Insegnamento INTRODUZIONE ALLA SICUREZZA INFORMATICA
- Corso
- Informatica
- Codice insegnamento
- A000702
- Curriculum
- Comune a tutti i curricula
- Docente
- Stefano Bistarelli
- Docenti
-
- Stefano Bistarelli
- Ore
- 47 ore - Stefano Bistarelli
- CFU
- 6
- Regolamento
- Coorte 2017
- Erogato
- 2019/20
- Attività
- Caratterizzante
- Ambito
- Discipline informatiche
- Settore
- INF/01
- Tipo insegnamento
- Opzionale (Optional)
- Tipo attività
- Attività formativa monodisciplinare
- Lingua insegnamento
- ITALIANO
- Contenuti
- Overview
Cryptographic Tools
User Authentication
Access Control
Database and Data Center Security
Malicious Software
Denial-of-Service Attacks
Intrusion Detection
Firewalls and Intrusion Prevention Systems - Testi di riferimento
- Computer Security: Principles and Practice, Global Edition, 4/E
View larger cover
William Stallings
Lawrie Brown
ISBN-10: 1292220619 • ISBN-13: 9781292220611 - Obiettivi formativi
- Capire il significato di sicurezza informatica nei suoi attributi di confidenzialità, integrità e disponibilità.
Capire le problematiche dei sistemi Sicuri ma connessi su reti insicure.
Capire le nozioni più importanti di sicurezza informatica, sicurezza di rete. - Prerequisiti
- nessuno in particolare
- Metodi didattici
- Lezioni frontali e di laboratorio. Possibili seminari di ospiti.
- Altre informazioni
- Frequenza è fortemente consigliata.
- Modalità di verifica dell'apprendimento
- Colloquio orale della durata media di 30 minuti su argomenti di tutto il programma che evidenzia le capacità espositive dello studente, le sue capacità d'utilizzo appropriato di tecniche e nozioni fondamentali e l'approfondimento dello studio.
Possibilità di specifici progetti o seminari.
Su richiesta dello studente l'esame può' essere sostenuto in lingua Italiana o Inglese.
Per informazioni sui servizi di supporto agli studenti con disabilità e/o DSA visita la pagina http://www.unipg.it/disabilita-e-dsa - Programma esteso
- Overview
1.1 Computer Security Concepts
1.2 Threats, Attacks, and Assets
1.3 Security Functional Requirements
1.4 Fundamental Security Design Principles
1.5 Attack Surfaces and Attack Trees
1.6 Computer Security Strategy
1.7 Standards
1.8 Key Terms, Review Questions, and Problems
PART ONE COMPUTER SECURITY TECHNOLOGY AND PRINCIPLES
Cryptographic Tools
2.1 Confidentiality with Symmetric Encryption
2.2 Message Authentication and Hash Functions
2.3 Public-Key Encryption
2.4 Digital Signatures and Key Management
2.5 Random and Pseudorandom Numbers
2.6 Practical Application: Encryption of Stored Data
2.7 Key Terms, Review Questions, and Problems
User Authentication
3.1 Digital User Authentication Principles
3.2 Password-Based Authentication
3.3 Token-Based Authentication
3.4 Biometric Authentication
3.5 Remote User Authentication
3.6 Security Issues for User Authentication
3.7 Practical Application: An Iris Biometric System
3.8 Case Study: Security Problems for ATM Systems
3.9 Key Terms, Review Questions, and Problems
Access Control
4.1 Access Control Principles
4.2 Subjects, Objects, and Access Rights
4.3 Discretionary Access Control
4.4 Example: UNIX File Access Control
4.5 Role-Based Access Control
4.6 Attribute-Based Access Control
4.7 Identity, Credential, and Access Management
4.8 Trust Frameworks
4.9 Case Study: RBAC System for a Bank
4.10 Key Terms, Review Questions, and Problems
Database and Data Center Security
5.1 The Need for Database Security
5.2 Database Management Systems
5.3 Relational Databases
5.4 SQL Injection Attacks
5.5 Database Access Control
5.6 Inference
5.7 Database Encryption
5.8 Data Center Security
5.9 Key Terms, Review Questions, and Problems
Malicious Software
6.1 Types of Malicious Software
6.2 Advanced Persistent Threat
6.2 Propagation — Infected Content - Viruses
6.3 Propagation — Vulnerability Exploit - Worms
6.4 Propagation — Social Engineering — SPAM E-Mail, Trojans
6.5 Payload — System Corruption
6.6 Payload — Attack Agent — Zombie, Bots
6.7 Payload — Information Theft — Keyloggers, Phishing, Spyware
6.8 Payload — Stealthing — Backdoors, Rootkits
6.9 Countermeasures
6.10 Key Terms, Review Questions, and Problems
Denial-of-Service Attacks
7.1 Denial-of-Service Attacks
7.2 Flooding Attacks
7.3 Distributed Denial-of-Service Attacks
7.4 Application-Based Bandwidth Attacks
7.5 Reflector and Amplifier Attacks
7.6 Defenses Against Denial-of-Service Attacks
7.7 Responding to a Denial-of-Service Attack
7.8 Key Terms, Review Questions, and Problems
Intrusion Detection
8.1 Intruders
8.2 Intrusion Detection
8.3 Analysis Approaches
8.4 Host-Based Intrusion Detection
8.5 Network-Based Intrusion Detection
8.6 Distributed or Hybrid Intrusion Detection
8.7 Intrusion Detection Exchange Format
8.8 Honeypots
8.9 Example System: Snort
8.10 Key Terms, Review Questions, and Problems
Firewalls and Intrusion Prevention Systems
9.1 The Need for Firewalls
9.2 Firewall Characteristics and Access Policy
9.3 Types of Firewalls
9.4 Firewall Basing
9.5 Firewall Location and Configurations
9.6 Intrusion Prevention Systems
9.7 Example: Unified Threat Management Products
9.8 Key Terms, Review Questions, and Problems