Security in Information Technology ( SI )

• SOLVENT USE OF THE INFORMATION RESOURCES

• G6 - To manage the acquisition, structuring, analysis and visualization of data and information of the field of the informatics engineering, and value in a critical way the results of this management.
  
• G6.3 - To plan and use the necessary information for an academic essay (for example, the final project of the grade) using critical reflection about the used information resources. To manage information in a competent, independent and autonomous way. To evaluate the found information and identify its deficiencies.
  

• COMMON TECHNICAL COMPETENCIES

• CT6 - To demonstrate knowledge and comprehension about the internal operation of a computer and about the operation of communications between computers.
  
• CT6.4 - To demonstrate knowledge and capacity to apply the characteristics, functionalities and structure of the Distributed Systems and Computer and Internet Networks guaranteeing its use and management, as well as the design and implementation of application based on them.
  
• CT7 - To evaluate and select hardware and software production platforms for executing applications and computer services.
  
• CT7.1 - To demonstrate knowledge about metrics of quality and be able to use them.
  
• CT7.2 - To evaluate hardware/software systems in function of a determined criteria of quality.
  
• CT7.3 - To determine the factors that affect negatively the security and reliability of a hardware/software system, and minimize its effects.
  
• CT8 - To plan, conceive, deploy and manage computer projects, services and systems in every field, to lead the start-up, the continuous improvement and to value the economical and social impact.
  
• CT8.1 - To identify current and emerging technologies and evaluate if they are applicable, to satisfy the users needs.
  

• INFORMATION TECHNOLOGY SPECIALIZATION

• CTI1 - To define, plan and manage the installation of the ICT infrastructure of the organization.
  
• CTI1.1 - To demonstrate understanding the environment of an organization and its needs in the field of the information and communication technologies.
  
• CTI1.2 - To select, design, deploy, integrate and manage communication networks and infrastructures in a organization.
  
• CTI1.3 - To select, deploy, integrate and manage information system which satisfy the organization needs with the identified cost and quality criteria.
  
• CTI2 - To guarantee that the ICT systems of an organization operate adequately, are secure and adequately installed, documented, personalized, maintained, updated and substituted, and the people of the organization receive a correct ICT support.
  
• CTI2.3 - To demonstrate comprehension, apply and manage the reliability and security of the computer systems (CEI C6).
  
• CTI3 - To design solutions which integrate hardware, software and communication technologies (and capacity to develop specific solutions of systems software) for distributed systems and ubiquitous computation devices.
  
• CTI3.1 - To conceive systems, applications and services based on network technologies, taking into account Internet, web, electronic commerce, multimedia, interactive services and ubiquitous computation.
  

1. Being able to understand the threats and security risks of computer systems.
   
   Sub-Goals
   • Being able to understand the general ideas of the legal implications of computer security.
   
   Related Competences
   • CTI1.1,
   • CT7.1,
   • CT7.2,
   • CT7.3
2. Being able to analyze malicious code such as viruses, Trojans, etc..
   
   Related Competences
   • G6.3,
   • CT7.1,
   • CT7.3,
   • CT8.1
3. Being able to understand and identify mechanisms for access control of an operating system.
   
   Related Competences
   • CTI1.2,
   • CTI1.3,
   • CT7.2,
   • CT7.3,
   • CT8.1
4. Knowing the problems of security in computer networks and be able to find solutions to protect them.
   
   Sub-Goals
   • Being able to design firewall and virtual private networks.
   • Being able to understand the operation of intrusion detection systems.
   
   Related Competences
   • CTI2.3,
   • CTI3.1,
   • CT6.4
5. Being able to design protection mechanisms for distributed applications.
   
   Sub-Goals
   • Being able to identify security threats and propose solutions in web applications and electronic commerce.
   
   Related Competences
   • CTI1.2,
   • CTI2.3,
   • CTI3.1,
   • G6.3,
   • CT6.4,
   • CT7.3,
   • CT8.1
6. Being able to understand the need and operation of forensic computer security mechanisms.
   
   Related Competences
   • CTI2.3,
   • G6.3,
   • CT7.1,
   • CT7.3
7. Being able to use cryptographic mechanisms to protect resources.
   
   Sub-Goals
   • Being able to implement mechanisms for electronic signatures.
   
   Related Competences
   • CTI2.3,
   • CTI3.1
8. Being able to understand, design and implement public key infrastructure (PKI).
   
   Sub-Goals
   • Being able to design and manage public key certificates.
   
   Related Competences
   • CTI1.2,
   • CTI1.3,
   • CTI3.1,
   • CT6.4,
   • CT8.1
9. Being able to understand the mechanisms of protection and security policies.
   
   Related Competences
   • CTI1.2,
   • CT7.3

Legend

Activity	Evaluative Activity	T	P	L	AA	AD
Activity	Evaluative Activity	Theory hours	Problem hours	Lab hours	Independent Learning Hours	Directed Learning Hours

Development of theme 1. Introduction.	T	P	L	AA	AD	Total
	6.0	0.0	0.0	4.0	0.0	10.0
Alumn: Learning the concepts and objectives associated with this item. Goals: 1, 10 Contents 1. Introduction

Vulnerabilities in web applications	T	P	L	AA	AD	Total
	0.0	0.0	3.0	2.0	2.0	7.0
Alumn: Understanding the secure programming techniques described in the session. Understanding the webscarab and webgoat applications included in the OWASP linux distribution

Development Topic 2. Cryptography.	T	P	L	AA	AD	Total
	7.0	0.0	0.0	8.0	0.0	15.0
Alumn: Learning the concepts and objectives associated with this item. Goals: 7 Contents 2. Cryptography

Security in wireless networks	T	P	L	AA	AD	Total
	0.0	0.0	2.0	2.0	0.0	4.0
Alumn: Understanding the protocol WEP. Being able to use the tools Airodump linux, aircrack and Aireplay

Development of item 3. Infrastructure PKI.	T	P	L	AA	AD	Total
	8.0	0.0	0.0	9.0	1.0	18.0
Alumn: Learning the concepts and objectives associated with this item. Goals: 8 Contents 3. PKI Infrastructure

Using digital certificates and apache (HTTPS)	T	P	L	AA	AD	Total
	0.0	0.0	2.0	2.0	0.0	4.0
Alumn: Being able to create a X.509 certificate with openssl and install it on an Apache web server to configure HTTPS

PKCS: Public-Key Cryptography Standard	T	P	L	AA	AD	Total
	0.0	0.0	2.0	2.0	0.0	4.0
Alumn: Understanding the different formats of the PKCS messages. Being able to create PKCS messages using the linux tool openssl

First partial exam	T	P	L	AA	AD	Total
	1.0	-	-	4.0	-	5.0
Partial exam of the following topics: Introduction, Criptography, PKI infrastructure. Setmana 8 Tipus Examen: Theory exam Goals: 1, 7, 8, 10

Development of item 4. Security in operating systems.	T	P	L	AA	AD	Total
	5.0	0.0	0.0	5.0	0.0	10.0
Alumn: Learning the concepts and objectives associated with this item. Goals: 2, 3 Contents 4. Security in operating systems

Malware analysis	T	P	L	AA	AD	Total
	0.0	0.0	2.0	2.0	0.0	4.0
Alumn: Understanding the different forms to analyze a malicious code. Being able to properly use the analysis tool IDAPro

Development of item 5. Internet security	T	P	L	AA	AD	Total
	8.0	0.0	0.0	9.0	1.0	18.0
Alumn: Learning the concepts and objectives associated with this item. Goals: 4 Contents 5. Network security

Iptables i snort	T	P	L	AA	AD	Total
	0.0	0.0	3.0	2.0	0.0	5.0
Alumn: Understanding how the iptables command works as well as its internal operations based on tables and chains. Being able to create snort rules

Documentation about malicious code.	T	P	L	AA	AD	Total
	0.0	0.0	0.0	10.0	0.0	10.0
Alumn: Being able to find high quality information about malware. Learning how to filter relevant information. Being able to correctly cite the information sources used. Goals: 2 Contents 4. Security in operating systems

Development of item 6. Security applications.	T	P	L	AA	AD	Total
	6.0	0.0	0.0	6.0	0.0	12.0
Alumn: Learning the concepts and objectives associated with this item. Goals: 5 Contents 6. Security in applications

Second partial exam	T	P	L	AA	AD	Total
	1.0	-	-	4.0	-	5.0
Partial exam of the following topics: Security in operating systems, Security in computer networks, Security in distributed applications. Setmana 13 Tipus Examen: Theory exam Goals: 2, 3, 4, 5

Development issue 7. Security forensics.	T	P	L	AA	AD	Total
	3.0	0.0	0.0	3.0	0.0	6.0
Alumn: Learning the concepts and objectives associated with this item. Goals: 6 Contents 7. Forensic Security

Final exam lab	T	P	L	AA	AD	Total
	-	-	1.0	2.0	-	3.0
Review on all laboratory practices carried out throughout the course. Setmana 14 Tipus Examen: Laboratory exam Goals: 2, 3, 4, 5, 7, 8

Final Exam	T	P	L	AA	AD	Total
	-	-	-	8.0	2.0	10.0
Setmana 15-18 Tipus Examen: Final exam Goals: 1, 2, 3, 4, 5, 6, 7, 8, 10

Total per type	T	P	L	AA	AD	Total
	45.0	0.0	15.0	84.0	6.0	150.0

This course should give an overview and a technical view of the problems and possible solutions to computer systems and networks security. For this reason, it covers many topics and has a great descriptive component.

However, the teaching methodology will use examples and problems for introducing the concepts to which students attain the necessary skills. Also, we will try to encourage interactivity with students considering real situations in class to discuss possible solutions.

Moreover, the laboratory will complete the skills and knowledge acquired in theory / problems class.

Evaluation type

The subject is avaluated in exam period

Theory (75%) - Laboratory (20%) - Generic competence (5%).
The laboratory mark is obtained from the grades of each practice (40%) and the laboratory final exam (60%).
The theory grade will be the final exam grade (EF) if it is higher than the average of two exams (P1 and P2), or otherwise, 30% of the average of partial exams and 70% of the final exam. In other words, the theory grade will be MAX (EF, 0.3*Par+0.7*EF), where Par=(P1+P2)/2.
The grade for the generic competence is obtained from the evaluation of the activity "Documentation about malicious code".

Generic competences weight in the evaluation specific part

• 5.0 % - To plan and use the necessary information for an academic essay (for example, the final project of the grade) using critical reflection about the used information resources. To manage information in a competent, independent and autonomous way. To evaluate the found information and identify its deficiencies.

• STALLINGS, william , Network Security Essentials, Applications and Standards , Prentice Hall , 2010 , ISBN:0136108059.
http://www.mypearsonstore.com/bookstore/product.asp?isbn=0136108059&xid=PSED


• STALLINGS, william , Cryptography and Network Security: Principles and Practice , Prentice Hall , 2010 , ISBN:0-13-609704-9.
http://www.mypearsonstore.com/bookstore/product.asp?isbn=0136097049&xid=PSED


• STALLINGS, william and BROWN, Lawrence , Computer Security: Principles and Practice , Prentice Hall , 2007 , ISBN:0-13-600424-5.
http://www.mypearsonstore.com/bookstore/product.asp?isbn=0136004245&xid=PSED


• MENEZES, Alfred and VAN OORSCHOT, Paul and VANSTONE, Scott , Handbook of Applied Cryptography , CRC Press , 2001 , ISBN:0-8493-8523-7.
http://www.cacr.math.uwaterloo.ca/hac/


• ADAMS, Carlisle and LLOYD, Steve , Understanding PKI : concepts, standards, and deployment considerations , Addison-Wesley , 2003 , ISBN:0-672-32391-5.

Those obtained at the Operating Systems and Computer Networks subjects.

Knowledge of technical English.