COURSES

Goals

Security is one of the most crucial requirements for implementing information services. The goal of this course is to provide from different points of view a broad overview of the technology, services and applications for information systems protection. The students will gain theoretical and practical knowledge in information security measures, such as cryptographic algorithms, network security protocols, public key infrastructures or access control methods. The most recent security technologies and applications, such as biometrics, secured wireless network or intrusion detection systems will also be presented. Gained knowledge will enable the students to use and develop security technologies. The students will be able to analyze an information system with respect to security, evaluate security threats, select appropriate protection measures and implement them. When developing their own information applications and solutions the knowledge will enable the students to meet the security requirements imposed by environment, legislation and standards. The students will also be able to continue research and development work in the area of information system security.

Curriculum

Introduction: presentation of basic concepts, information system, threats, attacks, basic security services and mechanisms Threats and attacks: types of threats and attacks (e.g. sniffing, masquerading, session hijacking, denial of service, social engineering), information system vulnerabilities, malware (virus, worm, Trojan horse, back door) Security policies: security models, security policy elements, physical, administrative and technical protection methods, risk management, security economics (cost optimal selection of security measures), ISO/IEC 27000 Basic cryptography: symmetric cryptography (stream ciphers, block ciphers, cryptoalgorithms, e.g. AES), asymmetric cryptography (Diffie-Hellman, RSA, elliptic curve cryptosystems), key management, one-way hash functions, digital signature, timestamp, encryption and signature tools Public-key infrastructure: public-key certificate, certification authority, public-key infrastructure elements Authentication: passwords, onetime passwords, cryptographic authentication mechanisms, biometric methods, single sign-on Authorisation and access control: management and implementation of information system access control, privilege management infrastructure, AAA (Radius, Diameter), firewall (packet filtering, circuit gateway, application proxy, etc.), intrusion detection system Network security: security services and mechanisms at different network layers, protection in different types of networks, wireless networks security (IEEE 802.11, IEEE 802.16) Application security: secure e-mail, secure world wide web, remote work