Computer Systems (formerly Network) Security [ KMI/BEPS ]
In the course, selected attacks on computer networks and mainly the methods of securing communication in the Internet computer network going from authentication methods over filtrationm firewall, tunelling, proxies and PKI architecture so far to selected encrypted and authentication protocols are examined.
The course begins with the introduction to the security of TCP/IP networks in general and the methods of network scanning including demonstration of various attacks. Examination of methods of (Internet) network securing going from authentication methods, over traffic filtration, address translation, firewall, tunnelling (IPsec), VPN and proxy, then the introduction to electronic certificates and PKI infrastructure, its application, and in the end of the course the selected encrypted and authentication protocols like eg. SSL/TLS, SSH, DNSSec, RADIUS or Kerberos are covered. In practices students first try to do some simple attack on non-secured (local) network and then they learn how to apply the methods of its securing and deploying secured protocols.
Prerequisities: Middle level knowledge of computer networks and operating systems in the extent of bachelor study. Knowledge of computer networks is verified by entrance written test in place of the first lecture or practice.
Lectures
- Intro: Network security in general and in TCP/IP, attacks and defence, IDS/IPS.
- Asymetric cryptography: Introduction to symetric and asymetric cryptography, authentication and authorization.
- Security of network technologies: Ethernet and ARP attachs, PPP and authentication, Wi-Fi security.
- Security of TCP/IP: Filtration, address translation (NAT), firewall and DMZ.
- Security of TCP/IP: Tunneling, VPN, IPsec.
- Security of TCP/IP: Aplication proxies and gates, SOCKS.
- : Certificate, request and revocation, certification authority.
- Applications of PKI: Elektronic signature and data envelope, S/MIME.
- Encrypted protocols: SSL/TLS, SSH, DNSSec.
- Authentication protocols: RADIUS, LDAP, Kerberos.
Literature
- Dostálek L. a kolektiv: Velký průvodce protokoly TCP/IP: Bezpečnost (2. aktualizované vydání). Computer Press, 2003. ISBN 80-7226-849-X
- Dostálek L., Vohnoutová M.: Velký průvodce infrastrukturou PKI a technologií elektronického podpisu (2. aktualizované vydání). Computer Press, 2010. ISBN 978-80-251-2619-6
- Stallings W.: Network Security Essentials: Applications and Standards (4th Edition). Prentice Hall, 2010. ISBN 978-0136108054
- Kaufman Ch., Perlman R., Speciner M.: Network Security: Private Communication in a Public World (2nd Edition). Prentice Hall, 2002. ISBN 978-0130460196
- Cole E.: Network Security Bible. Wiley, 2009. ISBN 978-0470502495
- Kizza J. M.: Computer network security. Springer, 2005, ISBN 0387204733
- Scambray J., McClure S., Kurtz G.: Hacking exposed 7: Network Security Secrets and Solutions (7th edition). McGraw-Hill Education 2012. ISBN 978-0071780285
- Thomas Thomas M.: Zabezpečení počítačových sítí bez předchozích znalostí (Network Security First-Step). Computer Press, 2005. ISBN 80-251-0417-6
- Pužmanová R.: Bezpečnost bezdrátové komunikace. Jak zabezpečit Wi-Fi, Bluetooth, GPRS či 3G. Computer Press, 2005. ISBN 9788025107911
- Orebaugh A.: Wireshark a Ethereal: kompletní průvodce analýzou a diagnostikou sítí (Wireshark & Ethereal network protocol analyzer toolkit). Computer Press, 2008. ISBN 9788025120484
- Satrapa P.: Internetový protokol IPv6 (3. vydání). CZ.NIC, 2011. ISBN 978-90-904248-4-5
- Dostálek L., Kabelová A.: Velký průvodce protokoly TCP/IP a systémem DNS (3. vydání). Computer Press, 2005. ISBN 80-722-6675-6