IT Security

Although no preceding curricular units are defined, the students should have basic knowledge in several computer technology areas, namely in operating systems and computer networks.

Classes are taught in a theoretical-practical regime, comprising theoretical exposition of concepts and demonstration of their application, using computers and digital tools. A dynamic teaching and learning process will be used: fundamentally interactive, with support for digital tools and based on “Blended learning” methodologies, centred on the student, with slide shows and practical exercises.

The curricular unit of “IT Security” from the Management IT Degree has as main goal to give students knowledge and to develop skills in the IT security area. In addition to the understanding of the basics, it is intended that the students acquire knowledge about the techniques and technology that can be used to implement security solutions in IT systems, and also that they develop the following fundamental skills:

•             To understand the main concepts related with IT security and cybersecurity.

•             To understand the fundamental notions of cryptography and the main protocols.

•             To apply the cryptography concepts in the adequate configuration of the Internet services.

•             To use filtering applications of packages and attacks’ detection.

•             To elaborate technical reports about IT security solutions.

•             To understand the issues related with the need of awareness of the IT security and cybersecurity.

•             To understand the issues related with ethics in IT security.

1.           Introduction to computer security

1.1.        Fundamental concepts

1.2.        Threads and attacks

1.3.        Fundamental security design principles

1.4.        Computer security strategy

2.           Network security

2.1.        Fundamental concepts

2.2.        Generic model of networks’ security

2.3.        Fundamental principles of designing network security mechanisms

2.4.        Applications of injection and capture of packages in a computers’ network

3.           Cryptographic tools

3.1.        introduction

3.2.        Symmetric encryption

3.3.        Block and stream symmetric encryption algorithms

3.4.        Message authentication and hash functions

3.5.        Asymmetric encryption

3.6.        Asymmetric encryption algorithms

3.7.        Digital signatures and key management

3.8.        Practical applications

4.           User authentication

4.1.        Principles of electronic authentication

4.2.        Types of authentication

4.3.        Remote authentication

5.           Computer security auditing

5.1.        Architecture

5.2.        Systems activity log

5.3.        Identification of vulnerabilities

6.           Malicious Software

6.1.        Types of malicious software

6.2.        Advanced Persistent Threat

6.3.        Propagation, activation and execution

Countermeasures

7.           Intrusion Detection Systems

7.1.        Concepts and fundamentals

7.2.        Classification of approaches

7.3.        HIDS and NIDS

7.4.        Evaluation metrics

8.           The human factor and ethics

8.1.        Current state of cybersecurity

8.2.        Taxonomy and legislation

8.3.        Entities involved in cybersecurity management

8.4.        Good practices

NAO

Main:

– W. Stallings, L. Brown, Computer Security: Principles and Practice, 4th Ed, ISBN: 978‑0134794105, Pearson.

– W. Stallings, Cryptography and Network Security: Principles and Practice, Global Ed, 8th Ed., ISBN: 978-1292437484, Pearson.

– W. Stallings, Network Security Essentials: Applications and Standards, 6th Ed., ISBN: 9780134527338, Pearson.

 Secondary:

– A. Zuquete, Segurança em Redes Informáticas, ISBN: ISBN: 978-972-722-857-7, FCA.

– J. Granjal, Segurança prática em sistemas e redes com Linux, ISBN: 978-972-722-865-2, FCA.

– M. Antunes, B. Rodrigues, Introdução à cibersegurança, 2ª Ed., ISBN: 978-972-722-861-4, FCA.