of 10 is established in this evaluation activity in order to pass the course.
45 %
Delivery of exercises and / or practices
These deliverables include various types of activities that will be developed weekly along with theory and problem-solving classes. Some will be done during the classes and others will be done off-site. Examples of typologies: individual problem solving, group problem solving, information search (individual or group), class discussions, group championships in class and/or at home, participation in hackathon or CTF events, presentation of papers, limited content test (a section of a topic, a particular type of algorithm, etc.), among others. They enable both the evolution of learning and certain skills to be assessed, e.g. those related to searching for information, summarising and understanding information, understanding information in a foreign language, public speaking, initiative, etc. A minimum score of 3 out of 10 is established for this assessment activity in order to pass the course
25 %
Practical laboratory assignment
At the end of each lab (it can correspond to one or more laboratory sessions), a test control will be carried out to evaluate the knowledge acquired in that practice. Knowledge and practical reasoning are therefore evaluated. The final grade of this activity corresponds to the average of all the tests taken. For the final evaluation, this activity will be carried out in a single test. A minimum grade of 4 out of 10 is required in this activity to pass the course.
A student who has passed an evaluation activity in the continuous evaluation system and wishes to take the same activity in the final evaluation system must waive the corresponding grade obtained in the continuous evaluation system.
30 %
Written and/or oral exams (assessment of theoretic and applied content and/or laboratory practice)
An examination that will evaluate through short questions and/or problems and/or test-type questions the contents of this course (except laboratory practices). A minimum grade of 4 out of 10 is required in this evaluation activity in order to pass the course.
A student who has passed an evaluation activity in the continuous evaluation system and wishes to take the same activity in the final evaluation system must waive the corresponding grade obtained in the continuous evaluation system.
45 %
Delivery of exercises and / or practices
These deliverables include various types of activities that will be developed weekly along with theory and problem-solving classes. Some will be done during the classes and others will be done off-site. Examples of typologies: individual problem solving, group problem solving, information search (individual or group), class discussions, group championships in class and/or at home, participation in hackathon or CTF events, presentation of papers, limited content test (a section of a topic, a particular type of algorithm, etc.), among others. They enable both the evolution of learning and certain skills to be assessed, e.g. those related to searching for information, summarising and understanding information, understanding information in a foreign language, public speaking, initiative, etc.
IN CASE OF NOT HAVING REACHED THE MINIMUM GRADE REQUIRED IN THIS ACTIVITY IN THE CONTINUING EVALUATION, THIS ACTIVITY WILL BE EQUIVALENT IN THE FINAL EVALUATION to the doing a homework whose characteristics will be indicated by the teacher, with a deadline on the day in which the rest of the activities of the final evaluation will be carried out, and with a weight of 20% on the final grade of the "Final Evaluation". A minimum score of 3 out of 10 is established for this assessment activity in order to pass the course.
Please note that a student who has passed an evaluation activity in the continuous evaluation system and wishes to take the same activity in the final evaluation system must waive the corresponding grade obtained in the continuous evaluation system.
25 %
Problems and exercises proposed by the teacher to be solved in class or at home, individually or in a group. They allow the evaluation of both the evolution of learning and certain skills, for example, those related to the search for information, synthesis and comprehension of information, understanding of information in a foreign language, public oral presentation, initiative, etc.
At the end of the session there will be a test to evaluate the knowledge acquired during the practice.
Additional comments on the Continuous Evaluation.
To pass the course in the continuous evaluation will be necessary:
1) Obtain a minimum grade of 4 out of 10 in the activity "Practical Laboratory Assignment", a minimum grade of 3 out of 10 in the activity "Deliverables of exercises and/or laboratory practices", and a minimum grade of 4 out of 10 in the activity "Written and/or oral exams" and
2) Achieve a final grade equal to or greater than 5 out of 10.
Additional comments on the Final Evaluation:
- The grades obtained in the continuous evaluation that have a value equal or superior to the minimum required will be kept
- In case the student has not reached the minimum grade required in the activity "Deliverables of exercises and/or laboratory practices" in the continuous assessment, the student may present a work whose characteristics will be indicated by the teacher, with a deadline on the day in which the rest of the assessment activities of this evaluation system are carried out, and with a weight of 20% on the final grade of the "Final Assessment".
- If the minimum qualification required in the activity "Practical Laboratory Assignment" is not reached in the continuous evaluation, the student will solve an additional questionnaire about the practices the day in which the rest of the evaluation activities of this system are developed, with a weight of 30% in the final note of the "Final Evaluation".
To pass the course in the Final Evaluation will be necessary:
1) Obtain a minimum grade of 3 out of 10 in the activity "Deliverables of exercises and/or laboratory practices", a minimum grade of 4 out of 10 in the activity "Practical laboratory assignment", and a minimum grade of 4 out of 10 in the activity "Written and/or oral exams" and
2) Achieve a final grade equal to or greater than 5 out of 10.
Author: Stallings, William
Title: Cryptography and network security principles and practice
Editorial: Pearson
Publication Date: 2017
ISBN: 9781292158587
Author: Epifani, Mattia
Title: Learning IOS Forensics: a practical guide to analysing IOS devices with the latest forensics tools and techniques
Editorial: Packt Publishing,
Publication Date: 2016
ISBN: 1785882082
Author: Stallings, William
Title: Network security essentials applications and standards
Editorial: Pearson,
Publication Date: 2014
ISBN: 0136097049
Author: Stallings, William.
Title: Cryptography and network security principles and practice
Editorial: Pearson
Publication Date: 2014
ISBN: 0273793357
Author: Tamma, Rohit
Title: Learning Android forensics: a hands-on guide to Android forensics, from setting up the forensic workstation to analyzing key forensic artifacts
Editorial: Birmingham, UK : b Packt Publishing , c
Publication Date: 2015
ISBN: 1782174443
Author: Ford, Warwick
Title: Secure electronic commerce building the infrastructure for digital signatures and encryption
Editorial: Prentice Hall
Publication Date: 2001
ISBN: 0130272760
Author: Kaufman, Charlie
Title: Network security private communication in a public world
Editorial: Prentice Hall PTR
Publication Date: 2002
ISBN: 0130460192
Author: Cheswick, William R.
Title: Firewalls and Internet security repelling the Wily Hacker
Editorial: Addison Wesley
Publication Date: 2003
ISBN: 020163466
Author: Ziegles, Robert L.
Title: Guía avanzada firewalls Linux
Editorial: Prentince Hall
Publication Date: 2000
ISBN: 8420529494
Author: Oppliger, Rolf
Title: Security technologies for the World Wide Web
Editorial: Artech House
Publication Date: 2003
ISBN: 1580533485
Author: Oppliger, Rolf.
Title: Security technologies for the World Wide Web
Editorial: Artech House,
Publication Date: 2003
ISBN: 1580533485
Author: Garfinkel, Simson
Title: Seguridad y comercio en el web
Editorial: McGraw-Hill
Publication Date: 1999
ISBN: 9701021428
Author: Schneier, Bruce
Title: Applied cryptography: protocols, algorithms and source code in C
Editorial: John Wiley & Sons
Publication Date: 1996
ISBN: 0471117099
Aula virtual de la asignatura accesible para todos los alumnos matriculados. Trabajos de investigación y/o divulgativos proporcionados por el profesor.