Ελληνικό Μεσογειακό Πανεπιστήμιο - eClass

Network Security

TP278 - Markakis Evangelos

Course Description

The main goal of this course is to develop an understanding of traditional and evolving network security issues from several perspectives. A variety of network infrastructures will be presented and a number of concepts and technologies used for providing secure communications channels over those infrastructures will be discussed. This course deals with contemporary threats, design principles and implementation issues pertaining to network security. Throughout the course, examples of what has gone wrong and what the lessons have been for engineering a secure networked system will be highlighted.

Units

CRYPTO ATTACKS

-THE ONE TIME PAD

-WHAT IS A SECURE CIPHER

-INFORMATION THEORITIC SECURITY

-HOW OTP IS MADE PRACTICAL

-BLOCK CIPHERS

-EXHAUSTIVE SEARCH

-EXHAUSTIVE KEY SEARCH

-DEEP CRACK

-ATTACK ON THE IMPLEMENTION

-HASHES, MACs

Writing Secure Code: Software Flaws

-Memory Organization

Program Execution

Stack

Function Call

-Overflows

Stack Overrun

Heap Overrun

Format Strings

Integer Upper / Underflow

SQL Injection

Cross-Site Scripting XSS

-Solutions

Validate input

Improper Error Handling

-Summary

Buffer Overflow

Format String

Integer Overflow

SQL Injection

Cross-Site Scripting XSS

-Conclusion

MALWARE

-Risks of malware attacks

-Short for MALicious softWARE

-Denotes all forms of unwanted code

-Some common trigger routines include

-Reports on non-existing viruses

-Two types of Trojan horses exist

-Spyware is tracking software deployed without adequate notice, consent, or control of the user

-A computer becomes infected with spyware through

-Exploit kits

-Ransomware

WEB SECURITY OWASP

-Foreword

-About OWASP

-Warnings

-Attribution

-What Changed From 2010 to 2013?

-OWASP Top 10 2010 (Previous)

-Application Security Risks

-OWASP Top 10 Application Security Risks 2013

-Broken Authentication and Session Management

-Cross-Site Scripting (XSS)

-Insecure Direct Object References

-Security Misconfiguration

-Sensitive Data Exposure

-Missing Function Level Access Control

-Cross-Site Request Forgery (CSRF)

-Using Components with Known Vulnerabilities

-Unvalidated Redirects and Forwards

-Whats Next for Developers

-Whats Next for Verifiers

-Whats Next for Organizations

-Note About Risks

Protecting Ubiquitous Computing

-Residential / Home automation

-Industrial systems

-Public infrastructures

-Avionics

-Military

-eTextiles

-eHealth

-Automobiles

Network SecurityInformation HidingCovert Channels

-Covert Channels

-Definition

-Storage Channels

-Timing Channels

-Confinement Problem

-Mitigation

Agenda

Due day

Course event

System event

Personal event

Announcements

ALL ANNOUNCEMENTS...

- There are no announcements -

Open Academic Course

OpenCourses Level: A-

Num. of Visits : 649
Num. of Hits : 2833

Course Metadata

Course : Network Security

Course code : TP278