Erinevus lehekülje "Security and privacy issues" redaktsioonide vahel

Allikas: KakuWiki
Mine navigeerimisribaleMine otsikasti
 
(ei näidata sama kasutaja 24 vahepealset redaktsiooni)
1. rida: 1. rida:
 +
'''NB! This is only a development "sandbox"''' - the ongoing course is currently located at the [http://www.kakupesa.net/akadeemia/SPI Owl Academy].
 +
 +
 
The course is to provide the students a good overview of security and privacy related issues in today's networked world. The lectures will deal with a variety of related problems and provide general insight and a bit more theoretical knowledge, while assignments and labs should build up the students' practical skills.
 
The course is to provide the students a good overview of security and privacy related issues in today's networked world. The lectures will deal with a variety of related problems and provide general insight and a bit more theoretical knowledge, while assignments and labs should build up the students' practical skills.
  
11. rida: 14. rida:
  
  
;[[1.The broomstick at the door: security and privacy in different times]]
+
# [[The broomstick at the door: security and privacy in different times]]
;[[2.The clash of motivations: different players in the field]]
+
# [[The clash of motivations: different players in the field]]
;[[3.Rid the fools of their money – the online world of crime and fraud]]
+
# [[The security industry]]  (antivirus, firewall, blocking, parental control)
;[[4.The Windows Special – viruses and other malware]]
+
# [[Rid the fools of their money – the online world of crime and fraud]]
;[[5.Practices, policies and user education]] (based on  [http://www.kakupesa.net/kakk/rant The Day When My Stupidity Hurt the Whole World])
+
# [[The Windows Special – viruses and other malware]]
;[[6.Hackers, crackers and coloured hats]] (=> [http://www.honeynet.org Honeypot Project])
+
# [[Practices, policies and user education]] (based on  [http://www.kakupesa.net/kakk/rant The Day When My Stupidity Hurt the Whole World])
;[[7.The Big Brother: privacy in the Internet Age]]
+
# [[Hackers, crackers and coloured hats]] (=> [http://www.honeynet.org Honeypot Project])
;[[8.The identity crisis: threats from stolen identity]]
+
# [[The Big Brother: privacy in the Internet Age]]
;[[9.Wireless freedom or ubiquitous nightmare?]]
+
# [[The Orwellian Internet: online censorship]]
;[[10.The Mark of the Beast? Dissecting the ID card]]
+
# [[The identity crisis: threats from stolen identity]]
;[[11.Cryptography – a friend or an enemy]] (incl. al-Qaida's steganography stuff)
+
# [[Wireless freedom or ubiquitous nightmare?]]
;[[12.Freedom of speech, whistleblowing and stepping on others' toes]]
+
# [[The Mark of the Beast? Dissecting the ID card]]
;[[13.The Orwellian Internet: online censorship]]
+
# [[Cryptography – a friend or an enemy]] (incl. al-Qaida's steganography stuff)
;[[14.The security industry]]  (antivirus, firewall, blocking, parental control)
+
# [[Freedom of speech, whistleblowing and stepping on others' toes]]
;[[15.Open vs closed – does the security via obscurity really work?]]
+
# [[Open vs closed – does the security via obscurity really work?]]
;[[16.the presentation of student papers]]
+
# [[the presentation of student papers]]
  
 
=== Labs ===
 
=== Labs ===
32. rida: 35. rida:
 
Here, some more thoughts are needed. Most of the folks have probably never seen anything but Windows, and this is what they probably will mostly see in near future. Also, there is no other system so vulnerable. OTOH, some broadening of horizons could be nice. So, currently the subjects will be as follows:
 
Here, some more thoughts are needed. Most of the folks have probably never seen anything but Windows, and this is what they probably will mostly see in near future. Also, there is no other system so vulnerable. OTOH, some broadening of horizons could be nice. So, currently the subjects will be as follows:
  
1.Getting to know Windows more closely (administrative tasks, Control Panel etc)
+
;[[1. Basics of administration]] (probably by example of MS Windows; administrative tasks, Control Panel etc. Also includes main Internet protocols and tools like telnet/ssh, ftp/sfp/scp, ping, traceroute etc)
 +
;[[2.Basic securing of a Windows installation]] - ?? Maybe merge 1 and 2 and do something else in a lab?
 +
;[[3.Overview of freely available security-related software]] (antivirus, antispyware, firewall)
 +
;[[4.Understanding firewalls]]
 +
;[[5. Managing remote connections]] - SSH, SFTP/SCP, tunnelling
 +
;[[6.Cleaning after a dumbuser]] – a real-life scenario (a typical malware-infested computer)
 +
;[[7.Learning to use encryption tools - digital signatures, PGP/GPG etc]]
 +
;[[8.Taking the other road: let's install Linux]] (most stress on security/privacy features)
 +
 
 +
 
 +
=== Independent work ===
 +
 
 +
* monitoring certain security webfeeds and writing commentary on one's blog
 +
* independent testing of free security tools and writing a report/review
 +
* writing a course paper on a more general security-related topic and presenting it to others
 +
* as a security support team, write a draft of a [[security policy]] oriented towards the clients (home users) of a major ISP
 +
 
 +
=== Grades ===
 +
 
 +
The grade will form of different tasks during the course.
 +
 
 +
* 20% course paper
 +
* 10% presentation (slides)
 +
* 15% oral presentation
 +
* 10% review of another student's work
 +
* 25% practical lab + report
 +
* 10% blog
 +
* 10% participation in the discussion (class and online)
  
2.Basic securing of a Windows installation
+
=== References ===
  
3.Overview of freely available security-related software (antivirus, antispyware, firewall)
+
==== Paper books ====
  
4.Understanding firewalls
+
* LEVY, Steven (2001). Hackers: Heroes of the Computer Revolution. Updated edition. Penguin Press, ISBN 0141000511  (NB! Two first chapters of the original edition [http://www.gutenberg.org/etext/729 can be read] at the [http://www.gutenberg.org Project Gutenberg]; see also the [http://en.wikipedia.org/wiki/Hackers:_Heroes_of_the_Computer_Revolution article in Wikipedia])
 +
* LEVY, Steven (2004). Crypto: How The Code Rebels Beat The Government - Saving Privacy In The Digital Age.Diane Publishing Co ISBN 0756777887
 +
* MITNICK, Kevin. (2003) The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons Inc. ISBN 0-4712-3712-4
 +
* THOMAS, Douglas (2002). The Hacker Culture. University of Minnesota Press. ISBN 0-8166-3346-0
  
5.Cleaning after a dumbuser I – a clean but un/misconfigured machine
+
==== Online books ====
  
6.Cleaning after a dumbuser II – a real-life scenario (a typical malware-infested computer)
+
* ANDERSON, Ross (2006) [http://www.cl.cam.ac.uk/~rja14/book.html Security Engineering: A Guide to Building Dependable Distributed Systems]. John Wiley & Sons. ISBN 0471389226
 +
* HOWLETT, Tony (2004) [http://www.phptr.com/content/images/0321194438/downloads/0321194438_book.pdf Open Source Security Tools]. Prentice Hall.
 +
* REHMAN, Rafiq (2003) [http://www.phptr.com/content/images/0131407333/downloads/0131407333.pdf Intrusion Detection with SNORT]. Prentice Hall.
 +
* STERLING, Bruce (1992) [http://www.mit.edu/hacker/hacker.html Hacker Crackdown: Law and Disorder on the Electronic Frontier]. Bantam Books.
  
7.Learning to use encryption tools
+
==== Articles/papers ====
  
8.Taking the other road: let's install Linux (most stress on security/privacy features)
+
* KIRSCHENBAUM, I., WOOL, A. [http://www.eng.tau.ac.il/~yash/kw-usenix06/index.html How to Build a Low-Cost, Extended-Range RFID Skimmer]. 15th USENIX Security Symposium, Vancouver, Canada, August 2006
 +
* PRAKASHA, Swayam (2006). [http://www.oreillynet.com/pub/a/security/2006/03/30/what-is-wireless-security.html What Is Wireless Security]. OnLamp 30.03.06
  
=== Independent work ===
+
==== Web ====
  
* monitoring certain security webfeeds and writing commentary on one's blog
+
* [http://www.sans.org/reading_room/ SANS Reading Room] - a lot of security-related material
* independent testing of free security tools and writing a report/review
+
* [http://www.schneier.com/blog/ Schneier on Security] - Bruce Schneier's security blog
* writing a course paper on a more general security-related topic and presenting it to others
+
* [http://www.zone-h.org/ Zone-H] - a security portal
 +
* [http://www.groklaw.net/article.php?story=20060821215929482 How does your company keep employees from loading apps on their PCs?] - GrokLaw, August 22, 2006; a very good discussion on various security policies
 +
* [http://cs.gmu.edu/cne/modules/acmpkp/security/history_frm.html ACM PKP Computer Security History]
 +
* [http://en.wikipedia.org/wiki/Computer_Security Wikipedia: Computer Security]

Viimane redaktsioon: 8. aprill 2008, kell 10:16

NB! This is only a development "sandbox" - the ongoing course is currently located at the Owl Academy.


The course is to provide the students a good overview of security and privacy related issues in today's networked world. The lectures will deal with a variety of related problems and provide general insight and a bit more theoretical knowledge, while assignments and labs should build up the students' practical skills.

The Course

  • 16 weeks (one semester/term), 2 academic hours of lectures and 1 hour of labs weekly (2-0-1) - in practice, one 1.5-hour lecture every week, one 1.5-hour lab every other week, plus independent work.
  • 3.0 Estonian academic credits, 4.0 ECTS credits

Lectures

The initial ideas:


  1. The broomstick at the door: security and privacy in different times
  2. The clash of motivations: different players in the field
  3. The security industry (antivirus, firewall, blocking, parental control)
  4. Rid the fools of their money – the online world of crime and fraud
  5. The Windows Special – viruses and other malware
  6. Practices, policies and user education (based on The Day When My Stupidity Hurt the Whole World)
  7. Hackers, crackers and coloured hats (=> Honeypot Project)
  8. The Big Brother: privacy in the Internet Age
  9. The Orwellian Internet: online censorship
  10. The identity crisis: threats from stolen identity
  11. Wireless freedom or ubiquitous nightmare?
  12. The Mark of the Beast? Dissecting the ID card
  13. Cryptography – a friend or an enemy (incl. al-Qaida's steganography stuff)
  14. Freedom of speech, whistleblowing and stepping on others' toes
  15. Open vs closed – does the security via obscurity really work?
  16. the presentation of student papers

Labs

Here, some more thoughts are needed. Most of the folks have probably never seen anything but Windows, and this is what they probably will mostly see in near future. Also, there is no other system so vulnerable. OTOH, some broadening of horizons could be nice. So, currently the subjects will be as follows:

1. Basics of administration (probably by example of MS Windows; administrative tasks, Control Panel etc. Also includes main Internet protocols and tools like telnet/ssh, ftp/sfp/scp, ping, traceroute etc)
2.Basic securing of a Windows installation - ?? Maybe merge 1 and 2 and do something else in a lab?
3.Overview of freely available security-related software (antivirus, antispyware, firewall)
4.Understanding firewalls
5. Managing remote connections - SSH, SFTP/SCP, tunnelling
6.Cleaning after a dumbuser – a real-life scenario (a typical malware-infested computer)
7.Learning to use encryption tools - digital signatures, PGP/GPG etc
8.Taking the other road: let's install Linux (most stress on security/privacy features)


Independent work

  • monitoring certain security webfeeds and writing commentary on one's blog
  • independent testing of free security tools and writing a report/review
  • writing a course paper on a more general security-related topic and presenting it to others
  • as a security support team, write a draft of a security policy oriented towards the clients (home users) of a major ISP

Grades

The grade will form of different tasks during the course.

  • 20% course paper
  • 10% presentation (slides)
  • 15% oral presentation
  • 10% review of another student's work
  • 25% practical lab + report
  • 10% blog
  • 10% participation in the discussion (class and online)

References

Paper books

  • LEVY, Steven (2001). Hackers: Heroes of the Computer Revolution. Updated edition. Penguin Press, ISBN 0141000511 (NB! Two first chapters of the original edition can be read at the Project Gutenberg; see also the article in Wikipedia)
  • LEVY, Steven (2004). Crypto: How The Code Rebels Beat The Government - Saving Privacy In The Digital Age.Diane Publishing Co ISBN 0756777887
  • MITNICK, Kevin. (2003) The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons Inc. ISBN 0-4712-3712-4
  • THOMAS, Douglas (2002). The Hacker Culture. University of Minnesota Press. ISBN 0-8166-3346-0

Online books

Articles/papers

Web