B3110 - System Security and Privacy Workshop Classes - Cesena Campus

Learning outcomes

At the end of the course, the student knows the basic principles of computer security and the main security issues of computer systems and networks. They know the protocols and communication mechanisms used to ensure the secure transfer of information. They are able to critically evaluate the security of a computer system, identifying possible vulnerabilities and implementing all necessary countermeasures to mitigate the identified problems and increase the robustness of the system. They know the principles and methodologies underlying directory services and are able to manage a small system based on proprietary or open source directory services. They know the methods to support an application to a directory service deployed in the cloud through the services of the main cloud providers. They are able to contribute to the design of systems, even in the cloud, where security is an essential and structural element. They are able to design and implement mechanisms for securing devices on the Internet and distributed systems in the cloud, using the frameworks available on these cloud platforms. They are able to use “penetration testing” tools to validate the security of a system by searching for its vulnerabilities and measuring the effects of exploiting these vulnerabilities.

Course contents

• Introduction
• Regulations
• Windows Active Directory security in a corporate environment
• Web application security
• Elements of cryptography
• Authentication systems and access control
• Firewall and IDS/IPS
  
• Email security
• Secure Software Development Lifecycle
• Red teaming and Blue teaming

Assessment methods

There will be a theoretical test (through a written exam) and a practical test (through a project to be carried out in groups of two people).

Office hours

See the website of Marco Canducci