Learning Outcomes

This course gives an introduction to computer security and cryptography, and then goes on to consider security as it relates to a single, network connected, computer. Introductory material is independent of any operating system but the consideration of tools will focus on those available for Linux, partly because its open-source nature facilitates this and partly because it is widely used on server systems. The introduction to cryptography will be used to consider its use in encryption and authentication.

On completion of the course, students should be able to:

1. Identify and describe common security vulnerabilities
2. Identify and describe different types of attack on computers
3. Recommend security tools and procedures to protect against specific types of attack
4. Describe the nature of malware, how it may be identified and the attack mitigated
5. Explain the distinction between different types of cryptography and identify common algorithms that are weak and strong
6. Describe the use of cryptography in certification and authentication


Outline Syllabus

Introduction:
-Principles of security and privacy, introduction to the different types of computer attack

-Common security policies, techniques and tools:
-Good administrative procedures for computer systems. Data security (e.g. good backup policy).
-Combating social engineering. Tools for identifying system vulnerabilities. Monitoring for break-ins. Recovering from a break-in.

Overview of Encryption:
-Applications of encryption to computer security. Types of encryption algorithms.
-Examples of encryption algorithms commonly used.

User Authentication:
-Methods of user authentication. One way functions and MD5., Biometric access control (e.g. fingerprint, iris etc.). Other techniques (e.g. smartcard).

Protecting passwords from attack:
-Good and bad passwords. Methods to crack passwords and policies/techniques to reduce the problem.

Malicious software:
-History. Classification. How viruses spread. Identifying malware.
-Antivirus software.

Risk analysis
-Analysis of risk. Steps in risk analysis. Using risk analysis to select new controls.