Objectives and outcomes
The course covers basic and advanced security techniques of communication protocols and internet
services. Students learn about cyber-attack techniques as well as methodologies for the development of
resilient internet services. Students will get acquainted with issues of internet security, starting
from the problem of communication channels to the problem of service security. Through the course,
they will learn how to apply knowledge and raise the level of internet security.
Lectures
Basic concepts of internet security. Security threats, attacks and risks. Fundamental principles of secure
software design. Cryptography: symmetric cipher algorithms, asymmetric cipher algorithms, hash
algorithms, digital signature, secure key exchange. Random and pseudo-random generators.
Authentication techniques: code, token, biometrics, remote. Access control. Database and system
security in the cloud. Malicious software. Denial-of-service attacks. Attacks and intrusion detection. Attack
prevention. Internet service protection techniques – Buffer overflow, the most common security
vulnerabilities, processing of user input data, guidelines for creating secure software. Operating system
protection.
Research work
Types of attacks. CAPEC classification. Service attacks. Service identification. Reconnaissance
(Footprinting). Weaknesses of certain services. HTTP, POP, Telnet. Exploit. Stack attack. DOS, DDOS.
SQL attacks. Process injection software attacks. Anonymity in attacks. Firewall. IDS / IPS systems. Viruses. Trojan horses. Worm. Rootkit. Educating users about attack methods.