To familiarize students with issues related to the security of digital data and the use of the Internet to conduct secure transactions. Presentation of security mechanisms and threats on the Internet. Teaching and practice using so-called good security practices. Developing skills in recognizing Internet threats. Presentation of examples of so-called good security practices.
Prerequisites
Knowledge of technical aspects of the Internet.
Scope
Personal computer security. Malware types, its distribution mechanisms, and ways to protect against it. Security of MS Windows. System updates. Anti-virus software. Software firewalls. Backups.
Basics of cryptographic data protection. Symmetrical and asymmetrical algorithms. Hash functions. Applications of cryptographic algorithms in business practice. Cryptanalysis.
Controlling access to protected data. Authentication and authorization methods. Protection mechanisms for sensitive data storage. Estimating password strength and power of mechanisms securing access to data. Intrusion into systems - recognition and prevention. Potential consequences of theft of digital data.
Theft of personal data. Phishing and protection against it.
Threats to ICT systems. DoS and DDoS attacks. Data transmission protection. VPN networks. “Man in the Middle” and spoofing attacks - recognition and defense. Other types of attacks (e.g., SQL injection, XSS scripting). Ensuring electronic security with hardware solutions (role of hardware firewalls, IDS/IPS mechanisms, VPN hubs, routers with integrated services).
Security of mobile devices. Best practices for the safe use of smartphones, tablets, and notebooks. The security of transactions using pay cards like MasterCard, Visa (incl. wireless cards e.g., PayPass, Visa PayWave). Security mechanisms of popular systems for mobile devices (Android, iOS).
Digital signature. Signature submission and verification. Law basics regarding electronic signature. Additional services (time stamping, multiple signatures, etc.). Qualified signature. Handling certificates.
Secure transactions. SSL protocol. Authorization based on certificates. Threats related to the use of certificates.
Law basics regarding the security of data (incl. personal data). The application of law in the context of the security of e-commerce systems. Comparison of Polish regulations with the EU legislation.
Mechanisms for securing internet transactions on selected examples: electronic banking - access to bank accounts, performing banking operations; electronic stores; Polish government systems: tax offices, e-court, electronic offices, etc.
Review of commercial solutions ensuring electronic security of devices and cloud data processing.
Teaching methods
Lecture - conventional lecture (with the use of video projector).
Laboratory - practical laboratory exercises.
Learning outcomes and methods of theirs verification
Outcome description
Outcome symbols
Methods of verification
The class form
Assignment conditions
Lecture – the passing condition is to obtain a positive mark from the final test (written or oral).
Laboratory – the passing condition is to obtain positive marks from all laboratory exercises being planned during the semester.
Calculation of the final grade: lecture 50% + laboratory 50%
Recommended reading
Stallings, W., Brown, L., Computer Security: Principles and Practice (4th Edition), Pearson, 2017.
Forshaw, J., Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation (1st Edition), No Starch Press, 2017.
Aumasson, J. P., Serious Cryptography: A Practical Introduction to Modern Encryption, Random House LCC US, 2017.
Lehtinen, R., i in., Computer Security Basics, Helion (O’Reilly), 2006.
Further reading
Schneier, B., Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, W. W. Norton & Company, 2018.
Mercer, D., Building Online Stores With Oscommerce: Professional Edition, Helion 2007.
