Information Systems Security

Computer Networks.

The following teaching methodologies are used in this course:

1. Expository method: explanatory method where theoretical foundations and concepts are presented by the teacher and discussed with the class. Concepts and information will be presented to students through, for example, slide presentations or oral discussions. It will be used in classes to structure and outline the information.

2. Demonstrative method: based on the example given by the teacher of a technical or practical operation that one wishes to be learned. It focuses on how a given operation is carried out, highlighting the most appropriate techniques, tools and equipment. It will be used, for example, in practical and laboratory classes.

3. Interrogative method: process based on verbal interactions, under the direction of the teacher, adopting the format of questions and answers. It allows for greater dynamics in the classroom and consolidates learning. It will be used, for example, to remember elements of previous classes and in revisions of the lectured content.

4. Active methods: pedagogical techniques will be used in which the student is the center of the learning process, being an active participant and involved in his own training. The teacher assumes the role of facilitator, stimulating critical thinking, collaboration, creativity and student autonomy. They will be applied in classes to achieve a dynamic and more lasting learning environment.

At the end of the course unit the student will be able to:

1. Define and explain the security elements. Indicate the importance of security policies in information systems. Justify and discuss modern security threats.

2. Explain the main types of authentication protocols. Analyze and identify the different forms of authentication. Discuss and demonstrate the use of authentication protocols in wireless networks.

3. Classify the different types of encryption. List the classic and modern encryption algorithms. Explain the features of symmetric encryption. Summarize symmetric encryption types and cipher modes. Discuss how asymmetric encryption works. Synthesize the approaches available to manage public keys, and demonstrate using PGP.

4. Illustrate and analyze the algorithms for integrity control, authentication and non-repudiation . Explain how a digital signature works. Discuss and illustrate the use of a digital signature through the citizen card.

5. Identify the different auditing techniques. Design, create and modify solutions that allow systems monitoring. Demonstrate the use of intrusion detection and prevention software.

6. List and analyze the different types of VPN. Explain and justify the existence of different types of firewalls. Illustrate the installation and configuration of a VPN and a firewall.

7. Recognize the different software security techniques. Discuss database security techniques. Analyze security in electronic commerce and transactions. Summarize the main aspects and techniques of security involving operating systems.

1. Security concepts. Security elements: authentication, confidentiality (encryption), integrity, authorization, non-repudiation. Security policies in information systems. The ISO 17799 standard. Modern security threats. Types of malware (viruses, worms, trojan horses) and attacks (recognition, access and DoS). Types of vulnerabilities.

2. Authentication. Protocols. Types: mutual, session keys, entity-mediated, indirect, Single Sign-On (SSO). Person authentication: memorized password, shared secret key, private key, one-time passwords, biometrics, integrating middleware (PAM). Server authentication. Wireless networks: IEEE 801.1x and EAP. Authentication services: Kerberos, RADIUS.

3. Confidentiality. Classification. Classic Encryption. Transposition. Substitution (monoalphabetic, polyalphabetic). Modern encryption. Symmetric encryption (blocks, stream). Encryption modes (ECB, CBC, CFB, OFB, CTR). Asymmetric encryption. Public key management (distribution types, digital certification, PKI, CRL, OCSP). Pretty Good Privacy (PGP).

4. Integrity. Algorithms and techniques for integrity control. Digest functions (MD5, SHA). Authentication and non-repudiation algorithms and techniques: MAC (HMAC, CBC MAC), Digital Signatures. Citizen Card: digital signatures and certification hierarchies.

5. Auditing techniques. Sniffing: tcpdump, wireshark. Monitoring: SNMP, NetFlow. Scanning: NMAP, Open VAS, Nessus. Spoofing. Intrusion detection and prevention techniques: snort, tripwire.

6. VPNs and Firewalls. VPNs classification: remote-access, site-to-site. Types: SSH VPN (Open SSH), SSL/TLS VPN (OpenSSL, GnuTLS), IPSec VPN, PPTP VPN, L2TP VPN, Open VPN. Firewalls. Types: packet filtering, circuit-level gateway, application-level gateway (proxy firewall), stateful inspection, next-generation firewall (NGFW). Examples: IPtables, ACLs.

7. Software security techniques. Database security techniques. Security in commerce and electronic transactions. Operating systems security.

NAO

Correia, M., & Sousa, P. (2017). Segurança no software (2nd ed.). FCA.

Granjal, J. (2013). Gestão de sistemas e redes em Linux (3rd ed.). FCA.

Granjal, J. (2017). Segurança prática em sistemas e redes com Linux (1st ed.). FCA.

Santos, O., & Stuppi, J. (2015). CCNA security 210–260 official cert guide (1st ed.). Cisco Press.

Stallings, W. (2016). Network security essentials: Applications and standards (6th ed.). Pearson.

Stallings, W. (2019). Cryptography and network security: Principles and practice (8th ed.). Pearson.

Zúquete, A. (2021). Segurança em redes informáticas (6th ed.). FCA.