IT-Security Course 2008/09

Course material

• Set of all slides
• Course book: R. Panko: Cooperate Computer and Network Security. Preason Education Prentice Hall, Australia 2004.
• A master copy of some pages of the referred book is avaliable. This master copy can be borrowed for making your own copy. Bring it back to Stoll's office.
• DES - Data Encyption Standard

Organization

• Lectures: Tuesdays, 8h45 - 10h20 (1+2) in room 2.81 and Fridays, 13h10 - 14h45 in room 2.81 (5+6)
• Excerises: Fridays, 8h45 - 12.15 (1-4)

How to pass the course?

• Pass a written exam at the end of the course (60 %)
• Write a report studying a certain security scenario (40%)
• Join the classes and exercises!
• Your final grade is computed by your grade in the written exam (60%) and your grade for the report studying a security scenario.

Additional Sildes 2008/09

• Newer Statistics (CACM April 2007)
• Addenum: Recht im Internet
• Ergänzende Stichpunkte - Kyptographische Verfahren
• An Overview: WLAN Technologies and Security

Downloads for Excerises

Praktische Aufgaben 1

• Aufgabenblatt 1 - Sicherheit von Passworten
• Excercise 1 - Password Cracker Files
• MD5Crypt.java
• GEHT UNTER JDK6!

Praktische Aufgaben 2

• Aufgabenblatt 2 - Recht im Internet, speziell Signaturgesetz

Praktische Aufgaben 3

• Aufgabenblatt 3 - Angriffsformen

Praktische Aufgaben 4

• Aufgabenblatt 4 - Informationsflusssicherheit am Beispiel VoIP

Praktische Aufgaben 5

• Aufgabenblatt 5 - Datensicherheit: Schutzziele und Verschlüsselung von Kommunikationswegen und Nachrichten
• Client-Programm
• Server-Programm

IT-Sicherheits-Fallstudie

• IT-Sicherheits-Fallstudie: Gametainment GmbH
• Abgabe des Empfehlungsschreibens: 16. Januar 2009, 15 Uhr in gedruckter Form im Postfach von J.Stoll

Examples of questions

• Which requirement do we fulfill, if we guarantee that system states are only reached as specified?

  1. Safety
  2. Security
  3. Protection
  4. Privacy

• Which layers are protected by application of a stateful multilayer inspection?

  1. Application layer, transportation layer (TCP), and data link layer
  2. Application layer, transportation layer (TCP), and network layer (IP)
  3. Session layer, transportation layer (TCP), and network layer (IP)
  4. Application layer, presentation layer, and session layer

• What is the function of a certificate authority?

  1. An organization that handles private keys and the corresponding encryption algorithm
  2. An organization that validates the encryption process
  3. An organization that verifies encryption keys
  4. An organization that administrates certificates

Julia Stoll (j.stoll@fontys.nl)